Add validator, test

zds/forum/api/serializer.py

@@ -5,6 +5,7 @@
 from dry_rest_permissions.generics import DRYPermissionsField
 from dry_rest_permissions.generics import DRYPermissions
 from django.shortcuts import get_object_or_404
+from zds.utils.validators import TitleValidator, TextValidator
 
 
 class ForumSerializer(ModelSerializer):
@@ -21,7 +22,7 @@ class Meta:
 
 
 # Idem renommer TODO
-class TopicActionSerializer(ModelSerializer):
+class TopicActionSerializer(ModelSerializer, TitleValidator, TextValidator):
     """
     Serializer to create a new topic.
     """
@@ -32,7 +33,7 @@ class Meta:
         model = Topic
         fields = ('id', 'title', 'subtitle', 'text', 'forum',
                   'author', 'last_message', 'pubdate',
-                  'permissions', 'slug')
+                  'permissions', 'slug', 'position')
         read_only_fields = ('id', 'author', 'last_message', 'pubdate', 'permissions')
 # TODO je pense qu'avec cette config on peut deplacer un sujet en tant qu'user
 # TODO le text deconne    
@@ -58,7 +59,7 @@ def create(self, validated_data):
                        False)
 """ 
 
-class TopicUpdateSerializer(ModelSerializer):
+class TopicUpdateSerializer(ModelSerializer, TitleValidator, TextValidator):
     """
     Serializer to update a topic.
     """
@@ -70,8 +71,8 @@ class TopicUpdateSerializer(ModelSerializer):
 
     class Meta:
         model = Topic
-        fields = ('id', 'title', 'subtitle', 'permissions',)
-        read_only_fields = ('id', 'permissions',)
+        fields = ('id', 'title', 'subtitle', 'permissions', 'forum')
+        read_only_fields = ('id', 'permissions', 'forum')
 
     def update(self, instance, validated_data):
         for attr, value in validated_data.items():
@@ -87,7 +88,7 @@ class Meta:
         permissions_classes = DRYPermissions
 
 # TODO renommer
-class PostActionSerializer(ModelSerializer):
+class PostActionSerializer(ModelSerializer, TextValidator):
     """
     Serializer to send a post in a topic
     """
@@ -110,7 +111,7 @@ def create(self, validated_data):
     #def throw_error(self, key=None, message=None):
         #raise serializers.ValidationError(message)
 
-class PostUpdateSerializer(ModelSerializer):
+class PostUpdateSerializer(ModelSerializer, TextValidator):
     """
     Serializer to update a post.
     """

zds/forum/api/tests.py

@@ -278,7 +278,7 @@ def test_list_of_forums(self):
 
     def test_list_of_forums_private(self):
         """
-        Gets list of forums not empty in the database.
+        Gets list of private forums not empty in the database (only for staff).
         """
         category, forum = create_category(self.group_staff)
 
@@ -833,7 +833,6 @@ def test_new_post_unknown_topic(self):
 # Edite un sujet sans changement
 # Édite un sujet qvec user en ls
 # Édite un sujet avec user banni
-# Édite un sujet en vidant le titre
 # Édite un sujet en le passant en resolu
 # Editer dans un forum privé ? Verifier les auths
 # TODO
@@ -846,9 +845,22 @@ def test_update_topic_details_title(self):
             'title': 'Mon nouveau titre'
         }
         topic = self.create_multiple_forums_with_topics(1, 1, self.profile)
-        response = self.client.put(reverse('api:forum:detail-topic', args=[topic.id]), data)
+        response = self.client_authenticated.put(reverse('api:forum:detail-topic', args=[topic.id]), data)
+        print('test_update_topic_details_title')
+        print(response)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data.get('title'), data.get('title'))
+
+    def test_update_topic_details_title_empty(self):
+        """
+        Updates title of a topic, tries to put an empty sting
+        """
+        data = {
+            'title': ''
+        }
+        topic = self.create_multiple_forums_with_topics(1, 1, self.profile)
+        response = self.client_authenticated.put(reverse('api:forum:detail-topic', args=[topic.id]), data)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
     def test_update_topic_details_subtitle(self):
         """
@@ -915,7 +927,8 @@ def test_update_topic_forum_user(self):
         data = {
             'forum': 5
         }
-        self.create_multiple_forums_with_topics(5, 1, self.profile)
+        profile = ProfileFactory()
+        self.create_multiple_forums_with_topics(5, 1, profile)
         topic = Topic.objects.filter(forum=1).first()
         response = self.client_authenticated.put(reverse('api:forum:detail-topic', args=[topic.id]), data)
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@@ -944,11 +957,12 @@ def test_list_of_posts(self):
         """
         Gets list of posts in a topic.
         """
-        topic, posts = self.create_topic_with_post()
+        # A post is already included with the topic
+        topic, posts = self.create_topic_with_post(REST_PAGE_SIZE - 1)
 
