✨(backend) implement thread and reactions API
In order to use comment we also have to implement a thread and reactions API. A thread has multiple comments and comments can have multiple reactions.
This commit is contained in:
Anthony LC
@@ -293,7 +293,7 @@ def test_api_document_accesses_retrieve_set_role_to_child():
|
||||
}
|
||||
assert result_dict[str(document_access_other_user.id)] == [
|
||||
"reader",
|
||||
"commentator",
|
||||
"commenter",
|
||||
"editor",
|
||||
"administrator",
|
||||
"owner",
|
||||
@@ -302,7 +302,7 @@ def test_api_document_accesses_retrieve_set_role_to_child():
|
||||
|
||||
# Add an access for the other user on the parent
|
||||
parent_access_other_user = factories.UserDocumentAccessFactory(
|
||||
document=parent, user=other_user, role="commentator"
|
||||
document=parent, user=other_user, role="commenter"
|
||||
)
|
||||
|
||||
response = client.get(f"/api/v1.0/documents/{document.id!s}/accesses/")
|
||||
@@ -315,7 +315,7 @@ def test_api_document_accesses_retrieve_set_role_to_child():
|
||||
result["id"]: result["abilities"]["set_role_to"] for result in content
|
||||
}
|
||||
assert result_dict[str(document_access_other_user.id)] == [
|
||||
"commentator",
|
||||
"commenter",
|
||||
"editor",
|
||||
"administrator",
|
||||
"owner",
|
||||
@@ -323,7 +323,7 @@ def test_api_document_accesses_retrieve_set_role_to_child():
|
||||
assert result_dict[str(parent_access.id)] == []
|
||||
assert result_dict[str(parent_access_other_user.id)] == [
|
||||
"reader",
|
||||
"commentator",
|
||||
"commenter",
|
||||
"editor",
|
||||
"administrator",
|
||||
"owner",
|
||||
@@ -336,28 +336,28 @@ def test_api_document_accesses_retrieve_set_role_to_child():
|
||||
[
|
||||
["administrator", "reader", "reader", "reader"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
],
|
||||
],
|
||||
[
|
||||
["owner", "reader", "reader", "reader"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
],
|
||||
],
|
||||
[
|
||||
["owner", "reader", "reader", "owner"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
],
|
||||
],
|
||||
],
|
||||
@@ -418,44 +418,44 @@ def test_api_document_accesses_list_authenticated_related_same_user(roles, resul
|
||||
[
|
||||
["administrator", "reader", "reader", "reader"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
],
|
||||
],
|
||||
[
|
||||
["owner", "reader", "reader", "reader"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
],
|
||||
],
|
||||
[
|
||||
["owner", "reader", "reader", "owner"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
],
|
||||
],
|
||||
[
|
||||
["reader", "reader", "reader", "owner"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
[],
|
||||
[],
|
||||
["reader", "commentator", "editor", "administrator", "owner"],
|
||||
["reader", "commenter", "editor", "administrator", "owner"],
|
||||
],
|
||||
],
|
||||
[
|
||||
["reader", "administrator", "reader", "editor"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
[],
|
||||
[],
|
||||
],
|
||||
@@ -463,7 +463,7 @@ def test_api_document_accesses_list_authenticated_related_same_user(roles, resul
|
||||
[
|
||||
["editor", "editor", "administrator", "editor"],
|
||||
[
|
||||
["reader", "commentator", "editor", "administrator"],
|
||||
["reader", "commenter", "editor", "administrator"],
|
||||
[],
|
||||
["editor", "administrator"],
|
||||
[],
|
||||
|
||||
@@ -360,6 +360,7 @@ def test_api_documents_ask_for_access_list_owner_or_admin(role):
|
||||
|
||||
expected_set_role_to = [
|
||||
RoleChoices.READER,
|
||||
RoleChoices.COMMENTER,
|
||||
RoleChoices.EDITOR,
|
||||
RoleChoices.ADMIN,
|
||||
]
|
||||
@@ -480,6 +481,7 @@ def test_api_documents_ask_for_access_retrieve_owner_or_admin(role):
|
||||
assert response.status_code == 200
|
||||
expected_set_role_to = [
|
||||
RoleChoices.READER,
|
||||
RoleChoices.COMMENTER,
|
||||
RoleChoices.EDITOR,
|
||||
RoleChoices.ADMIN,
|
||||
]
|
||||
|
||||
@@ -17,42 +17,45 @@ pytestmark = pytest.mark.django_db
|
||||
def test_list_comments_anonymous_user_public_document():
|
||||
"""Anonymous users should be allowed to list comments on a public document."""
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
comment1, comment2 = factories.CommentFactory.create_batch(2, document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment1, comment2 = factories.CommentFactory.create_batch(2, thread=thread)
|
||||
# other comments not linked to the document
|
||||
factories.CommentFactory.create_batch(2)
|
||||
|
||||
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/comments/")
|
||||
response = APIClient().get(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/"
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert response.json() == {
|
||||
"count": 2,
|
||||
"next": None,
|
||||
"previous": None,
|
||||
"results": [
|
||||
{
|
||||
"id": str(comment2.id),
|
||||
"content": comment2.content,
|
||||
"created_at": comment2.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment2.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment2.user.full_name,
|
||||
"short_name": comment2.user.short_name,
|
||||
},
|
||||
"document": str(comment2.document.id),
|
||||
"abilities": comment2.get_abilities(AnonymousUser()),
|
||||
},
|
||||
{
|
||||
"id": str(comment1.id),
|
||||
"content": comment1.content,
|
||||
"body": comment1.body,
|
||||
"created_at": comment1.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment1.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment1.user.full_name,
|
||||
"short_name": comment1.user.short_name,
|
||||
},
|
||||
"document": str(comment1.document.id),
|
||||
"abilities": comment1.get_abilities(AnonymousUser()),
|
||||
"reactions": [],
|
||||
},
|
||||
{
|
||||
"id": str(comment2.id),
|
||||
"body": comment2.body,
|
||||
"created_at": comment2.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment2.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment2.user.full_name,
|
||||
"short_name": comment2.user.short_name,
|
||||
},
|
||||
"abilities": comment2.get_abilities(AnonymousUser()),
|
||||
"reactions": [],
|
||||
},
|
||||
],
|
||||
}
|
||||
@@ -62,13 +65,16 @@ def test_list_comments_anonymous_user_public_document():
|
||||
def test_list_comments_anonymous_user_non_public_document(link_reach):
|
||||
"""Anonymous users should not be allowed to list comments on a non-public document."""
|
||||
document = factories.DocumentFactory(
|
||||
link_reach=link_reach, link_role=models.LinkRoleChoices.COMMENTATOR
|
||||
link_reach=link_reach, link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
factories.CommentFactory(thread=thread)
|
||||
# other comments not linked to the document
|
||||
factories.CommentFactory.create_batch(2)
|
||||
|
||||
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/comments/")
|
||||
response = APIClient().get(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/"
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
@@ -76,46 +82,49 @@ def test_list_comments_authenticated_user_accessible_document():
|
||||
"""Authenticated users should be allowed to list comments on an accessible document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTER)]
|
||||
)
|
||||
comment1 = factories.CommentFactory(document=document)
|
||||
comment2 = factories.CommentFactory(document=document, user=user)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment1 = factories.CommentFactory(thread=thread)
|
||||
comment2 = factories.CommentFactory(thread=thread, user=user)
|
||||
# other comments not linked to the document
|
||||
factories.CommentFactory.create_batch(2)
|
||||
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
|
||||
response = client.get(f"/api/v1.0/documents/{document.id!s}/comments/")
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/"
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert response.json() == {
|
||||
"count": 2,
|
||||
"next": None,
|
||||
"previous": None,
|
||||
"results": [
|
||||
{
|
||||
"id": str(comment2.id),
|
||||
"content": comment2.content,
|
||||
"created_at": comment2.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment2.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment2.user.full_name,
|
||||
"short_name": comment2.user.short_name,
|
||||
},
|
||||
"document": str(comment2.document.id),
|
||||
"abilities": comment2.get_abilities(user),
|
||||
},
|
||||
{
|
||||
"id": str(comment1.id),
|
||||
"content": comment1.content,
|
||||
"body": comment1.body,
|
||||
"created_at": comment1.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment1.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment1.user.full_name,
|
||||
"short_name": comment1.user.short_name,
|
||||
},
|
||||
"document": str(comment1.document.id),
|
||||
"abilities": comment1.get_abilities(user),
|
||||
"reactions": [],
|
||||
},
|
||||
{
|
||||
"id": str(comment2.id),
|
||||
"body": comment2.body,
|
||||
"created_at": comment2.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment2.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment2.user.full_name,
|
||||
"short_name": comment2.user.short_name,
|
||||
},
|
||||
"abilities": comment2.get_abilities(user),
|
||||
"reactions": [],
|
||||
},
|
||||
],
|
||||
}
|
||||
@@ -125,14 +134,17 @@ def test_list_comments_authenticated_user_non_accessible_document():
|
||||
"""Authenticated users should not be allowed to list comments on a non-accessible document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(link_reach="restricted")
|
||||
factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
factories.CommentFactory(thread=thread)
|
||||
# other comments not linked to the document
|
||||
factories.CommentFactory.create_batch(2)
|
||||
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
|
||||
response = client.get(f"/api/v1.0/documents/{document.id!s}/comments/")
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/"
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
@@ -145,14 +157,17 @@ def test_list_comments_authenticated_user_not_enough_access():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
|
||||
)
|
||||
factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
factories.CommentFactory(thread=thread)
|
||||
# other comments not linked to the document
|
||||
factories.CommentFactory.create_batch(2)
|
||||
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
|
||||
response = client.get(f"/api/v1.0/documents/{document.id!s}/comments/")
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/"
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
@@ -160,30 +175,35 @@ def test_list_comments_authenticated_user_not_enough_access():
|
||||
|
||||
|
||||
def test_create_comment_anonymous_user_public_document():
|
||||
"""Anonymous users should not be allowed to create comments on a public document."""
|
||||
"""
|
||||
Anonymous users should be allowed to create comments on a public document
|
||||
with commenter link_role.
|
||||
"""
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
client = APIClient()
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/",
|
||||
{"body": "test"},
|
||||
)
|
||||
|
||||
assert response.status_code == 201
|
||||
|
||||
assert response.json() == {
|
||||
"id": str(response.json()["id"]),
|
||||
"content": "test",
|
||||
"body": "test",
|
||||
"created_at": response.json()["created_at"],
|
||||
"updated_at": response.json()["updated_at"],
|
||||
"user": None,
|
||||
"document": str(document.id),
|
||||
"abilities": {
|
||||
"destroy": False,
|
||||
"update": False,
|
||||
"partial_update": False,
|
||||
"reactions": False,
|
||||
"retrieve": True,
|
||||
},
|
||||
"reactions": [],
|
||||
}
|
||||
|
||||
|
||||
@@ -192,9 +212,11 @@ def test_create_comment_anonymous_user_non_accessible_document():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
client = APIClient()
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/",
|
||||
{"body": "test"},
|
||||
)
|
||||
|
||||
assert response.status_code == 401
|
||||
@@ -204,31 +226,34 @@ def test_create_comment_authenticated_user_accessible_document():
|
||||
"""Authenticated users should be allowed to create comments on an accessible document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTER)]
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/",
|
||||
{"body": "test"},
|
||||
)
|
||||
assert response.status_code == 201
|
||||
|
||||
assert response.json() == {
|
||||
"id": str(response.json()["id"]),
|
||||
"content": "test",
|
||||
"body": "test",
|
||||
"created_at": response.json()["created_at"],
|
||||
"updated_at": response.json()["updated_at"],
|
||||
"user": {
|
||||
"full_name": user.full_name,
|
||||
"short_name": user.short_name,
|
||||
},
|
||||
"document": str(document.id),
|
||||
"abilities": {
|
||||
"destroy": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
},
|
||||
"reactions": [],
|
||||
}
|
||||
|
||||
|
||||
@@ -241,10 +266,12 @@ def test_create_comment_authenticated_user_not_enough_access():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/", {"content": "test"}
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/",
|
||||
{"body": "test"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
@@ -255,24 +282,25 @@ def test_create_comment_authenticated_user_not_enough_access():
|
||||
def test_retrieve_comment_anonymous_user_public_document():
|
||||
"""Anonymous users should be allowed to retrieve comments on a public document."""
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert response.json() == {
|
||||
"id": str(comment.id),
|
||||
"content": comment.content,
|
||||
"body": comment.body,
|
||||
"created_at": comment.created_at.isoformat().replace("+00:00", "Z"),
|
||||
"updated_at": comment.updated_at.isoformat().replace("+00:00", "Z"),
|
||||
"user": {
|
||||
"full_name": comment.user.full_name,
|
||||
"short_name": comment.user.short_name,
|
||||
},
|
||||
"document": str(comment.document.id),
|
||||
"reactions": [],
|
||||
"abilities": comment.get_abilities(AnonymousUser()),
|
||||
}
|
||||
|
||||
@@ -282,10 +310,11 @@ def test_retrieve_comment_anonymous_user_non_accessible_document():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
@@ -294,13 +323,14 @@ def test_retrieve_comment_authenticated_user_accessible_document():
|
||||
"""Authenticated users should be allowed to retrieve comments on an accessible document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 200
|
||||
|
||||
@@ -314,11 +344,12 @@ def test_retrieve_comment_authenticated_user_not_enough_access():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.get(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
@@ -329,13 +360,14 @@ def test_retrieve_comment_authenticated_user_not_enough_access():
|
||||
def test_update_comment_anonymous_user_public_document():
|
||||
"""Anonymous users should not be allowed to update comments on a public document."""
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, content="test")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test")
|
||||
client = APIClient()
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
@@ -345,11 +377,12 @@ def test_update_comment_anonymous_user_non_accessible_document():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, content="test")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test")
|
||||
client = APIClient()
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
@@ -363,17 +396,18 @@ def test_update_comment_authenticated_user_accessible_document():
|
||||
(
|
||||
user,
|
||||
random.choice(
|
||||
[models.LinkRoleChoices.COMMENTATOR, models.LinkRoleChoices.EDITOR]
|
||||
[models.LinkRoleChoices.COMMENTER, models.LinkRoleChoices.EDITOR]
|
||||
),
|
||||
)
|
||||
],
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, content="test")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test")
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
@@ -387,22 +421,23 @@ def test_update_comment_authenticated_user_own_comment():
|
||||
(
|
||||
user,
|
||||
random.choice(
|
||||
[models.LinkRoleChoices.COMMENTATOR, models.LinkRoleChoices.EDITOR]
|
||||
[models.LinkRoleChoices.COMMENTER, models.LinkRoleChoices.EDITOR]
|
||||
),
|
||||
)
|
||||
],
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, content="test", user=user)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test", user=user)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 200
|
||||
|
||||
comment.refresh_from_db()
|
||||
assert comment.content == "other content"
|
||||
assert comment.body == "other content"
|
||||
|
||||
|
||||
def test_update_comment_authenticated_user_not_enough_access():
|
||||
@@ -414,12 +449,13 @@ def test_update_comment_authenticated_user_not_enough_access():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, content="test")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test")
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
@@ -431,12 +467,13 @@ def test_update_comment_authenticated_no_access():
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(link_reach="restricted")
|
||||
comment = factories.CommentFactory(document=document, content="test")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test")
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
@@ -448,18 +485,19 @@ def test_update_comment_authenticated_admin_or_owner_can_update_any_comment(role
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, role)])
|
||||
comment = factories.CommentFactory(document=document, content="test")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test")
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 200
|
||||
|
||||
comment.refresh_from_db()
|
||||
assert comment.content == "other content"
|
||||
assert comment.body == "other content"
|
||||
|
||||
|
||||
@pytest.mark.parametrize("role", [models.RoleChoices.ADMIN, models.RoleChoices.OWNER])
|
||||
@@ -469,18 +507,19 @@ def test_update_comment_authenticated_admin_or_owner_can_update_own_comment(role
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, role)])
|
||||
comment = factories.CommentFactory(document=document, content="test", user=user)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, body="test", user=user)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
|
||||
response = client.put(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/",
|
||||
{"content": "other content"},
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/",
|
||||
{"body": "other content"},
|
||||
)
|
||||
assert response.status_code == 200
|
||||
|
||||
comment.refresh_from_db()
|
||||
assert comment.content == "other content"
|
||||
assert comment.body == "other content"
|
||||
|
||||
|
||||
# Delete comment
|
||||
@@ -489,12 +528,13 @@ def test_update_comment_authenticated_admin_or_owner_can_update_own_comment(role
|
||||
def test_delete_comment_anonymous_user_public_document():
|
||||
"""Anonymous users should not be allowed to delete comments on a public document."""
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTATOR
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
@@ -504,10 +544,11 @@ def test_delete_comment_anonymous_user_non_accessible_document():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
@@ -516,13 +557,14 @@ def test_delete_comment_authenticated_user_accessible_document_own_comment():
|
||||
"""Authenticated users should be able to delete comments on an accessible document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, user=user)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, user=user)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 204
|
||||
|
||||
@@ -531,13 +573,14 @@ def test_delete_comment_authenticated_user_accessible_document_not_own_comment()
|
||||
"""Authenticated users should not be able to delete comments on an accessible document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTATOR)]
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.COMMENTER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
@@ -547,11 +590,12 @@ def test_delete_comment_authenticated_user_admin_or_owner_can_delete_any_comment
|
||||
"""Authenticated users should be able to delete comments on a document they have access to."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, role)])
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 204
|
||||
|
||||
@@ -561,11 +605,12 @@ def test_delete_comment_authenticated_user_admin_or_owner_can_delete_own_comment
|
||||
"""Authenticated users should be able to delete comments on a document they have access to."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, role)])
|
||||
comment = factories.CommentFactory(document=document, user=user)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread, user=user)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 204
|
||||
|
||||
@@ -579,10 +624,255 @@ def test_delete_comment_authenticated_user_not_enough_access():
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.LinkRoleChoices.READER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/comments/{comment.id!s}/"
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/comments/{comment.id!s}/"
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
# Create reaction
|
||||
|
||||
|
||||
@pytest.mark.parametrize("link_role", models.LinkRoleChoices.values)
|
||||
def test_create_reaction_anonymous_user_public_document(link_role):
|
||||
"""No matter the link_role, an anonymous user can not react to a comment."""
|
||||
|
||||
document = factories.DocumentFactory(link_reach="public", link_role=link_role)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
def test_create_reaction_authenticated_user_public_document():
|
||||
"""
|
||||
Authenticated users should not be able to reaction to a comment on a public document with
|
||||
link_role reader.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
def test_create_reaction_authenticated_user_accessible_public_document():
|
||||
"""
|
||||
Authenticated users should be able to react to a comment on a public document.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="public", link_role=models.LinkRoleChoices.COMMENTER
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 201
|
||||
|
||||
assert models.Reaction.objects.filter(
|
||||
comment=comment, emoji="test", users__in=[user]
|
||||
).exists()
|
||||
|
||||
|
||||
def test_create_reaction_authenticated_user_connected_document_link_role_reader():
|
||||
"""
|
||||
Authenticated users should not be able to react to a comment on a connected document
|
||||
with link_role reader.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="authenticated", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"link_role",
|
||||
[
|
||||
role
|
||||
for role in models.LinkRoleChoices.values
|
||||
if role != models.LinkRoleChoices.READER
|
||||
],
|
||||
)
|
||||
def test_create_reaction_authenticated_user_connected_document(link_role):
|
||||
"""
|
||||
Authenticated users should be able to react to a comment on a connected document.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="authenticated", link_role=link_role
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 201
|
||||
|
||||
assert models.Reaction.objects.filter(
|
||||
comment=comment, emoji="test", users__in=[user]
|
||||
).exists()
|
||||
|
||||
|
||||
def test_create_reaction_authenticated_user_restricted_accessible_document():
|
||||
"""
|
||||
Authenticated users should not be able to react to a comment on a restricted accessible document
|
||||
they don't have access to.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(link_reach="restricted")
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
def test_create_reaction_authenticated_user_restricted_accessible_document_role_reader():
|
||||
"""
|
||||
Authenticated users should not be able to react to a comment on a restricted accessible
|
||||
document with role reader.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", link_role=models.LinkRoleChoices.READER
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"role",
|
||||
[role for role in models.RoleChoices.values if role != models.RoleChoices.READER],
|
||||
)
|
||||
def test_create_reaction_authenticated_user_restricted_accessible_document_role_commenter(
|
||||
role,
|
||||
):
|
||||
"""
|
||||
Authenticated users should be able to react to a comment on a restricted accessible document
|
||||
with role commenter.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(link_reach="restricted", users=[(user, role)])
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 201
|
||||
|
||||
assert models.Reaction.objects.filter(
|
||||
comment=comment, emoji="test", users__in=[user]
|
||||
).exists()
|
||||
|
||||
response = client.post(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": "test"},
|
||||
)
|
||||
assert response.status_code == 400
|
||||
assert response.json() == {"user_already_reacted": True}
|
||||
|
||||
|
||||
# Delete reaction
|
||||
|
||||
|
||||
def test_delete_reaction_not_owned_by_the_current_user():
|
||||
"""
|
||||
Users should not be able to delete reactions not owned by the current user.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.RoleChoices.ADMIN)]
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
reaction = factories.ReactionFactory(comment=comment)
|
||||
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": reaction.emoji},
|
||||
)
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_delete_reaction_owned_by_the_current_user():
|
||||
"""
|
||||
Users should not be able to delete reactions not owned by the current user.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_reach="restricted", users=[(user, models.RoleChoices.ADMIN)]
|
||||
)
|
||||
thread = factories.ThreadFactory(document=document)
|
||||
comment = factories.CommentFactory(thread=thread)
|
||||
reaction = factories.ReactionFactory(comment=comment)
|
||||
|
||||
client = APIClient()
|
||||
client.force_login(user)
|
||||
response = client.delete(
|
||||
f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/"
|
||||
f"comments/{comment.id!s}/reactions/",
|
||||
{"emoji": reaction.emoji},
|
||||
)
|
||||
assert response.status_code == 404
|
||||
|
||||
reaction.refresh_from_db()
|
||||
assert reaction.users.exists()
|
||||
|
||||
@@ -36,7 +36,7 @@ def test_api_documents_retrieve_anonymous_public_standalone():
|
||||
"children_create": False,
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": document.link_role in ["commentator", "editor"],
|
||||
"comment": document.link_role in ["commenter", "editor"],
|
||||
"cors_proxy": True,
|
||||
"content": True,
|
||||
"descendants": True,
|
||||
@@ -47,8 +47,8 @@ def test_api_documents_retrieve_anonymous_public_standalone():
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": False,
|
||||
@@ -114,7 +114,7 @@ def test_api_documents_retrieve_anonymous_public_parent():
|
||||
"children_create": False,
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": grand_parent.link_role in ["commentator", "editor"],
|
||||
"comment": grand_parent.link_role in ["commenter", "editor"],
|
||||
"descendants": True,
|
||||
"cors_proxy": True,
|
||||
"content": True,
|
||||
@@ -222,7 +222,7 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
|
||||
"children_create": document.link_role == "editor",
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": document.link_role in ["commentator", "editor"],
|
||||
"comment": document.link_role in ["commenter", "editor"],
|
||||
"descendants": True,
|
||||
"cors_proxy": True,
|
||||
"content": True,
|
||||
@@ -232,8 +232,8 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -307,7 +307,7 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
|
||||
"children_create": grand_parent.link_role == "editor",
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": grand_parent.link_role in ["commentator", "editor"],
|
||||
"comment": grand_parent.link_role in ["commenter", "editor"],
|
||||
"descendants": True,
|
||||
"cors_proxy": True,
|
||||
"content": True,
|
||||
@@ -498,11 +498,11 @@ def test_api_documents_retrieve_authenticated_related_parent():
|
||||
"abilities": {
|
||||
"accesses_manage": access.role in ["administrator", "owner"],
|
||||
"accesses_view": True,
|
||||
"ai_transform": access.role != "reader",
|
||||
"ai_translate": access.role != "reader",
|
||||
"attachment_upload": access.role != "reader",
|
||||
"can_edit": access.role not in ["reader", "commentator"],
|
||||
"children_create": access.role != "reader",
|
||||
"ai_transform": access.role not in ["reader", "commenter"],
|
||||
"ai_translate": access.role not in ["reader", "commenter"],
|
||||
"attachment_upload": access.role not in ["reader", "commenter"],
|
||||
"can_edit": access.role not in ["reader", "commenter"],
|
||||
"children_create": access.role not in ["reader", "commenter"],
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": access.role != "reader",
|
||||
@@ -521,11 +521,11 @@ def test_api_documents_retrieve_authenticated_related_parent():
|
||||
"media_auth": True,
|
||||
"media_check": True,
|
||||
"move": access.role in ["administrator", "owner"],
|
||||
"partial_update": access.role != "reader",
|
||||
"partial_update": access.role not in ["reader", "commenter"],
|
||||
"restore": access.role == "owner",
|
||||
"retrieve": True,
|
||||
"tree": True,
|
||||
"update": access.role != "reader",
|
||||
"update": access.role not in ["reader", "commenter"],
|
||||
"versions_destroy": access.role in ["administrator", "owner"],
|
||||
"versions_list": True,
|
||||
"versions_retrieve": True,
|
||||
|
||||
1226
src/backend/core/tests/documents/test_api_documents_threads.py
Normal file
1226
src/backend/core/tests/documents/test_api_documents_threads.py
Normal file
File diff suppressed because it is too large
Load Diff
@@ -89,8 +89,8 @@ def test_api_documents_trashbin_format():
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": False,
|
||||
|
||||
@@ -16,7 +16,7 @@ pytestmark = pytest.mark.django_db
|
||||
"role,can_comment",
|
||||
[
|
||||
(LinkRoleChoices.READER, False),
|
||||
(LinkRoleChoices.COMMENTATOR, True),
|
||||
(LinkRoleChoices.COMMENTER, True),
|
||||
(LinkRoleChoices.EDITOR, True),
|
||||
],
|
||||
)
|
||||
@@ -25,13 +25,14 @@ def test_comment_get_abilities_anonymous_user_public_document(role, can_comment)
|
||||
document = factories.DocumentFactory(
|
||||
link_role=role, link_reach=LinkReachChoices.PUBLIC
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
comment = factories.CommentFactory(thread__document=document)
|
||||
user = AnonymousUser()
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": False,
|
||||
"update": False,
|
||||
"partial_update": False,
|
||||
"reactions": False,
|
||||
"retrieve": can_comment,
|
||||
}
|
||||
|
||||
@@ -42,13 +43,14 @@ def test_comment_get_abilities_anonymous_user_public_document(role, can_comment)
|
||||
def test_comment_get_abilities_anonymous_user_restricted_document(link_reach):
|
||||
"""Anonymous users cannot comment on a restricted document."""
|
||||
document = factories.DocumentFactory(link_reach=link_reach)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
comment = factories.CommentFactory(thread__document=document)
|
||||
user = AnonymousUser()
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": False,
|
||||
"update": False,
|
||||
"partial_update": False,
|
||||
"reactions": False,
|
||||
"retrieve": False,
|
||||
}
|
||||
|
||||
@@ -57,13 +59,13 @@ def test_comment_get_abilities_anonymous_user_restricted_document(link_reach):
|
||||
"link_role,link_reach,can_comment",
|
||||
[
|
||||
(LinkRoleChoices.READER, LinkReachChoices.PUBLIC, False),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC, True),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.PUBLIC, True),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC, True),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED, False),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED, True),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.AUTHENTICATED, True),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED, True),
|
||||
],
|
||||
)
|
||||
@@ -73,12 +75,13 @@ def test_comment_get_abilities_user_reader(link_role, link_reach, can_comment):
|
||||
document = factories.DocumentFactory(
|
||||
link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.READER)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
comment = factories.CommentFactory(thread__document=document)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": False,
|
||||
"update": False,
|
||||
"partial_update": False,
|
||||
"reactions": can_comment,
|
||||
"retrieve": can_comment,
|
||||
}
|
||||
|
||||
@@ -87,13 +90,13 @@ def test_comment_get_abilities_user_reader(link_role, link_reach, can_comment):
|
||||
"link_role,link_reach,can_comment",
|
||||
[
|
||||
(LinkRoleChoices.READER, LinkReachChoices.PUBLIC, False),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC, True),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.PUBLIC, True),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC, True),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED, False),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED, False),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED, True),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.AUTHENTICATED, True),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED, True),
|
||||
],
|
||||
)
|
||||
@@ -106,13 +109,14 @@ def test_comment_get_abilities_user_reader_own_comment(
|
||||
link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.READER)]
|
||||
)
|
||||
comment = factories.CommentFactory(
|
||||
document=document, user=user if can_comment else None
|
||||
thread__document=document, user=user if can_comment else None
|
||||
)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": can_comment,
|
||||
"update": can_comment,
|
||||
"partial_update": can_comment,
|
||||
"reactions": can_comment,
|
||||
"retrieve": can_comment,
|
||||
}
|
||||
|
||||
@@ -121,30 +125,31 @@ def test_comment_get_abilities_user_reader_own_comment(
|
||||
"link_role,link_reach",
|
||||
[
|
||||
(LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
|
||||
],
|
||||
)
|
||||
def test_comment_get_abilities_user_commentator(link_role, link_reach):
|
||||
"""Commentators can comment on a document."""
|
||||
def test_comment_get_abilities_user_commenter(link_role, link_reach):
|
||||
"""Commenters can comment on a document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_role=link_role,
|
||||
link_reach=link_reach,
|
||||
users=[(user, RoleChoices.COMMENTATOR)],
|
||||
users=[(user, RoleChoices.COMMENTER)],
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
comment = factories.CommentFactory(thread__document=document)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": False,
|
||||
"update": False,
|
||||
"partial_update": False,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
}
|
||||
|
||||
@@ -153,30 +158,31 @@ def test_comment_get_abilities_user_commentator(link_role, link_reach):
|
||||
"link_role,link_reach",
|
||||
[
|
||||
(LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
|
||||
],
|
||||
)
|
||||
def test_comment_get_abilities_user_commentator_own_comment(link_role, link_reach):
|
||||
"""Commentators have all accesses to its own comment."""
|
||||
def test_comment_get_abilities_user_commenter_own_comment(link_role, link_reach):
|
||||
"""Commenters have all accesses to its own comment."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(
|
||||
link_role=link_role,
|
||||
link_reach=link_reach,
|
||||
users=[(user, RoleChoices.COMMENTATOR)],
|
||||
users=[(user, RoleChoices.COMMENTER)],
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, user=user)
|
||||
comment = factories.CommentFactory(thread__document=document, user=user)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
}
|
||||
|
||||
@@ -185,13 +191,13 @@ def test_comment_get_abilities_user_commentator_own_comment(link_role, link_reac
|
||||
"link_role,link_reach",
|
||||
[
|
||||
(LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
|
||||
],
|
||||
)
|
||||
@@ -201,12 +207,13 @@ def test_comment_get_abilities_user_editor(link_role, link_reach):
|
||||
document = factories.DocumentFactory(
|
||||
link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.EDITOR)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document)
|
||||
comment = factories.CommentFactory(thread__document=document)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": False,
|
||||
"update": False,
|
||||
