Merge pull request #186 from pygame/newbies

wiki: project: Block 'newbie' users modifying things
pygame · Jun 29, 2024 · 7d28211 · 7d28211
2 parents 214340f + 686f944
commit 7d28211
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 4 deletions.
diff --git a/pygameweb/project/views.py b/pygameweb/project/views.py
@@ -230,6 +230,9 @@ def all_tags():
 def new_comment(project_id):
     """ Post a comment on this project.
     """
+    if current_user.has_role('newbie'):
+        abort(404)
+
     form = ProjectCommentForm()
 
     if form.validate_on_submit():
@@ -299,6 +302,9 @@ def save_image(form_field, image_path):
 def new_project():
     """ This adds both a project, and a release.
     """
+    if current_user.has_role('newbie'):
+        abort(404)
+
     form = FirstReleaseForm()
 
     if form.validate_on_submit():
@@ -363,6 +369,9 @@ def edit_project(project_id):
     if project.user.id != current_user.id:
         abort(404)
 
+    if current_user.has_role('newbie'):
+        abort(404)
+
     if request.method == 'GET':
         form = ProjectForm(obj=project)
         form.tags.data = ','.join([t.value for t in project.tags])
@@ -437,6 +446,9 @@ def edit_release(project_id, release_id):
         if release.project.user.id != current_user.id:
             abort(404)
 
+    if current_user.has_role('newbie'):
+        abort(404)
+
     if request.method == 'GET' and release_id is not None:
         form = ReleaseForm(obj=release)
     else:
@@ -486,6 +498,9 @@ def delete_release(project_id, release_id):
     on post, delete the release.
     on get, show a form for posting to delete it.
     """
+    if current_user.has_role('newbie'):
+        abort(404)
+
     project = project_for(project_id)
     if project.user.id != current_user.id:
         abort(404)

diff --git a/pygameweb/wiki/views.py b/pygameweb/wiki/views.py
@@ -184,6 +184,8 @@ def grouper(item):
 def edit(link):
     """ the wiki page.
     """
+    if current_user.has_role('newbie'):
+        abort(404)
 
     # TODO: we need to add users_id, parents, and keywords
     page = Wiki.for_link(current_session, link)

diff --git a/tests/functional/pygameweb/project/test_project_views.py b/tests/functional/pygameweb/project/test_project_views.py
@@ -21,18 +21,23 @@ def project_client(app, session, client):
 
 
 def a_user(app, session, project_client, name, email,
-           logged_in, disabled, active):
+           logged_in, disabled, active, newbie):
     """ gives us a user who is a member.
     """
     from pygameweb.user.models import User, Group
     from flask_security.utils import encrypt_password
     group = Group(name='members', title='Member')
+    newbie_group = Group(name='newbie', title='Newbie')
+    roles = [group]
+    if newbie:
+        roles.append(newbie_group)
+
     user = User(name=name,
                 email=email,
                 password=encrypt_password('password'),
                 disabled=disabled,
                 active=active,
-                roles=[group])
+                roles=roles)
     session.add(user)
     session.commit()
 
@@ -50,7 +55,8 @@ def user(app, session, project_client):
     return a_user(app, session, project_client, 'joe', '[email protected]',
                   logged_in=True,
                   disabled=0,
-                  active=True)
+                  active=True,
+                  newbie=False)
 
 
 @pytest.fixture
@@ -62,8 +68,18 @@ def user_banned(app, session, project_client):
                   '[email protected]',
                   logged_in=False,
                   disabled=1,
-                  active=False)
+                  active=False,
+                  newbie=False)
 
+@pytest.fixture
+def user_newbie(app, session, project_client):
+    """ gives us a user who is a member.
+    """
+    return a_user(app, session, project_client, 'joe newbie', '[email protected]',
+                  logged_in=True,
+                  disabled=0,
+                  active=True,
+                  newbie=True)
 
 @pytest.fixture
 def project(session, user):
@@ -309,6 +325,13 @@ def test_new_project_page(project_client, user):
         assert (label in resp.data), f'label {label} not present in page.'
 
 
+def test_new_project_page_newbie(project_client, user_newbie):
+    """ tests the page to create a new project.
+    """
+    resp = project_client.get('/members/projects/new')
+    assert resp.status_code == 404
+
+
 def test_add_new_project(config, project_client, session, user):
     """ adds a new project for the user.
     """
@@ -433,6 +456,39 @@ def test_add_new_project(config, project_client, session, user):
     assert resp.status_code == 200
 
 
+def test_add_new_project_newbie(config, project_client, session, user_newbie):
+    """ adds a new project for the user if they are a newbie should not work.
+    """
+    from io import BytesIO
+    from pygameweb.project.models import Project, Tags
+
+    png = (b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00'
+           b'\x00\x01\x08\x02\x00\x00\x00\x90wS\xde\x00\x00\x00\x0cIDAT'
+           b'\x08\x99c```\x00\x00\x00\x04\x00\x01\xa3\n\x15\xe3\x00\x00'
+           b'\x00\x00IEND\xaeB`\x82')
+
+    image = (BytesIO(png), 'helloworld.png')
+    data = dict(
+        image=image,
+        title='title',
+        version='1.0.2',
+        tags='tags',
+        summary='summary',
+        description='description of project',
+        uri='http://example.com/',
+        youtube_trailer='https://www.youtube.com/watch?v=8UnvMe1Neok',
+        github_repo='https://github.com/pygame/pygameweb/',
+        patreon='https://www.patreon.com/pygame',
+    )
+
+    with mock.patch('pygameweb.project.views.save_image') as save_image:
+        resp = project_client.post('/members/projects/new',
+                                   data=data,
+                                   follow_redirects=True)
+
+    assert resp.status_code == 404
+
+
 def test_add_new_project_without_image(project_client, session, user):
     """ adds a new project for the user without an image.
     """
@@ -561,6 +617,17 @@ def test_new_project_comment(project_client, session, project, project2, user):
         assert (b'Gidday matey.' in
                 resp.data), 'because the comment should be there.'
 
+def test_new_project_comment_newbie(project_client, session, project, project2, user_newbie):
+    """ Newbie can not post.
+    """
+    with mock.patch('pygameweb.project.views.classify_comment'):
+
+        url = f'/project/{project.id}/comment'
+        data = {'message':
+                '<p>Gidday matey. Keeping busy are ya? This. Is. Awesome.</p>'}
+        resp = project_client.post(url, data=data, follow_redirects=True)
+        assert resp.status_code == 404
+
 @pytest.mark.parametrize("feed_url", [
     '/feed/releases.php?format=ATOM',
     '/feed/releases.php?format=RSS2.0',

diff --git a/tests/functional/pygameweb/wiki/test_wiki_views.py b/tests/functional/pygameweb/wiki/test_wiki_views.py
@@ -45,6 +45,17 @@ def member(session, user):
     session.commit()
     return group
 
+@pytest.fixture
+def newbie(session, user):
+    """
+    """
+    from pygameweb.user.models import Group
+    group = Group(name='newbie', title='Newbie')
+    user.roles.append(group)
+    session.add(group)
+    session.commit()
+    return group
+
 
 @pytest.fixture
 def admin(session, user):
@@ -219,6 +230,18 @@ def test_wiki_new_page(wiki_client, session, member, user):
     assert b'I have changed.' in resp.data
 
 
+def test_wiki_new_page_newbie(wiki_client, session, member, newbie, user):
+    """ is editable when we go there.
+    """
+    from pygameweb.wiki.models import Wiki
+
+    resp = wiki_client.get('/wiki/blabla')
+    assert resp.status_code == 404, 'now there is no blabla page.'
+
+    resp = wiki_client.get('/wiki/blabla/edit')
+    assert resp.status_code == 404
+
+
 def test_wiki_index(wiki_client, session):
     """ is shown as the default.
     """