@@ -29,6 +29,30 @@ def testFlagPost(self):
29 29
self.assertEqual(c.flags.filter(flag=CommentFlag.SUGGEST_REMOVAL).count(), 1)
30 30
return c
31 31 32 +
def testFlagPostNext(self):
33 +
"""
34 +
POST the flag view, explicitly providing a next url.
35 +
"""
36 +
comments = self.createSomeComments()
37 +
pk = comments[0].pk
38 +
self.client.login(username="normaluser", password="normaluser")
39 +
response = self.client.post("/flag/%d/" % pk, {'next': "/go/here/"})
40 +
self.assertEqual(response["Location"],
41 +
"http://testserver/go/here/?c=1")
42 + 43 +
def testFlagPostUnsafeNext(self):
44 +
"""
45 +
POSTing to the flag view with an unsafe next url will ignore the
46 +
provided url when redirecting.
47 +
"""
48 +
comments = self.createSomeComments()
49 +
pk = comments[0].pk
50 +
self.client.login(username="normaluser", password="normaluser")
51 +
response = self.client.post("/flag/%d/" % pk,
52 +
{'next': "http://elsewhere/bad"})
53 +
self.assertEqual(response["Location"],
54 +
"http://testserver/flagged/?c=%d" % pk)
55 + 32 56
def testFlagPostTwice(self):
33 57
"""Users don't get to flag comments more than once."""
34 58
c = self.testFlagPost()
@@ -48,7 +72,7 @@ def testFlagAnon(self):
48 72
def testFlaggedView(self):
49 73
comments = self.createSomeComments()
50 74
pk = comments[0].pk
51 -
response = self.client.get("/flagged/", data={"c":pk})
75 +
response = self.client.get("/flagged/", data={"c": pk})
52 76
self.assertTemplateUsed(response, "comments/flagged.html")
53 77 54 78
def testFlagSignals(self):
@@ -100,6 +124,33 @@ def testDeletePost(self):
100 124
self.assertTrue(c.is_removed)
101 125
self.assertEqual(c.flags.filter(flag=CommentFlag.MODERATOR_DELETION, user__username="normaluser").count(), 1)
102 126 127 +
def testDeletePostNext(self):
128 +
"""
129 +
POSTing the delete view will redirect to an explicitly provided a next
130 +
url.
131 +
"""
132 +
comments = self.createSomeComments()
133 +
pk = comments[0].pk
134 +
makeModerator("normaluser")
135 +
self.client.login(username="normaluser", password="normaluser")
136 +
response = self.client.post("/delete/%d/" % pk, {'next': "/go/here/"})
137 +
self.assertEqual(response["Location"],
138 +
"http://testserver/go/here/?c=1")
139 + 140 +
def testDeletePostUnsafeNext(self):
141 +
"""
142 +
POSTing to the delete view with an unsafe next url will ignore the
143 +
provided url when redirecting.
144 +
"""
145 +
comments = self.createSomeComments()
146 +
pk = comments[0].pk
147 +
makeModerator("normaluser")
148 +
self.client.login(username="normaluser", password="normaluser")
149 +
response = self.client.post("/delete/%d/" % pk,
150 +
{'next': "http://elsewhere/bad"})
151 +
self.assertEqual(response["Location"],
152 +
"http://testserver/deleted/?c=%d" % pk)
153 + 103 154
def testDeleteSignals(self):
104 155
def receive(sender, **kwargs):
105 156
received_signals.append(kwargs.get('signal'))
@@ -115,13 +166,13 @@ def receive(sender, **kwargs):
115 166
def testDeletedView(self):
116 167
comments = self.createSomeComments()
117 168
pk = comments[0].pk
118 -
response = self.client.get("/deleted/", data={"c":pk})
169 +
response = self.client.get("/deleted/", data={"c": pk})
119 170
self.assertTemplateUsed(response, "comments/deleted.html")
120 171 121 172
class ApproveViewTests(CommentTestCase):
122 173 123 174
def testApprovePermissions(self):
124 -
"""The delete view should only be accessible to 'moderators'"""
175 +
"""The approve view should only be accessible to 'moderators'"""
125 176
comments = self.createSomeComments()
126 177
pk = comments[0].pk
127 178
self.client.login(username="normaluser", password="normaluser")
@@ -133,7 +184,7 @@ def testApprovePermissions(self):
133 184
self.assertEqual(response.status_code, 200)
134 185 135 186
def testApprovePost(self):
136 -
"""POSTing the delete view should mark the comment as removed"""
187 +
"""POSTing the approve view should mark the comment as removed"""
137 188
c1, c2, c3, c4 = self.createSomeComments()
138 189
c1.is_public = False; c1.save()
139 190
@@ -145,6 +196,36 @@ def testApprovePost(self):
145 196
self.assertTrue(c.is_public)
146 197
self.assertEqual(c.flags.filter(flag=CommentFlag.MODERATOR_APPROVAL, user__username="normaluser").count(), 1)
147 198 199 +
def testApprovePostNext(self):
200 +
"""
201 +
POSTing the approve view will redirect to an explicitly provided a next
202 +
url.
203 +
"""
204 +
c1, c2, c3, c4 = self.createSomeComments()
205 +
c1.is_public = False; c1.save()
206 + 207 +
makeModerator("normaluser")
208 +
self.client.login(username="normaluser", password="normaluser")
209 +
response = self.client.post("/approve/%d/" % c1.pk,
210 +
{'next': "/go/here/"})
211 +
self.assertEqual(response["Location"],
212 +
"http://testserver/go/here/?c=1")
213 + 214 +
def testApprovePostUnsafeNext(self):
215 +
"""
216 +
POSTing to the approve view with an unsafe next url will ignore the
217 +
provided url when redirecting.
218 +
"""
219 +
c1, c2, c3, c4 = self.createSomeComments()
220 +
c1.is_public = False; c1.save()
221 + 222 +
makeModerator("normaluser")
223 +
self.client.login(username="normaluser", password="normaluser")
224 +
response = self.client.post("/approve/%d/" % c1.pk,
225 +
{'next': "http://elsewhere/bad"})
226 +
self.assertEqual(response["Location"],
227 +
"http://testserver/approved/?c=%d" % c1.pk)
228 + 148 229
def testApproveSignals(self):
149 230
def receive(sender, **kwargs):
150 231
received_signals.append(kwargs.get('signal'))
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4