Commits

Anonymous committed 0cf584d

add restrict to views

Comments (0)

Files changed (2)

newsmeme/views/feeds.py

                     feed_url=request.url,
                     url=request.url_root)
 
-    posts = Post.query.hottest().limit(15)
+    posts = Post.query.hottest().public().limit(15)
 
     for post in posts:
         feed.add_post(post)
                     feed_url=request.url,
                     url=request.url_root)
 
-    posts = Post.query.limit(15)
+    posts = Post.query.public().limit(15)
 
     for post in posts:
         feed.add_post(post)
                     feed_url=request.url,
                     url=request.url_root)
 
-    posts = Post.query.deadpooled().limit(15)
+    posts = Post.query.deadpooled().public().limit(15)
 
     for post in posts:
         feed.add_post(post)
                     feed_url=request.url,
                     url=request.url_root)
 
-    posts = tag.posts.limit(15)
+    posts = tag.posts.public().limit(15)
 
     for post in posts:
         feed.add_post(post)
                     feed_url=request.url,
                     url=request.url_root)
     
-    posts = Post.query.filter_by(author_id=user.id).limit(15)
+    posts = Post.query.filter_by(author_id=user.id).public().limit(15)
     
     for post in posts:
         feed.add_post(post)

tests/test_models.py

 
         db.session.commit()
 
+    def test_restricted(self):
+
+        db.session.delete(self.post)
+        db.session.delete(self.comment)
+
+        user = User(username="testing", email="test@example.com")
+
+        db.session.add(user)
+
+        user2 = User(username="tester2", email="test2@example.com")
+
+        db.session.add(user2)
+    
+        db.session.commit()
+        
+        admin = User(username="admin", 
+                     email="admin@example.com", 
+                     role=User.MODERATOR)
+
+        
+
+        post = Post(title="test",
+                    author=user,
+                    access=Post.PRIVATE)
+
+        db.session.add(post)
+        db.session.commit()
+
+
+        comment = Comment(author=user,
+                          post=post,
+                          comment="test")
+
+
+        db.session.add(comment)
+        db.session.commit()
+
+        assert Comment.query.restricted(user).count() == 1
+        assert Comment.query.restricted(admin).count() == 1
+        assert Comment.query.restricted(None).count() == 0
+        assert Comment.query.restricted(user2).count() == 0
+
+        post.access = Post.PUBLIC
+        db.session.commit()
+    
+        posts = Post.query.restricted(user)
+
+        assert Comment.query.restricted(user).count() == 1
+        assert Comment.query.restricted(admin).count() == 1
+        assert Comment.query.restricted(None).count() == 1
+        assert Comment.query.restricted(user2).count() == 1
+        
+        post.access = Post.FRIENDS
+
+        db.session.commit()
+        
+        assert Comment.query.restricted(user).count() == 1
+        assert Comment.query.restricted(admin).count() == 1
+        assert Comment.query.restricted(None).count() == 0
+        assert Comment.query.restricted(user2).count() == 0
+    
+        user2.follow(user)
+        user.follow(user2)
+
+        db.session.commit()
+
+        assert Comment.query.restricted(user2).count() == 1
+
+
     def test_can_edit(self):
 
         assert not self.comment.can_edit(None)