def test_is_supervisor(self): middle = factory.make_user('Username2', DEFAULT_PASSWORD, email='*****@*****.**', full_name='Test User') student = factory.make_user('Username3', DEFAULT_PASSWORD, email='*****@*****.**', full_name='Test User') role = factory.make_role_default_no_perms("TE", self.course1, can_view_course_users=True, can_view_all_journals=True) factory.make_participation(self.user, self.course1, role) role = factory.make_role_default_no_perms("MD", self.course1, can_view_course_users=True) factory.make_participation(middle, self.course1, role) role = factory.make_role_default_no_perms("SD", self.course1) factory.make_participation(student, self.course1, role) factory.make_journal(self.assignment, student) assert permissions.is_user_supervisor_of(self.user, student) assert permissions.is_user_supervisor_of(self.user, middle) assert permissions.is_user_supervisor_of(middle, self.user) assert permissions.is_user_supervisor_of(middle, student) assert not permissions.is_user_supervisor_of(student, self.user) assert not permissions.is_user_supervisor_of(student, middle) Participation.objects.get(course=self.course1, user=student).delete() assert permissions.is_user_supervisor_of(self.user, student) assert not permissions.is_user_supervisor_of(middle, student) assert not permissions.is_user_supervisor_of(student, self.user) assert not permissions.is_user_supervisor_of(student, middle)
def test_is_supervisor(self): middle = factory.make_user('Username2', 'Password', email='*****@*****.**') student = factory.make_user('Username3', 'Password', email='*****@*****.**') role = factory.make_role_default_no_perms("TE", self.course1, can_view_course_users=True, can_view_all_journals=True) factory.make_participation(self.user, self.course1, role) role = factory.make_role_default_no_perms("MD", self.course1, can_view_course_users=True) factory.make_participation(middle, self.course1, role) role = factory.make_role_default_no_perms("SD", self.course1) factory.make_participation(student, self.course1, role) factory.make_journal(self.assignment, student) self.assertTrue(permissions.is_user_supervisor_of(self.user, student)) self.assertTrue(permissions.is_user_supervisor_of(self.user, middle)) self.assertTrue(permissions.is_user_supervisor_of(middle, self.user)) self.assertTrue(permissions.is_user_supervisor_of(middle, student)) self.assertFalse(permissions.is_user_supervisor_of(student, self.user)) self.assertFalse(permissions.is_user_supervisor_of(student, middle)) Participation.objects.get(course=self.course1, user=student).delete() self.assertTrue(permissions.is_user_supervisor_of(self.user, student)) self.assertFalse(permissions.is_user_supervisor_of(middle, student)) self.assertFalse(permissions.is_user_supervisor_of(student, self.user)) self.assertFalse(permissions.is_user_supervisor_of(student, middle))
def test_multi_course_assignment_permission(self): """Test whether the assignment has the correct permissions when bound to multiple courses.""" role = factory.make_role_default_no_perms("SD", self.course1, can_have_journal=True) factory.make_participation(self.user, self.course1, role) role = factory.make_role_default_no_perms("SD", self.course2, can_have_journal=False) factory.make_participation(self.user, self.course2, role) assert self.user.has_permission('can_have_journal', self.assignment) assert not self.user.has_permission('can_edit_assignment', self.assignment)
def test_multi_course_assignment_negations(self): """Test whether the assignment has the correct permissions when bound to multiple courses, by negation.""" role = factory.make_role_default_no_perms("SD", self.course1, can_have_journal=True) factory.make_participation(self.user, self.course1, role) role = factory.make_role_default_no_perms("SD", self.course2, can_view_all_journals=True) factory.make_participation(self.user, self.course2, role) self.assertTrue(self.user.has_permission('can_view_all_journals', self.assignment)) self.assertFalse(self.user.has_permission('can_have_journal', self.assignment))
def test_create_new_assignment(self): """test create new assignment.""" lti_id = '12AB' course = factory.make_course("BeeldBewerken", "BB", enddate=timezone.now()) role = factory.make_role_default_no_perms("teacher", course, can_add_assignment=True) factory.make_participation(user=self.user, course=course, role=role) login = test.logging_in(self, self.username, self.password) create_assign_dict = { 'name': 'SIFT', 'description': 'In this assign...', 'course_id': course.pk, 'lti_id': lti_id } test.api_post_call(self, '/assignments/', params=create_assign_dict, login=login, status=201) self.assertEquals( Lti_ids.objects.get(lti_id=lti_id).assignment.name, 'SIFT')
