discoman/python-tdd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

brief sprint C3.b+c+d+e: share-post Line+Brief async, magic-link / invalid-link banners use Brief styling, .alert-* retired — TDD

Browse Source 
Closes the C3 brief sprint. Three event sources (note unlock, share invite, login messages) now route through the Brief slide-down, & the legacy .alert-success/.alert-warning rendering in base.html is retired.

C3.b — share-post async Line + Brief:
- billboard.share_post detects Accept: application/json. JSON path appends a Line (text="Shared with X at <isoformat>", isoformat carries microseconds so two rapid shares of the same email don't collide on Line.unique_together(post,text)), spawns a Brief(kind=SHARE_INVITE) for the sharer, and returns {brief: brief.to_banner_dict() | None, line_text, recipient_display}. Sharer-shares-with-themselves stays a silent no-op (response carries brief: null). Legacy form-submit path preserved for non-AJAX (still redirects + flashes the privacy-safe message — kept for older FTs / no-JS fallback).
- billboard.Brief.to_banner_dict() (moved from dashboard.views helper to a model method) shapes the JSON the banner JS consumes.
- post.html: share form intercepted by JS — fetches POST w. Accept:application/json, then appends `data.line_text` as the next row in #id_post_table, calls Brief.showBanner(data.brief), and (when registered) appends a fresh `<span class="post-recipient">` to the new #id_post_recipients box. No page reload — the alert-success flash is gone.
- 10 new ITs (SharePostAsyncTest + SharePostLegacyRedirectTest) cover the JSON path, line append, brief creation w. SHARE_INVITE kind, registered/unregistered recipient behaviour, sharer-self skip, line dedupe via timestamp, and that the legacy form-submit redirect path still works.
- functional_tests.test_sharing line numbering updated: the share now records its own Line so the alice-reply lands at row 3 instead of 2.

C3.c+d — magic-link confirmation + invalid-link error use Brief banner styling:
- base.html's {% if messages %} block stops rendering .alert-success/.alert-warning divs. Instead each message renders as a transient Brief-styled banner: <div class="note-banner note-banner--message note-banner--{{level_tag}}"> with .note-banner__body / __description carrying the message text and a .btn-cancel NVM that removes the banner via inline onclick. No DB Brief row; no FYI; no square. Same Gaussian-glass look as note-unlock + share-invite Briefs.
- _note.scss adds the note-banner--message variant (full-opacity description) + note-banner--error/--warning border-color override (priRd 0.6) so the invalid-link banner reads as red/abandon.

C3.e — .alert-success/.alert-warning retired in markup; the SCSS class blocks aren't referenced anywhere else in templates so they sit dormant (left in place — base form styling keeps .form-control etc. working; no need to ripple into _base.scss).

Banner JS (note.js / Brief module) was untouched in C3.b+c+d — the Brief.showBanner contract from C3.a already handles all three kinds (NOTE_UNLOCK / USER_POST / SHARE_INVITE) by reading kind off the brief; the message-banner path doesn't go through showBanner because there's no Brief row.

Tests: 218 dashboard+billboard+api ITs + 322 lyric+dashboard+billboard ITs + 2 sharing FTs + 9 my_notes FTs + 1 Jasmine FT all green. Existing lyric.test_views login message-text assertions unchanged (they pull from messages framework — not the rendered HTML — so the markup swap doesn't affect them).

Code architected by Disco DeDisco <discodedisco@outlook.com>
Git commit message Co-Authored-By:
Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Disco DeDisco
2026-05-08 18:15:43 -04:00
parent fa53bf561a
commit 14bab444ff
8 changed files with 288 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/apps/billboard/models.py
View File

@@ -118,3 +118,21 @@ class Brief(models.Model):
f"Brief({self.kind}, {self.owner.email}, "
f"unread={self.is_unread})"
)
def to_banner_dict(self):
"""Shape this Brief for the slide-down banner JS. NOTE_UNLOCK kind
carries a square_url pointing at /billboard/my-notes/ so the
thumbnail-square inside the banner jumps direct to the user's Note
collection — other kinds get an empty square_url."""
square_url = ""
if self.kind == self.KIND_NOTE_UNLOCK:
square_url = reverse("billboard:my_notes")
return {
"id": str(self.id),
"kind": self.kind,
"title": self.title,
"line_text": self.line.text if self.line else "",
"post_url": self.post.get_absolute_url(),
"square_url": square_url,
"created_at": self.created_at.isoformat(),
}

