diff --git a/core/tests/test_files.py b/core/tests/test_files.py index 70a01c7a..525de3dd 100644 --- a/core/tests/test_files.py +++ b/core/tests/test_files.py @@ -66,6 +66,40 @@ class TestImageAccess: assert not picture.is_owned_by(user) +@pytest.mark.django_db +class TestUserPicture: + def test_anonymous_user_unauthorized(self, client): + """An anonymous user shouldn't have access to an user's photo page.""" + response = client.get( + reverse( + "core:user_pictures", + kwargs={"user_id": User.objects.get(username="sli").pk}, + ) + ) + assert response.status_code == 403 + + @pytest.mark.parametrize( + ("username", "status"), + [ + ("guy", 403), + ("root", 200), + ("skia", 200), + ("sli", 200), + ], + ) + def test_page_is_working(self, client, username, status): + """Only user that subscribed (or admins) should be able to see the page.""" + # Test for simple user + client.force_login(User.objects.get(username=username)) + response = client.get( + reverse( + "core:user_pictures", + kwargs={"user_id": User.objects.get(username="sli").pk}, + ) + ) + assert response.status_code == status + + # TODO: many tests on the pages: # - renaming a page # - changing a page's parent --> check that page's children's full_name diff --git a/core/tests/test_user.py b/core/tests/test_user.py index b15c7bbe..17bcbb3d 100644 --- a/core/tests/test_user.py +++ b/core/tests/test_user.py @@ -22,6 +22,7 @@ from core.models import Group, User from core.views import UserTabsMixin from counter.models import Counter, Refilling, Selling from eboutic.models import Invoice, InvoiceItem +from sas.models import Picture class TestSearchUsers(TestCase): @@ -29,6 +30,7 @@ class TestSearchUsers(TestCase): def setUpTestData(cls): # News.author has on_delete=PROTECT, so news must be deleted beforehand News.objects.all().delete() + Picture.objects.all().delete() # same for pictures User.objects.all().delete() user_recipe = Recipe( User, diff --git a/sas/tests/test_api.py b/sas/tests/test_api.py index 813c02a1..fee2eb06 100644 --- a/sas/tests/test_api.py +++ b/sas/tests/test_api.py @@ -61,7 +61,7 @@ class TestPictureSearch(TestSas): self.client.force_login(self.user_b) res = self.client.get(self.url + f"?album_id={self.album_a.id}") assert res.status_code == 200 - expected = list(self.album_a.children_pictures.values_list("id", flat=True)) + expected = list(self.album_a.pictures.values_list("id", flat=True)) assert [i["id"] for i in res.json()["results"]] == expected def test_filter_by_user(self): @@ -70,7 +70,7 @@ class TestPictureSearch(TestSas): assert res.status_code == 200 expected = list( self.user_a.pictures.order_by( - "-picture__parent__date", "picture__date" + "-picture__parent__event_date", "picture__created_at" ).values_list("picture_id", flat=True) ) assert [i["id"] for i in res.json()["results"]] == expected @@ -84,7 +84,7 @@ class TestPictureSearch(TestSas): assert res.status_code == 200 expected = list( self.user_a.pictures.union(self.user_b.pictures.all()) - .order_by("-picture__parent__date", "picture__date") + .order_by("-picture__parent__event_date", "picture__created_at") .values_list("picture_id", flat=True) ) assert [i["id"] for i in res.json()["results"]] == expected @@ -97,7 +97,7 @@ class TestPictureSearch(TestSas): assert res.status_code == 200 expected = list( self.user_a.pictures.order_by( - "-picture__parent__date", "picture__date" + "-picture__parent__event_date", "picture__created_at" ).values_list("picture_id", flat=True) ) assert [i["id"] for i in res.json()["results"]] == expected @@ -123,7 +123,7 @@ class TestPictureSearch(TestSas): assert res.status_code == 200 expected = list( self.user_b.pictures.intersection(self.user_a.pictures.all()) - .order_by("-picture__parent__date", "picture__date") + .order_by("-picture__parent__event_date", "picture__created_at") .values_list("picture_id", flat=True) ) assert [i["id"] for i in res.json()["results"]] == expected diff --git a/sas/tests/test_views.py b/sas/tests/test_views.py index f085f202..37c545f3 100644 --- a/sas/tests/test_views.py +++ b/sas/tests/test_views.py @@ -136,9 +136,7 @@ class TestAlbumUpload: class TestSasModeration(TestCase): @classmethod def setUpTestData(cls): - album = baker.make( - Album, parent_id=settings.SITH_SAS_ROOT_DIR_ID, is_moderated=True - ) + album = baker.make(Album) cls.pictures = picture_recipe.make( parent=album, _quantity=10, _bulk_create=True )