Fakultas Ilmu Komputer UI
Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
PMPL
Class Project
DIGIPUS
Commits
e8b5462a
Commit
e8b5462a
authored
Oct 14, 2020
by
Dave Nathanael
Browse files
[
#114
] Bugfix: comment can be deleted by non-admin
parent
7b0a06ae
Changes
2
Hide whitespace changes
Inline
Side-by-side
app/tests.py
View file @
e8b5462a
...
...
@@ -466,18 +466,43 @@ class DetailMateriTest(TestCase):
self
.
assertNotContains
(
response
,
"Beri komentar..."
)
self
.
assertContains
(
response
,
"Login terlebih dahulu untuk berkomentar"
)
def
test_delete_comments_by_admin
(
self
):
self
.
client
.
login
(
**
self
.
contributor_credential
)
def
create_and_delete_comment
(
self
,
is_admin
=
False
,
is_contributor
=
False
):
url
=
self
.
url
self
.
client
.
login
(
**
self
.
admin_credential
)
self
.
client
.
post
(
url
,
{
"comment"
:
"This is new comment by Anonymous"
})
deleteURL
=
(
"/delete/"
+
str
(
self
.
materi1
.
id
)
+
"/"
+
str
(
Comment
.
objects
.
get
(
comment
=
"This is new comment by Anonymous"
).
id
)
)
self
.
client
.
get
(
deleteURL
)
self
.
assertEqual
(
Comment
.
objects
.
all
().
filter
(
comment
=
"This is new comment by Anonymous"
).
count
(),
0
)
deleteURL
=
"/delete/"
+
str
(
self
.
materi1
.
id
)
+
"/"
+
str
(
Comment
.
objects
.
get
(
comment
=
"This is new comment by Anonymous"
).
id
)
if
is_admin
:
self
.
client
.
login
(
**
self
.
admin_credential
)
if
is_contributor
:
self
.
client
.
login
(
**
self
.
contributor_credential
)
if
not
is_admin
and
not
is_contributor
:
self
.
client
.
login
(
**
self
.
anonymous_credential
)
response
=
self
.
client
.
get
(
deleteURL
)
return
response
def
test_delete_comments_by_admin
(
self
):
self
.
create_and_delete_comment
(
is_admin
=
True
)
count
=
Comment
.
objects
.
all
().
filter
(
comment
=
"This is new comment by Anonymous"
).
count
()
self
.
assertEqual
(
count
,
0
)
def
test_delete_comments_by_contributor
(
self
):
response
=
self
.
create_and_delete_comment
(
is_contributor
=
True
)
self
.
assertRaises
(
PermissionDenied
)
self
.
assertEqual
(
response
.
status_code
,
403
)
count
=
Comment
.
objects
.
all
().
filter
(
comment
=
"This is new comment by Anonymous"
).
count
()
self
.
assertEqual
(
count
,
1
)
def
test_delete_comments_by_anonymous
(
self
):
response
=
self
.
create_and_delete_comment
()
self
.
assertRaises
(
PermissionDenied
)
self
.
assertEqual
(
response
.
status_code
,
403
)
count
=
Comment
.
objects
.
all
().
filter
(
comment
=
"This is new comment by Anonymous"
).
count
()
self
.
assertEqual
(
count
,
1
)
def
test_tombol_citasiAPA
(
self
):
response
=
self
.
client
.
get
(
self
.
url
)
...
...
app/views.py
View file @
e8b5462a
...
...
@@ -236,6 +236,8 @@ def toggle_like(request):
def
delete_comment
(
request
,
pk_materi
,
pk_comment
):
if
not
request
.
user
.
is_authenticated
or
not
request
.
user
.
is_admin
:
raise
PermissionDenied
(
request
)
comment
=
get_object_or_404
(
Comment
,
pk
=
pk_comment
)
url
=
"/materi/"
+
str
(
pk_materi
)
+
"/"
comment
.
delete
()
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment