def test_gdpr(self): user = factory.Student() user2 = factory.Student() admin = factory.Admin() # Test if users cant access other data api.get(self, 'users/GDPR', params={'pk': user2.pk}, user=user, status=403) # Test all the gdpr calls for _ in range( int(api_settings.DEFAULT_THROTTLE_RATES['gdpr'].split('/') [0])): api.get(self, 'users/GDPR', params={'pk': 0}, user=user) # Test timeout api.get(self, 'users/GDPR', params={'pk': 0}, user=user, status=429) # Test admin api.get(self, 'users/GDPR', params={'pk': user.pk}, user=admin) # Test no timeout for admin for _ in range( int(api_settings.DEFAULT_THROTTLE_RATES['gdpr'].split('/') [0])): api.get(self, 'users/GDPR', params={'pk': 0}, user=admin) api.get(self, 'users/GDPR', params={'pk': 0}, user=admin)
def test_rest(self): # Test the basic rest functionality as a superuser api.test_rest(self, 'assignments', create_params=self.create_params, get_params={'course_id': self.course.pk}, update_params={'description': 'test_description2'}, delete_params={'course_id': self.course.pk}, user=factory.Admin()) # Test the basic rest functionality as a teacher api.test_rest(self, 'assignments', create_params=self.create_params, get_params={'course_id': self.course.pk}, update_params={'description': 'test_description2'}, delete_params={'course_id': self.course.pk}, user=self.teacher) # Test the basic rest functionality as a student api.test_rest(self, 'assignments', create_params=self.create_params, create_status=403, user=factory.Student())
def test_update(self): assignment = api.create(self, 'assignments', params=self.create_params, user=self.teacher)['assignment'] # Try to publish the assignment # TODO: Test cannot unpublish when there are entries inside api.update(self, 'assignments', params={ 'pk': assignment['id'], 'published': True }, user=factory.Student(), status=403) api.update(self, 'assignments', params={ 'pk': assignment['id'], 'published': True }, user=self.teacher) api.update(self, 'assignments', params={ 'pk': assignment['id'], 'published': True }, user=factory.Admin())
def setUp(self): self.admin = factory.Admin() self.student = factory.Student() self.journal = factory.Journal(user=self.student) self.TA = factory.Student() nfac.make_participation( user=self.TA, course=self.journal.assignment.courses.first(), role=self.journal.assignment.courses.first().role_set.get( name='TA')) self.teacher = self.journal.assignment.courses.first().author self.comment = factory.StudentComment( entry__node__journal=self.journal) self.TA_comment = nfac.make_comment(self.comment.entry, self.TA, 'TA comment', False) self.teacher_comment = nfac.make_comment(self.comment.entry, self.teacher, 'Teacher comment', False) set_entry_comment_counts(self) assert self.teacher.has_permission('can_grade', self.journal.assignment), \ 'Teacher requires can_grade permission in the relevant assignment' assert self.TA.has_permission('can_grade', self.journal.assignment), \ 'TA requires can_grade permission in the relevant assignment' assert not self.teacher_comment.published, 'Teacher comment should be unpublished.' assert not self.TA_comment.published, 'TA comment should be unpublished.' assert self.entry_comments == 3, 'Journal should have 3 comments total' assert self.entry_published_comments == 1, 'Journal should have 3 comments of which only one is published' assert self.entry_unpublished_comments == 2, 'Expected 2 unpublished comments'
def test_rest(self): api.test_rest(self, 'users', create_params=self.create_params, get_is_create=False, update_params={'username': '******'}, user=factory.Admin())
def setUp(self): self.teacher = factory.Teacher() self.admin = factory.Admin() self.course = factory.Course(author=self.teacher) self.create_params = { 'name': 'test', 'description': 'test_description', 'course_id': self.course.pk }
def setUp(self): self.create_params = {'name': 'test_course', 'abbreviation': 'TC'} self.student = factory.Student() self.teacher1 = factory.Teacher() self.teacher2 = factory.Teacher() self.admin = factory.Admin() self.course1 = factory.Course(author=self.teacher1) self.course2 = factory.Course(author=self.teacher1) self.course3 = factory.Course(author=self.teacher2)
def test_names(self): assignment = self.journal.assignment course = assignment.courses.first() url = 'names/{}/{}/{}'.format(course.id, assignment.id, self.journal.id) # Check if these users can view the names api.get(self, url, user=self.student) api.get(self, url, user=self.teacher) api.get(self, url, user=factory.Admin()) # CHeck if a random student cannot view the names api.get(self, url, user=factory.Student(), status=403)
