From 8355d7c13b1f151fb828d8c449caaf43ca9a1fc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Thu, 13 Aug 2015 11:22:10 +0300 Subject: [PATCH] Adding tests for POST /channels/ --- hc/api/models.py | 5 +- hc/front/tests/test_update_channel.py | 66 +++++++++++++++++++++++++++ hc/front/views.py | 15 +++--- 3 files changed, 75 insertions(+), 11 deletions(-) create mode 100644 hc/front/tests/test_update_channel.py diff --git a/hc/api/models.py b/hc/api/models.py index b374c367..acd43b24 100644 --- a/hc/api/models.py +++ b/hc/api/models.py @@ -65,9 +65,8 @@ class Check(models.Model): return "down" def assign_all_channels(self): - for channel in Channel.objects.filter(user=self.user): - channel.checks.add(self) - channel.save() + channels = Channel.objects.filter(user=self.user) + self.channel_set.add(*channels) class Ping(models.Model): diff --git a/hc/front/tests/test_update_channel.py b/hc/front/tests/test_update_channel.py new file mode 100644 index 00000000..af0596c5 --- /dev/null +++ b/hc/front/tests/test_update_channel.py @@ -0,0 +1,66 @@ +from django.contrib.auth.models import User +from django.test import TestCase + +from hc.api.models import Channel, Check + + +class UpdateChannelTestCase(TestCase): + + def setUp(self): + self.alice = User(username="alice") + self.alice.set_password("password") + self.alice.save() + + self.check = Check(user=self.alice) + self.check.save() + + self.channel = Channel(user=self.alice, kind="email") + self.channel.email = "alice@example.org" + self.channel.save() + + def test_it_works(self): + payload = { + "channel": self.channel.code, + "check-%s" % self.check.code: True + } + + self.client.login(username="alice", password="password") + r = self.client.post("/channels/", data=payload) + assert r.status_code == 302 + + channel = Channel.objects.get(code=self.channel.code) + checks = channel.checks.all() + assert len(checks) == 1 + assert checks[0].code == self.check.code + + def test_it_checks_channel_user(self): + mallory = User(username="mallory") + mallory.set_password("password") + mallory.save() + + payload = {"channel": self.channel.code} + + self.client.login(username="mallory", password="password") + r = self.client.post("/channels/", data=payload) + + # self.channel does not belong to mallory, this should fail-- + assert r.status_code == 403 + + def test_it_checks_check_user(self): + mallory = User(username="mallory") + mallory.set_password("password") + mallory.save() + + mc = Channel(user=mallory, kind="email") + mc.email = "mallory@example.org" + mc.save() + + payload = { + "channel": mc.code, + "check-%s" % self.check.code: True + } + self.client.login(username="mallory", password="password") + r = self.client.post("/channels/", data=payload) + + # mc belongs to mallorym but self.check does not-- + assert r.status_code == 403 \ No newline at end of file diff --git a/hc/front/views.py b/hc/front/views.py index be596748..4d5266b0 100644 --- a/hc/front/views.py +++ b/hc/front/views.py @@ -179,21 +179,21 @@ def channels(request): if request.method == "POST": code = request.POST["channel"] channel = Channel.objects.get(code=code) - assert channel.user == request.user + if channel.user != request.user: + return HttpResponseForbidden() - channel.checks = [] - print (request.POST) + new_checks = [] for key in request.POST: if key.startswith("check-"): code = key[6:] check = Check.objects.get(code=code) - assert check.user == request.user - channel.checks.add(check) + if check.user != request.user: + return HttpResponseForbidden() + new_checks.append(check) - channel.save() + channel.checks = new_checks return redirect("hc-channels") - channels = Channel.objects.filter(user=request.user).order_by("created") num_checks = Check.objects.filter(user=request.user).count() @@ -216,7 +216,6 @@ def add_channel(request): checks = Check.objects.filter(user=request.user) channel.checks.add(*checks) - channel.save() return redirect("hc-channels")