post.html: gear-btn + #id_post_menu (NVM / DEL / BYE) mirror room.html's #id_room_menu — all Posts get the gear w. NVM (→ billboard:my_posts); user-Posts (kind=USER_POST / SHARE_INVITE) additionally surface DEL for the author (POST → billboard:delete_post → hard-deletes the Post; cascades Lines via FK + clears shared_with M2M) and BYE for invitees (POST → billboard:abandon_post → removes request.user from post.shared_with; owner + other invitees keep the thread); admin-Posts (kind=NOTE_UNLOCK) intentionally render gear w. NVM only since the system thread isn't user-owned (defence-in-depth: both delete_post + abandon_post no-op on NOTE_UNLOCK so a forged POST can't bypass the menu's branch); _post_gear.html partial gates DEL/BYE on viewer_is_owner (set by view_post since the buds sprint) + post.kind, then includes the shared apps/applets/_partials/_gear.html btn; styling rides the existing applets.scss page-level pattern — .post-page joins .billboard-page / .room-page / .dashboard-page / .wallet-page / .gameboard-page / .billscroll-page in the > .gear-btn { position: fixed; bottom: 4.2rem; right: 0.5rem } rule (and the landscape footer-sidebar centred variant), #id_post_menu joins the %applet-menu extension list + the page-level fixed-menu rule (bottom: 6.6rem; right: 1rem); 5 FTs in test_bill_post_gear.py (owner DEL flow, invitee BYE flow, 3 menu-shape assertions for owner/invitee/admin) + 11 ITs across DeletePostViewTest + AbandonPostViewTest (302 redirect target, side effect, GET-is-no-op, non-owner / non-invitee / NOTE_UNLOCK protection) — TDD

Code architected by Disco DeDisco <discodedisco@outlook.com> Git commit message Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-12 22:26:12 -04:00
parent c64d7b9534
commit 6a7464ee4b
7 changed files with 322 additions and 0 deletions
--- a/src/apps/billboard/tests/integrated/test_views.py
+++ b/src/apps/billboard/tests/integrated/test_views.py
@@ -481,3 +481,124 @@ class PostLineRelativeTimestampTest(TestCase):
            response.content.decode(),
            r'class="post-line-time"[^>]*>\s*\d{2}\s\w{3}\s*<',
        )
+
+
+class DeletePostViewTest(TestCase):
+    """billboard:delete_post — owner can hard-delete; non-owners are no-op;
+    note_unlock Posts are protected (defence-in-depth alongside the menu
+    branch that doesn't render DEL on admin-Posts)."""
+
+    def setUp(self):
+        from apps.billboard.models import Line, Post
+        self.Post = Post
+        self.owner = User.objects.create(email="del-owner@test.io")
+        self.other = User.objects.create(email="del-other@test.io")
+        self.post = Post.objects.create(
+            owner=self.owner, kind=Post.KIND_USER_POST, title="X",
+        )
+        Line.objects.create(post=self.post, text="x", author=self.owner)
+
+    def test_owner_post_redirects_to_my_posts(self):
+        self.client.force_login(self.owner)
+        response = self.client.post(
+            reverse("billboard:delete_post", args=[self.post.id])
+        )
+        self.assertRedirects(
+            response,
+            reverse("billboard:my_posts", args=[self.owner.id]),
+            fetch_redirect_response=False,
+        )
+
+    def test_owner_post_deletes_post(self):
+        self.client.force_login(self.owner)
+        self.client.post(reverse("billboard:delete_post", args=[self.post.id]))
+        self.assertFalse(self.Post.objects.filter(id=self.post.id).exists())
+
+    def test_non_owner_cannot_delete(self):
+        self.client.force_login(self.other)
+        self.client.post(reverse("billboard:delete_post", args=[self.post.id]))
+        self.assertTrue(self.Post.objects.filter(id=self.post.id).exists())
+
+    def test_get_does_not_delete(self):
+        self.client.force_login(self.owner)
+        self.client.get(reverse("billboard:delete_post", args=[self.post.id]))
+        self.assertTrue(self.Post.objects.filter(id=self.post.id).exists())
+
+    def test_note_unlock_post_is_protected(self):
+        # Even the owner can't DEL a system thread — the gear menu doesn't
+        # render DEL for note_unlock, but the view is hardened in case the
+        # POST is forged.