"partial_update": False,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
}
|
||||
|
||||
@@ -215,13 +222,13 @@ def test_comment_get_abilities_user_editor(link_role, link_reach):
|
||||
"link_role,link_reach",
|
||||
[
|
||||
(LinkRoleChoices.READER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.PUBLIC),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.RESTRICTED),
|
||||
(LinkRoleChoices.READER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTATOR, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.COMMENTER, LinkReachChoices.AUTHENTICATED),
|
||||
(LinkRoleChoices.EDITOR, LinkReachChoices.AUTHENTICATED),
|
||||
],
|
||||
)
|
||||
@@ -231,12 +238,13 @@ def test_comment_get_abilities_user_editor_own_comment(link_role, link_reach):
|
||||
document = factories.DocumentFactory(
|
||||
link_role=link_role, link_reach=link_reach, users=[(user, RoleChoices.EDITOR)]
|
||||
)
|
||||
comment = factories.CommentFactory(document=document, user=user)
|
||||
comment = factories.CommentFactory(thread__document=document, user=user)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
}
|
||||
|
||||
@@ -246,13 +254,14 @@ def test_comment_get_abilities_user_admin():
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, RoleChoices.ADMIN)])
|
||||
comment = factories.CommentFactory(
|
||||
document=document, user=random.choice([user, None])
|
||||
thread__document=document, user=random.choice([user, None])
|
||||
)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
}
|
||||
|
||||
@@ -262,12 +271,13 @@ def test_comment_get_abilities_user_owner():
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, RoleChoices.OWNER)])
|
||||
comment = factories.CommentFactory(
|
||||
document=document, user=random.choice([user, None])
|
||||
thread__document=document, user=random.choice([user, None])
|
||||
)
|
||||
|
||||
assert comment.get_abilities(user) == {
|
||||
"destroy": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"reactions": True,
|
||||
"retrieve": True,
|
||||
}
|
||||
|
||||
@@ -123,7 +123,7 @@ def test_models_document_access_get_abilities_for_owner_of_self_allowed():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator", "owner"],
|
||||
}
|
||||
|
||||
|
||||
@@ -166,7 +166,7 @@ def test_models_document_access_get_abilities_for_owner_of_self_last_on_child(
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator", "owner"],
|
||||
}
|
||||
|
||||
|
||||
@@ -183,7 +183,7 @@ def test_models_document_access_get_abilities_for_owner_of_owner():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator", "owner"],
|
||||
}
|
||||
|
||||
|
||||
@@ -200,7 +200,7 @@ def test_models_document_access_get_abilities_for_owner_of_administrator():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator", "owner"],
|
||||
}
|
||||
|
||||
|
||||
@@ -217,7 +217,7 @@ def test_models_document_access_get_abilities_for_owner_of_editor():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator", "owner"],
|
||||
}
|
||||
|
||||
|
||||
@@ -234,7 +234,7 @@ def test_models_document_access_get_abilities_for_owner_of_reader():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator", "owner"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator", "owner"],
|
||||
}
|
||||
|
||||
|
||||
@@ -271,7 +271,7 @@ def test_models_document_access_get_abilities_for_administrator_of_administrator
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator"],
|
||||
}
|
||||
|
||||
|
||||
@@ -288,7 +288,7 @@ def test_models_document_access_get_abilities_for_administrator_of_editor():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator"],
|
||||
}
|
||||
|
||||
|
||||
@@ -305,7 +305,7 @@ def test_models_document_access_get_abilities_for_administrator_of_reader():
|
||||
"retrieve": True,
|
||||
"update": True,
|
||||
"partial_update": True,
|
||||
"set_role_to": ["reader", "commentator", "editor", "administrator"],
|
||||
"set_role_to": ["reader", "commenter", "editor", "administrator"],
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -134,13 +134,13 @@ def test_models_documents_soft_delete(depth):
|
||||
[
|
||||
(True, "restricted", "reader"),
|
||||
(True, "restricted", "editor"),
|
||||
(True, "restricted", "commentator"),
|
||||
(True, "restricted", "commenter"),
|
||||
(False, "restricted", "reader"),
|
||||
(False, "restricted", "editor"),
|
||||
(False, "restricted", "commentator"),
|
||||
(False, "restricted", "commenter"),
|
||||
(False, "authenticated", "reader"),
|
||||
(False, "authenticated", "editor"),
|
||||
(False, "authenticated", "commentator"),
|
||||
(False, "authenticated", "commenter"),
|
||||
],
|
||||
)
|
||||
def test_models_documents_get_abilities_forbidden(
|
||||
@@ -176,8 +176,8 @@ def test_models_documents_get_abilities_forbidden(
|
||||
"move": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"partial_update": False,
|
||||
@@ -237,8 +237,8 @@ def test_models_documents_get_abilities_reader(
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": is_authenticated,
|
||||
@@ -278,14 +278,14 @@ def test_models_documents_get_abilities_reader(
|
||||
(True, "authenticated"),
|
||||
],
|
||||
)
|
||||
def test_models_documents_get_abilities_commentator(
|
||||
def test_models_documents_get_abilities_commenter(
|
||||
is_authenticated, reach, django_assert_num_queries
|
||||
):
|
||||
"""
|
||||
Check abilities returned for a document giving commentator role to link holders
|
||||
Check abilities returned for a document giving commenter role to link holders
|
||||
i.e anonymous users or authenticated users who have no specific role on the document.
