def test_staff_get_project(self):
     self.assertFalse(self.project.visible_to_students)
     staff = obj_build.make_staff_user(self.course)
     # closing_time is only shown to admins.
     self.do_get_object_test(
         self.client, staff, self.url,
         exclude_dict(self.project.to_dict(), ['closing_time']))
    def test_staff_get_results_past_deadline_ultimate_scores_shown_ultimate_policy_best(
            self):
        self.project.validate_and_update(
            ultimate_submission_policy=ag_models.UltimateSubmissionPolicy.best,
            hide_ultimate_submission_fdbk=False)

        student_group, student_best = self._make_group_with_submissions(
            1, num_submissions=2)
        staff_group, staff_best = self._make_group_with_submissions(
            1, members_role=obj_build.UserRole.staff)

        expected = [
            self._make_result_content_for_user(student_group.member_names[0],
                                               student_group,
                                               student_best,
                                               points_only=True),
            self._make_result_content_for_user(staff_group.member_names[0],
                                               staff_group,
                                               staff_best,
                                               points_only=True)
        ]

        staff = obj_build.make_staff_user(self.course)
        self.client.force_authenticate(staff)

        past_closing_time = timezone.now() - datetime.timedelta(hours=1)
        for closing_time in past_closing_time, None:
            self.project.validate_and_update(closing_time=closing_time)

            response = self.client.get(self.base_url)
            self.assertEqual(status.HTTP_200_OK, response.status_code)

            self.assertSequenceEqual(expected, response.data['results'])
    def test_staff_view_late_day_count_for_other_course_permission_denied(
            self):
        staff = obj_build.make_staff_user(self.course)

        # Student for other course
        other_course = obj_build.make_course()
        other_course_student = obj_build.make_student_user(other_course)
        self.assertFalse(other_course.is_staff(staff))

        self.client.force_authenticate(staff)
        response = self.client.get(
            self.get_pk_url(other_course_student, other_course))
        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)

        response = self.client.get(
            self.get_username_url(other_course_student, other_course))
        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)

        # Guest for other course
        other_guest = obj_build.make_user()
        response = self.client.get(self.get_pk_url(other_guest, other_course))
        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)

        response = self.client.get(
            self.get_username_url(other_guest, other_course))
        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
    def test_staff_get_results_ultimate_scores_hidden_permission_denied(self):
        self.project.validate_and_update(closing_time=None,
                                         hide_ultimate_submission_fdbk=True)

        staff = obj_build.make_staff_user(self.course)

        self.client.force_authenticate(staff)
        response = self.client.get(self.base_url)

        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
    def test_staff_get_results_deadline_not_past_permission_denied(self):
        self.assertLess(timezone.now(), self.project.closing_time)
        self.project.validate_and_update(hide_ultimate_submission_fdbk=False)

        staff = obj_build.make_staff_user(self.course)

        self.client.force_authenticate(staff)
        response = self.client.get(self.base_url)

        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
    def test_non_admin_permission_denied(self):
        staff = obj_build.make_staff_user(course=self.project.course)
        self.client.force_authenticate(staff)

        response = self.client.patch(self.url, {'add': 42})
        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
        response = self.client.patch(self.url, {'subtract': 42})
        self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)

        self._check_bonus_submissions(self.initial_num_bonus_submissions)
    def test_other_add_project_permission_denied(self):
        staff = obj_build.make_staff_user(self.course)
        student = obj_build.make_student_user(self.course)
        handgrader = obj_build.make_handgrader_user(self.course)
        guest = obj_build.make_user()
        project_name = 'project123'
        for user in staff, student, handgrader, guest:
            self.client.force_authenticate(user)
            response = self.client.post(self.url, {'name': project_name})

            self.assertEqual(403, response.status_code)

            with self.assertRaises(exceptions.ObjectDoesNotExist):
                ag_models.Project.objects.get(name=project_name)
 def test_staff_list_projects(self):
     staff = obj_build.make_staff_user(self.course)
     self.do_valid_list_projects_test(staff,
                                      self.all_projects,
                                      show_instructor_files=True)
 def test_non_admin_edit_project_permission_denied(self):
     staff = obj_build.make_staff_user(self.course)
     self.do_patch_object_permission_denied_test(self.project, self.client,
                                                 staff, self.url,
                                                 {'name': 'waaaaaaaaluigi'})
 def test_non_admin_copy_project_permission_denied(self):
     staff = obj_build.make_staff_user(self.project.course)
     self.client.force_authenticate(staff)
     response = self.client.post(
         self.get_url(self.project, self.project.course, 'New project'))
     self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
 def test_staff_view_other_late_day_count(self):
     staff = obj_build.make_staff_user(self.course)
     student = obj_build.make_student_user(self.course)
     self.do_get_late_days_test(staff, student, self.course,
                                self.initial_num_late_days)