tests: Add tests for viewing private bundles

author Andrew Donnellan <andrew.donnellan@au1.ibm.com>

Thu, 25 May 2017 07:38:05 +0000 (17:38 +1000)

committer Stephen Finucane <stephen@that.guru>

Fri, 26 May 2017 09:20:42 +0000 (10:20 +0100)
author Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Thu, 25 May 2017 07:38:05 +0000 (17:38 +1000)
committer Stephen Finucane <stephen@that.guru>
Fri, 26 May 2017 09:20:42 +0000 (10:20 +0100)
diff --git a/patchwork/tests/test_bundles.py b/patchwork/tests/test_bundles.py

index 0dc9165b1a0ce2647b9168f874d56bd2f35f1e82..cdc7ee0816ddfe49d3a8b30a8838918c31a6b638 100644 (file)
--- a/patchwork/tests/test_bundles.py
+++ b/patchwork/tests/test_bundles.py
@@ -19,6 +19,7 @@
  
  from __future__ import absolute_import
  
+import base64
  import datetime
  import unittest
  
@@ -283,6 +284,65 @@ class BundlePublicModifyTest(BundleTestBase):
          self.assertNotEqual(self.bundle.name, newname)
  
  
+class BundlePrivateViewTest(BundleTestBase):
+
+    """Ensure that non-owners can't view private bundles"""
+
+    def setUp(self):
+        super(BundlePrivateViewTest, self).setUp()
+        self.bundle.public = False
+        self.bundle.save()
+        self.bundle.append_patch(self.patches[0])
+        self.url = bundle_url(self.bundle)
+        self.other_user = create_user()
+
+    def test_private_bundle(self):
+        # Check we can view as owner
+        self.client.login(username=self.user.username,
+                          password=self.user.username)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.patches[0].name)
+
+        # Check we can't view as another user
+        self.client.login(username=self.other_user.username,
+                          password=self.other_user.username)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 404)
+
+
+class BundlePrivateViewMboxTest(BundlePrivateViewTest):
+
+    """Ensure that non-owners can't view private bundle mboxes"""
+
+    def setUp(self):
+        super(BundlePrivateViewMboxTest, self).setUp()
+        self.url = reverse('bundle-mbox', kwargs={
+            'username': self.bundle.owner.username,
+            'bundlename': self.bundle.name})
+
+    def test_private_bundle_mbox_basic_auth(self):
+        self.client.logout()
+
+        def _get_auth_string(user):
+            return 'Basic ' + base64.b64encode(b':'.join((
+                user.username.encode(),
+                user.username.encode()))
+            ).strip().decode()
+
+        # Check we can view as owner
+        auth_string = _get_auth_string(self.user)
+        response = self.client.get(self.url, HTTP_AUTHORIZATION=auth_string)
+
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, self.patches[0].name)
+
+        # Check we can't view as another user
+        auth_string = _get_auth_string(self.other_user)
+        response = self.client.get(self.url, HTTP_AUTHORIZATION=auth_string)
+        self.assertEqual(response.status_code, 404)
+
+
  class BundleCreateFromListTest(BundleTestBase):
  
      def test_create_empty_bundle(self):
author	Andrew Donnellan <andrew.donnellan@au1.ibm.com>
	Thu, 25 May 2017 07:38:05 +0000 (17:38 +1000)
committer	Stephen Finucane <stephen@that.guru>
	Fri, 26 May 2017 09:20:42 +0000 (10:20 +0100)