MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
funkwhale/api/tests/common/test_permissions.py

119 lines
4.1 KiB
Python
Raw Blame History

import pytest
from django.http import Http404
from rest_framework.views import APIView
from funkwhale_api.common import permissions
def test_owner_permission_owner_field_ok(nodb_factories, api_request):
playlist = nodb_factories["playlists.Playlist"]()
nodb_factories["users.User"](actor=playlist.actor)
view = APIView.as_view()
permission = permissions.OwnerPermission()
request = api_request.get("/")
setattr(request, "user", playlist.actor.user)
setattr(view, "owner_field", "actor.user")
check = permission.has_object_permission(request, view, playlist)
assert check is True
def test_owner_permission_owner_field_not_ok(
anonymous_user, nodb_factories, api_request
):
playlist = nodb_factories["playlists.Playlist"]()
view = APIView.as_view()
permission = permissions.OwnerPermission()
request = api_request.get("/")
setattr(request, "user", anonymous_user)
setattr(view, "owner_field", "actor.user")
with pytest.raises(Http404):
permission.has_object_permission(request, view, playlist)
def test_owner_permission_read_only(anonymous_user, nodb_factories, api_request):
playlist = nodb_factories["playlists.Playlist"]()
view = APIView.as_view()
setattr(view, "owner_checks", ["write"])
permission = permissions.OwnerPermission()
request = api_request.get("/")
setattr(request, "user", anonymous_user)
check = permission.has_object_permission(request, view, playlist)
assert check is True
@pytest.mark.parametrize(
"privacy_level,expected",
[("me", False), ("followers", False), ("instance", False), ("everyone", True)],
)
def test_privacylevel_permission_anonymous(
factories, api_request, anonymous_user, privacy_level, expected
):
user = factories["users.User"](privacy_level=privacy_level)
user.create_actor()
view = APIView.as_view()
permission = permissions.PrivacyLevelPermission()
request = api_request.get("/")
setattr(request, "user", anonymous_user)
check = permission.has_object_permission(request, view, user.actor)
assert check is expected
@pytest.mark.parametrize(
"privacy_level,expected",
[("me", False), ("followers", False), ("instance", True), ("everyone", True)],
)
def test_privacylevel_permission_instance(
factories, api_request, anonymous_user, privacy_level, expected, mocker
):
user = factories["users.User"](privacy_level=privacy_level)
user.create_actor()
request_user = factories["users.User"](with_actor=True)
view = APIView.as_view()
permission = permissions.PrivacyLevelPermission()
request = api_request.get("/")
setattr(request, "user", request_user)
check = permission.has_object_permission(request, view, user.actor)
assert check is expected
@pytest.mark.parametrize(
"privacy_level,expected",
[("me", True), ("followers", False), ("instance", True), ("everyone", True)],
)
def test_privacylevel_permission_me(
factories, api_request, anonymous_user, privacy_level, expected, mocker
):
user = factories["users.User"](privacy_level=privacy_level)
user.create_actor()
view = APIView.as_view()
permission = permissions.PrivacyLevelPermission()
request = api_request.get("/")
setattr(request, "user", user)
check = permission.has_object_permission(request, view, user.actor)
assert check is expected
@pytest.mark.parametrize(
"privacy_level,expected",
[("me", False), ("followers", True), ("instance", False), ("everyone", True)],
)
def test_privacylevel_permission_followers(
factories, api_request, anonymous_user, privacy_level, expected, mocker
):
user = factories["users.User"](privacy_level=privacy_level)
user.create_actor()
user_follow = factories["federation.Follow"](target=user.actor, approved=True)
view = APIView.as_view()
permission = permissions.PrivacyLevelPermission()
request = api_request.get("/")
setattr(request, "user", anonymous_user)
setattr(request, "actor", user_follow.actor)
check = permission.has_object_permission(request, view, user.actor)
assert check is expected
Reference in New Issue View Git Blame Copy Permalink