125
src/apps/billboard/tests/integrated/test_share_post.py Normal file
View File

@@ -0,0 +1,125 @@
"""ITs for share-post async-Brief flow (C3.b).
POST /billboard/post/<uuid>/share-post w. Accept: application/json now:
- Adds the recipient to Post.shared_with (if registered, not the sharer)
- Appends a Line to the Post recording the share event
- Spawns a Brief(kind=SHARE_INVITE) for the sharer that JS slide-downs
- Returns JSON {brief: {…}, line_text: ""}; no redirect, no messages
Legacy form-submit (no Accept: application/json) still redirects + flashes
the privacy-safe success message — kept for non-AJAX fallback / older FTs.
"""
from django.test import TestCase
from django.urls import reverse
from apps.billboard.models import Brief, Line, Post
from apps.lyric.models import User
class SharePostAsyncTest(TestCase):
def setUp(self):
self.sharer = User.objects.create(email="sharer@test.io")
self.client.force_login(self.sharer)
self.post = Post.objects.create(owner=self.sharer)
def _share_async(self, recipient_email):
return self.client.post(
reverse("billboard:share_post", args=[self.post.id]),
data={"recipient": recipient_email},
HTTP_ACCEPT="application/json",
)
def test_async_share_returns_brief_payload(self):
User.objects.create(email="alice@test.io")
response = self._share_async("alice@test.io")
self.assertEqual(response.status_code, 200)
body = response.json()
self.assertIn("brief", body)
self.assertIn("line_text", body)
def test_async_share_appends_line_to_post(self):
User.objects.create(email="alice@test.io")
self.assertEqual(self.post.lines.count(), 0)
self._share_async("alice@test.io")
self.assertEqual(self.post.lines.count(), 1)
line = self.post.lines.first()
self.assertIn("alice@test.io", line.text)
def test_async_share_creates_share_invite_brief_for_sharer(self):
User.objects.create(email="alice@test.io")
self._share_async("alice@test.io")
brief = Brief.objects.get(owner=self.sharer)
self.assertEqual(brief.kind, Brief.KIND_SHARE_INVITE)
self.assertEqual(brief.post, self.post)
self.assertIsNotNone(brief.line)
self.assertTrue(brief.is_unread)
def test_async_share_adds_registered_recipient_to_shared_with(self):
alice = User.objects.create(email="alice@test.io")
self._share_async("alice@test.io")
self.assertIn(alice, self.post.shared_with.all())
def test_async_share_unregistered_recipient_still_appends_line_and_brief(self):
"""Privacy: even if the email isn't registered, the sharer gets the
same confirmation Brief + Line. Otherwise the response shape would
leak whether an address is on the system."""
response = self._share_async("ghost@test.io")
self.assertEqual(response.status_code, 200)
self.assertEqual(self.post.lines.count(), 1)
self.assertEqual(Brief.objects.filter(owner=self.sharer).count(), 1)
def test_async_share_does_not_add_owner_as_recipient(self):
"""Sharer shares w. their own email — no shared_with add, no Line, no
Brief; response carries brief: null so the JS just no-ops."""
response = self._share_async("sharer@test.io")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["brief"], None)
self.assertEqual(self.post.lines.count(), 0)
self.assertEqual(Brief.objects.filter(owner=self.sharer).count(), 0)
self.assertNotIn(self.sharer, self.post.shared_with.all())
def test_async_share_brief_payload_carries_share_invite_kind(self):
User.objects.create(email="alice@test.io")
body = self._share_async("alice@test.io").json()
self.assertEqual(body["brief"]["kind"], "share_invite")
self.assertIn("alice@test.io", body["line_text"])
def test_async_share_line_text_dedupes_via_timestamp(self):
"""Two consecutive shares of the same email must not collide on the
Line.unique_together(post, text) constraint — the share line should
carry a timestamp suffix."""
User.objects.create(email="alice@test.io")
self._share_async("alice@test.io")
# Second share — should append a second distinct Line, not 500.
response = self._share_async("alice@test.io")
self.assertEqual(response.status_code, 200)
self.assertEqual(self.post.lines.count(), 2)
class SharePostLegacyRedirectTest(TestCase):
"""Legacy form-submit path (no Accept: application/json) is preserved —
redirects + flashes the privacy-safe message + adds shared_with. Existing
FTs that submit the share form via Selenium still work."""
def setUp(self):
self.sharer = User.objects.create(email="sharer@test.io")
self.client.force_login(self.sharer)
self.post = Post.objects.create(owner=self.sharer)
def test_form_submit_still_redirects(self):
User.objects.create(email="alice@test.io")
response = self.client.post(
reverse("billboard:share_post", args=[self.post.id]),
data={"recipient": "alice@test.io"},
)
self.assertEqual(response.status_code, 302)
self.assertEqual(response["Location"], reverse("billboard:view_post", args=[self.post.id]))
def test_form_submit_still_adds_shared_with(self):
alice = User.objects.create(email="alice@test.io")
self.client.post(
reverse("billboard:share_post", args=[self.post.id]),
data={"recipient": "alice@test.io"},
)
self.assertIn(alice, self.post.shared_with.all())

