discoman/python-tdd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

brief sprint C3.b+c+d+e: share-post Line+Brief async, magic-link / invalid-link banners use Brief styling, .alert-* retired — TDD

Browse Source 
Closes the C3 brief sprint. Three event sources (note unlock, share invite, login messages) now route through the Brief slide-down, & the legacy .alert-success/.alert-warning rendering in base.html is retired.

C3.b — share-post async Line + Brief:
- billboard.share_post detects Accept: application/json. JSON path appends a Line (text="Shared with X at <isoformat>", isoformat carries microseconds so two rapid shares of the same email don't collide on Line.unique_together(post,text)), spawns a Brief(kind=SHARE_INVITE) for the sharer, and returns {brief: brief.to_banner_dict() | None, line_text, recipient_display}. Sharer-shares-with-themselves stays a silent no-op (response carries brief: null). Legacy form-submit path preserved for non-AJAX (still redirects + flashes the privacy-safe message — kept for older FTs / no-JS fallback).
- billboard.Brief.to_banner_dict() (moved from dashboard.views helper to a model method) shapes the JSON the banner JS consumes.
- post.html: share form intercepted by JS — fetches POST w. Accept:application/json, then appends `data.line_text` as the next row in #id_post_table, calls Brief.showBanner(data.brief), and (when registered) appends a fresh `<span class="post-recipient">` to the new #id_post_recipients box. No page reload — the alert-success flash is gone.
- 10 new ITs (SharePostAsyncTest + SharePostLegacyRedirectTest) cover the JSON path, line append, brief creation w. SHARE_INVITE kind, registered/unregistered recipient behaviour, sharer-self skip, line dedupe via timestamp, and that the legacy form-submit redirect path still works.
- functional_tests.test_sharing line numbering updated: the share now records its own Line so the alice-reply lands at row 3 instead of 2.

C3.c+d — magic-link confirmation + invalid-link error use Brief banner styling:
- base.html's {% if messages %} block stops rendering .alert-success/.alert-warning divs. Instead each message renders as a transient Brief-styled banner: <div class="note-banner note-banner--message note-banner--{{level_tag}}"> with .note-banner__body / __description carrying the message text and a .btn-cancel NVM that removes the banner via inline onclick. No DB Brief row; no FYI; no square. Same Gaussian-glass look as note-unlock + share-invite Briefs.
- _note.scss adds the note-banner--message variant (full-opacity description) + note-banner--error/--warning border-color override (priRd 0.6) so the invalid-link banner reads as red/abandon.

C3.e — .alert-success/.alert-warning retired in markup; the SCSS class blocks aren't referenced anywhere else in templates so they sit dormant (left in place — base form styling keeps .form-control etc. working; no need to ripple into _base.scss).

Banner JS (note.js / Brief module) was untouched in C3.b+c+d — the Brief.showBanner contract from C3.a already handles all three kinds (NOTE_UNLOCK / USER_POST / SHARE_INVITE) by reading kind off the brief; the message-banner path doesn't go through showBanner because there's no Brief row.

Tests: 218 dashboard+billboard+api ITs + 322 lyric+dashboard+billboard ITs + 2 sharing FTs + 9 my_notes FTs + 1 Jasmine FT all green. Existing lyric.test_views login message-text assertions unchanged (they pull from messages framework — not the rendered HTML — so the markup swap doesn't affect them).

Code architected by Disco DeDisco <discodedisco@outlook.com>
Git commit message Co-Authored-By:
Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Disco DeDisco
2026-05-08 18:15:43 -04:00
parent fa53bf561a
commit 14bab444ff
8 changed files with 288 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/apps/billboard/models.py
View File

@@ -118,3 +118,21 @@ class Brief(models.Model):
f"Brief({self.kind}, {self.owner.email}, "
f"unread={self.is_unread})"
)
def to_banner_dict(self):
"""Shape this Brief for the slide-down banner JS. NOTE_UNLOCK kind
carries a square_url pointing at /billboard/my-notes/ so the
thumbnail-square inside the banner jumps direct to the user's Note
collection — other kinds get an empty square_url."""
square_url = ""
if self.kind == self.KIND_NOTE_UNLOCK:
square_url = reverse("billboard:my_notes")
return {
"id": str(self.id),
"kind": self.kind,
"title": self.title,
"line_text": self.line.text if self.line else "",
"post_url": self.post.get_absolute_url(),
"square_url": square_url,
"created_at": self.created_at.isoformat(),
}

125
src/apps/billboard/tests/integrated/test_share_post.py Normal file
View File

@@ -0,0 +1,125 @@
"""ITs for share-post async-Brief flow (C3.b).
POST /billboard/post/<uuid>/share-post w. Accept: application/json now:
- Adds the recipient to Post.shared_with (if registered, not the sharer)
- Appends a Line to the Post recording the share event
- Spawns a Brief(kind=SHARE_INVITE) for the sharer that JS slide-downs
- Returns JSON {brief: {…}, line_text: ""}; no redirect, no messages
Legacy form-submit (no Accept: application/json) still redirects + flashes
the privacy-safe success message — kept for non-AJAX fallback / older FTs.
"""
from django.test import TestCase
from django.urls import reverse
from apps.billboard.models import Brief, Line, Post
from apps.lyric.models import User
class SharePostAsyncTest(TestCase):
def setUp(self):
self.sharer = User.objects.create(email="sharer@test.io")
self.client.force_login(self.sharer)
self.post = Post.objects.create(owner=self.sharer)
def _share_async(self, recipient_email):
return self.client.post(
reverse("billboard:share_post", args=[self.post.id]),
data={"recipient": recipient_email},
HTTP_ACCEPT="application/json",
)
def test_async_share_returns_brief_payload(self):
User.objects.create(email="alice@test.io")
response = self._share_async("alice@test.io")
self.assertEqual(response.status_code, 200)
body = response.json()
self.assertIn("brief", body)
self.assertIn("line_text", body)
def test_async_share_appends_line_to_post(self):
User.objects.create(email="alice@test.io")
self.assertEqual(self.post.lines.count(), 0)
self._share_async("alice@test.io")
self.assertEqual(self.post.lines.count(), 1)
line = self.post.lines.first()
self.assertIn("alice@test.io", line.text)
def test_async_share_creates_share_invite_brief_for_sharer(self):
User.objects.create(email="alice@test.io")
self._share_async("alice@test.io")
brief = Brief.objects.get(owner=self.sharer)
self.assertEqual(brief.kind, Brief.KIND_SHARE_INVITE)
self.assertEqual(brief.post, self.post)
self.assertIsNotNone(brief.line)
self.assertTrue(brief.is_unread)
def test_async_share_adds_registered_recipient_to_shared_with(self):
alice = User.objects.create(email="alice@test.io")
self._share_async("alice@test.io")
self.assertIn(alice, self.post.shared_with.all())
def test_async_share_unregistered_recipient_still_appends_line_and_brief(self):
"""Privacy: even if the email isn't registered, the sharer gets the
same confirmation Brief + Line. Otherwise the response shape would
leak whether an address is on the system."""
response = self._share_async("ghost@test.io")
self.assertEqual(response.status_code, 200)
self.assertEqual(self.post.lines.count(), 1)
self.assertEqual(Brief.objects.filter(owner=self.sharer).count(), 1)
def test_async_share_does_not_add_owner_as_recipient(self):
"""Sharer shares w. their own email — no shared_with add, no Line, no
Brief; response carries brief: null so the JS just no-ops."""
response = self._share_async("sharer@test.io")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["brief"], None)
self.assertEqual(self.post.lines.count(), 0)
self.assertEqual(Brief.objects.filter(owner=self.sharer).count(), 0)
self.assertNotIn(self.sharer, self.post.shared_with.all())
def test_async_share_brief_payload_carries_share_invite_kind(self):
User.objects.create(email="alice@test.io")
body = self._share_async("alice@test.io").json()
self.assertEqual(body["brief"]["kind"], "share_invite")
self.assertIn("alice@test.io", body["line_text"])
def test_async_share_line_text_dedupes_via_timestamp(self):
"""Two consecutive shares of the same email must not collide on the
Line.unique_together(post, text) constraint — the share line should
carry a timestamp suffix."""
User.objects.create(email="alice@test.io")
self._share_async("alice@test.io")
# Second share — should append a second distinct Line, not 500.
response = self._share_async("alice@test.io")
self.assertEqual(response.status_code, 200)
self.assertEqual(self.post.lines.count(), 2)
class SharePostLegacyRedirectTest(TestCase):
"""Legacy form-submit path (no Accept: application/json) is preserved —
redirects + flashes the privacy-safe message + adds shared_with. Existing
FTs that submit the share form via Selenium still work."""
def setUp(self):
self.sharer = User.objects.create(email="sharer@test.io")
self.client.force_login(self.sharer)
self.post = Post.objects.create(owner=self.sharer)
def test_form_submit_still_redirects(self):
User.objects.create(email="alice@test.io")
response = self.client.post(
reverse("billboard:share_post", args=[self.post.id]),
data={"recipient": "alice@test.io"},
)
self.assertEqual(response.status_code, 302)
self.assertEqual(response["Location"], reverse("billboard:view_post", args=[self.post.id]))
def test_form_submit_still_adds_shared_with(self):
alice = User.objects.create(email="alice@test.io")
self.client.post(
reverse("billboard:share_post", args=[self.post.id]),
data={"recipient": "alice@test.io"},
)
self.assertIn(alice, self.post.shared_with.all())