def test_create_entry(self): """"Test create entry.""" _, _, user2 = test.set_up_user_and_auth('testh', 'test123h', '*****@*****.**') course = factory.make_course('Portfolio', 'PAV', author=user2) template = factory.make_entry_template("some_template") format = factory.make_format([template]) assignment = factory.make_assignment("Assignment", "Your favorite assignment", format=format, courses=[course]) journal = factory.make_journal(assignment, self.user) field = factory.make_field(template, 'Some field', 0) login = test.logging_in(self, self.username, self.password) format.available_templates.add(template) role = factory.make_role_default_no_perms("student", course, can_have_journal=True) factory.make_participation(user=self.user, course=course, role=role) create_entry_dict = { 'journal_id': journal.id, 'template_id': template.id, 'content': [{ 'id': field.pk, 'data': "This is some data" }] } test.api_post_call(self, '/entries/', create_entry_dict, login, 201) self.assertTrue(Entry.objects.filter(node__journal=journal).exists()) self.assertEquals( Content.objects.get(entry=1).data, "This is some data")
def test_update_course_roles(self): """Test update course roles""" teacher_user, teacher_pass, teacher = test.set_up_user_and_auth( 'Teacher', 'pass', '*****@*****.**') teacher_role = factory.make_role_teacher("TE", self.course) factory.make_role_ta('TA2', self.course) factory.make_participation(teacher, self.course, teacher_role) login = test.logging_in(self, teacher_user, teacher_pass) result = test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}) roles = result.json()['roles'] for role in roles: if role['name'] == 'TA2': role['can_grade'] = 1 roles.append( serialize.RoleSerializer( factory.make_role_default_no_perms('test_role', self.course)).data) test.api_patch_call(self, '/roles/{}/'.format(self.course.pk), {'roles': roles}, login) role_test = Role.objects.get(name='TA2', course=self.course) self.assertTrue(role_test.can_grade) self.assertEquals( Role.objects.filter(name='test_role', course=self.course).count(), 1)
def create(self, request): """Create course role. Arguments: request -- request data course_id -- course ID name -- role name permissions -- permissions to change (default everything is false) Returns: On failure: unauthorized -- when the user is not logged in not found -- when the course does not exist forbidden -- when the user is not in the course forbidden -- when the user is unauthorized to edit its roles On success: success -- newly created course """ course_id, name, permissions = utils.required_params( request.data, 'course_id', 'name', 'permissions') course = Course.objects.get(pk=course_id) # TODO: P Is this the right permission request.user.check_permission('can_edit_course_roles', course) try: role = factory.make_role_default_no_perms(name, course, **permissions) except Exception: return response.bad_request() serializer = RoleSerializer(role, many=False) return response.created({'role': serializer.data})
def test_delete_assignment(self): """Test delete_assignment.""" login = test.logging_in(self, self.username, self.password) course1 = factory.make_course("Portfolio Academische Vaardigheden", "PAV") course2 = factory.make_course("BeeldBewerken", "BB") assign1 = factory.make_assignment("Colloq", "In de opdracht...1", self.user) assign2 = factory.make_assignment("Logboek", "In de opdracht...2", self.user) role = factory.make_role_default_no_perms("teacher", self.course, can_delete_assignment=True) factory.make_participation(user=self.user, course=self.course, role=role) role = factory.make_role_default_no_perms("teacher", course1, can_delete_assignment=True) factory.make_participation(user=self.user, course=course1, role=role) role = factory.make_role_default_no_perms("teacher", course2, can_delete_assignment=True) factory.make_participation(user=self.user, course=course2, role=role) assign1.courses.add(course1) assign1.courses.add(course2) assign2.courses.add(course1) # Stupid test to begin with, glad this is replaced soon test.api_del_call( self, '/assignments/{}/?course_id={}'.format(str(assign1.pk), self.course.pk), login) assignment = Assignment.objects.get(pk=assign1.pk) self.assertEquals(assignment.courses.count(), 2) test.api_del_call( self, '/assignments/{}/?course_id={}'.format(self.course.pk, self.course.pk), login) self.assertEquals(Assignment.objects.filter(pk=assign1.pk).count(), 1)
def test_check_permission(self): """Test whether check_permission throws VLEPermissionError when it should throw.""" role = factory.make_role_default_no_perms("SD", self.course1, can_delete_course=True, can_have_journal=True) factory.make_participation(self.user, self.course1, role) self.user.check_permission('can_delete_course', self.course1) self.assertRaises(VLEPermissionError, self.user.check_permission, 'can_view_course_users', self.course1) self.user.check_permission('can_have_journal', self.assignment) self.assertRaises(VLEPermissionError, self.user.check_permission, 'can_grade', self.assignment)
def test_is_assignment_participant(self): """Test if is_participant correctly represent whether the user is participating in an assignment or not.""" role = factory.make_role_default_no_perms("SD", self.course_independent) factory.make_participation(self.user, self.course_independent, role) assert self.user.is_participant(self.assignment_independent) assert not self.user.is_participant(self.assignment)
def test_no_permissions(self): """Ensure the user has no permissions when given no permissions.""" role = factory.make_role_default_no_perms('SD', self.course_independent) factory.make_participation(self.user, self.course_independent, role) assert not self.user.has_permission('can_edit_institute_details') assert not self.user.has_permission('can_add_course') assert not self.user.has_permission('can_delete_course', self.course_independent) assert not self.user.has_permission('can_have_journal', self.assignment_independent)