         response = self.client.get(reverse('api:forum:list-post', args=[topic.id]))
         self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data.get('count'), REST_PAGE_SIZE + 1)
+        self.assertEqual(response.data.get('count'), REST_PAGE_SIZE)
         self.assertEqual(len(response.data.get('results')), REST_PAGE_SIZE)
         self.assertIsNone(response.data.get('next'))
         self.assertIsNone(response.data.get('previous'))
@@ -1034,7 +1048,7 @@ def test_list_of_posts_with_a_custom_page_size(self):
         Gets list of forums with a custom page size. DRF allows to specify a custom
         size for the pagination.
         """
-        topic, posts = self.create_topic_with_post(REST_PAGE_SIZE * 2)
+        topic, posts = self.create_topic_with_post((REST_PAGE_SIZE * 2) - 1)
         print (topic)
 
         page_size = 'page_size'
@@ -1067,9 +1081,8 @@ def test_list_of_posts_in_unknown_topic(self):
         """
         Tries to list the posts of an non existing Topic.
         """
-        topic, posts = self.create_topic_with_post()
 
-        response = self.client.get(reverse('api:forum:list-post', args=[topic.id]))
+        response = self.client.get(reverse('api:forum:list-post', args=[666]))
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
     def test_list_of_user_topics_empty(self):
@@ -1254,7 +1267,7 @@ def test_failure_post_in_a_forum_we_cannot_read(self):
         data = {
             'text': 'Welcome to this post!'
         }
-        response = self.client.post(reverse('api:forum:list-post', args=[topic.pk,]), data)
+        response = self.client_authenticated.post(reverse('api:forum:list-post', args=[topic.pk,]), data)
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_post_in_a_private_forum(self):
@@ -1292,7 +1305,9 @@ def test_detail_post(self):
         self.assertIsNotNone(response.data.get('text_html'))
         self.assertIsNotNone(response.data.get('pubdate'))
         self.assertIsNone(response.data.get('update'))
-        self.assertEqual(post.position_in_topic, response.data.get('position_in_topic'))
+        print('test_detail_post')
+        print(response.data)
+        self.assertEqual(post.position, response.data.get('position_in_topic'))
         self.assertEqual(topic.author, response.data.get('author'))
 
     def test_detail_of_a_private_post_not_present(self):
@@ -1371,7 +1386,8 @@ def test_list_of_member_posts_with_several_pages(self):
         """
         Gets list of a member topics with several pages in the database.
         """
-        self.create_multiple_forums_with_topics(REST_PAGE_SIZE + 1, 1, self.profile)
+        # When we create a Topic a post is also added.
+        self.create_multiple_forums_with_topics(REST_PAGE_SIZE, 1, self.profile)
 
         response = self.client_authenticated.get(reverse('api:forum:list-memberpost', args=[self.profile.id]))
         self.assertEqual(response.status_code, status.HTTP_200_OK)
@@ -1380,7 +1396,7 @@ def test_list_of_member_posts_with_several_pages(self):
         self.assertIsNone(response.data.get('previous'))
         self.assertEqual(len(response.data.get('results')), REST_PAGE_SIZE)
 
-        response = self.client_authenticated.get(reverse('api:forum:list-memberpost', args=[self.profile.id]))
+        response = self.client_authenticated.get(reverse('api:forum:list-memberpost', args=[self.profile.id]) + '?page=2')
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data.get('count'), REST_PAGE_SIZE + 1)
         self.assertIsNone(response.data.get('next'))
@@ -1409,13 +1425,13 @@ def test_list_of_member_post_for_a_wrong_page_given(self):
 
     def test_list_of_member_posts_with_a_custom_page_size(self):
         """
-        Gets list of user's topics with a custom page size. DRF allows to specify a custom
+        Gets list of user's posts with a custom page size. DRF allows to specify a custom
         size for the pagination.
         """
-        self.create_topic_with_post(REST_PAGE_SIZE * 2, 1, self.profile)
+        self.create_topic_with_post(REST_PAGE_SIZE * 2, self.profile)
 
         page_size = 'page_size'
-        response = self.client.get(reverse('api:forum:list-memberpost') + '?{}=20'.format(page_size), args=[self.profile.id])
+        response = self.client.get(reverse('api:forum:list-memberpost', args=[self.profile.id]) + '?{}=20'.format(page_size))
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data.get('count'), 20)
         self.assertEqual(len(response.data.get('results')), 20)
@@ -1455,7 +1471,7 @@ def test_alert_post(self):
         another_profile = ProfileFactory()
         post = PostFactory(topic=topic, author=another_profile.user, position=1)
         data = {
-            'text': 'There is a guy flooding about Flask, con you do something about it ?',
+            'text': 'There is a guy flooding about Flask, con you do something about it ?'
         }
 