57
src/apps/billboard/views.py
View File

@@ -8,8 +8,10 @@ from django.http import HttpResponseForbidden, JsonResponse
from django.shortcuts import redirect, render
from apps.applets.utils import applet_context, apply_applet_toggle
from django.utils import timezone
from apps.billboard.forms import ExistingPostLineForm, LineForm
from apps.billboard.models import Brief, Post
from apps.billboard.models import Brief, Line, Post
from apps.dashboard.views import _PALETTE_DEFS
from apps.drama.models import GameEvent, Note, ScrollPosition
from apps.epic.models import Room
@@ -275,13 +277,58 @@ def my_posts(request, user_id):
def share_post(request, post_id):
our_post = Post.objects.get(id=post_id)
is_ajax = "application/json" in request.headers.get("Accept", "")
recipient_email = request.POST.get("recipient", "")
recipient = None
try:
recipient = User.objects.get(email=request.POST["recipient"])
if recipient == request.user:
return redirect(our_post)
our_post.shared_with.add(recipient)
recipient = User.objects.get(email=recipient_email)
except User.DoesNotExist:
pass
# Sharer-tries-to-share-with-themselves: silent no-op (existing behavior).
if recipient is not None and recipient == request.user:
if is_ajax:
return JsonResponse({"brief": None, "line_text": ""})
return redirect(our_post)
if recipient is not None:
our_post.shared_with.add(recipient)
# Always append a Line + spawn a Brief for the sharer — privacy: the
# response shape mustn't leak whether the email is on the system. Line
# text carries an isoformat timestamp w/ microseconds so two rapid
# shares of the same email don't collide on the
# Line.unique_together(post, text) constraint.
line_text = (
f"Shared with {recipient_email} at {timezone.now().isoformat()}"
)
line = Line.objects.create(post=our_post, text=line_text)
brief = None
if request.user.is_authenticated:
brief = Brief.objects.create(
owner=request.user,
post=our_post,
line=line,
kind=Brief.KIND_SHARE_INVITE,
title="Invite sent",
)
if is_ajax:
# recipient_display is populated only when the address resolves to a
# registered User — same evidence the server-rendered .post-recipient
# list exposes; doesn't widen the privacy surface beyond what the
# post detail page already shows publicly.
recipient_display = None
if recipient is not None:
recipient_display = recipient.username or recipient.email
return JsonResponse({
"brief": brief.to_banner_dict() if brief is not None else None,
"line_text": line_text,
"recipient_display": recipient_display,
})
messages.success(request, "An invite has been sent if that address is registered.")
return redirect(our_post)

21
src/apps/dashboard/views.py
View File

@@ -366,30 +366,11 @@ def sky_save(request):
if user.sky_chart_data:
note, created, brief = Note.grant_if_new(user, "stargazer")
if created and brief is not None:
brief_payload = _brief_to_banner_dict(brief)
brief_payload = brief.to_banner_dict()
return JsonResponse({"saved": True, "brief": brief_payload})
def _brief_to_banner_dict(brief):
"""Shape a Brief for the slide-down banner JS. NOTE_UNLOCK kind carries
a `square_url` pointing at /billboard/my-notes/ so the thumbnail-square
inside the banner jumps direct to the user's Note collection."""
square_url = ""
if brief.kind == "note_unlock":
from django.urls import reverse
square_url = reverse("billboard:my_notes")
return {
"id": str(brief.id),
"kind": brief.kind,
"title": brief.title,
"line_text": brief.line.text if brief.line else "",
"post_url": brief.post.get_absolute_url(),
"square_url": square_url,
"created_at": brief.created_at.isoformat(),
}
@login_required(login_url="/")
def sky_delete(request):
if request.method != 'POST':

4
src/functional_tests/test_sharing.py
View File

@@ -59,7 +59,9 @@ class SharingTest(FunctionalTest):
self.browser = disco_browser
self.browser.refresh()
post_page.wait_for_row_in_post_table("At your command, Disco King", 2)
# Line numbering: 1) "Send help" 2) "Shared with alice@test.io …"
# (auto-appended by share_post in C3.b) 3) Alice's reply.
post_page.wait_for_row_in_post_table("At your command, Disco King", 3)
class PostAccessTest(FunctionalTest):
def test_stranger_cannot_access_owned_post(self):

12
src/static_src/scss/_note.scss
View File

@@ -40,6 +40,18 @@
.note-banner__fyi {
flex-shrink: 0;
}
// Transient message-banner variants (magic-link confirmation, errors).
// No DB Brief row — just inherits the Gaussian-glass shell from the
// .note-banner base & shifts the border colour for level=error/warning.
&.note-banner--message .note-banner__description {
opacity: 1; // message body is the whole content; full opacity
}
&.note-banner--error,
&.note-banner--warning {
border-color: rgba(var(--priRd), 0.6);
}
}
// ── Notes page ─────────────────────────────────────────────────────────────

70
src/templates/apps/billboard/post.html
View File

@@ -25,7 +25,7 @@
<div class="row justify-content-center">
<div class="col-lg-6">
<form method="POST" action="{% url "billboard:share_post" post.id %}">
<form id="id_share_form" method="POST" action="{% url "billboard:share_post" post.id %}">
{% csrf_token %}
<input
id="id_recipient"
@@ -44,9 +44,11 @@
<button type="submit" class="btn btn-primary">Share</button>
</form>
<small>Post shared with:
{% for user in post.shared_with.all %}
<span class="post-recipient">{{ user|display_name }}</span>
{% endfor %}
<span id="id_post_recipients">
{% for user in post.shared_with.all %}
<span class="post-recipient">{{ user|display_name }}</span>
{% endfor %}
</span>
</small>
</div>
</div>
@@ -54,4 +56,64 @@
{% block scripts %}
{% include "apps/dashboard/_partials/_scripts.html" %}
<script>
// Async share: intercepts the share form, POSTs w. Accept:application/json,
// then slide-downs the SHARE_INVITE Brief banner under the navbar h2 + appends
// the freshly-recorded Line into #id_post_table. No page reload — the legacy
// alert-success flash is gone.
(function () {
'use strict';
var form = document.getElementById('id_share_form');
var input = document.getElementById('id_recipient');
var table = document.getElementById('id_post_table');
var recipientsBox = document.getElementById('id_post_recipients');
if (!form || !input || !table) return;
function _csrf() {
var m = document.cookie.match(/csrftoken=([^;]+)/);
return m ? m[1] : '';
}
function _appendLine(text) {
var n = table.querySelectorAll('tr').length + 1;
var tr = document.createElement('tr');
var td = document.createElement('td');
td.textContent = n + '. ' + text;
tr.appendChild(td);
table.appendChild(tr);
}
form.addEventListener('submit', function (e) {
e.preventDefault();
var fd = new FormData(form);
fetch(form.action, {
method: 'POST',
credentials: 'same-origin',
headers: {
'Accept': 'application/json',
'X-CSRFToken': _csrf(),
},
body: fd,
})
.then(function (r) { return r.ok ? r.json() : Promise.reject(r.status); })
.then(function (data) {
if (data.line_text) _appendLine(data.line_text);
if (window.Brief && data.brief) Brief.showBanner(data.brief);
if (data.recipient_display && recipientsBox) {
var span = document.createElement('span');
span.className = 'post-recipient';
span.textContent = data.recipient_display;
recipientsBox.appendChild(document.createTextNode(' '));
recipientsBox.appendChild(span);
}
input.value = '';
})
.catch(function () {
// No-op for now — the privacy-safe response shape means
// even an unregistered recipient is a 200 w. brief data;
// a true error path (5xx) silently swallows.
});
});
}());
</script>
{% endblock scripts %}

21
src/templates/core/base.html
View File

@@ -30,17 +30,18 @@
</div>
{% if messages %}
<div class="row">
<div class="col-md-12">
{% for message in messages %}
{% if message.level_tag == 'success' %}
<div class="alert alert-success">{{ message }}</div>
{% else %}
<div class="alert alert-warning">{{ message }}</div>
{% endif %}
{% endfor %}
{% for message in messages %}
{# Transient Brief-styled banner — no DB row, no FYI/square. #}
{# Slides in under the navbar h2 w. the same Gaussian-glass #}
{# look as the Brief notification banner; NVM dismisses. #}
<div class="note-banner note-banner--message note-banner--{{ message.level_tag }}">
<div class="note-banner__body">
<p class="note-banner__description">{{ message }}</p>
</div>
<button type="button" class="btn btn-cancel note-banner__nvm"
onclick="this.parentElement.remove()">NVM</button>
</div>
</div>
{% endfor %}
{% endif %}
{% block content %}