diff options
| author | Daniel Schadt <kingdread@gmx.de> | 2022-12-20 23:36:46 +0100 |
|---|---|---|
| committer | Daniel Schadt <kingdread@gmx.de> | 2022-12-20 23:36:46 +0100 |
| commit | c1a8f099199e3b70da6ff569d8aaa72df5eaf809 (patch) | |
| tree | 29f51aaed4557ad5de2a476aa0746769bfe25cb8 | |
| parent | 7a60619d3f6fd523d42f50753436f3b7e7d72ca4 (diff) | |
| download | fietsboek-c1a8f099199e3b70da6ff569d8aaa72df5eaf809.tar.gz fietsboek-c1a8f099199e3b70da6ff569d8aaa72df5eaf809.tar.bz2 fietsboek-c1a8f099199e3b70da6ff569d8aaa72df5eaf809.zip | |
fix track deletion permission
| -rw-r--r-- | fietsboek/models/track.py | 2 | ||||
| -rw-r--r-- | tests/playwright/test_basic.py | 31 |
2 files changed, 32 insertions, 1 deletions
diff --git a/fietsboek/models/track.py b/fietsboek/models/track.py index 5f09059..cb4979f 100644 --- a/fietsboek/models/track.py +++ b/fietsboek/models/track.py @@ -241,7 +241,7 @@ class Track(Base): ( Allow, f"user:{self.owner_id}", - ["track.view", "track.edit", "track.unshare", "track.comment"], + ["track.view", "track.edit", "track.unshare", "track.comment", "track.delete"], ), (Allow, f"secret:{self.link_secret}", "track.view"), ] diff --git a/tests/playwright/test_basic.py b/tests/playwright/test_basic.py index f2031d2..cde682e 100644 --- a/tests/playwright/test_basic.py +++ b/tests/playwright/test_basic.py @@ -183,3 +183,34 @@ def test_browse(page: Page, john_doe, app_settings, dbaccess, data_manager): page.get_by_role("button", name="Apply filters").click() expect(page.locator(".card-header", has_text="We're looking for this track")).to_be_visible() + + +def test_delete(page: Page, john_doe, app_settings, dbaccess, data_manager): + do_login(app_settings, page, john_doe) + with dbaccess: + john_doe = dbaccess.merge(john_doe) + track = models.Track( + title="Another awesome track", + visibility=Visibility.PRIVATE, + description="Another description", + ) + track.date = datetime.datetime.now(datetime.timezone.utc) + john_doe.tracks.append(track) + dbaccess.flush() + track_id = track.id + data_manager.initialize(track_id).compress_gpx(load_gpx_asset("Teasi_1.gpx.gz")) + dbaccess.commit() + + page.goto(f"/track/{track_id}") + page.locator("#deleteLink", has_text="Delete").click() + + expect(page.get_by_text( + "Deleting this track will remove all associated information with it!" + )).to_be_visible() + + page.locator("#deleteModal form").get_by_text("Delete").click() + + track = dbaccess.execute(select(models.Track).filter_by(id=track_id)).scalar_one_or_none() + assert track is None + with pytest.raises(FileNotFoundError): + data_manager.open(track_id) |