Add some tests to check that owners can view their private bundles while other authenticated users can't.
Signed-off-by: Andrew Donnellan <andrew.donnel...@au1.ibm.com> --- I'm not very familiar with writing Django tests, please flame away --- patchwork/tests/test_bundles.py | 58 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/patchwork/tests/test_bundles.py b/patchwork/tests/test_bundles.py index 0dc9165..e4082b2 100644 --- a/patchwork/tests/test_bundles.py +++ b/patchwork/tests/test_bundles.py @@ -19,6 +19,7 @@ from __future__ import absolute_import +import base64 import datetime import unittest @@ -283,6 +284,63 @@ class BundlePublicModifyTest(BundleTestBase): self.assertNotEqual(self.bundle.name, newname) +class BundlePrivateViewTest(BundleTestBase): + + """Ensure that non-owners can't view private bundles""" + + def setUp(self): + super(BundlePrivateViewTest, self).setUp() + self.bundle.public = False + self.bundle.save() + self.bundle.append_patch(self.patches[0]) + self.url = bundle_url(self.bundle) + self.other_user = create_user() + + def test_private_bundle(self): + # Check we can view as owner + self.client.login(username=self.user.username, + password=self.user.username) + response = self.client.get(self.url) + self.assertEqual(response.status_code, 200) + self.assertContains(response, self.patches[0].name) + + # Check we can't view as another user + self.client.login(username=self.other_user.username, + password=self.other_user.username) + response = self.client.get(self.url) + self.assertEqual(response.status_code, 404) + + +class BundlePrivateViewMboxTest(BundlePrivateViewTest): + + """Ensure that non-owners can't view private bundle mboxes""" + + def setUp(self): + super(BundlePrivateViewMboxTest, self).setUp() + self.url = reverse('bundle-mbox', kwargs={ + 'username': self.bundle.owner.username, + 'bundlename': self.bundle.name}) + + def test_private_bundle_mbox_basic_auth(self): + self.client.logout() + + # Check we can view as owner + auth_string = 'Basic ' + base64.b64encode('%s:%s' % + (self.user.username, + self.user.username)) + response = self.client.get(self.url, HTTP_AUTHORIZATION=auth_string) + + self.assertEqual(response.status_code, 200) + self.assertContains(response, self.patches[0].name) + + # Check we can't view as another user + auth_string = 'Basic ' + base64.b64encode('%s:%s' % + (self.other_user.username, + self.other_user.username)) + response = self.client.get(self.url, HTTP_AUTHORIZATION=auth_string) + self.assertEqual(response.status_code, 404) + + class BundleCreateFromListTest(BundleTestBase): def test_create_empty_bundle(self): -- Andrew Donnellan OzLabs, ADL Canberra andrew.donnel...@au1.ibm.com IBM Australia Limited _______________________________________________ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork