Implemented full range of permissions tests for viewing articles (#21).

2buntu · Sep 2, 2014 · 2ced23a · 2ced23a
1 parent 69c80c5
commit 2ced23a
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 25 deletions.
diff --git a/twobuntu/articles/tests.py b/twobuntu/articles/tests.py
@@ -1,8 +1,11 @@
-from django.contrib.auth.models import User
-from django.test import Client, TestCase
+from django.contrib.auth.models import AnonymousUser, User
+from django.http import Http404
+from django.test import TestCase
+from django.test.client import RequestFactory
 from django.utils.timezone import now
 
 from twobuntu.articles.models import Article
+from twobuntu.articles.views import view as view_article
 from twobuntu.categories.models import Category
 
 
@@ -12,31 +15,52 @@ class TestArticlePermission(TestCase):
     """
 
     def setUp(self):
+        # Create the request factory
+        self.factory = RequestFactory()
         # Create three users - two normal users and an admin (staff)
-        self.ordinary_user1 = User.objects.create_user('ordinary1', 'ordinary1@example.com', 'ordinary1')
-        self.ordinary_user2 = User.objects.create_user('ordinary2', 'ordinary1@example.com', 'ordinary2')
-        self.administrator = User.objects.create_user('admin', '[email protected]', 'admin')
-        self.administrator.is_staff = True
-        self.administrator.save()
+        self.user1 = User.objects.create_user('user1', 'user1@example.com', 'user1')
+        self.user2 = User.objects.create_user('user2', 'user1@example.com', 'user2')
+        self.admin = User.objects.create_user('admin', '[email protected]', 'admin')
+        self.admin.is_staff = True
+        self.admin.save()
         # Create a dummy category for the articles
         self.category = Category(name='Test')
         self.category.save()
-        # Create articles in various stages of completion
-        self.draft_article = self.create_article()
-        self.unapproved_article = self.create_article(status=Article.UNAPPROVED)
-        self.published_article = self.create_article(status=Article.PUBLISHED)
-
-    def create_article(self, **kwargs):
-        article = Article(author=self.ordinary_user1, category=self.category, title='Test', body='Test', date=now(), **kwargs)
-        article.save()
-        return article
-
-    def create_request(self, article, username=None):
-        client = Client()
-        if username:
-            client.login(username=username, password=username)
-        return client.get(article.get_absolute_url())
+        # Create a dummy article for testing
+        self.article = Article(author=self.user1, category=self.category, title='Test', body='Test', date=now())
+
+    def request(self, article, user):
+        request = self.factory.get(article.get_absolute_url())
+        request.user = user
+        return view_article(request, article.id)
+
+    def check_permission(self, user, access):
+        if access:
+            self.assertEqual(self.request(self.article, user).status_code, 200)
+        else:
+            with self.assertRaises(Http404):
+                self.request(self.article, user)
 
     def test_access_to_draft_article(self):
-        response = self.create_request(self.draft_article)
-        self.assertEqual(response.status_code, 404)
+        self.article.status = Article.DRAFT
+        self.article.save()
+        self.check_permission(AnonymousUser(), False)
+        self.check_permission(self.user1, True)
+        self.check_permission(self.user2, False)
+        self.check_permission(self.admin, True)
+
+    def test_access_to_unapproved_article(self):
+        self.article.status = Article.UNAPPROVED
+        self.article.save()
+        self.check_permission(AnonymousUser(), False)
+        self.check_permission(self.user1, True)
+        self.check_permission(self.user2, False)
+        self.check_permission(self.admin, True)
+
+    def test_access_to_published_article(self):
+        self.article.status = Article.PUBLISHED
+        self.article.save()
+        self.check_permission(AnonymousUser(), True)
+        self.check_permission(self.user1, True)
+        self.check_permission(self.user2, True)
+        self.check_permission(self.admin, True)
diff --git a/twobuntu/decorators.py b/twobuntu/decorators.py
@@ -6,7 +6,7 @@ def canonical(model):
     Enforce a canonical URL for a resource.
     """
     def outer(view):
-        def inner(request, id, slug):
+        def inner(request, id, slug=''):
             instance = get_object_or_404(model, pk=id)
             if not request.path == instance.get_absolute_url():
                 return redirect(instance, permanent=True)