From 30526d9f3056574d828c201e4f8a86d26b96f706 Mon Sep 17 00:00:00 2001
From: Maximilian Friedersdorff <max@friedersdorff.com>
Date: Wed, 6 Jul 2022 21:30:30 +0100
Subject: [PATCH 1/2] Assert some permissions behaviour for the post view

---
 flangr/posts/tests.py | 55 ++++++++++++++++++++++++++++++++++++++++++-
 flangr/posts/urls.py  |  3 ++-
 flangr/posts/views.py |  6 +++--
 flangr/urls.py        |  1 +
 4 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/flangr/posts/tests.py b/flangr/posts/tests.py
index 9f307a2..64d4cbb 100644
--- a/flangr/posts/tests.py
+++ b/flangr/posts/tests.py
@@ -5,13 +5,19 @@ from django.core.files import File
 
 from django.contrib.auth import get_user_model
 
+from django.test import Client
+
+from django.urls import reverse
+
+from django.conf import settings
+
 from .models import Post, Collection
 
 
 # Create your tests here.
 
 
-class TestModelTests(TestCase):
+class ModelTests(TestCase):
     def setUp(self):
         self.user = get_user_model().objects.create(email="someone@example.com")
         with open(
@@ -36,3 +42,50 @@ class TestModelTests(TestCase):
             title="A collection", description="foobar", user=self.user
         )
         self.assertIn("A collection", str(col))
+
+
+class PostViewsTests(TestCase):
+    def setUp(self):
+        self.user = get_user_model().objects.create(
+            email="someone@example.com",
+            username="someone",
+            password="secret",
+        )
+        with open(
+            os.path.join(os.path.dirname(__file__), "test_data", "test_img.png"),
+            mode="rb",
+        ) as f:
+            self.post = Post.objects.create(
+                img=File(f, "somefile.png"),
+                title="Foobar",
+                body="Some file",
+                user=self.user,
+            )
+
+    def tearDown(self):
+        self.post.img.delete()
+
+    def test_anon_cant_see_post(self):
+        c = Client()
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        response = c.get(url)
+        self.assertRedirects(response, settings.LOGIN_URL)
+
+    def test_logged_in_other_user_cant_see_post(self):
+        get_user_model().objects.create(
+            email="someone2@example.com",
+            username="foobar",
+            password="secret",
+        )
+        c = Client()
+        c.login(username="foobar", password="foobar")
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        response = c.get(url)
+        self.assertEqual(response.status_code, 404)
+
+    def test_loggin_in_user_can_see_own_posts(self):
+        c = Client()
+        c.login(username="someone", password="secret")
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        response = c.get(url)
+        self.assertEqual(response.status_code, 200)
diff --git a/flangr/posts/urls.py b/flangr/posts/urls.py
index 604330b..2223c6b 100644
--- a/flangr/posts/urls.py
+++ b/flangr/posts/urls.py
@@ -2,6 +2,7 @@ from django.urls import path
 
 from . import views
 
+app_name = "posts"
 urlpatterns = [
-    path("post/<int:pk>", views.PostDetailView.as_view()),
+    path("post/<int:pk>", views.PostDetailView.as_view(), name="post_detail"),
 ]
diff --git a/flangr/posts/views.py b/flangr/posts/views.py
index 1f9c109..f9fb795 100644
--- a/flangr/posts/views.py
+++ b/flangr/posts/views.py
@@ -1,14 +1,16 @@
-from django.views.generic import DetailView, CreateView
+from django.views.generic import DetailView
 from django.views.generic.edit import ModelFormMixin
 from django.forms import modelform_factory
 from django.http import HttpResponseRedirect
 
+from django.contrib.auth.mixins import LoginRequiredMixin
+
 # Create your views here.
 