+        admin_post = self.Post.objects.create(
+            owner=self.owner, kind=self.Post.KIND_NOTE_UNLOCK, title="Notes",
+        )
+        self.client.force_login(self.owner)
+        self.client.post(reverse("billboard:delete_post", args=[admin_post.id]))
+        self.assertTrue(self.Post.objects.filter(id=admin_post.id).exists())
+
+
+class AbandonPostViewTest(TestCase):
+    """billboard:abandon_post — invitee removes themselves from
+    post.shared_with; owner unaffected; other invitees unaffected; admin
+    Posts protected from BYE."""
+
+    def setUp(self):
+        from apps.billboard.models import Line, Post
+        self.Post = Post
+        self.owner = User.objects.create(email="abandon-owner@test.io")
+        self.invitee = User.objects.create(email="abandon-invitee@test.io")
+        self.other = User.objects.create(email="abandon-other@test.io")
+        self.post = Post.objects.create(
+            owner=self.owner, kind=Post.KIND_USER_POST, title="Shared",
+        )
+        Line.objects.create(post=self.post, text="x", author=self.owner)
+        self.post.shared_with.add(self.invitee, self.other)
+
+    def test_invitee_redirects_to_my_posts(self):
+        self.client.force_login(self.invitee)
+        response = self.client.post(
+            reverse("billboard:abandon_post", args=[self.post.id])
+        )
+        self.assertRedirects(
+            response,
+            reverse("billboard:my_posts", args=[self.invitee.id]),
+            fetch_redirect_response=False,
+        )
+
+    def test_invitee_is_removed_from_shared_with(self):
+        self.client.force_login(self.invitee)
+        self.client.post(reverse("billboard:abandon_post", args=[self.post.id]))
+        self.post.refresh_from_db()
+        self.assertNotIn(self.invitee, self.post.shared_with.all())
+
+    def test_post_survives_invitee_abandonment(self):
+        self.client.force_login(self.invitee)
+        self.client.post(reverse("billboard:abandon_post", args=[self.post.id]))
+        self.post.refresh_from_db()
+        self.assertEqual(self.post.owner, self.owner)
+        self.assertIn(self.other, self.post.shared_with.all())
+
+    def test_get_does_not_remove(self):
+        self.client.force_login(self.invitee)
+        self.client.get(reverse("billboard:abandon_post", args=[self.post.id]))
+        self.post.refresh_from_db()
+        self.assertIn(self.invitee, self.post.shared_with.all())
+
+    def test_non_invitee_post_is_no_op(self):
+        random_user = User.objects.create(email="random@test.io")
+        self.client.force_login(random_user)
+        self.client.post(reverse("billboard:abandon_post", args=[self.post.id]))
+        self.post.refresh_from_db()
+        self.assertIn(self.invitee, self.post.shared_with.all())
+        self.assertIn(self.other, self.post.shared_with.all())
+
+    def test_note_unlock_post_is_protected(self):
+        # Admin Posts have no recipients to begin with, but harden the view
+        # so a forged BYE can't strip shared_with anyway.
+        admin_post = self.Post.objects.create(
+            owner=self.owner, kind=self.Post.KIND_NOTE_UNLOCK, title="Notes",
+        )
+        admin_post.shared_with.add(self.invitee)
+        self.client.force_login(self.invitee)
+        self.client.post(reverse("billboard:abandon_post", args=[admin_post.id]))
+        admin_post.refresh_from_db()
+        self.assertIn(self.invitee, admin_post.shared_with.all())