diff --git a/bookwyrm/models/base_model.py b/bookwyrm/models/base_model.py index eeb2e940d..3ac220bc4 100644 --- a/bookwyrm/models/base_model.py +++ b/bookwyrm/models/base_model.py @@ -132,7 +132,7 @@ class BookWyrmModel(models.Model): return # but generally moderators can delete other people's stuff - if self.user == viewer or viewer.has_perm("moderate_post"): + if self.user == viewer or viewer.has_perm("bookwyrm.moderate_post"): return raise PermissionDenied() diff --git a/bookwyrm/models/link.py b/bookwyrm/models/link.py index 0e4148ddd..56b096bc2 100644 --- a/bookwyrm/models/link.py +++ b/bookwyrm/models/link.py @@ -84,7 +84,7 @@ class LinkDomain(BookWyrmModel): ) def raise_not_editable(self, viewer): - if viewer.has_perm("moderate_post"): + if viewer.has_perm("bookwyrm.moderate_post"): return raise PermissionDenied() diff --git a/bookwyrm/models/notification.py b/bookwyrm/models/notification.py index 21a992b07..818c7bd05 100644 --- a/bookwyrm/models/notification.py +++ b/bookwyrm/models/notification.py @@ -222,8 +222,12 @@ def notify_user_on_import_complete( @receiver(models.signals.post_save, sender=Report) @transaction.atomic # pylint: disable=unused-argument -def notify_admins_on_report(sender, instance, *args, **kwargs): +def notify_admins_on_report(sender, instance, created, *args, **kwargs): """something is up, make sure the admins know""" + if not created: + # otherwise you'll get a notification when you resolve a report + return + # moderators and superusers should be notified admins = User.objects.filter( models.Q(user_permissions__name__in=["moderate_user", "moderate_post"]) diff --git a/bookwyrm/tests/views/admin/test_automod.py b/bookwyrm/tests/views/admin/test_automod.py index 443ec2ee5..95db4d52f 100644 --- a/bookwyrm/tests/views/admin/test_automod.py +++ b/bookwyrm/tests/views/admin/test_automod.py @@ -1,12 +1,14 @@ """ test for app action functionality """ from unittest.mock import patch +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from django_celery_beat.models import PeriodicTask, IntervalSchedule from bookwyrm import forms, models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -26,6 +28,10 @@ class AutomodViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() def test_automod_rules_get(self): @@ -40,7 +46,6 @@ class AutomodViews(TestCase): view = views.AutoMod.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) self.assertIsInstance(result, TemplateResponse) @@ -58,7 +63,6 @@ class AutomodViews(TestCase): view = views.AutoMod.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) self.assertIsInstance(result, TemplateResponse) @@ -70,7 +74,6 @@ class AutomodViews(TestCase): view = views.AutoMod.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) self.assertIsInstance(result, TemplateResponse) @@ -88,7 +91,6 @@ class AutomodViews(TestCase): view = views.AutoMod.as_view() request = self.factory.post("", form.data) request.user = self.local_user - request.user.is_superuser = True result = view(request) @@ -109,7 +111,6 @@ class AutomodViews(TestCase): form.data["period"] = "days" request = self.factory.post("", form.data) request.user = self.local_user - request.user.is_superuser = True response = views.schedule_automod_task(request) self.assertEqual(response.status_code, 302) diff --git a/bookwyrm/tests/views/admin/test_dashboard.py b/bookwyrm/tests/views/admin/test_dashboard.py index d05772c25..c36e2918f 100644 --- a/bookwyrm/tests/views/admin/test_dashboard.py +++ b/bookwyrm/tests/views/admin/test_dashboard.py @@ -1,10 +1,13 @@ """ test for app action functionality """ from unittest.mock import patch + +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -24,6 +27,10 @@ class DashboardViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() @@ -32,7 +39,7 @@ class DashboardViews(TestCase): view = views.Dashboard.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True + result = view(request) self.assertIsInstance(result, TemplateResponse) validate_html(result.render()) diff --git a/bookwyrm/tests/views/admin/test_email_blocks.py b/bookwyrm/tests/views/admin/test_email_blocks.py index 4fe9412e9..3c0f548e6 100644 --- a/bookwyrm/tests/views/admin/test_email_blocks.py +++ b/bookwyrm/tests/views/admin/test_email_blocks.py @@ -1,11 +1,13 @@ """ test for app action functionality """ from unittest.mock import patch +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -25,6 +27,10 @@ class EmailBlocklistViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() @@ -33,7 +39,6 @@ class EmailBlocklistViews(TestCase): view = views.EmailBlocklist.