|
||||
"""
|
||||
document = factories.DocumentFactory(link_reach=reach, link_role="commentator")
|
||||
document = factories.DocumentFactory(link_reach=reach, link_role="commenter")
|
||||
user = factories.UserFactory() if is_authenticated else AnonymousUser()
|
||||
expected_abilities = {
|
||||
"accesses_manage": False,
|
||||
@@ -298,6 +298,7 @@ def test_models_documents_get_abilities_commentator(
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": True,
|
||||
"content": True,
|
||||
"descendants": True,
|
||||
"cors_proxy": True,
|
||||
"destroy": False,
|
||||
@@ -306,8 +307,8 @@ def test_models_documents_get_abilities_commentator(
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": is_authenticated,
|
||||
@@ -373,8 +374,8 @@ def test_models_documents_get_abilities_editor(
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": is_authenticated,
|
||||
@@ -429,8 +430,8 @@ def test_models_documents_get_abilities_owner(django_assert_num_queries):
|
||||
"invite_owner": True,
|
||||
"link_configuration": True,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -461,6 +462,7 @@ def test_models_documents_get_abilities_owner(django_assert_num_queries):
|
||||
"children_create": False,
|
||||
"children_list": False,
|
||||
"collaboration_auth": False,
|
||||
"comment": False,
|
||||
"descendants": False,
|
||||
"cors_proxy": False,
|
||||
"content": False,
|
||||
@@ -470,8 +472,8 @@ def test_models_documents_get_abilities_owner(django_assert_num_queries):
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "editor"],
|
||||
"public": ["reader", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": False,
|
||||
@@ -516,8 +518,8 @@ def test_models_documents_get_abilities_administrator(django_assert_num_queries)
|
||||
"invite_owner": False,
|
||||
"link_configuration": True,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -572,8 +574,8 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -626,7 +628,7 @@ def test_models_documents_get_abilities_reader_user(
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": document.link_reach != "restricted"
|
||||
and document.link_role in ["commentator", "editor"],
|
||||
and document.link_role in ["commenter", "editor"],
|
||||
"descendants": True,
|
||||
"cors_proxy": True,
|
||||
"content": True,
|
||||
@@ -636,8 +638,8 @@ def test_models_documents_get_abilities_reader_user(
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -668,12 +670,12 @@ def test_models_documents_get_abilities_reader_user(
|
||||
|
||||
|
||||
@pytest.mark.parametrize("ai_access_setting", ["public", "authenticated", "restricted"])
|
||||
def test_models_documents_get_abilities_commentator_user(
|
||||
def test_models_documents_get_abilities_commenter_user(
|
||||
ai_access_setting, django_assert_num_queries
|
||||
):
|
||||
"""Check abilities returned for the commentator of a document."""
|
||||
"""Check abilities returned for the commenter of a document."""
|
||||
user = factories.UserFactory()
|
||||
document = factories.DocumentFactory(users=[(user, "commentator")])
|
||||
document = factories.DocumentFactory(users=[(user, "commenter")])
|
||||
|
||||
access_from_link = (
|
||||
document.link_reach != "restricted" and document.link_role == "editor"
|
||||
@@ -692,6 +694,7 @@ def test_models_documents_get_abilities_commentator_user(
|
||||
"children_list": True,
|
||||
"collaboration_auth": True,
|
||||
"comment": True,
|
||||
"content": True,
|
||||
"descendants": True,
|
||||
"cors_proxy": True,
|
||||
"destroy": False,
|
||||
@@ -700,8 +703,8 @@ def test_models_documents_get_abilities_commentator_user(
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -761,8 +764,8 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
|
||||
"invite_owner": False,
|
||||
"link_configuration": False,
|
||||
"link_select_options": {
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
"mask": True,
|
||||
@@ -1465,14 +1468,14 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
|
||||
"public",
|
||||
"reader",
|
||||
{
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
},
|
||||
),
|
||||
(
|
||||
"public",
|
||||
"commentator",
|
||||
"commenter",
|
||||
{
|
||||
"public": ["commentator", "editor"],
|
||||
"public": ["commenter", "editor"],
|
||||
},
|
||||
),
|
||||
("public", "editor", {"public": ["editor"]}),
|
||||
@@ -1480,16 +1483,16 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
|
||||
"authenticated",
|
||||
"reader",
|
||||
{
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
},
|
||||
),
|
||||
(
|
||||
"authenticated",
|
||||
"commentator",
|
||||
"commenter",
|
||||
{
|
||||
"authenticated": ["commentator", "editor"],
|
||||
"public": ["commentator", "editor"],
|
||||
"authenticated": ["commenter", "editor"],
|
||||
"public": ["commenter", "editor"],
|
||||
},
|
||||
),
|
||||
(
|
||||
@@ -1502,17 +1505,17 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
|
||||
"reader",
|
||||
{
|
||||
"restricted": None,
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
},
|
||||
),
|
||||
(
|
||||
"restricted",
|
||||
"commentator",
|
||||
"commenter",
|
||||
{
|
||||
"restricted": None,
|
||||
"authenticated": ["commentator", "editor"],
|
||||
"public": ["commentator", "editor"],
|
||||
"authenticated": ["commenter", "editor"],
|
||||
"public": ["commenter", "editor"],
|
||||
},
|
||||
),
|
||||
(
|
||||
@@ -1529,15 +1532,15 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
|
||||
"public",
|
||||
None,
|
||||
{
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
},
|
||||
),
|
||||
(
|
||||
None,
|
||||
"reader",
|
||||
{
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
),
|
||||
@@ -1545,8 +1548,8 @@ def test_models_documents_restore_complex_bis(django_assert_num_queries):
|
||||
None,
|
||||
None,
|
||||
{
|
||||
"public": ["reader", "commentator", "editor"],
|
||||
"authenticated": ["reader", "commentator", "editor"],
|
||||
"public": ["reader", "commenter", "editor"],
|
||||
"authenticated": ["reader", "commenter", "editor"],
|
||||
"restricted": None,
|
||||
},
|
||||
),
|
||||
|
||||
Reference in New Issue
Block a user