Commits

Anonymous committed 9b29af8

add restricted posts

Comments (0)

Files changed (2)

newsmeme/models.py

                              Post.id.desc())
 
 
+    def restricted(self, user=None):
+        """
+        Returns posts filtered for a) public posts b) posts authored by
+        the user or c) posts authored by friends
+        """
+
+        if user is None:
+            return self.filter(Post.access==Post.PUBLIC)
+
+        if user.is_moderator:
+            return self
+
+        return self.filter(db.or_(Post.access==Post.PUBLIC,
+                                  Post.author_id==user.id,
+                                  db.and_(Post.access==Post.FRIENDS, 
+                                          Post.author_id.in_(user.friends))))
+
+
     def search(self, keywords):
 
         criteria = []
 class Post(db.Model):
 
     __tablename__ = "posts"
+    
+    PUBLIC = 100
+    FRIENDS = 200
+    PRIVATE = 300
 
     query_class = PostQuery
 
     score = db.Column(db.Integer, default=1)
     num_comments = db.Column(db.Integer, default=0)
     votes = db.Column(DenormalizedText)
+    access = db.Column(db.Integer, default=PUBLIC)
 
     _tags = db.Column("tags", db.UnicodeText)
 
     def __init__(self, *args, **kwargs):
         super(Post, self).__init__(*args, **kwargs)
         self.votes = self.votes or set()
+        self.access = self.access or self.PUBLIC
 
     def __str__(self):
         return self.title
                     num_comments=self.num_comments,
                     author=self.author.username)
 
+    def can_access(self, user=None):
+        if self.access == self.PUBLIC:
+            return True
+
+        if user is None:
+            return False
+
+        if user.is_moderator or user.id == self.author_id:
+            return True
+
+        return self.access == self.FRIENDS and self.author_id in user.friends
+
     def can_vote(self, user):
         if user is None or user.id == self.author_id or user.id in self.votes:
             return False

tests/test_models.py

                 assert tag.num_posts == 1
                 assert tag.posts.count() == 1
 
+    def test_restricted(self):
+
+        db.session.delete(self.post)
+
+        user = User(username="testing", email="test@example.com")
+
+        db.session.add(user)
+
+        user2 = User(username="tester2", email="test2@example.com")
+
+        db.session.add(user2)
+    
+        db.session.commit()
+        
+        admin = User(username="admin", 
+                     email="admin@example.com", 
+                     role=User.MODERATOR)
+
+        
+        assert user.id
+
+        post = Post(title="test",
+                    author=user,
+                    access=Post.PRIVATE)
+
+        db.session.add(post)
+        db.session.commit()
+
+        posts = Post.query.restricted(user)
+
+        assert Post.query.restricted(user).count() == 1
+        assert Post.query.restricted(admin).count() == 1
+        assert Post.query.restricted(None).count() == 0
+        assert Post.query.restricted(user2).count() == 0
+
+        post.access = Post.PUBLIC
+        db.session.commit()
+    
+        posts = Post.query.restricted(user)
+
+        assert Post.query.restricted(user).count() == 1
+        assert Post.query.restricted(admin).count() == 1
+        assert Post.query.restricted(None).count() == 1
+        assert Post.query.restricted(user2).count() == 1
+        
+        post.access = Post.FRIENDS
+
+        db.session.commit()
+        
+        assert Post.query.restricted(user).count() == 1
+        assert Post.query.restricted(admin).count() == 1
+        assert Post.query.restricted(None).count() == 0
+        assert Post.query.restricted(user2).count() == 0
+    
+        user2.follow(user)
+        user.follow(user2)
+
+        db.session.commit()
+
+        assert Post.query.restricted(user2).count() == 1
+
+    def test_can_access(self):
+
+        user = User(username="testing", email="test@example.com")
+
+        db.session.add(user)
+
+        user2 = User(username="tester2", email="test2@example.com")
+
+        db.session.add(user2)
+    
+        db.session.commit()
+        
+        admin = User(username="admin", 
+                     email="admin@example.com", 
+                     role=User.MODERATOR)
+
+        
+        post = Post(title="test",
+                    author_id=user.id,
+                    access=Post.PRIVATE)
+
+
+        assert post.can_access(user)
+        assert post.can_access(admin)
+
+        assert not post.can_access(user2)
+        assert not post.can_access(None)
+
+        post.access = Post.PUBLIC
+
+        assert post.can_access(user)
+        assert post.can_access(admin)
+
+        assert post.can_access(user2)
+        assert post.can_access(None)
+
+        post.access = Post.FRIENDS
+
+        assert post.can_access(user)
+        assert post.can_access(admin)
+
+        assert not post.can_access(user2)
+        assert not post.can_access(None)
+
+        user.follow(user2)
+        user2.follow(user)
+
+        assert post.can_access(user2)
+
     def test_edit_tags(self):
 
         self.post.tags = "Music, comedy, IT crowd"