diff --git a/mhackspace/users/tests/test_urls.py b/mhackspace/users/tests/test_urls.py index 6e181cc..e9d7475 100644 --- a/mhackspace/users/tests/test_urls.py +++ b/mhackspace/users/tests/test_urls.py @@ -9,14 +9,6 @@ class TestUserURLs(TestCase): def setUp(self): self.user = self.make_user() - def test_list_reverse(self): - """users:list should reverse to /users/.""" - self.assertEqual(reverse('users:list'), '/users/') - - def test_list_resolve(self): - """/users/ should resolve to users:list.""" - self.assertEqual(resolve('/users/').view_name, 'users:list') - def test_redirect_reverse(self): """users:redirect should reverse to /users/~redirect/.""" self.assertEqual(reverse('users:redirect'), '/users/~redirect/') diff --git a/mhackspace/users/tests/test_views.py b/mhackspace/users/tests/test_views.py index 23f30f0..b00122c 100644 --- a/mhackspace/users/tests/test_views.py +++ b/mhackspace/users/tests/test_views.py @@ -1,9 +1,11 @@ from django.test import RequestFactory +from django.http import Http404 from test_plus.test import TestCase from ..views import ( UserRedirectView, + UserDetailView, UserUpdateView ) @@ -12,9 +14,50 @@ class BaseUserTestCase(TestCase): def setUp(self): self.user = self.make_user() + self.userTwo = self.make_user(username='username2') self.factory = RequestFactory() +class TestUserDetailView(BaseUserTestCase): + def setUp(self): + super(TestUserDetailView, self).setUp() + self.client.login( + username=self.user.username, + password=self.user.password) # defined in fixture or with factory in setUp() + + def test_view_not_logged_in_404s(self): + self.client.logout() + response = self.client.get('/users/', {'username': self.user.username}, follow=True) + self.assertEqual( + response.status_code, + 404 + ) + + def test_user_profile_does_not_exist_404s(self): + response = self.client.get('/users/', {'username': 'does-not-exist'}, follow=True) + self.assertEqual( + response.status_code, + 404 + ) + + def test_view_anothers_profile_404s(self): + response = self.client.get( + '/users/', + {'username': self.userTwo.username}, + follow=True) + self.assertEqual( + response.status_code, + 404 + ) + + def test_view_users_own_profile_succeeds(self): + response = self.client.get('/users/%s' % self.user.username, follow=True) + self.assertEqual( + response.status_code, + 200 + ) + + class TestUserRedirectView(BaseUserTestCase): def test_get_redirect_url(self): diff --git a/mhackspace/users/urls.py b/mhackspace/users/urls.py index 96fb1a6..1a0504f 100644 --- a/mhackspace/users/urls.py +++ b/mhackspace/users/urls.py @@ -8,11 +8,6 @@ from . import views urlpatterns = [ url('^access-cards/', include(access_card_patterns, namespace='rfid')), - url( - regex=r'^$', - view=views.UserListView.as_view(), - name='list' - ), url( regex=r'^~redirect/$', view=views.UserRedirectView.as_view(), diff --git a/mhackspace/users/views.py b/mhackspace/users/views.py index 6d8ef57..629b33b 100644 --- a/mhackspace/users/views.py +++ b/mhackspace/users/views.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- from __future__ import absolute_import, unicode_literals - +from django.http import Http404 from django.core.urlresolvers import reverse from django.views.generic import DetailView, ListView, RedirectView, UpdateView from django.contrib.auth.mixins import LoginRequiredMixin @@ -18,6 +18,14 @@ class UserDetailView(LoginRequiredMixin, DetailView): slug_field = 'username' slug_url_kwarg = 'username' + + def get_object(self): + user = super(UserDetailView, self).get_object() + # Disallow users to view others profiles + if user.username == self.request.user.username: + return user + raise Http404() + def get_context_data(self, **kwargs): # xxx will be available in the template as the related objects context = super(UserDetailView, self).get_context_data(**kwargs) @@ -64,10 +72,3 @@ class UserUpdateView(LoginRequiredMixin, UpdateView): blurb_model.save() return super(UserUpdateView, self).form_valid(form) - - -class UserListView(LoginRequiredMixin, ListView): - model = User - # These next two lines tell the view to index lookups by username - slug_field = 'username' - slug_url_kwarg = 'username'