Merge pull request #83 from mozillazg/login-required

apply login_required

Author: dongweiming

conftest.py

@@ -1,10 +1,13 @@
+# coding=utf-8
 from __future__ import absolute_import
-# -*- coding: utf-8 -*-
 
+from flask import url_for
+from flask_login import current_user
 import pytest
 
 from firefly.app import create_app
 from firefly.ext import db
+from firefly.models.user import User
 
 
 @pytest.fixture
@@ -16,3 +19,29 @@ def cleanup():
         db.connection.drop_database(db_name)
     request.addfinalizer(cleanup)
     return app
+
+
+@pytest.fixture
+def client_class(request, client):
+    def login(cls):
+        user = User.objects.filter(email='foo@bar.com').first()
+        if user is None:
+            user = User.create_user('foo', 'foo@bar.com', 'foobar')
+        else:
+            user.set_password('foobar')
+            user.save()
+
+        form = {
+            'email': 'foo@bar.com',
+            'password': 'foobar',
+        }
+        rv = client.post(
+            url_for('home.login'), data=form,
+            follow_redirects=True
+        )
+        assert current_user.is_authenticated()
+        assert url_for('security.logout') in rv.data
+
+    if request.cls is not None:
+        request.cls.client = client
+        request.cls._login = login

firefly/models/user.py

@@ -90,6 +90,9 @@ def create_user(cls, username, email, password, **kwargs):
             username=username, email=email, password=password, **kwargs
         )
 
+    def set_password(self, password):
+        self.password = self.generate_password(password)
+
     def check_password(self, password):
         return security.check_password_hash(
             self.password,

firefly/templates/index.html

@@ -25,9 +25,10 @@
         li title="all topics grouped by category"
           a href="/categories"
             Categories
-      button#create-topic.btn.btn-default.right
-        i.fa.fa-plus
-        New Topic
+      - if current_user.is_authenticated()
+        button#create-topic.btn.btn-default.right
+          i.fa.fa-plus
+          New Topic
   div.container.list-container
     div#list-area
       div.contents
@@ -49,8 +50,9 @@
             -for post in posts
               ${topic_item.main(post)}
 
--def others()
-  ${widgets_editor.index()}
+- if current_user.is_authenticated()
+  -def others()
+    ${widgets_editor.index()}
 
 -def head_script()
   link href="${url_for('static', filename='stylesheets/base16-light.css')}" rel="stylesheet"

firefly/templates/posts/detail.html

@@ -87,15 +87,17 @@
                                 Replies
                                 i.fa.fa-chevron-down
                             div.actions
-                              button.like title='喜欢这个主题?'
-                                i.fa.fa-heart
+                              - if current_user.is_authenticated()
+                                button.like title='喜欢这个主题?'
+                                  i.fa.fa-heart
                               button title='分享' data-share-url="/t/dd"
                                 i.fa.fa-link
-                              button.bookmark title='标记'
-                                div.read-icon
-                              button.create title='评论'
-                                i.fa.fa-reply
-                                评论
+                              - if current_user.is_authenticated()
+                                button.bookmark title='标记'
+                                  div.read-icon
+                                button.create title='评论'
+                                  i.fa.fa-reply
+                                  评论
                       section.embedded-posts.bottom.hide
 
 -def head_script()
@@ -109,5 +111,6 @@
       require(['post']);
     });
 
-- def others()
-  ${widgets_editor.topic()}
+- if current_user.is_authenticated()
+  - def others()
+    ${widgets_editor.topic()}

firefly/views/home.py

@@ -4,7 +4,7 @@
 from flask.views import MethodView
 from flask.blueprints import Blueprint
 from flask_mako import render_template, render_template_def
-from flask_login import login_user, current_user
+from flask_login import login_user, current_user, login_required
 
 from firefly.forms.user import LoginForm, RegisterForm
 from firefly.models.topic import Category, Post
@@ -21,15 +21,15 @@ def get(self):
 
 
 class CreateView(MethodView):
+    decorators = [login_required]
+
     def post(self):
         title = request.form.get('title')
         content = request.form.get('content')
         category_id = request.form.get('category', '')
-        author_id = request.form.get('author', '')
         if category_id.isdigit():
             category_id = int(category_id)
-        if not author_id:
-            author_id = current_user.id
+        author_id = current_user.id
         category = Category.objects.filter(id=category_id).first()
         post = Post(title=title, content=content, category=category,
                     author=User.objects.get_or_404(id=author_id))

firefly/views/post.py

@@ -1,11 +1,13 @@
-from __future__ import absolute_import
 # coding=utf-8
-from flask import request, redirect, url_for
+from __future__ import absolute_import
+from flask import request, redirect, url_for, abort
 from flask.views import MethodView
 from flask.blueprints import Blueprint
 from flask_mako import render_template
 from flask_mongoengine.wtf import model_form
+from flask_login import current_user
 
+from firefly.models.user import User
 from firefly.models.topic import Post, Comment
 
 
@@ -32,12 +34,16 @@ def get(self, id):
         return render_template('posts/detail.html', **context)
 
     def post(self, id):
+        if not current_user.is_authenticated():
+            abort(403)
+
         context = self.get_context(id)
         form = context.get('form')
 
         if form.validate():
             comment = Comment()
             form.populate_obj(comment)
+            comment.author = User.objects.get_or_404(id=current_user.id)
             comment.save()
 
             post = context.get('post')

tests/test_post.py

@@ -4,42 +4,33 @@
 from flask import url_for
 import pytest
 
-from firefly.models.user import User
-from firefly.models.topic import Category, Post
+from firefly.models.topic import Category, Post, Comment
 
 
 @pytest.mark.usefixtures('client_class')
 class TestPost:
 
     def setup(self):
         c = Category.objects.create(
-            name=u'python', description=u'描述', _slug=u'python-slug'
+            name='python', description='描述', _slug='python-slug'
         )
         Post.objects.create(
-            title=u'标题test', content=u'内容test', category=c
-        )
-
-        # login user
-        self.username = 'foo'
-        self.password = 'foobar'
-        self.email = 'foo@bar.com'
-        self.user = User.create_user(
-            username=self.username, password=self.password,
-            email=self.email
+            title='标题test', content='内容test', category=c
         )
+        self._login()
 
     def test_create(self):
+
         category = Category.objects.first()
         url = url_for('home.create')
         form = {
             'title': '标题',
             'content': '内容喜喜喜喜喜喜',
             'category': category.id,
-            'author': self.user.id
         }
         rv = self.client.post(url, data=form)
-        assert rv.json['ok'] == 0
 
+        assert rv.json['ok'] == 0
         assert Post.objects.count() > 1
 
     def test_detail(self):
@@ -50,14 +41,15 @@ def test_detail(self):
         assert post.title in data
         assert post.content in data
 
-        #    def test_comment(self):
-        #        post = Post.objects.first()
-        #        url = url_for('post.detail', id=post.id)
-        #        form = {
-        #            'content': u'评论测试',
-        #        }
-        #        rv = self.client.post(url, data=form, follow_redirects=False)
-
-        #        assert rv.status_code == 302
-        #        assert Comment.objects.count() == 1
-        #        assert len(post.comments) == 1
+    def test_comment(self):
+        post = Post.objects.first()
+        url = url_for('post.detail', id=post.id)
+        form = {
+            'content': '评论测试',
+            'ref_id': 0,
+        }
+        self.client.post(url, data=form, follow_redirects=False)
+        post.reload()
+
+        assert Comment.objects.count() == 1
+        assert len(post.comments) == 1