logos-co
/
open-law
mirror of https://github.com/logos-co/open-law.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

book.settings

This commit is contained in:
SvyatoslavArtymovych 2023-05-11 11:08:19 +03:00
parent 1e1c799d41
commit 1d43f2ae36
2 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/views/book.py
View File

@ -278,13 +278,10 @@ def interpretation_view(
@bp.route("/<int:book_id>/settings", methods=["GET"])
@register_book_verify_route(bp.name)
@login_required
def settings(book_id: int):
book: m.Book = db.session.get(m.Book, book_id)
if not book or book.is_deleted or book.owner != current_user:
log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book)
flash("You are not owner of this book!", "danger")
return redirect(url_for("book.my_books"))
return render_template(
"book/settings.html", book=book, roles=m.BookContributor.Roles

35
tests/test_book.py
View File

@ -3,7 +3,7 @@ from flask import current_app as Response
from flask.testing import FlaskClient, FlaskCliRunner
from app import models as m, db
from tests.utils import login
from tests.utils import login, logout
def test_create_edit_book(client: FlaskClient):
@ -1003,3 +1003,36 @@ def test_crud_comment(client: FlaskClient, runner: FlaskCliRunner):
assert response.status_code == 200
assert b"Success" in response.data
assert str.encode(comment_text) not in response.data
def test_access_to_settings_page(client: FlaskClient):
_, user = login(client)
book_1 = m.Book(label="test", about="test").save()
book_2 = m.Book(label="test", about="test", user_id=user.id).save()
response: Response = client.get(
f"/book/{book_1.id}/settings",
follow_redirects=True,
)
assert response.status_code == 200
assert b"You are not owner of this book!" in response.data
response: Response = client.get(
f"/book/{book_2.id}/settings",
follow_redirects=True,
)
assert response.status_code == 200
assert b"You are not owner of this book!" not in response.data
logout(client)
response: Response = client.get(
f"/book/{book_2.id}/settings",
follow_redirects=True,
)
assert response.status_code == 200
assert b"You are not owner of this book!" in response.data