Fakultas Ilmu Komputer UI

Commit 61ce89fb authored by Dave Nathanael's avatar Dave Nathanael
Browse files

Merge branch '1706040076-114' into 'master'

[#114] Bugfix: comment can be deleted by non-admin

Closes #114

See merge request !32
parents 7b0a06ae e8b5462a
Pipeline #58844 passed with stages
in 20 minutes and 53 seconds
...@@ -466,18 +466,43 @@ class DetailMateriTest(TestCase): ...@@ -466,18 +466,43 @@ class DetailMateriTest(TestCase):
self.assertNotContains(response, "Beri komentar...") self.assertNotContains(response, "Beri komentar...")
self.assertContains(response, "Login terlebih dahulu untuk berkomentar") self.assertContains(response, "Login terlebih dahulu untuk berkomentar")
def test_delete_comments_by_admin(self): def create_and_delete_comment(self, is_admin=False, is_contributor=False):
self.client.login(**self.contributor_credential)
url = self.url url = self.url
self.client.login(**self.admin_credential)
self.client.post(url, {"comment": "This is new comment by Anonymous"}) self.client.post(url, {"comment": "This is new comment by Anonymous"})
deleteURL = ( deleteURL = "/delete/" + str(self.materi1.id) + "/" + str(
"/delete/" Comment.objects.get(comment="This is new comment by Anonymous").id)
+ str(self.materi1.id) if is_admin:
+ "/" self.client.login(**self.admin_credential)
+ str(Comment.objects.get(comment="This is new comment by Anonymous").id) if is_contributor:
) self.client.login(**self.contributor_credential)
self.client.get(deleteURL) if not is_admin and not is_contributor:
self.assertEqual(Comment.objects.all().filter(comment="This is new comment by Anonymous").count(), 0) self.client.login(**self.anonymous_credential)
response = self.client.get(deleteURL)
return response
def test_delete_comments_by_admin(self):
self.create_and_delete_comment(is_admin=True)
count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count()
self.assertEqual(count, 0)
def test_delete_comments_by_contributor(self):
response = self.create_and_delete_comment(is_contributor=True)
self.assertRaises(PermissionDenied)
self.assertEqual(response.status_code, 403)
count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count()
self.assertEqual(count, 1)
def test_delete_comments_by_anonymous(self):
response = self.create_and_delete_comment()
self.assertRaises(PermissionDenied)
self.assertEqual(response.status_code, 403)
count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count()
self.assertEqual(count, 1)
def test_tombol_citasiAPA(self): def test_tombol_citasiAPA(self):
response = self.client.get(self.url) response = self.client.get(self.url)
......
...@@ -236,6 +236,8 @@ def toggle_like(request): ...@@ -236,6 +236,8 @@ def toggle_like(request):
def delete_comment(request, pk_materi, pk_comment): def delete_comment(request, pk_materi, pk_comment):
if not request.user.is_authenticated or not request.user.is_admin:
raise PermissionDenied(request)
comment = get_object_or_404(Comment, pk=pk_comment) comment = get_object_or_404(Comment, pk=pk_comment)
url = "/materi/" + str(pk_materi) + "/" url = "/materi/" + str(pk_materi) + "/"
comment.delete() comment.delete()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment