You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2022/11/09 19:32:42 UTC
[allura] branch master updated: [#8475] return a 404 if thread is awaiting moderation
This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 8fd44d208 [#8475] return a 404 if thread is awaiting moderation
8fd44d208 is described below
commit 8fd44d208ed213e03a74ce2f82a3480c55c8c924
Author: Guillermo Cruz <gu...@slashdotmedia.com>
AuthorDate: Wed Nov 2 09:16:27 2022 -0600
[#8475] return a 404 if thread is awaiting moderation
---
Allura/allura/controllers/discuss.py | 5 ++++-
Allura/allura/tests/functional/test_discuss.py | 20 +++++++++----------
.../forgediscussion/tests/functional/test_forum.py | 23 ++++++++++++++--------
3 files changed, 29 insertions(+), 19 deletions(-)
diff --git a/Allura/allura/controllers/discuss.py b/Allura/allura/controllers/discuss.py
index fb9ed913d..986fe9151 100644
--- a/Allura/allura/controllers/discuss.py
+++ b/Allura/allura/controllers/discuss.py
@@ -208,7 +208,10 @@ class ThreadController(BaseController, FeedController, metaclass=h.ProxiedAttrMe
M.session.artifact_orm_session._get().skip_mod_date = True
M.session.artifact_orm_session._get().skip_last_updated = True
count = self.thread.query_posts(page=page, limit=int(limit)).count()
-
+ if self.thread.num_replies == 0 or all(p.status != 'ok' for p in self.thread.posts):
+ # return status code 404 but still display the page content
+ request.environ['tg.status_code_redirect'] = True
+ response.status_int = 404
return dict(discussion=self.thread.discussion,
thread=self.thread,
page=int(page),
diff --git a/Allura/allura/tests/functional/test_discuss.py b/Allura/allura/tests/functional/test_discuss.py
index 8035fb93f..d27072b04 100644
--- a/Allura/allura/tests/functional/test_discuss.py
+++ b/Allura/allura/tests/functional/test_discuss.py
@@ -68,7 +68,7 @@ class TestDiscuss(TestDiscussBase):
def _make_post(self, text):
thread_link = self._thread_link()
- thread = self.app.get(thread_link)
+ thread = self.app.get(thread_link, expect_errors=True)
for f in thread.html.findAll('form'):
if f.get('action', '').endswith('/post'):
break
@@ -80,9 +80,9 @@ class TestDiscuss(TestDiscussBase):
params[f.find('textarea')['name']] = text
r = self.app.post(f['action'], params=params,
headers={'Referer': str(thread_link)},
+ status=302,
extra_environ=dict(username='root'))
- r = r.follow()
- return r
+ return self.app.get(r.response.headers['Location'], expect_errors=True)
@patch('allura.controllers.discuss.g.spam_checker.check')
@patch('allura.controllers.discuss.g.spam_checker.submit_spam')
@@ -106,7 +106,7 @@ class TestDiscuss(TestDiscussBase):
r = self.app.post(post_link,
params=params,
headers={'Referer': str(thread_link)})
- r = r.follow()
+ r = self.app.get(r.response.headers['Location'], status=404)
assert 'This is a new post' in r, r
r = self.app.get(post_link)
assert str(r).count('This is a new post') == 3
@@ -146,7 +146,7 @@ class TestDiscuss(TestDiscussBase):
# ok initially
non_admin = 'test-user'
- self.app.get(thread_url, status=200,
+ self.app.get(thread_url, status=404,
extra_environ=dict(username=str(non_admin)))
# set wiki page private
@@ -160,7 +160,7 @@ class TestDiscuss(TestDiscussBase):
M.DENY_ALL,
]
- self.app.get(thread_url, status=200, # ok
+ self.app.get(thread_url, status=404,
extra_environ=dict(username='test-admin'))
self.app.get(thread_url, status=403, # forbidden
extra_environ=dict(username=str(non_admin)))
@@ -356,7 +356,7 @@ class TestDiscuss(TestDiscussBase):
def test_post_paging(self):
thread_link = self._thread_link()
# just make sure it doesn't 500
- self.app.get('%s?limit=50&page=0' % thread_link)
+ self.app.get('%s?limit=50&page=0' % thread_link, status=404)
@patch('allura.controllers.discuss.g.director.create_activity')
def test_edit_post(self, create_activity):
@@ -401,7 +401,7 @@ class TestAttachment(TestDiscussBase):
def setup_method(self, method):
super().setup_method(method)
