from datetime import date
from decimal import Decimal
-from bluechips.tests import *
+from webhelpers.html.secure_form import token_key
+
+from bluechips.tests import *
from bluechips import model
from bluechips.model import meta
assert t.date == today
assert t.description == u'A test transfer from Rich to Ben'
- def test_edit(self):
+ def test_edit_and_delete(self):
user_rich = meta.Session.query(model.User).\
filter_by(name=u'Rich Scheme').one()
user_ben = meta.Session.query(model.User).\
order_by(model.Transfer.id.desc()).first()
assert t.description == u'A new description'
+ response = self.app.get(url_for(controller='transfer',
+ action='delete',
+ id=t.id))
+ response = response.form.submit('delete').follow()
+ response.mustcontain('Transfer', 'deleted')
+
def test_edit_nonexistent(self):
response = self.app.get(url_for(controller='transfer',
action='edit',
id=21424), status=404)
+ def test_update_nonexistent(self):
+ response = self.app.get(url_for(controller='transfer',
+ action='edit'))
+ params = self.sample_params.copy()
+ params[token_key] = response.form[token_key].value
+ self.app.post(url_for(controller='transfer',
+ action='update',
+ id=21424),
+ params=params,
+ status=404)
+
+ def test_xsrf_protection(self):
+ self.app.post(url_for(controller='transfer',
+ action='update'),
+ params=self.sample_params,
+ status=403)
+
+
+ def test_update_get_redirects(self):
+ response = self.app.get(url_for(controller='transfer',
+ action='update'),
+ status=302)
+ assert (dict(response.headers)['location'] ==
+ url_for(controller='transfer', action='edit', qualified=True))
+
+ def test_delete_nonexistent(self):
+ self.app.get(url_for(controller='transfer',
+ action='delete',
+ id=124244),
+ status=404)
+
+ def test_destroy_nonexistent(self):
+ response = self.app.get(url_for(controller='transfer',
+ action='edit'))
+ params = self.sample_params.copy()
+ params[token_key] = response.form[token_key].value
+ self.app.post(url_for(controller='transfer',
+ action='destroy',
+ id=124344),
+ params=params,
+ status=404)
+
+ def test_delete_xsrf_protection(self):
+ self.app.post(url_for(controller='transfer',
+ action='destroy',
+ id=1),
+ params={'delete': 'Delete'},
+ status=403)
+
+ def setUp(self):
+ self.sample_params = {
+ 'debtor_id': '1',
+ 'creditor_id': '2',
+ 'amount': '33.98',
+ 'date': '4/1/2007',
+ 'description': 'Example transfer params.'}
+
def tearDown(self):
transfers = meta.Session.query(model.Transfer).all()
for t in transfers:
projects / bluechips.git / blobdiff