From e5c477ce3cb46e94b8a48bec8888bbcba25252bf Mon Sep 17 00:00:00 2001 From: SvyatoslavArtymovych Date: Thu, 11 May 2023 11:14:22 +0300 Subject: [PATCH] book contributor CRUD --- app/views/book.py | 29 +++++++---------------------- tests/test_book.py | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+), 22 deletions(-) diff --git a/app/views/book.py b/app/views/book.py index 4668f54..dfb90cb 100644 --- a/app/views/book.py +++ b/app/views/book.py @@ -289,14 +289,9 @@ def settings(book_id: int): @bp.route("//add_contributor", methods=["POST"]) +@register_book_verify_route(bp.name) @login_required def add_contributor(book_id: int): - book: m.Book = db.session.get(m.Book, book_id) - if not book or book.is_deleted or book.owner != current_user: - log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book) - flash("You are not owner of this book!", "danger") - return redirect(url_for("book.my_books")) - form = f.AddContributorForm() if form.validate_on_submit(): @@ -327,26 +322,21 @@ def add_contributor(book_id: int): @bp.route("//delete_contributor", methods=["POST"]) +@register_book_verify_route(bp.name) @login_required def delete_contributor(book_id: int): - book: m.Book = db.session.get(m.Book, book_id) - if not book or book.is_deleted or book.owner != current_user: - log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book) - flash("You are not owner of this book!", "danger") - return redirect(url_for("book.my_books")) - form = f.DeleteContributorForm() if form.validate_on_submit(): book_contributor = m.BookContributor.query.filter_by( - user_id=int(form.user_id.data), book_id=book.id + user_id=int(form.user_id.data), book_id=book_id ).first() if not book_contributor: log( log.INFO, "BookContributor does not exists user: [%s], book: [%s]", form.user_id.data, - book.id, + book_id, ) flash("Does not exists!", "success") return redirect(url_for("book.settings", book_id=book_id)) @@ -367,26 +357,21 @@ def delete_contributor(book_id: int): @bp.route("//edit_contributor_role", methods=["POST"]) +@register_book_verify_route(bp.name) @login_required def edit_contributor_role(book_id: int): - book: m.Book = db.session.get(m.Book, book_id) - if not book or book.is_deleted or book.owner != current_user: - log(log.INFO, "User: [%s] is not owner of book: [%s]", current_user, book) - flash("You are not owner of this book!", "danger") - return redirect(url_for("book.my_books")) - form = f.EditContributorRoleForm() if form.validate_on_submit(): book_contributor = m.BookContributor.query.filter_by( - user_id=int(form.user_id.data), book_id=book.id + user_id=int(form.user_id.data), book_id=book_id ).first() if not book_contributor: log( log.INFO, "BookContributor does not exists user: [%s], book: [%s]", form.user_id.data, - book.id, + book_id, ) flash("Does not exists!", "success") return redirect(url_for("book.settings", book_id=book_id)) diff --git a/tests/test_book.py b/tests/test_book.py index 22ca421..39764e1 100644 --- a/tests/test_book.py +++ b/tests/test_book.py @@ -224,6 +224,28 @@ def test_edit_contributor_role(client: FlaskClient, runner: FlaskCliRunner): assert response.status_code == 200 assert b"Success!" in response.data + moderator = m.User(username="Moderator", password="test").save() + + moderators_book = m.Book(label="Test Book", user_id=moderator.id).save() + response: Response = client.post( + f"/book/{moderators_book.id}/add_contributor", + data=dict(user_id=moderator.id, role=m.BookContributor.Roles.MODERATOR), + follow_redirects=True, + ) + + assert response.status_code == 200 + assert b"You are not owner of this book!" in response.data + + moderators_book = m.Book(label="Test Book", user_id=moderator.id).save() + response: Response = client.post( + f"/book/999/add_contributor", + data=dict(user_id=moderator.id, role=m.BookContributor.Roles.MODERATOR), + follow_redirects=True, + ) + + assert response.status_code == 200 + assert b"You are not owner of this book!" in response.data + def test_crud_collection(client: FlaskClient, runner: FlaskCliRunner): _, user = login(client)