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) @@ -46,7 +51,6 @@ class EmailBlocklistViews(TestCase): view = views.EmailBlocklist.as_view() request = self.factory.post("", {"domain": "gmail.com"}) request.user = self.local_user - request.user.is_superuser = True result = view(request) @@ -65,7 +69,6 @@ class EmailBlocklistViews(TestCase): view = views.EmailBlocklist.as_view() request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True result = view(request, domain_id=domain.id) self.assertEqual(result.status_code, 302) diff --git a/bookwyrm/tests/views/admin/test_federation.py b/bookwyrm/tests/views/admin/test_federation.py index 340ed6052..33d7990b3 100644 --- a/bookwyrm/tests/views/admin/test_federation.py +++ b/bookwyrm/tests/views/admin/test_federation.py @@ -3,12 +3,14 @@ import os import json from unittest.mock import patch +from django.contrib.auth.models import Group from django.core.files.uploadedfile import SimpleUploadedFile from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import forms, models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -38,6 +40,10 @@ class FederationViews(TestCase): inbox="https://example.com/users/rat/inbox", outbox="https://example.com/users/rat/outbox", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() @@ -46,7 +52,7 @@ class FederationViews(TestCase): view = views.Federation.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True + result = view(request) self.assertIsInstance(result, TemplateResponse) validate_html(result.render()) @@ -58,7 +64,6 @@ class FederationViews(TestCase): view = views.FederatedServer.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request, server.id) self.assertIsInstance(result, TemplateResponse) @@ -81,7 +86,6 @@ class FederationViews(TestCase): view = views.block_server request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True with patch("bookwyrm.suggested_users.bulk_remove_instance_task.delay") as mock: view(request, server.id) @@ -121,7 +125,6 @@ class FederationViews(TestCase): request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True with patch("bookwyrm.suggested_users.bulk_add_instance_task.delay") as mock: views.unblock_server(request, server.id) @@ -147,7 +150,6 @@ class FederationViews(TestCase): view = views.AddFederatedServer.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) self.assertIsInstance(result, TemplateResponse) @@ -164,7 +166,6 @@ class FederationViews(TestCase): view = views.AddFederatedServer.as_view() request = self.factory.post("", form.data) request.user = self.local_user - request.user.is_superuser = True view(request) server = models.FederatedServer.objects.get() @@ -196,7 +197,6 @@ class FederationViews(TestCase): }, ) request.user = self.local_user - request.user.is_superuser = True view(request) server.refresh_from_db() diff --git a/bookwyrm/tests/views/admin/test_ip_blocklist.py b/bookwyrm/tests/views/admin/test_ip_blocklist.py index af63ffaf3..a15a4d368 100644 --- a/bookwyrm/tests/views/admin/test_ip_blocklist.py +++ b/bookwyrm/tests/views/admin/test_ip_blocklist.py @@ -1,10 +1,13 @@ """ test for app action functionality """ from unittest.mock import patch + +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import forms, models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -24,6 +27,10 @@ class IPBlocklistViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() @@ -32,7 +39,6 @@ class IPBlocklistViews(TestCase): view = views.IPBlocklist.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) @@ -48,7 +54,6 @@ class IPBlocklistViews(TestCase): request = self.factory.post("", form.data) request.user = self.local_user - request.user.is_superuser = True result = view(request) @@ -67,7 +72,6 @@ class IPBlocklistViews(TestCase): request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True view(request, block.id) self.assertFalse(models.IPBlocklist.objects.exists()) diff --git a/bookwyrm/tests/views/admin/test_link_domains.py b/bookwyrm/tests/views/admin/test_link_domains.py index 5d440dc50..5b2b8e025 100644 --- a/bookwyrm/tests/views/admin/test_link_domains.py +++ b/bookwyrm/tests/views/admin/test_link_domains.py @@ -1,11 +1,13 @@ """ test for app action functionality """ from unittest.mock import patch +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -25,6 +27,11 @@ class LinkDomainViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) + self.book = models.Edition.objects.create(title="hello") models.FileLink.objects.create( book=self.book, @@ -39,7 +46,6 @@ class LinkDomainViews(TestCase): view = views.LinkDomain.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request, "pending") @@ -55,7 +61,6 @@ class LinkDomainViews(TestCase): view = views.LinkDomain.as_view() request = self.factory.post("", {"name": "ugh"}) request.user = self.local_user - request.user.is_superuser = True result = view(request, "pending", domain.id) self.assertEqual(result.status_code, 302) @@ -71,7 +76,6 @@ class LinkDomainViews(TestCase): view = views.update_domain_status request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True result = view(request, domain.id, "approved") self.assertEqual(result.status_code, 302) diff --git a/bookwyrm/tests/views/admin/test_reports.py b/bookwyrm/tests/views/admin/test_reports.py index 059cfdd8a..e93b34341 100644 --- a/bookwyrm/tests/views/admin/test_reports.py +++ b/bookwyrm/tests/views/admin/test_reports.py @@ -2,11 +2,13 @@ import json from unittest.mock import patch +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -33,6 +35,10 @@ class ReportViews(TestCase): local=True, localname="rat", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() def test_reports_page(self): @@ -40,7 +46,6 @@ class ReportViews(TestCase): view = views.ReportsAdmin.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request) self.assertIsInstance(result, TemplateResponse) @@ -52,7 +57,6 @@ class ReportViews(TestCase): view = views.ReportsAdmin.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True models.Report.objects.create(reporter=self.local_user, user=self.rat) result = view(request) @@ -65,7 +69,6 @@ class ReportViews(TestCase): view = views.ReportAdmin.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True report = models.Report.objects.create(reporter=self.local_user, user=self.rat) result = view(request, report.id) @@ -79,7 +82,6 @@ class ReportViews(TestCase): view = views.ReportAdmin.as_view() request = self.factory.post("", {"note": "hi"}) request.user = self.local_user - request.user.is_superuser = True report = models.Report.objects.create(reporter=self.local_user, user=self.rat) view(request, report.id) @@ -95,7 +97,6 @@ class ReportViews(TestCase): self.assertFalse(report.resolved) request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True # resolve views.resolve_report(request, report.id) @@ -115,7 +116,6 @@ class ReportViews(TestCase): self.assertTrue(self.rat.is_active) request = self.factory.post("") request.user = self.local_user - request.user.is_superuser = True # de-activate views.suspend_user(request, self.rat.id) @@ -134,7 +134,6 @@ class ReportViews(TestCase): self.assertTrue(self.rat.is_active) request = self.factory.post("", {"password": "password"}) request.user = self.local_user - request.user.is_superuser = True # de-activate with patch( diff --git a/bookwyrm/tests/views/admin/test_site.py b/bookwyrm/tests/views/admin/test_site.py index 6b228cf86..85f785027 100644 --- a/bookwyrm/tests/views/admin/test_site.py +++ b/bookwyrm/tests/views/admin/test_site.py @@ -1,10 +1,13 @@ """ test for app action functionality """ from unittest.mock import patch + +from django.contrib.auth.models import Group from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import forms, models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -24,6 +27,10 @@ class SiteSettingsViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="admin") + self.local_user.groups.set([group]) self.site = models.SiteSettings.objects.create() @@ -32,7 +39,7 @@ class SiteSettingsViews(TestCase): view = views.Site.