Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #2223 from bookwyrm-social/shelf-edit-perms
Shelf edit perms
  • Loading branch information
mouse-reeve committed Jul 14, 2022
2 parents 95a72ae + 317a239 commit 44b86ba
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 18 deletions.
47 changes: 30 additions & 17 deletions bookwyrm/tests/views/shelf/test_shelf_actions.py
Expand Up @@ -32,6 +32,14 @@ def setUp(self):
localname="mouse",
remote_id="https://example.com/users/mouse",
)
self.another_user = models.User.objects.create_user(
"rat@local.com",
"rat@rat.com",
"ratword",
local=True,
localname="rat",
remote_id="https://example.com/users/rat",
)
self.work = models.Work.objects.create(title="Test Work")
self.book = models.Edition.objects.create(
title="Example Edition",
Expand Down Expand Up @@ -66,7 +74,7 @@ def test_shelve(self, *_):

def test_shelve_to_read(self, *_):
"""special behavior for the to-read shelf"""
shelf = models.Shelf.objects.get(identifier="to-read")
shelf = models.Shelf.objects.get(user=self.local_user, identifier="to-read")
request = self.factory.post(
"", {"book": self.book.id, "shelf": shelf.identifier}
)
Expand All @@ -79,7 +87,7 @@ def test_shelve_to_read(self, *_):

def test_shelve_reading(self, *_):
"""special behavior for the reading shelf"""
shelf = models.Shelf.objects.get(identifier="reading")
shelf = models.Shelf.objects.get(user=self.local_user, identifier="reading")
request = self.factory.post(
"", {"book": self.book.id, "shelf": shelf.identifier}
)
Expand All @@ -92,7 +100,7 @@ def test_shelve_reading(self, *_):

def test_shelve_read(self, *_):
"""special behavior for the read shelf"""
shelf = models.Shelf.objects.get(identifier="read")
shelf = models.Shelf.objects.get(user=self.local_user, identifier="read")
request = self.factory.post(
"", {"book": self.book.id, "shelf": shelf.identifier}
)
Expand All @@ -105,11 +113,13 @@ def test_shelve_read(self, *_):

def test_shelve_read_with_change_shelf(self, *_):
"""special behavior for the read shelf"""
previous_shelf = models.Shelf.objects.get(identifier="reading")
previous_shelf = models.Shelf.objects.get(
user=self.local_user, identifier="reading"
)
models.ShelfBook.objects.create(
shelf=previous_shelf, user=self.local_user, book=self.book
)
shelf = models.Shelf.objects.get(identifier="read")
shelf = models.Shelf.objects.get(user=self.local_user, identifier="read")

request = self.factory.post(
"",
Expand Down Expand Up @@ -160,11 +170,24 @@ def test_create_shelf(self, *_):

views.create_shelf(request)

shelf = models.Shelf.objects.get(name="new shelf name")
shelf = models.Shelf.objects.get(user=self.local_user, name="new shelf name")
self.assertEqual(shelf.privacy, "unlisted")
self.assertEqual(shelf.description, "desc")
self.assertEqual(shelf.user, self.local_user)

def test_create_shelf_wrong_user(self, *_):
"""a brand new custom shelf"""
form = forms.ShelfForm()
form.data["user"] = self.another_user.id
form.data["name"] = "new shelf name"
form.data["description"] = "desc"
form.data["privacy"] = "unlisted"
request = self.factory.post("", form.data)
request.user = self.local_user

with self.assertRaises(PermissionDenied):
views.create_shelf(request)

def test_delete_shelf(self, *_):
"""delete a brand new custom shelf"""
request = self.factory.post("")
Expand All @@ -177,18 +200,8 @@ def test_delete_shelf(self, *_):

def test_delete_shelf_unauthorized(self, *_):
"""delete a brand new custom shelf"""
with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
"bookwyrm.activitystreams.populate_stream_task.delay"
), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
rat = models.User.objects.create_user(
"rat@local.com",
"rat@mouse.mouse",
"password",
local=True,
localname="rat",
)
request = self.factory.post("")
request.user = rat
request.user = self.another_user

with self.assertRaises(PermissionDenied):
views.delete_shelf(request, self.shelf.id)
Expand Down
4 changes: 3 additions & 1 deletion bookwyrm/views/shelf/shelf_actions.py
Expand Up @@ -15,7 +15,9 @@ def create_shelf(request):
if not form.is_valid():
return redirect("user-shelves", request.user.localname)

shelf = form.save()
shelf = form.save(commit=False)
shelf.raise_not_editable(request.user)
shelf.save()
return redirect(shelf.local_path)


Expand Down

0 comments on commit 44b86ba

Please sign in to comment.