add test

2019-07-29 15:05:30 -04:00 · 2019-07-29 15:05:30 -04:00 · 7c2afefd9f
commit 7c2afefd9f
parent fb9485e3d1
2 changed files with 61 additions and 0 deletions
--- a/todo/tests/conftest.py
+++ b/todo/tests/conftest.py
@ -29,6 +29,12 @@ def todo_setup(django_user_model):
    Task.objects.create(created_by=u2, title="Task 2", task_list=tlist2, priority=2, completed=True)
    Task.objects.create(created_by=u2, title="Task 3", task_list=tlist2, priority=3)

+    # Add a third user for a test that needs two users in the same group.
+    extra_g2_user = django_user_model.objects.create_user(
+        username="extra_g2_user", password="password", email="extra_g2_user@example.com", is_staff=True
+    )
+    extra_g2_user.groups.add(g2)
+

@pytest.fixture()
 # Set up an in-memory mail server to receive test emails
--- a/todo/tests/test_views.py
+++ b/todo/tests/test_views.py
@ -140,6 +140,61 @@ def test_no_javascript_in_task_note(todo_setup, client):
    assert task.note == bleach.clean(note, strip=True)


+@pytest.mark.django_db
+def test_created_by_unchanged(todo_setup, client):
+    
+    task_list = TaskList.objects.first()
+    u2 = get_user_model().objects.get(username="u2")
+    title = "Some Unique String with unique chars: ab78539e"
+    note = "a note"
+    data = {
+        "task_list": task_list.id,
+        "created_by": u2.id,
+        "priority": 10,
+        "title": title,
+        "note": note,
+        "add_edit_task": "Submit",
+    }
+
+    client.login(username="u2", password="password")
+    url_add_task = reverse("todo:list_detail", kwargs={"list_id": task_list.id, "list_slug": task_list.slug})
+
+    response = client.post(url_add_task, data)
+    assert response.status_code == 302
+
+    # Retrieve new task and compare created_by
+    task = Task.objects.get(title=title)
+    assert task.created_by == u2
+
+    # Now that we've created the task, edit it as another user.
+    # After saving, created_by should remain unchanged.
+    extra_g2_user = get_user_model().objects.get(username="extra_g2_user")
+
+    client.login(username="extra_g2_user", password="password")
+
+    url_edit_task = reverse("todo:task_detail", kwargs={"task_id": task.id})
+
+    dataTwo =  {
+        "task_list": task.task_list.id,
+        "created_by": extra_g2_user.id,   # this submission is attempting to change created_by
+        "priority": 10,
+        "title": task.title,
+        "note": "the note was changed",
+        "add_edit_task": "Submit",
+    }
+    
+    response = client.post(url_edit_task, dataTwo)
+    assert response.status_code == 302
+
+    task.refresh_from_db()
+    
+    # Proof that the task was saved:
+    assert task.note == "the note was changed"
+
+    # client was unable to modify created_by:
+    assert task.created_by == u2
+    
+
@pytest.mark.django_db
 def test_no_javascript_in_comments(todo_setup, client):
    user = get_user_model().objects.get(username="u2")