Skip to content

Commit

Permalink
fix: raise Http404 on inaccessible posts
Browse files Browse the repository at this point in the history
Closes: vas3k#1152
  • Loading branch information
igoose1 committed Nov 1, 2023
1 parent c659635 commit da0c18c
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 2 deletions.
2 changes: 1 addition & 1 deletion posts/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def md_show_post(request, post_type, post_slug):
if not post.is_public:
access_denied = check_user_permissions(request, post=post)
if access_denied:
raise ApiAuthRequired()
raise Http404()

post_markdown = f"""# {post.title}\n\n{post.text}"""

Expand Down
22 changes: 22 additions & 0 deletions posts/tests/test_api.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
from datetime import datetime

from django.test import TestCase
from django.urls import reverse

from debug.helpers import HelperClient
from posts.tests.test_views import ModelCreator


Expand Down Expand Up @@ -37,3 +39,23 @@ def test_content_text_is_not_none(self):
)
converted_post = post.to_dict()
self.assertIsNotNone(converted_post["content_text"])

def test_404_on_hidden_post(self):
post = self.creator.create_post(
is_visible=True,
is_public=False,
)
client = self._authorized_client(None)
response = client.get(self._post_md_url(post))
self.assertContains(response=response, text='', status_code=404)

@staticmethod
def _post_md_url(post) -> str:
return reverse('md_show_post', args=(post.type, post.slug))

@staticmethod
def _authorized_client(user):
client = HelperClient(user)
if user is not None:
client.authorise()
return client
9 changes: 9 additions & 0 deletions posts/tests/test_views.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,15 @@ def test_show_post(self):

self.assertContains(response=response, text='', status_code=200)

def test_404_on_hidden_post(self):
post = self.creator.create_post(
is_visible=True,
is_public=False,
)
client = self._authorized_client(None)
response = client.get(self._post_url(post))
self.assertContains(response=response, text='', status_code=404)

def test_show_draft_post(self):
'''
Is regression test for #545.
Expand Down
2 changes: 1 addition & 1 deletion posts/views/posts.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def show_post(request, post_type, post_slug):
if not post.is_public:
access_denied = check_user_permissions(request, post=post)
if access_denied:
return access_denied
raise Http404()

# record a new view
last_view_at = None
Expand Down

0 comments on commit da0c18c

Please sign in to comment.