Tests for list mine/not mine

todo/models.py

@@ -17,15 +17,11 @@ class TaskList(models.Model):
     def __str__(self):
         return self.name
 
-    def list_detail(self):
-        # Count all incomplete tasks on the current list instance
-        return Item.objects.filter(task_list=self, completed=0)
-
     class Meta:
         ordering = ["name"]
         verbose_name_plural = "Task Lists"
 
-        # Prevents (at the database level) creation of two lists with the same name in the same group
+        # Prevents (at the database level) creation of two lists with the same slug in the same group
         unique_together = ("group", "slug")
 
 

todo/tests/conftest.py

@@ -7,11 +7,20 @@ from todo.models import Item, TaskList
 
 @pytest.fixture
 def todo_setup(django_user_model):
-    g1 = Group.objects.create(name="Weavers")
+    # Two groups with different users, two sets of tasks.
-    u1 = django_user_model.objects.create(username="you", password="password")
-    u1.groups.add(g1)
-    tlist = TaskList.objects.create(group=g1, name="Zip", slug="zip")
 
-    Item.objects.create(created_by=u1, title="Task 1", task_list=tlist, priority=1)
+    g1 = Group.objects.create(name="Workgroup One")
-    Item.objects.create(created_by=u1, title="Task 2", task_list=tlist, priority=2)
+    u1 = django_user_model.objects.create_user(username="u1", password="password")
-    Item.objects.create(created_by=u1, title="Task 3", task_list=tlist, priority=3)
+    u1.groups.add(g1)
+    tlist1 = TaskList.objects.create(group=g1, name="Zip", slug="zip")
+    Item.objects.create(created_by=u1, title="Task 1", task_list=tlist1, priority=1)
+    Item.objects.create(created_by=u1, title="Task 2", task_list=tlist1, priority=2)
+    Item.objects.create(created_by=u1, title="Task 3", task_list=tlist1, priority=3)
+
+    g2 = Group.objects.create(name="Workgroup Two")
+    u2 = django_user_model.objects.create_user(username="u2", password="password")
+    u2.groups.add(g2)
+    tlist2 = TaskList.objects.create(group=g2, name="Zap", slug="zap")
+    Item.objects.create(created_by=u2, title="Task 1", task_list=tlist2, priority=1)
+    Item.objects.create(created_by=u2, title="Task 2", task_list=tlist2, priority=2)
+    Item.objects.create(created_by=u2, title="Task 3", task_list=tlist2, priority=3)

todo/tests/test_views.py

@@ -1,5 +1,6 @@
 import pytest
 
+from django.contrib.auth import get_user_model
 from django.urls import reverse
 
 from todo.models import Item, TaskList
@@ -14,7 +15,7 @@ After that, view contents and behaviors.
 
 @pytest.mark.django_db
 def test_todo_setup(todo_setup):
-    assert Item.objects.all().count() == 3
+    assert Item.objects.all().count() == 6
 
 
 def test_view_list_lists(todo_setup, admin_client):
@@ -87,8 +88,8 @@ def test_view_search(todo_setup, admin_client):
 # ### PERMISSIONS ###
 
 """
-Some views are for staff users only. We've already smoke-tested with Admin user -
+Some views are for staff users only.
-try these with normal user.
+We've already smoke-tested with Admin user - try these with normal user.
 """
 
 
@@ -96,7 +97,7 @@ def test_view_add_list_nonadmin(todo_setup, client):
     url = reverse('todo:add_list')
     client.login(username="you", password="password")
     response = client.get(url)
-    assert response.status_code == 302  # Redirects to login. Would prefer 403...
+    assert response.status_code == 403
 
 
 def test_view_del_list_nonadmin(todo_setup, client):
@@ -104,9 +105,31 @@ def test_view_del_list_nonadmin(todo_setup, client):
     url = reverse('todo:del_list', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
     client.login(username="you", password="password")
     response = client.get(url)
-    assert response.status_code == 302  # Redirects to login. Would prefer 403...
+    assert response.status_code == 403
+
+
+def test_view_list_mine(todo_setup, client):
+    """View a list in a group I belong to.
+    """
+    tlist = TaskList.objects.get(slug="zip")  # User u1 is in this group's list
+    url = reverse('todo:list_detail', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
+    client.login(username="u1", password="password")
+    response = client.get(url)
+    assert response.status_code == 200
+
+
+def test_view_list_not_mine(todo_setup, client):
+    """View a list in a group I don't belong to.
+    """
+    tlist = TaskList.objects.get(slug="zip")  # User u1 is in this group, user u2 is not.
+    url = reverse('todo:list_detail', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
+    client.login(username="u2", password="password")
+    response = client.get(url)
+    assert response.status_code == 403
+
 
 
 # TODO
-# View a task that's not in one of my groups?
+# View a task in a list in a group I do / don't belong to.
 # Mark complete
+# staff_only decorator