57
src/apps/billboard/views.py
View File

@@ -8,8 +8,10 @@ from django.http import HttpResponseForbidden, JsonResponse
from django.shortcuts import redirect, render
from apps.applets.utils import applet_context, apply_applet_toggle
from django.utils import timezone
from apps.billboard.forms import ExistingPostLineForm, LineForm
from apps.billboard.models import Brief, Post
from apps.billboard.models import Brief, Line, Post
from apps.dashboard.views import _PALETTE_DEFS
from apps.drama.models import GameEvent, Note, ScrollPosition
from apps.epic.models import Room
@@ -275,13 +277,58 @@ def my_posts(request, user_id):
def share_post(request, post_id):
our_post = Post.objects.get(id=post_id)
is_ajax = "application/json" in request.headers.get("Accept", "")
recipient_email = request.POST.get("recipient", "")
recipient = None
try:
recipient = User.objects.get(email=request.POST["recipient"])
if recipient == request.user:
return redirect(our_post)
our_post.shared_with.add(recipient)
recipient = User.objects.get(email=recipient_email)
except User.DoesNotExist:
pass
# Sharer-tries-to-share-with-themselves: silent no-op (existing behavior).
if recipient is not None and recipient == request.user:
if is_ajax:
return JsonResponse({"brief": None, "line_text": ""})
return redirect(our_post)
if recipient is not None:
our_post.shared_with.add(recipient)
# Always append a Line + spawn a Brief for the sharer — privacy: the
# response shape mustn't leak whether the email is on the system. Line
# text carries an isoformat timestamp w/ microseconds so two rapid
# shares of the same email don't collide on the
# Line.unique_together(post, text) constraint.
line_text = (
f"Shared with {recipient_email} at {timezone.now().isoformat()}"
)
line = Line.objects.create(post=our_post, text=line_text)
brief = None
if request.user.is_authenticated:
brief = Brief.objects.create(
owner=request.user,
post=our_post,
line=line,
kind=Brief.KIND_SHARE_INVITE,
title="Invite sent",
)
if is_ajax:
# recipient_display is populated only when the address resolves to a
# registered User — same evidence the server-rendered .post-recipient
# list exposes; doesn't widen the privacy surface beyond what the
# post detail page already shows publicly.
recipient_display = None
if recipient is not None:
recipient_display = recipient.username or recipient.email
return JsonResponse({
"brief": brief.to_banner_dict() if brief is not None else None,
"line_text": line_text,
"recipient_display": recipient_display,
})
messages.success(request, "An invite has been sent if that address is registered.")
return redirect(our_post)

21
src/apps/dashboard/views.py
View File

@@ -366,30 +366,11 @@ def sky_save(request):
if user.sky_chart_data:
note, created, brief = Note.grant_if_new(user, "stargazer")
if created and brief is not None:
brief_payload = _brief_to_banner_dict(brief)
brief_payload = brief.to_banner_dict()
return JsonResponse({"saved": True, "brief": brief_payload})
def _brief_to_banner_dict(brief):
"""Shape a Brief for the slide-down banner JS. NOTE_UNLOCK kind carries
a `square_url` pointing at /billboard/my-notes/ so the thumbnail-square
inside the banner jumps direct to the user's Note collection."""
square_url = ""
if brief.kind == "note_unlock":
from django.urls import reverse
square_url = reverse("billboard:my_notes")
return {
"id": str(brief.id),
"kind": brief.kind,
"title": brief.title,
"line_text": brief.line.text if brief.line else "",
"post_url": brief.post.get_absolute_url(),
"square_url": square_url,
"created_at": brief.created_at.isoformat(),
}
@login_required(login_url="/")
def sky_delete(request):
if request.method != 'POST':