def test_can_not_delete_anothers_sharedfile(self):
"""
A user can not delete someone else's comment if it's on a sharedfile they
don't own.
"""
admins_sharedfile = test.factories.sharedfile(self.admin)
comment = models.Comment(user_id=self.bob.id, sharedfile_id=admins_sharedfile.id, body="just a comment")
comment.save()
self.sign_in('tom', 'asdfasdf')
self.assertEqual(None, models.Comment.get("id = %s and deleted = 1", comment.id))
response = self.post_url("/p/%s/comment/%s/delete" % (admins_sharedfile.share_key, comment.id))
self.assertEqual(None, models.Comment.get("id = %s and deleted = 1", comment.id))
评论列表
文章目录