def test_is_course_participant(self): """Test if is_participant correctly represents whether the user is participating in a course or not.""" role = factory.make_role_default_no_perms("SD", self.course_independent) factory.make_participation(self.user, self.course_independent, role) self.assertTrue(self.user.is_participant(self.course_independent)) self.assertFalse(self.user.is_participant(self.course1)) self.assertFalse(self.user.is_participant(self.course2))
def test_assignment_permission(self): """Test whether the user has only the given assignment permission.""" role = factory.make_role_default_no_perms("SD", self.course_independent, can_have_journal=True) factory.make_participation(self.user, self.course_independent, role) assert self.user.has_permission('can_have_journal', self.assignment_independent) assert not self.user.has_permission('can_add_course') assert not self.user.has_permission('can_edit_assignment', self.assignment_independent) self.assertRaises(VLEParticipationError, self.user.has_permission, 'can_have_journal', self.assignment)
def test_permission(self): """Test whether the user has only the given permission.""" role = factory.make_role_default_no_perms("SD", self.course_independent, can_delete_assignment=True) factory.make_participation(self.user, self.course_independent, role) assert self.user.has_permission('can_delete_assignment', self.course_independent) assert not self.user.has_permission('can_delete_course_user_group', self.course_independent) self.assertRaises(VLEParticipationError, self.user.has_permission, 'can_delete_assignment', self.course1) self.assertRaises(VLEParticipationError, self.user.has_permission, 'can_delete_assignment', self.course2)
def test_check_participation(self): """Tests whether check_participation throws VLEParticipationError when it should throw.""" role = factory.make_role_default_no_perms("SD", self.course1) factory.make_participation(self.user, self.course1, role) self.user.check_participation(self.course1) self.assertRaises(VLEParticipationError, self.user.check_participation, self.course_independent) self.assertRaises(VLEParticipationError, self.user.check_participation, self.course2) self.user.check_participation(self.assignment) self.assertRaises(VLEParticipationError, self.user.check_participation, self.assignment_independent)
def test_is_multi_participant(self): """Test if participating in one course does not implicitly participate the user in another course or assignment.""" role = factory.make_role_default_no_perms("SD", self.course1) factory.make_participation(self.user, self.course1, role) assert self.user.is_participant(self.course1) assert self.user.is_participant(self.assignment) assert not self.user.is_participant(self.course2) assert not self.user.is_participant(self.course_independent) assert not self.user.is_participant(self.assignment_independent)
def test_get_course_roles(self): """Test the get delete assignment function.""" teacher_user = '******' teacher_pass = '******' teacher = factory.make_user(teacher_user, teacher_pass, "*****@*****.**") factory.make_role_student("SD", self.course) factory.make_role_default_no_perms("HE", self.course) teacher_role = factory.make_role_teacher("TE", self.course) factory.make_participation(teacher, self.course, teacher_role) login = test.logging_in(self, teacher_user, teacher_pass) result = test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}) self.assertEquals(len(result.json()['roles']), 6) # permissions and authorization check for the api call. login = test.logging_in(self, self.no_perm_user, self.no_perm_pass) test.test_unauthorized_api_get_call(self, '/roles/', params={'course_id': 1}) test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}, status=403) test.api_get_call(self, '/roles/', login, params={'course_id': self.not_found_pk}, status=404) test.set_up_participation(self.no_permission_user, self.course, 'Student') test.api_get_call(self, '/roles/', login, params={'course_id': self.course.pk}, status=403)
def test_delete_group(self): """test create group.""" login = test.logging_in(self, self.username, self.password) course = factory.make_course("Portfolio Academische Vaardigheden", "PAV") role = factory.make_role_default_no_perms( "teacher", course, can_add_course_user_group=True, can_delete_course_user_group=True) factory.make_participation(user=self.user, course=course, role=role) factory.make_course_group('group1', course) factory.make_course_group('group2', course) test.api_del_call(self, '/groups/' + str(course.pk) + '/?group_name=group1', login)
def test_create_group(self): """test create group.""" login = test.logging_in(self, self.username, self.password) course = factory.make_course("Portfolio Academische Vaardigheden", "PAV") create_group_dict = {'name': 'TestGroup', 'course_id': course.pk} role = factory.make_role_default_no_perms( "teacher", course, can_add_course_user_group=True) factory.make_participation(user=self.user, course=course, role=role) test.api_post_call(self, '/groups/', params=create_group_dict, login=login, status=201) self.assertTrue( Group.objects.filter(name='TestGroup', course=course).exists())