def test_update(self): user = factory.Student() user2 = factory.Student() admin = factory.Admin() # Test update the own user old_username = user.username resp = api.update(self, 'users', params={ 'pk': 0, 'username': '******', 'full_name': 'abc' }, user=user)['user'] assert resp[ 'username'] == old_username, 'Username should not be updated' assert resp['full_name'] == 'abc', 'Firstname should be updated' # Test update user as admin resp = api.update(self, 'users', params={ 'pk': user.pk, 'full_name': 'not_admin' }, user=admin)['user'] assert resp['full_name'] == 'not_admin', 'Firstname should be updated' # Test update other user as user api.update(self, 'users', params={ 'pk': user.pk, 'full_name': 'not_admin' }, user=user2, status=403) is_test_student = factory.TestUser(lti_id=None) resp = api.update(self, 'users', user=is_test_student, params={ 'email': '*****@*****.**', 'pk': is_test_student.pk })['user'] is_test_student = User.objects.get(pk=is_test_student.pk) assert is_test_student.is_test_student, 'Test student status should remain intact after updating email.' assert not is_test_student.verified_email, 'Updating email without LTI should not validate said email.' assert resp['email'] == '*****@*****.**', 'Email should be updated'
def test_lti_delete(self): assignment = factory.LtiAssignment() course = assignment.courses.first() assert assignment.active_lti_id in course.assignment_lti_id_set, \ 'assignment lti_id should be in assignment_lti_id_set of course before anything is deleted' # Test if deletion is possible to delete assignment if it has only one lti id api.delete(self, 'assignments', params={ 'pk': assignment.pk, 'course_id': course.pk }, user=factory.Admin()) assert assignment.active_lti_id not in Course.objects.get(pk=course.pk).assignment_lti_id_set, \ 'assignment lti_id should get removed from the assignment_lti_id_set from the course' assignment = factory.LtiAssignment() course = assignment.courses.first() course2 = factory.LtiCourse() assignment.courses.add(course2) assignment.lti_id_set.append('second' + assignment.active_lti_id) assignment.save() # Test is deletion is not possible from connected LTI course api.delete(self, 'assignments', params={ 'pk': assignment.pk, 'course_id': course.pk }, user=factory.Admin(), status=400) # Test is deletion is possible from other course api.delete(self, 'assignments', params={ 'pk': assignment.pk, 'course_id': course2.pk }, user=factory.Admin())
def test_get(self): comments = api.get(self, 'comments', params={'entry_id': self.teacher_comment.entry.pk}, user=self.student)['comments'] assert len( comments ) == self.entry_published_comments, 'Student can only see published comments' api.get(self, 'comments', params={'pk': self.teacher_comment.pk}, user=self.student, status=403) api.get(self, 'comments', params={'pk': self.teacher_comment.pk}, user=self.teacher) comments = api.get(self, 'comments', params={'entry_id': self.comment.entry.pk}, user=self.teacher)['comments'] assert len( comments ) == self.entry_comments, 'Teacher should be able to see all comments' self.teacher_comment.published = True self.teacher_comment.save() self.entry_published_comments = self.entry_published_comments + 1 self.entry_unpublished_comments = self.entry_unpublished_comments - 1 comments = api.get(self, 'comments', params={'entry_id': self.teacher_comment.entry.pk}, user=self.student)['comments'] assert len( comments ) == self.entry_published_comments, 'Student should be able to see published comments' api.get(self, 'comments', params={'entry_id': self.comment.entry.pk}, user=factory.Student(), status=403) api.get(self, 'comments', params={'entry_id': self.comment.entry.pk}, user=factory.Admin())
def test_delete(self): user = factory.Student() user2 = factory.Student() user3 = factory.Student() admin = factory.Admin() admin2 = factory.Admin() # Test to delete user as other user api.delete(self, 'users', params={'pk': user2.pk}, user=user, status=403) # Test to delete own user api.delete(self, 'users', params={'pk': user.pk}, user=user) api.get(self, 'users', params={'pk': user.pk}, user=admin, status=404) api.delete(self, 'users', params={'pk': 0}, user=user2) api.get(self, 'users', params={'pk': user2.pk}, user=admin, status=404) # Test to delete user as admin api.delete(self, 'users', params={'pk': user3.pk}, user=admin) api.get(self, 'users', params={'pk': user3.pk}, user=admin, status=404) # Test to see if the last admin cannot be removed api.delete(self, 'users', params={'pk': admin2.pk}, user=admin) api.delete(self, 'users', params={'pk': admin.pk}, user=admin, status=400) api.get(self, 'users', params={'pk': admin2.pk}, user=admin, status=404)