         self.client = APIClient()
@@ -1480,7 +1496,7 @@ def test_alert_post_in_private_forum(self):
         topic = add_topic_in_a_forum(forum, profile)
         post = PostFactory(topic=topic, author=profile.user, position=1)
         data = {
-            'text': 'There is a guy flooding about Flask, con you do something about it ?',
+            'text': 'There is a guy flooding about Flask, con you do something about it ?'
         }
 
         self.client = APIClient()
@@ -1507,7 +1523,7 @@ def test_alert_post_not_found(self):
         topic = add_topic_in_a_forum(forum, profile)
         post = PostFactory(topic=topic, author=profile.user, position=1)
         data = {
-            'text': 'There is a guy flooding about Flask, con you do something about it ?',
+            'text': 'There is a guy flooding about Flask, con you do something about it ?'
         }
 
         response = self.client_authenticated.post(reverse('api:forum:alert-post', args=[666, post.id]), data)
@@ -1550,17 +1566,16 @@ def test_update_post_other_user(self):
         }
         topic, posts = self.create_topic_with_post(REST_PAGE_SIZE, self.profile)
         response = self.client_authenticated.put(reverse('api:forum:detail-post', args=[topic.id, posts[0].id]), data)
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(data.get('text'), response.data.get('text'))
-
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
     def test_update_post(self):
         """
         Updates a post with user.
         """
         data = {
             'text': 'I made an error I want to edit.'
         }
-        topic, posts = self.create_topic_with_post()
+        topic, posts = self.create_topic_with_post(1, self.profile)
         response = self.client_authenticated.put(reverse('api:forum:detail-post', args=[topic.id, posts[0].id]), data)
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
@@ -1574,7 +1589,7 @@ def test_update_post_staff(self):
         topic, posts = self.create_topic_with_post()
         response = self.client_authenticated_staff.put(reverse('api:forum:detail-post', args=[topic.id, posts[0].id]), data)
         self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(reponse.data.get('text'), data.get('text'))
+        self.assertEqual(response.data.get('text'), data.get('text'))
 
     def test_update_unknow_post(self):
         """
@@ -1596,9 +1611,9 @@ def test_update_post_in_private_topic_anonymous(self):
         self.client = APIClient();
         category, forum = create_category(self.group_staff)
         topic = add_topic_in_a_forum(forum, self.staff)
-        posts = PostFactory(topic=topic, author=self.staff.user, position=1)
+        post = PostFactory(topic=topic, author=self.staff.user, position=1)
 
-        response = self.client.put(reverse('api:forum:detail-post', args=[topic.id, posts[0].id]), data)
+        response = self.client.put(reverse('api:forum:detail-post', args=[topic.id, post.id]), data)
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
 

zds/forum/api/views.py

@@ -82,6 +82,10 @@ def get(self, request, *args, **kwargs):
               message: Not Found
         """
         return self.list(request, *args, **kwargs)
+
+    def get_permissions(self):
+        permission_classes = [AllowAny, CanReadForum]
+        return [permission() for permission in permission_classes]
 
 
 class ForumDetailAPI(RetrieveAPIView):
@@ -200,6 +204,7 @@ def get_permissions(self):
             permission_classes.append(IsAuthenticated)
             permission_classes.append(CanReadAndWriteNowOrReadOnly)
             permission_classes.append(CanReadTopic)
+            permission_classes.append(CanReadForum)
         return [permission() for permission in permission_classes]
 
 
@@ -377,6 +382,8 @@ def get_serializer_class(self):
     def get_queryset(self):
         if self.request.method == 'GET':
             posts = Post.objects.filter(topic=self.kwargs.get('pk'))
+            #if posts is None:
+           #     raise Http404("Topic with pk {} was not found".format(self.kwargs.get('pk')))
         return posts
 
     def get_current_user(self):
@@ -388,6 +395,7 @@ def get_permissions(self):
             permission_classes.append(DRYPermissions)
             permission_classes.append(IsAuthenticated)
             permission_classes.append(CanReadAndWriteNowOrReadOnly)
+            permission_classes.append(CanReadPost)
         return [permission() for permission in permission_classes]
 
 
@@ -528,8 +536,6 @@ class PostAlertAPI(CreateAPIView):
     Alert a topic post to the staff.
     """
 
-    serializer_class = AlertSerializer
-
     def post(self, request, *args, **kwargs):
         """
         Alert a topic post to the staff.
@@ -556,13 +562,17 @@ def post(self, request, *args, **kwargs):
 
         serializer = self.get_serializer_class()(data=request.data, context={'request': self.request})
         serializer.is_valid(raise_exception=True)
-        serializer.save(position=0, author=author, comment=post)
+        serializer.save(comment=post)
         headers = self.get_success_headers(serializer.data)
         return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
 
     def get_permissions(self):
         permission_classes = [AllowAny, IsAuthenticated]
         return [permission() for permission in permission_classes]
+
+    def get_serializer_class(self):
+        return AlertSerializer
+
 
 
 # TODO global identier quand masquer les messages

zds/forum/forms.py

@@ -8,7 +8,8 @@
 from crispy_forms.layout import Layout, Field, Hidden
 from crispy_forms.bootstrap import StrictButton
 from zds.forum.models import Forum, Topic
-from zds.utils.forms import CommonLayoutEditor, TagValidator
+from zds.utils.forms import CommonLayoutEditor
+from zds.utils.validators import TagValidator
 from django.utils.translation import ugettext_lazy as _
 
 

zds/forum/models.py

@@ -388,14 +388,14 @@ def has_read_permission(request):
         return True
 
     def has_object_read_permission(self, request):
-        return Topic.has_read_permission(request) # TODO gerer fofo prives
+        return Topic.has_read_permission(request)
 
     @staticmethod
     def has_write_permission(request):
         return request.user.is_authenticated()
 
     def has_object_write_permission(self, request):
-        return Topic.has_write_permission(request) # TODO gerer les fofo prives
+        return Topic.has_write_permission(request)
 
     def has_object_update_permission(self, request):
         return Topic.has_write_permission(request) and (Topic.author == request.user)
@@ -451,7 +451,6 @@ def has_write_permission(request):
 
     def has_object_write_permission(self, request):
         return Topic.has_write_permission(request) 
-        # TODO verifier que ce n'est pas un forum prive
 
     def has_object_update_permission(self, request):
         return self.is_author(request.user)

zds/tutorialv2/forms.py

@@ -15,7 +15,7 @@
 from django.utils.translation import ugettext_lazy as _
 from zds.member.models import Profile
 from zds.tutorialv2.utils import slugify_raise_on_invalid, InvalidSlugError
-from zds.utils.forms import TagValidator
+from zds.utils.validators import TagValidator
 
 
 class FormWithTitle(forms.Form):

zds/utils/forms.py

@@ -66,70 +66,3 @@ def __init__(self, *args, **kwargs):
             Field('text'),
             *args, **kwargs
         )
-
-
-class TagValidator(object):
-    """
-    validate tags
-    """
-    def __init__(self):
-        self.__errors = []
-        self.logger = logging.getLogger("zds.utils.forms")
-        self.__clean = []
-
-    def validate_raw_string(self, raw_string):
-        """
-        validate a string composed as ``tag1,tag2``.
-
-        :param raw_string: the string to be validate. If ``None`` this is considered as a empty str
-        :type raw_string: basestring
-        :return: ``True`` if ``raw_string`` is fully valid, ``False`` if at least one error appears. See ``self.errors``
-        to get all internationalized error.
-        """
-        if raw_string is None or not isinstance(raw_string, basestring):
-            return self.validate_string_list([])
-        return self.validate_string_list(raw_string.split(","))
-
-    def validate_length(self, tag):
-        """
-        Check the length is in correct range. See ``Tag.label`` max length to have the true upper bound.
-
-        :param tag: the tag lavel to validate
-        :return: ``True`` if length is valid
-        """
-        if len(tag) > Tag._meta.get_field("title").max_length:
-            self.errors.append(_(u"Le tag {} est trop long (maximum {} caractères)".format(
-                tag, Tag._meta.get_field("title").max_length)))
-            self.logger.debug("%s est trop long expected=%d got=%d", tag,
-                              Tag._meta.get_field("title").max_length, len(tag))
-            return False
-        return True
-
-    def validate_string_list(self, string_list):
-        """
-        Same as ``validate_raw_string`` but with a list of tag labels.
-
-        :param string_list:
-        :return: ``True`` if ``v`` is fully valid, ``False`` if at least one error appears. See ``self.errors``
-        to get all internationalized error.
-        """
-        self.__clean = list(filter(self.validate_length, string_list))
-        self.__clean = list(filter(self.validate_utf8mb4, self.__clean))
-        return len(string_list) == len(self.__clean)
-
-    def validate_utf8mb4(self, tag):
-        """
-        Checks the tag does not contain utf8mb4 chars.
-
-        :param tag:
-        :return: ``True`` if no utf8mb4 string is found
-        """
-        if contains_utf8mb4(tag):
-            self.errors.append(_(u"Le tag {} contient des caractères utf8mb4").format(tag))
-            self.logger.warn("%s contains utf8mb4 char", tag)
-            return False
-        return True
-
-    @property
-    def errors(self):
-        return self.__errors

zds/utils/tests/tests_models.py

@@ -2,7 +2,7 @@
 from django.test import TestCase
 from django.db import IntegrityError, transaction
 
-from zds.utils.forms import TagValidator
+from zds.utils.validators import TagValidator
 from zds.utils.models import Tag