From 2e4c550d57ed8ee7f1e6446e71dc719ecce81ccd Mon Sep 17 00:00:00 2001 From: Dave Nathanael Date: Fri, 9 Oct 2020 19:08:18 +0700 Subject: [PATCH 1/6] refactor: extract comment creation and deletion on test --- app/tests.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/tests.py b/app/tests.py index 69dc1d1..1c01495 100644 --- a/app/tests.py +++ b/app/tests.py @@ -242,14 +242,17 @@ class DetailMateriTest(TestCase): response = self.client.get(self.url) self.assertContains(response, "Beri komentar...") - def test_delete_comments_by_admin(self): + def create_and_delete_comment(self, comment): url = self.url self.client.post(url, {"comment": "This is new comment by Anonymous"}) deleteURL = "/delete/" + str(self.materi1.id) + "/" + str( Comment.objects.get(comment="This is new comment by Anonymous").id) self.client.get(deleteURL) - self.assertEqual(Comment.objects.all().filter( - comment="This is new comment by Anonymous").count(), 0) + + def test_delete_comments_by_admin(self): + self.create_and_delete_comment("This is new comment by Anonymous") + count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count() + self.assertEqual(count, 0) def test_tombol_citasiAPA(self): response = self.client.get(self.url) -- GitLab From cd929b6999f99ea22f06f676ac00b92fdea4b624 Mon Sep 17 00:00:00 2001 From: Dave Nathanael Date: Fri, 9 Oct 2020 19:11:14 +0700 Subject: [PATCH 2/6] test: add admin and contributor login before deleting comment --- app/tests.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/tests.py b/app/tests.py index 1c01495..c3cea82 100644 --- a/app/tests.py +++ b/app/tests.py @@ -242,11 +242,15 @@ class DetailMateriTest(TestCase): response = self.client.get(self.url) self.assertContains(response, "Beri komentar...") - def create_and_delete_comment(self, comment): + def create_and_delete_comment(self, is_admin, is_contributor): url = self.url self.client.post(url, {"comment": "This is new comment by Anonymous"}) deleteURL = "/delete/" + str(self.materi1.id) + "/" + str( Comment.objects.get(comment="This is new comment by Anonymous").id) + if is_admin: + self.client.login(**self.admin_credential) + if is_contributor: + self.client.login(**self.contributor_credential) self.client.get(deleteURL) def test_delete_comments_by_admin(self): -- GitLab From 37883c3055c4548c69a116ad26c8d811e8e86f99 Mon Sep 17 00:00:00 2001 From: Dave Nathanael Date: Fri, 9 Oct 2020 19:13:15 +0700 Subject: [PATCH 3/6] test: add delete comment test by contributor and guest --- app/tests.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/app/tests.py b/app/tests.py index c3cea82..59762be 100644 --- a/app/tests.py +++ b/app/tests.py @@ -254,10 +254,28 @@ class DetailMateriTest(TestCase): self.client.get(deleteURL) def test_delete_comments_by_admin(self): - self.create_and_delete_comment("This is new comment by Anonymous") + self.create_and_delete_comment(is_admin=True) count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count() self.assertEqual(count, 0) + def test_delete_comments_by_contributor(self): + self.create_and_delete_comment(is_contributor=True) + + self.assertRaises(PermissionDenied) + self.assertEqual(response.status_code, 403) + + count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count() + self.assertEqual(count, 1) + + def test_delete_comments_by_anonymous(self): + self.create_and_delete_comment() + + self.assertRaises(PermissionDenied) + self.assertEqual(response.status_code, 403) + + count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count() + self.assertEqual(count, 1) + def test_tombol_citasiAPA(self): response = self.client.get(self.url) self.assertContains(response, 'Citate APA') -- GitLab From aef3199a37232af25ba2d4584bf5a6346d7d356f Mon Sep 17 00:00:00 2001 From: Dave Nathanael Date: Fri, 9 Oct 2020 19:28:55 +0700 Subject: [PATCH 4/6] test: return response on create_and_delete_comment --- app/tests.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/tests.py b/app/tests.py index 59762be..9466958 100644 --- a/app/tests.py +++ b/app/tests.py @@ -242,7 +242,7 @@ class DetailMateriTest(TestCase): response = self.client.get(self.url) self.assertContains(response, "Beri komentar...") - def create_and_delete_comment(self, is_admin, is_contributor): + def create_and_delete_comment(self, is_admin=False, is_contributor=False): url = self.url self.client.post(url, {"comment": "This is new comment by Anonymous"}) deleteURL = "/delete/" + str(self.materi1.id) + "/" + str( @@ -251,7 +251,8 @@ class DetailMateriTest(TestCase): self.client.login(**self.admin_credential) if is_contributor: self.client.login(**self.contributor_credential) - self.client.get(deleteURL) + response = self.client.get(deleteURL) + return response def test_delete_comments_by_admin(self): self.create_and_delete_comment(is_admin=True) @@ -259,7 +260,7 @@ class DetailMateriTest(TestCase): self.assertEqual(count, 0) def test_delete_comments_by_contributor(self): - self.create_and_delete_comment(is_contributor=True) + response = self.create_and_delete_comment(is_contributor=True) self.assertRaises(PermissionDenied) self.assertEqual(response.status_code, 403) @@ -268,11 +269,11 @@ class DetailMateriTest(TestCase): self.assertEqual(count, 1) def test_delete_comments_by_anonymous(self): - self.create_and_delete_comment() + response = self.create_and_delete_comment() self.assertRaises(PermissionDenied) self.assertEqual(response.status_code, 403) - + count = Comment.objects.all().filter(comment="This is new comment by Anonymous").count() self.assertEqual(count, 1) -- GitLab From f297d7c748662e5818fae3818f24c3654fe47d7e Mon Sep 17 00:00:00 2001 From: Dave Nathanael Date: Fri, 9 Oct 2020 19:29:16 +0700 Subject: [PATCH 5/6] feat: add check on comment deletion to require admin --- app/views.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/views.py b/app/views.py index 90ab458..8a9e809 100644 --- a/app/views.py +++ b/app/views.py @@ -206,6 +206,8 @@ def toggle_like(request): def delete_comment(request, pk_materi, pk_comment): + if not request.user.is_authenticated or not request.user.is_admin: + raise PermissionDenied(request) comment = get_object_or_404(Comment, pk=pk_comment) url = '/materi/' + str(pk_materi) + "/" comment.delete() -- GitLab From 47abb5bf7cb0f798879222e754ddb9ed9e2ff033 Mon Sep 17 00:00:00 2001 From: Dave Nathanael Date: Wed, 14 Oct 2020 20:56:23 +0700 Subject: [PATCH 6/6] Fix test to adjust changes from other classmember --- app/tests.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/tests.py b/app/tests.py index d72ba82..6f040bd 100644 --- a/app/tests.py +++ b/app/tests.py @@ -468,6 +468,7 @@ class DetailMateriTest(TestCase): def create_and_delete_comment(self, is_admin=False, is_contributor=False): url = self.url + self.client.login(**self.admin_credential) self.client.post(url, {"comment": "This is new comment by Anonymous"}) deleteURL = "/delete/" + str(self.materi1.id) + "/" + str( Comment.objects.get(comment="This is new comment by Anonymous").id) @@ -475,6 +476,8 @@ class DetailMateriTest(TestCase): self.client.login(**self.admin_credential) if is_contributor: self.client.login(**self.contributor_credential) + if not is_admin and not is_contributor: + self.client.login(**self.anonymous_credential) response = self.client.get(deleteURL) return response -- GitLab