Fix markdown api and add test for user picture page

2024-09-16 16:08:11 +00:00 · 2024-07-23 01:12:52 +02:00 · 2024-07-23 01:12:52 +02:00 · b9d19be183
commit b9d19be183
parent 293369f165
3 changed files with 54 additions and 19 deletions
--- a/core/api.py
+++ b/core/api.py
@ -1,5 +1,6 @@
 from django.conf import settings
 from django.http import HttpResponse
+from ninja import Form
 from ninja_extra import ControllerBase, api_controller, route
 from ninja_extra.exceptions import PermissionDenied

--- a/core/templates/core/markdown_textarea.jinja
+++ b/core/templates/core/markdown_textarea.jinja
@ -14,26 +14,21 @@
 				document.head.innerHTML += '<link rel="stylesheet" href="' + css + '">';
 			}

-			// Custom markdown parser
-			function customMarkdownParser(plainText, cb) {
-				$.ajax({
-					url: "{{ markdown_api_url }}",
-					method: "POST",
-					data: { text: plainText, csrfmiddlewaretoken: getCSRFToken() },
-				}).done(cb);
-			}
-
 			// Pretty markdown input
 			const easymde = new EasyMDE({
 				element: document.getElementById("{{ widget.attrs.id }}"),
 				spellChecker: false,
 				autoDownloadFontAwesome: false,
-				previewRender: function(plainText, preview) { // Async method
+				previewRender: function (plainText, preview) {
 					clearTimeout(lastAPICall);
-					lastAPICall = setTimeout(() => {
-						customMarkdownParser(plainText, (msg) => preview.innerHTML = msg);
+					lastAPICall = setTimeout(async () => {
+                        const res = await fetch("{{ markdown_api_url }}", {
+                            method: "POST",
+                            body: JSON.stringify({ text: plainText }),
+                        });
+                        preview.innerHTML = await res.text();
 					}, 300);
-					return preview.innerHTML;
+                    return null;
 				},
 				forceSync: true, // Avoid validation error on generic create view
 				toolbar: [
--- a/core/tests.py
+++ b/core/tests.py
@ -217,7 +217,7 @@ def test_full_markdown_syntax():
    assert result == html


-class PageHandlingTest(TestCase):
+class TestPageHandling(TestCase):
    @classmethod
    def setUpTestData(cls):
        cls.root = User.objects.get(username="root")
@ -320,11 +320,16 @@ http://git.an
        assertInHTML(expected, response.content.decode())


-class UserToolsTest:
+@pytest.mark.django_db
+class TestUserTools:
    def test_anonymous_user_unauthorized(self, client):
        """An anonymous user shouldn't have access to the tools page."""
        response = client.get(reverse("core:user_tools"))
-        assert response.status_code == 403
+        assertRedirects(
+            response,
+            expected_url=f"/login?next=%2Fuser%2Ftools%2F",
+            target_status_code=301,
+        )

    @pytest.mark.parametrize("username", ["guy", "root", "skia", "comunity"])
    def test_page_is_working(self, client, username):
@ -335,13 +340,47 @@ class UserToolsTest:
        assert response.status_code == 200


+@pytest.mark.django_db
+class TestUserPicture:
+    def test_anonymous_user_unauthorized(self, client):
+        """An anonymous user shouldn't have access to an user's photo page."""
+        response = client.get(
+            reverse(
+                "core:user_pictures",
+                kwargs={"user_id": User.objects.get(username="sli").pk},
+            )
+        )
+        assert response.status_code == 403
+
+    @pytest.mark.parametrize(
+        ("username", "status"),
+        [
+            ("guy", 403),
+            ("root", 200),
+            ("skia", 200),
+            ("sli", 200),
+        ],
+    )
+    def test_page_is_working(self, client, username, status):
+        """Only user that subscribed (or admins) should be able to see the page."""
+        # Test for simple user
+        client.force_login(User.objects.get(username=username))
+        response = client.get(
+            reverse(
+                "core:user_pictures",
+                kwargs={"user_id": User.objects.get(username="sli").pk},
+            )
+        )
+        assert response.status_code == status
+
+
 # TODO: many tests on the pages:
 #   - renaming a page
 #   - changing a page's parent --> check that page's children's full_name
 #   - changing the different groups of the page


-class FileHandlingTest(TestCase):
+class TestFileHandling(TestCase):
    @classmethod
    def setUpTestData(cls):
        cls.subscriber = User.objects.get(username="subscriber")
@ -377,7 +416,7 @@ class FileHandlingTest(TestCase):
        assert "ls</a>" in str(response.content)


-class UserIsInGroupTest(TestCase):
+class TestUserIsInGroup(TestCase):
    """Test that the User.is_in_group() and AnonymousUser.is_in_group()
    work as intended.
    """
@ -518,7 +557,7 @@ class UserIsInGroupTest(TestCase):
        assert self.skia.is_in_group(name="This doesn't exist") is False


-class DateUtilsTest(TestCase):
+class TestDateUtils(TestCase):
    @classmethod
    def setUpTestData(cls):
        cls.autumn_month = settings.SITH_SEMESTER_START_AUTUMN[0]