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True + result = view(request) self.assertIsInstance(result, TemplateResponse) validate_html(result.render()) @@ -51,7 +58,6 @@ class SiteSettingsViews(TestCase): form.data["privacy_policy"] = "blah" request = self.factory.post("", form.data) request.user = self.local_user - request.user.is_superuser = True result = view(request) @@ -68,7 +74,6 @@ class SiteSettingsViews(TestCase): form = forms.SiteForm() request = self.factory.post("", form.data) request.user = self.local_user - request.user.is_superuser = True result = view(request) diff --git a/bookwyrm/tests/views/admin/test_user_admin.py b/bookwyrm/tests/views/admin/test_user_admin.py index 4cb3702d8..3f480d990 100644 --- a/bookwyrm/tests/views/admin/test_user_admin.py +++ b/bookwyrm/tests/views/admin/test_user_admin.py @@ -7,6 +7,7 @@ from django.test import TestCase from django.test.client import RequestFactory from bookwyrm import models, views +from bookwyrm.management.commands import initdb from bookwyrm.tests.validate_html import validate_html @@ -26,6 +27,10 @@ class UserAdminViews(TestCase): local=True, localname="mouse", ) + initdb.init_groups() + initdb.init_permissions() + group = Group.objects.get(name="moderator") + self.local_user.groups.set([group]) models.SiteSettings.objects.create() def test_user_admin_list_page(self): @@ -33,7 +38,7 @@ class UserAdminViews(TestCase): view = views.UserAdminList.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True + result = view(request) self.assertIsInstance(result, TemplateResponse) validate_html(result.render()) @@ -44,7 +49,6 @@ class UserAdminViews(TestCase): view = views.UserAdmin.as_view() request = self.factory.get("") request.user = self.local_user - request.user.is_superuser = True result = view(request, self.local_user.id) @@ -57,15 +61,14 @@ class UserAdminViews(TestCase): @patch("bookwyrm.suggested_users.remove_user_task.delay") def test_user_admin_page_post(self, *_): """set the user's group""" - group = Group.objects.create(name="editor") + group = Group.objects.get(name="editor") self.assertEqual( - list(self.local_user.groups.values_list("name", flat=True)), [] + list(self.local_user.groups.values_list("name", flat=True)), ["moderator"] ) view = views.UserAdmin.as_view() request = self.factory.post("", {"groups": [group.id]}) request.user = self.local_user - request.user.is_superuser = True with patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async"): result = view(request, self.local_user.id) diff --git a/bookwyrm/views/admin/link_domains.py b/bookwyrm/views/admin/link_domains.py index 5f9ec6c06..0b8674170 100644 --- a/bookwyrm/views/admin/link_domains.py +++ b/bookwyrm/views/admin/link_domains.py @@ -45,6 +45,7 @@ class LinkDomain(View): @require_POST @login_required +@permission_required("bookwyrm.moderate_user") def update_domain_status(request, domain_id, status): """This domain seems fine""" domain = get_object_or_404(models.LinkDomain, id=domain_id) diff --git a/bookwyrm/views/admin/reports.py b/bookwyrm/views/admin/reports.py index c19e3db4a..a0b222ebe 100644 --- a/bookwyrm/views/admin/reports.py +++ b/bookwyrm/views/admin/reports.py @@ -83,7 +83,7 @@ class ReportAdmin(View): @login_required -@permission_required("bookwyrm_moderate_user") +@permission_required("bookwyrm.moderate_user") def suspend_user(_, user_id): """mark an account as inactive""" user = get_object_or_404(models.User, id=user_id) @@ -95,7 +95,7 @@ def suspend_user(_, user_id): @login_required -@permission_required("bookwyrm_moderate_user") +@permission_required("bookwyrm.moderate_user") def unsuspend_user(_, user_id): """mark an account as inactive""" user = get_object_or_404(models.User, id=user_id) @@ -107,7 +107,7 @@ def unsuspend_user(_, user_id): @login_required -@permission_required("bookwyrm_moderate_user") +@permission_required("bookwyrm.moderate_user") def moderator_delete_user(request, user_id): """permanently delete a user""" user = get_object_or_404(models.User, id=user_id) @@ -132,7 +132,7 @@ def moderator_delete_user(request, user_id): @login_required -@permission_required("bookwyrm_moderate_post") +@permission_required("bookwyrm.moderate_post") def resolve_report(_, report_id): """mark a report as (un)resolved""" report = get_object_or_404(models.Report, id=report_id) diff --git a/bookwyrm/views/admin/user_admin.py b/bookwyrm/views/admin/user_admin.py index 298d84ec2..aba665d2f 100644 --- a/bookwyrm/views/admin/user_admin.py +++ b/bookwyrm/views/admin/user_admin.py @@ -62,7 +62,7 @@ class UserAdminList(View): @method_decorator(login_required, name="dispatch") @method_decorator( - permission_required("bookwyrm.moderate_users", raise_exception=True), + permission_required("bookwyrm.moderate_user", raise_exception=True), name="dispatch", ) class UserAdmin(View):