fix(api): Creates a post in a PM with messages.

Closes #3442
zestedesavoir · Mar 20, 2016 · 32915ba · 32915ba
1 parent fd33c2b
commit 32915ba
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 14 deletions.
diff --git a/zds/mp/api/permissions.py b/zds/mp/api/permissions.py
@@ -24,14 +24,14 @@ def has_permission(self, request, view):
         return private_topic.is_participant(request.user)
 
 
-class IsAloneInPrivatePost(permissions.BasePermission):
+class IsNotAloneInPrivatePost(permissions.BasePermission):
     """
     Custom permission to know if a member is the only participant in a private topic.
     """
 
     def has_permission(self, request, view):
         private_topic = get_object_or_404(PrivateTopic, pk=view.kwargs.get('pk_ptopic'))
-        return private_topic.participants.count() == 0
+        return not private_topic.alone()
 
 
 class IsLastPrivatePostOfCurrentUser(permissions.BasePermission):

diff --git a/zds/mp/api/tests.py b/zds/mp/api/tests.py
@@ -620,6 +620,7 @@ def setUp(self):
         authenticate_client(self.client, client_oauth2, self.profile.user.username, 'hostel77')
 
         self.private_topic = PrivateTopicFactory(author=self.profile.user)
+        self.private_topic.participants.add(ProfileFactory().user)
 
         caches[extensions_api_settings.DEFAULT_USE_CACHE].clear()
 
@@ -832,16 +833,32 @@ def test_create_post_with_bad_topic_id(self):
         response = self.client.post(reverse('api-mp-message-list', args=[99999]), data)
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
-    def test_create_post(self):
+    def test_create_post_in_a_private_topic_with_messages(self):
         """
-        Creates a post in a topic
+        Creates a post in a private topic with existing messages.
         """
+        PrivatePostFactory(author=self.profile.user, privatetopic=self.private_topic, position_in_topic=1)
+        participant = ProfileFactory()
+        self.private_topic.participants.add(participant.user)
+        PrivatePostFactory(author=participant.user, privatetopic=self.private_topic, position_in_topic=2)
+
         data = {
             'text': 'Welcome to this private post!'
         }
         response = self.client.post(reverse('api-mp-message-list', args=[self.private_topic.id]), data)
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
 
+    def test_create_post_without_any_participant(self):
+        """
+        Creates a post in a topic without any participant.
+        """
+        data = {
+            'text': 'Welcome to this private post!'
+        }
+        private_topic = PrivateTopicFactory(author=self.profile.user)
+        response = self.client.post(reverse('api-mp-message-list', args=[private_topic.id]), data)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
 
 class PrivatePostDetailAPI(APITestCase):
     def setUp(self):

diff --git a/zds/mp/api/views.py b/zds/mp/api/views.py
@@ -16,7 +16,7 @@
 from zds.api.DJRF3xPaginationKeyBit import DJRF3xPaginationKeyBit
 
 from zds.mp.api.permissions import IsParticipant, IsParticipantFromPrivatePost, IsLastPrivatePostOfCurrentUser, \
-    IsAloneInPrivatePost, IsAuthor
+    IsAuthor, IsNotAloneInPrivatePost
 from zds.mp.api.serializers import PrivateTopicSerializer, PrivateTopicUpdateSerializer, PrivateTopicCreateSerializer, \
     PrivatePostSerializer, PrivatePostUpdateSerializer, PrivatePostCreateSerializer
 from zds.mp.commons import LeavePrivateTopic, MarkPrivateTopicAsRead
@@ -372,21 +372,18 @@ def post(self, request, *args, **kwargs):
         """
         return self.create(request, *args, **kwargs)
 
+    def get_permissions(self):
+        permission_classes = [IsAuthenticated, IsParticipantFromPrivatePost, DRYPermissions, ]
+        if self.request.method == 'POST':
+            permission_classes.append(IsNotAloneInPrivatePost)
+        return [permission() for permission in permission_classes]
+
     def get_serializer_class(self):
         if self.request.method == 'GET':
             return PrivatePostSerializer
         elif self.request.method == 'POST':
             return PrivatePostCreateSerializer
 
-    def get_permissions(self):
-        permission_classes = [IsAuthenticated, IsParticipantFromPrivatePost, ]
-        if self.request.method == 'GET':
-            permission_classes.append(DRYPermissions)
-        elif self.request.method == 'POST':
-            permission_classes.append(IsAloneInPrivatePost)
-            permission_classes.append(DRYPermissions)
-        return [permission() for permission in permission_classes]
-
     def get_queryset(self):
         return PrivatePost.objects.get_message_of_a_private_topic(self.kwargs.get('pk_ptopic'))