Assert some permissions behaviour for the post view

flangr/posts/tests.py

@@ -5,13 +5,19 @@ from django.core.files import File
 
 from django.contrib.auth import get_user_model
 
+from django.test import Client
+
+from django.urls import reverse
+
+from django.conf import settings
+
 from .models import Post, Collection
 
 
 # Create your tests here.
 
 
-class TestModelTests(TestCase):
+class ModelTests(TestCase):
     def setUp(self):
         self.user = get_user_model().objects.create(email="someone@example.com")
         with open(
@@ -36,3 +42,50 @@ class TestModelTests(TestCase):
             title="A collection", description="foobar", user=self.user
         )
         self.assertIn("A collection", str(col))
+
+
+class PostViewsTests(TestCase):
+    def setUp(self):
+        self.user = get_user_model().objects.create(
+            email="someone@example.com",
+            username="someone",
+            password="secret",
+        )
+        with open(
+            os.path.join(os.path.dirname(__file__), "test_data", "test_img.png"),
+            mode="rb",
+        ) as f:
+            self.post = Post.objects.create(
+                img=File(f, "somefile.png"),
+                title="Foobar",
+                body="Some file",
+                user=self.user,
+            )
+
+    def tearDown(self):
+        self.post.img.delete()
+
+    def test_anon_cant_see_post(self):
+        c = Client()
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        response = c.get(url)
+        self.assertRedirects(response, settings.LOGIN_URL)
+
+    def test_logged_in_other_user_cant_see_post(self):
+        get_user_model().objects.create(
+            email="someone2@example.com",
+            username="foobar",
+            password="secret",
+        )
+        c = Client()
+        c.login(username="foobar", password="foobar")
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        response = c.get(url)
+        self.assertEqual(response.status_code, 404)
+
+    def test_loggin_in_user_can_see_own_posts(self):
+        c = Client()
+        c.login(username="someone", password="secret")
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        response = c.get(url)
+        self.assertEqual(response.status_code, 200)

flangr/posts/urls.py

@@ -2,6 +2,7 @@ from django.urls import path
 
 from . import views
 
+app_name = "posts"
 urlpatterns = [
-    path("post/<int:pk>", views.PostDetailView.as_view()),
+    path("post/<int:pk>", views.PostDetailView.as_view(), name="post_detail"),
 ]

flangr/posts/views.py

@@ -1,14 +1,16 @@
-from django.views.generic import DetailView, CreateView
+from django.views.generic import DetailView
 from django.views.generic.edit import ModelFormMixin
 from django.forms import modelform_factory
 from django.http import HttpResponseRedirect
 
+from django.contrib.auth.mixins import LoginRequiredMixin
+
 # Create your views here.
 
 from .models import Post, Comment
 
 
-class PostDetailView(DetailView, ModelFormMixin):
+class PostDetailView(LoginRequiredMixin, DetailView, ModelFormMixin):
     model = Post
     form_class = modelform_factory(Comment, fields=("comment",))
     success_url = "#"

flangr/urls.py

@@ -21,6 +21,7 @@ from django.conf.urls.static import static
 
 urlpatterns = [
     path("admin/", admin.site.urls),
+    path("accounts/", include("django.contrib.auth.urls")),
     path("posts/", include("flangr.posts.urls")),
 ]