Coverage for website/tests/test_profile_and_post_permissions.py: 100%

47 statements  

« prev     ^ index     » next       coverage.py v7.5.0, created at 2025-09-13 15:29 -0300

1from django.contrib.auth import get_user_model 

2from django.contrib.messages.storage.fallback import FallbackStorage 

3from django.contrib.sessions.backends.db import SessionStore 

4from django.core.files.uploadedfile import SimpleUploadedFile 

5from django.test import RequestFactory, TestCase 

6 

7from website.models.AuthorModel import Author 

8from website.models.PostModel import Post 

9from website.models.ReaderModel import Reader 

10from website.views.PostCreateView import edit_post 

11from website.views.ProfileUpdateView import update_profile 

12 

13User = get_user_model() 

14 

15 

16class ProfileAndPostPermissionTests(TestCase): 

17 def setUp(self): 

18 self.factory = RequestFactory() 

19 self.user = User.objects.create_user( 

20 email="p1@example.com", password="pw", username="p1" 

21 ) 

22 # create a reader profile initially 

23 self.reader = Reader.objects.create( 

24 user=self.user, reader_name="R1", access_level=2 

25 ) 

26 

27 # another user and their author+post 

28 self.other_user = User.objects.create_user( 

29 email="a1@example.com", password="pw", username="a1" 

30 ) 

31 self.other_author = Author.objects.create( 

32 user=self.other_user, author_name="A1", author_url_slug="a1" 

33 ) 

34 self.post = Post.objects.create( 

35 author=self.other_author, title="T", text="x", url_slug="u1" 

36 ) 

37 

38 def test_update_profile_switch_reader_to_author_with_image(self): 

39 # create a fake image 

40 img = SimpleUploadedFile("pic.jpg", b"filecontent", content_type="image/jpeg") 

41 

42 data = {"profile_type": "author", "name": "New Author"} 

43 req = self.factory.post("/fake", data, FILES={"image": img}) 

44 req.user = self.user 

45 

46 # attach a session and messages storage so view can add messages 

47 req.session = SessionStore() 

48 req._messages = FallbackStorage(req) 

49 

50 # call view and ensure it redirects (success branch) 

51 resp = update_profile(req) 

52 # should be an HttpResponseRedirect 

53 assert resp.status_code in (301, 302) 

54 # user should now have an author profile 

55 assert hasattr(self.user, "author") 

56 

57 def test_edit_post_permission_owner_vs_non_owner(self): 

58 # non-owner tries to edit existing post 

59 req = self.factory.get("/fake") 

60 req.user = self.user 

61 # ensure a session exists for message storage 

62 req.session = SessionStore() 

63 req._messages = FallbackStorage(req) 

64 resp = edit_post(req, url_slug=self.post.url_slug) 

65 # should be a redirect due to permission denied 

66 assert resp.status_code in (301, 302) 

67 

68 # owner can access edit view 

69 req2 = self.factory.get("/fake") 

70 req2.user = self.other_user 

71 # ensure a session exists for message storage 

72 req2.session = SessionStore() 

73 req2._messages = FallbackStorage(req2) 

74 # patch render to avoid template parsing 

75 import website.views.PostCreateView as pcv 

76 

77 old_render = pcv.render 

78 pcv.render = lambda *a, **k: type("R", (), {"status_code": 200})() 

79 try: 

80 resp2 = edit_post(req2, url_slug=self.post.url_slug) 

81 assert getattr(resp2, "status_code", None) == 200 

82 finally: 

83 pcv.render = old_render