def test_update(self): api.update(self, 'instance', params={'pk': 0}, user=factory.Teacher(), status=403) admin = factory.Admin() resp = api.update(self, 'instance', params={ 'pk': 0, 'name': 'B1' }, user=admin) assert resp['instance']['name'] == 'B1'
def test_get(self): api.get(self, 'nodes', params={'journal_id': self.journal.pk}, user=self.student) api.get(self, 'nodes', params={'journal_id': self.journal.pk}, user=factory.Admin()) api.get(self, 'nodes', params={'journal_id': self.journal.pk}, user=factory.Teacher(), status=403) api.get(self, 'nodes', params={'journal_id': self.journal.pk}, user=self.teacher)
def test_get(self): student = factory.Student() admin = factory.Admin() journal = factory.Journal(user=student) teacher = journal.assignment.courses.first().author # Test get all users api.get(self, 'users', user=student, status=403) resp = api.get(self, 'users', user=admin)['users'] assert len(resp) == User.objects.count( ), 'Test if the admin got all the users' # Test get own user resp = api.get(self, 'users', params={'pk': 0}, user=student)['user'] assert 'id' in resp, 'Test if the student got userdata' assert 'verified_email' in resp, 'Test if the student got all their userdata' resp = api.get(self, 'users', params={'pk': 0}, user=admin)['user'] assert resp[ 'is_superuser'], 'Admin user should be flagged as superuser.' # Check if a user cant see other users data api.get(self, 'users', params={'pk': admin.pk}, user=student, status=403) # Test get user as supervisor assert permissions.is_user_supervisor_of( teacher, student), 'Teacher should be supervisor of student' resp = api.get(self, 'users', params={'pk': student.pk}, user=teacher)['user'] assert 'username' in resp, 'Supervisor can retrieve basic supervisee data' assert 'full_name' in resp, 'Supervisor can retrieve basic supervisee data' assert 'verified_email' not in resp, 'Supervisor can\'t retrieve all supervisee data' assert 'email' not in resp, 'Supervisor can\'t retrieve all supervisee data' # Test get user as admin resp = api.get(self, 'users', params={'pk': student.pk}, user=admin)['user'] assert 'id' in resp, 'Admin can retrieve basic user data' assert 'verified_email' in resp, 'Admin can retrieve all user data' assert 'email' in resp, 'Admin can retrieve all user data'
def setUp(self): self.teacher = factory.Teacher() self.admin = factory.Admin() self.course = factory.Course(author=self.teacher) self.assignment = factory.Assignment(courses=[self.course]) self.format = factory.Format(assignment=self.assignment) self.template = factory.Template(format=self.format) self.update_dict = { 'assignment_details': { 'name': 'Colloq', 'description': 'description1', 'is_published': True }, 'templates': serialize.TemplateSerializer( self.format.template_set.filter(archived=False), many=True).data, 'removed_presets': [], 'removed_templates': [], 'presets': [] }
def test_rest(self): # Test the basic rest functionality as a superuser api.test_rest(self, 'courses', create_params=self.create_params, update_params={'abbreviation': 'TC2'}, user=factory.Admin()) # Test the basic rest functionality as a teacher api.test_rest(self, 'courses', create_params=self.create_params, update_params={'abbreviation': 'TC2'}, user=factory.Teacher()) # Test the basic rest functionality as a student api.test_rest(self, 'courses', create_params=self.create_params, create_status=403, user=factory.Student())
def test_update(self): # TODO: Improve template testing api.update(self, 'formats', params={ 'pk': self.assignment.pk, 'assignment_details': None, 'templates': [], 'presets': [], 'removed_presets': [], 'removed_templates': [] }, user=factory.Student(), status=403) api.update(self, 'formats', params={ 'pk': self.assignment.pk, 'assignment_details': None, 'templates': [], 'presets': [], 'removed_presets': [], 'removed_templates': [] }, user=self.teacher) api.update(self, 'formats', params={ 'pk': self.assignment.pk, 'assignment_details': None, 'templates': [], 'presets': [], 'removed_presets': [], 'removed_templates': [] }, user=factory.Admin())
def test_update(self): # Check if students cannot update journals api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.student, status=403) # Check if teacher can only update the published state api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.teacher, status=403) api.update(self, 'journals', params={'pk': self.journal.pk, 'published': True}, user=self.teacher) # Check if the admin can update the journal api.update(self, 'journals', params={'pk': self.journal.pk, 'user': factory.Student().pk}, user=factory.Admin())