(app, client, auth)
| 23 | |
| 24 | |
| 25 | def test_author_required(app, client, auth): |
| 26 | # change the post author to another user |
| 27 | with app.app_context(): |
| 28 | db = get_db() |
| 29 | db.execute("UPDATE post SET author_id = 2 WHERE id = 1") |
| 30 | db.commit() |
| 31 | |
| 32 | auth.login() |
| 33 | # current user can't modify other user's post |
| 34 | assert client.post("/1/update").status_code == 403 |
| 35 | assert client.post("/1/delete").status_code == 403 |
| 36 | # current user doesn't see edit link |
| 37 | assert b'href="/1/update"' not in client.get("/").data |
| 38 | |
| 39 | |
| 40 | @pytest.mark.parametrize("path", ("/2/update", "/2/delete")) |
nothing calls this directly
no test coverage detected