self.thread_link = self._thread_link()
- thread = self.app.get(self.thread_link)
+ thread = self.app.get(self.thread_link, status=404)
for f in thread.html.findAll('form'):
if f.get('action', '').endswith('/post'):
break
@@ -521,10 +521,10 @@ class TestAttachment(TestDiscussBase):
post.status = 'pending'
session(post).flush(post)
# ... make sure attachment is not visible to ordinary user
- r = self.app.get(self.thread_link, extra_environ=ordinary_user)
+ r = self.app.get(self.thread_link, status=404, extra_environ=ordinary_user)
assert '<div class="attachment_holder">' not in r, 'Attachment is visible on unmoderated post'
# ... but visible to moderator
- r = self.app.get(self.thread_link, extra_environ=moderator)
+ r = self.app.get(self.thread_link, status=404, extra_environ=moderator)
assert '<div class="attachment_holder">' in r
# ... and ordinary user can't access it
self.app.get(alink, status=403, extra_environ=ordinary_user)
diff --git a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py b/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
index cfc2f5c84..43d5e0742 100644
--- a/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
+++ b/ForgeDiscussion/forgediscussion/tests/functional/test_forum.py
@@ -547,10 +547,11 @@ class TestForum(TestController):
params[f.find('select')['name']] = 'testforum'
params[f.find('input', {'style': 'width: 90%'})['name']] = 'Test Thread'
thread = self.app.post('/discussion/save_new_topic', params=params,
- extra_environ=dict(username='*anonymous')).follow()
+ extra_environ=dict(username='*anonymous'))
- # assert post awaiting moderation
- r = self.app.get(thread.request.url,
+ # assert post return 404 but content can still be seen and moderated
+ thread_url = thread.response.headers['Location']
+ r = self.app.get(thread_url, status=404,
extra_environ=dict(username='*anonymous'))
assert 'Post awaiting moderation' in r
assert 'name="delete"' not in r
@@ -560,7 +561,7 @@ class TestForum(TestController):
assert spam_checker.check.call_args[0][0] == 'Test Thread\nPost content'
# assert unapproved thread replies do not appear
- f = thread.html.find('div', {'class': 'comment-row reply_post_form'}).find('form')
+ f = r.html.find('div', {'class': 'comment-row reply_post_form'}).find('form')
rep_url = f.get('action')
params = dict()
inputs = f.findAll('input')
@@ -569,13 +570,13 @@ class TestForum(TestController):
params[field['name']] = field.get('value') or ''
params[f.find('textarea')['name']] = 'anon reply to anon post content'
r = self.app.post(str(rep_url), params=params, extra_environ=dict(username='*anonymous'))
- r = self.app.get(thread.request.url,
+ r = self.app.get(thread_url, status=404,
extra_environ=dict(username='*anonymous'))
assert 'anon reply to anon post' not in r
assert spam_checker.check.call_args[0][0] == 'anon reply to anon post content'
# assert moderation controls appear for admin
- r = self.app.get(thread.request.url)
+ r = self.app.get(thread_url, extra_environ=dict(username='test-admin'), status=404)
assert '<div class="display_post moderate">' in r
assert '<i class="fa fa-reply"></i>' in r
@@ -598,17 +599,23 @@ class TestForum(TestController):
'post-0._id': post._id,
'post-0.checked': 'on',
'approve': 'Approve Marked'})
+
post = FM.ForumPost.query.get(text='Post content')
+ post2 = FM.ForumPost.query.get(text='anon reply to anon post content')
+ assert 'ok' == post.status
+ assert 'pending' == post2.status
# assert anon can't edit their original post
- r = self.app.get(thread.request.url,
- extra_environ=dict(username='*anonymous'))
+ r = self.app.get(thread_url,
+ extra_environ=dict(username='*anonymous'))
assert 'Post content' in r
post_container = r.html.find('div', {'id': post.slug})
+
btn_edit = post_container.find('a', {'title': 'Edit'})
assert not btn_edit
+
@td.with_tool('test2', 'Discussion', 'discussion')
@mock.patch('allura.model.discuss.g.spam_checker')
def test_is_spam(self, spam_checker):