From 027401c29b491f7b0d6513e0ccf4519f85431846 Mon Sep 17 00:00:00 2001 From: Marnanel Thurman Date: Tue, 14 Apr 2020 14:27:18 +0100 Subject: [PATCH] Status deletion tests; deletion check for ownership --- kepi/trilby_api/tests/test_status.py | 78 +++++++++++++++++++++++++++- kepi/trilby_api/views.py | 33 ++++++++++-- 2 files changed, 106 insertions(+), 5 deletions(-) diff --git a/kepi/trilby_api/tests/test_status.py b/kepi/trilby_api/tests/test_status.py index 365de3c..ebb2b94 100644 --- a/kepi/trilby_api/tests/test_status.py +++ b/kepi/trilby_api/tests/test_status.py @@ -30,7 +30,83 @@ class TestStatus(TestCase): expect_result) def test_delete_status(self): - self.fail("Test not yet implemented") + + self._alice = create_local_person(name='alice') + + self._alice_status = create_local_status( + posted_by = self._alice, + content = 'Daisies are our silver.', + ) + + found = Status.objects.filter( + account = self._alice, + ) + + self.assertEqual( + len(found), + 1, + "There is a status.") + + c = APIClient() + c.force_authenticate(self._alice.local_user) + + result = c.delete( + '/api/v1/statuses/{}'.format( + self._alice_status.id, + ), + ) + + self.assertEqual(result.status_code, + 200) + + # TODO: result body is meaningful and we should check it + + found = Status.objects.filter( + account = self._alice, + ) + + self.assertEqual( + len(found), + 0, + "There is no longer a status.") + + def test_delete_status_not_yours(self): + + self._alice = create_local_person(name='alice') + self._eve = create_local_person(name='eve') + + self._alice_status = create_local_status( + posted_by = self._alice, + content = 'Daisies are our silver.', + ) + + c = APIClient() + c.force_authenticate(self._eve.local_user) + + result = c.delete( + '/api/v1/statuses/{}'.format( + self._alice_status.id, + ), + ) + + self.assertEqual(result.status_code, + 404) + + def test_delete_status_404(self): + + self._alice = create_local_person(name='alice') + + c = APIClient() + c.force_authenticate(self._alice.local_user) + + result = c.delete( + '/api/v1/statuses/{}'.format( + 1234, + ), + ) + + self.assertEqual(result.status_code, + 404) def test_get_context(self): self.fail("Test not yet implemented") diff --git a/kepi/trilby_api/views.py b/kepi/trilby_api/views.py index aa143fa..9338574 100644 --- a/kepi/trilby_api/views.py +++ b/kepi/trilby_api/views.py @@ -285,11 +285,9 @@ class Statuses(generics.ListCreateAPIView, ) except Status.DoesNotExist: - return JsonResponse( - { - 'error': 'Record not found', - }, + return error_response( status = 404, + reason = 'Record not found', ) else: @@ -353,6 +351,33 @@ class Statuses(generics.ListCreateAPIView, reason = 'Hot off the press', ) + def delete(self, request, *args, **kwargs): + + if 'id' not in kwargs: + return error_response(404, 'Can\'t delete all statuses at once') + + the_status = get_object_or_404( + self.get_queryset(), + id = int(kwargs['id']), + ) + + if the_status.account != request.user.person: + return error_response(404, # sic + 'That isn\'t yours to delete') + + serializer = StatusSerializer( + the_status, + context = { + 'request': request, + }, + ) + + response = JsonResponse(serializer.data) + + the_status.delete() + + return response + class StatusContext(generics.ListCreateAPIView): queryset = trilby_models.Status.objects.all()