Extension page should be 404 for everyone unless publicly listed #167

Merged
Anna Sirota merged 5 commits from extension-detail-page-listed-only into main 2024-06-05 12:12:14 +02:00
Showing only changes of commit 2175a1b664 - Show all commits

View File

@ -5,7 +5,7 @@ from django.urls import reverse
from common.tests.factories.extensions import create_version, create_approved_version from common.tests.factories.extensions import create_version, create_approved_version
from common.tests.factories.teams import TeamFactory from common.tests.factories.teams import TeamFactory
from common.tests.factories.users import UserFactory from common.tests.factories.users import UserFactory, create_moderator
from extensions.models import Extension, Version from extensions.models import Extension, Version
from files.models import File from files.models import File
from teams.models import Team, TeamsUsers from teams.models import Team, TeamsUsers
@ -90,6 +90,54 @@ class PublicViewsTest(_BaseTestCase):
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'extensions/home.html') self.assertTemplateUsed(response, 'extensions/home.html')
def test_no_one_can_view_extension_page_when_not_listed_404(self):
extension = create_version(extension__is_listed=False).extension
moderator = create_moderator()
staff = UserFactory(is_staff=True)
superuser = UserFactory(is_superuser=True, is_staff=True)
author = extension.authors.first()
url = extension.get_absolute_url()
response = self.client.get(url)
for account, role in (
(None, 'anonymous'),
(moderator, 'moderator'),
(staff, 'staff'),
(superuser, 'superuser'),
(author, 'author'),
):
with self.subTest(account=account, role=role):
self.client.logout()
if account:
self.client.force_login(account)
self.assertEqual(response.status_code, 404)
def test_anyone_can_view_extension_page_when_listed(self):
extension = create_approved_version().extension
moderator = create_moderator()
staff = UserFactory(is_staff=True)
superuser = UserFactory(is_superuser=True, is_staff=True)
author = extension.authors.first()
url = extension.get_absolute_url()
response = self.client.get(url)
for account, role in (
(None, 'anonymous'),
(moderator, 'moderator'),
(staff, 'staff'),
(superuser, 'superuser'),
(author, 'author'),
):
with self.subTest(role=role):
self.client.logout()
if account:
self.client.force_login(account)
self.assertEqual(response.status_code, 200)
class ApiViewsTest(_BaseTestCase): class ApiViewsTest(_BaseTestCase):
def test_blender_version_filter(self): def test_blender_version_filter(self):