diff --git a/website/announcements/tests.py b/website/announcements/tests.py new file mode 100644 index 0000000000000000000000000000000000000000..db46de0902eca4394f026b621bccfe85eeb56589 --- /dev/null +++ b/website/announcements/tests.py @@ -0,0 +1,88 @@ +from django.contrib.auth.models import AnonymousUser, User +from django.contrib.sessions.middleware import SessionMiddleware +from django.test import TestCase, RequestFactory +from django.urls import reverse + +from announcements.views import close_announcement + + +class AnnouncementCloseTestCase(TestCase): + + def setUp(self): + self.factory = RequestFactory() + self.user = User.objects.create_user( + username='thom', + email='test@example.com', + password='top secret', + ) + self.middleware = SessionMiddleware() + + def test_get_request(self): + for user in [self.user, AnonymousUser()]: + request = self.factory.get( + reverse('announcements:close-announcement')) + self.middleware.process_request(request) + with self.subTest(user=user): + request.user = user + response = close_announcement(request) + self.assertEqual(response.status_code, 405) + + def test_post_no_id(self): + request = self.factory.post( + reverse('announcements:close-announcement')) + self.middleware.process_request(request) + request.user = AnonymousUser() + response = close_announcement(request) + self.assertEqual(response.status_code, 400) + + def test_post_id_string(self): + request = self.factory.post( + reverse('announcements:close-announcement'), + {'id': 'bla'}) + self.middleware.process_request(request) + request.user = AnonymousUser() + response = close_announcement(request) + self.assertEqual(response.status_code, 400) + + def test_valid_request_anonymous(self): + request = self.factory.post( + reverse('announcements:close-announcement'), + {'id': 3}) + self.middleware.process_request(request) + request.user = AnonymousUser() + response = close_announcement(request) + + self.assertEqual(response.status_code, 204) + self.assertIn('closed_announcements', request.session) + self.assertIn(3, request.session['closed_announcements']) + self.assertTrue(request.session.modified) + self.assertEqual(response.content, b'') + + def test_valid_request_logged_in(self): + request = self.factory.post( + reverse('announcements:close-announcement'), + {'id': 3}) + self.middleware.process_request(request) + request.user = self.user + response = close_announcement(request) + + self.assertEqual(response.status_code, 204) + self.assertIn('closed_announcements', request.session) + self.assertIn(3, request.session['closed_announcements']) + self.assertEqual(response.content, b'') + + def test_valid_alread_canceled(self): + request = self.factory.post( + reverse('announcements:close-announcement'), + {'id': 3}) + self.middleware.process_request(request) + request.session['closed_announcements'] = [3] + request.user = AnonymousUser() + response = close_announcement(request) + + self.assertEqual(response.status_code, 204) + self.assertIn('closed_announcements', request.session) + self.assertIn(3, request.session['closed_announcements']) + self.assertEqual(len(request.session['closed_announcements']), 1) + self.assertTrue(request.session.modified) + self.assertEqual(response.content, b'') diff --git a/website/announcements/views.py b/website/announcements/views.py index 6ab4d85ed20f584012b030b627e8f7cf7b137ead..d23b7f8e05b1679576d4fff069ae72b19f760387 100644 --- a/website/announcements/views.py +++ b/website/announcements/views.py @@ -12,7 +12,11 @@ def close_announcement(request): """ if 'id' not in request.POST: return HttpResponseBadRequest("no id specified") - announcement_id = int(request.POST['id']) + try: + announcement_id = int(request.POST['id']) + except ValueError: + return HttpResponseBadRequest("no integer id specified") + # if we do not have a list of closed announcements yet: if 'closed_announcements' not in request.session: request.session['closed_announcements'] = [] # cannot use sets here :(