 from .models import Post, Comment
 
 
-class PostDetailView(DetailView, ModelFormMixin):
+class PostDetailView(LoginRequiredMixin, DetailView, ModelFormMixin):
     model = Post
     form_class = modelform_factory(Comment, fields=("comment",))
     success_url = "#"
diff --git a/flangr/urls.py b/flangr/urls.py
index 13f018a..805d746 100644
--- a/flangr/urls.py
+++ b/flangr/urls.py
@@ -21,6 +21,7 @@ from django.conf.urls.static import static
 
 urlpatterns = [
     path("admin/", admin.site.urls),
+    path("accounts/", include("django.contrib.auth.urls")),
     path("posts/", include("flangr.posts.urls")),
 ]
 

From 56bea8020b9dda70b39932c71e6b43fb45217e5a Mon Sep 17 00:00:00 2001
From: Maximilian Friedersdorff <max@friedersdorff.com>
Date: Wed, 6 Jul 2022 21:56:12 +0100
Subject: [PATCH 2/2] Fully test the post view

---
 flangr/posts/tests.py                    | 27 +++++++++++++++++++-----
 flangr/posts/views.py                    |  5 ++++-
 flangr/templates/registration/login.html |  0
 3 files changed, 26 insertions(+), 6 deletions(-)
 create mode 100644 flangr/templates/registration/login.html

diff --git a/flangr/posts/tests.py b/flangr/posts/tests.py
index 64d4cbb..57b981f 100644
--- a/flangr/posts/tests.py
+++ b/flangr/posts/tests.py
@@ -46,7 +46,7 @@ class ModelTests(TestCase):
 
 class PostViewsTests(TestCase):
     def setUp(self):
-        self.user = get_user_model().objects.create(
+        self.user = get_user_model().objects.create_user(
             email="someone@example.com",
             username="someone",
             password="secret",
@@ -68,17 +68,20 @@ class PostViewsTests(TestCase):
     def test_anon_cant_see_post(self):
         c = Client()
         url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
-        response = c.get(url)
-        self.assertRedirects(response, settings.LOGIN_URL)
+        with self.settings(LOGIN_URL="/loginurl/"):
+            response = c.get(url)
+            self.assertRedirects(
+                response, f"/loginurl/?next={url}", fetch_redirect_response=False
+            )
 
     def test_logged_in_other_user_cant_see_post(self):
-        get_user_model().objects.create(
+        get_user_model().objects.create_user(
             email="someone2@example.com",
             username="foobar",
             password="secret",
         )
         c = Client()
-        c.login(username="foobar", password="foobar")
+        c.login(username="foobar", password="secret")
         url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
         response = c.get(url)
         self.assertEqual(response.status_code, 404)
@@ -89,3 +92,17 @@ class PostViewsTests(TestCase):
         url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
         response = c.get(url)
         self.assertEqual(response.status_code, 200)
+
+    def test_can_post_a_comment(self):
+        c = Client()
+        c.login(username="someone", password="secret")
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        c.post(url, {"comment": "some comment"})
+        self.assertTrue(self.post.comments.filter(comment="some comment").exists())
+
+    def test_posting_a_comment_requires_a_comment(self):
+        c = Client()
+        c.login(username="someone", password="secret")
+        url = reverse("posts:post_detail", kwargs={"pk": self.post.pk})
+        c.post(url, {"comment": ""})
+        self.assertFalse(self.post.comments.all().exists())
diff --git a/flangr/posts/views.py b/flangr/posts/views.py
index f9fb795..4e867aa 100644
--- a/flangr/posts/views.py
+++ b/flangr/posts/views.py
@@ -22,10 +22,13 @@ class PostDetailView(LoginRequiredMixin, DetailView, ModelFormMixin):
         comment.save()
         return HttpResponseRedirect(self.get_success_url())
 
+    def get_queryset(self):
+        return Post.objects.filter(user=self.request.user)
+
     def post(self, request, *args, **kwargs):
         self.object = self.get_object()
         form = self.form_class(request.POST)
-        if form.is_valid:
+        if form.is_valid():
             return self.form_valid(form)
         else:
             return self.form_invalid(form)
diff --git a/flangr/templates/registration/login.html b/flangr/templates/registration/login.html
new file mode 100644
index 0000000..e69de29