def test_serialize(self): result = permissions.serialize_general_permissions(self.user) assert not result['can_edit_institute_details'] assert not result['can_add_course'] self.assertEqual(len(permissions.GENERAL_PERMISSIONS), len(result)) role = factory.make_role_default_no_perms("SD", self.course_independent, can_view_course_users=True, can_edit_assignment=True) factory.make_participation(self.user, self.course_independent, role) result = permissions.serialize_course_permissions(self.user, self.course_independent) assert result['can_view_course_users'] assert not result['can_edit_course_details'] self.assertEqual(len(permissions.COURSE_PERMISSIONS), len(result)) result = permissions.serialize_assignment_permissions(self.user, self.assignment_independent) assert result['can_edit_assignment'] assert not result['can_have_journal'] self.assertEqual(len(permissions.ASSIGNMENT_PERMISSIONS), len(result))
def test_delete_course(self): """Test delete_course""" login = test.logging_in(self, self.username, self.password) bb = factory.make_course("Beeldbewerken", "BB") factory.make_course("Portfolio Academische Vaardigheden", "PAV") role = factory.make_role_default_no_perms("teacher", bb, can_delete_course=True) factory.make_participation(user=self.user, course=bb, role=role) test.api_del_call(self, '/courses/' + str(bb.pk) + '/', login) self.assertEquals( Course.objects.filter(name="Beeldbewerken").count(), 1) self.assertEquals( Course.objects.filter( name="Portfolio Academische Vaardigheden").count(), 1)
def partial_update(self, request, pk): """Updates course roles. Arguments: request -- request data roles -- each role of the course that needs to be updated pk -- course ID Returns: On failure: unauthorized -- when the user is not logged in not found -- when the course does not exist forbidden -- when the user is not in the course forbidden -- when the user is unauthorized to edit its roles bad_request -- if On success: success -- list of all the roles in the course """ course = Course.objects.get(pk=pk) request.user.check_permission('can_edit_course_roles', course) roles_response = [] roles, = utils.required_params(request.data, 'roles') for new_role in roles: try: role = Role.objects.get(name=new_role['name'], course=course) except Role.DoesNotExist: role = factory.make_role_default_no_perms( new_role['name'], course) serializer = RoleSerializer(role, data=new_role, partial=True) if not serializer.is_valid(): response.bad_request() serializer.save() roles_response.append(serializer.data) return response.success({'roles': roles_response})
def delete_user_from_course(self): """Test delete_user_from_course""" login = test.logging_in(self, self.username, self.password) course = factory.make_course("Beeldbewerken", "BB") rein = factory.make_user("Rein", "123", "*****@*****.**") lars = factory.make_user("Lars", "123", "*****@*****.**") role = factory.make_role_default_no_perms("test", course) factory.make_participation(rein, course, role=role) factory.make_participation(lars, course, role=role) test.api_del_call(self, '/participations/' + str(course.pk) + '/', {'user_id': rein.user_role.pk}, login) participations = course.participation_set.all() participations = [ serialize.participation_to_dict(participation) for participation in participations ] self.assertEquals(participations.count(), 1) self.assertEquals(participations[0]['name'], 'Lars')
def test_permission_constraints(self): factory.make_role_default_no_perms("SD1", self.course1, can_have_journal=True) factory.make_role_default_no_perms("SD2", self.course1, can_view_all_journals=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SD3", self.course1, can_have_journal=True, can_view_all_journals=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SD4", self.course1, can_add_course_users=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SD5", self.course1, can_delete_course_users=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SD6", self.course1, can_edit_course_user_group=True) factory.make_role_default_no_perms("SD7", self.course1, can_add_course_users=True, can_view_course_users=True) factory.make_role_default_no_perms("SD8", self.course1, can_delete_course_users=True, can_view_course_users=True) factory.make_role_default_no_perms("SD9", self.course1, can_edit_course_user_group=True, can_view_course_users=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SDA", self.course1, can_grade=True) factory.make_role_default_no_perms("SDB", self.course1, can_grade=True, can_view_all_journals=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SDC", self.course1, can_publish_grades=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SDD", self.course1, can_publish_grades=True, can_view_all_journals=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SDE", self.course1, can_publish_grades=True, can_grade=True) factory.make_role_default_no_perms("SDF", self.course1, can_publish_grades=True, can_grade=True, can_view_all_journals=True) self.assertRaises(ValidationError, factory.make_role_default_no_perms, "SDG", self.course1, can_comment=True) factory.make_role_default_no_perms("SDH", self.course1, can_comment=True, can_view_all_journals=True) factory.make_role_default_no_perms("SDI", self.course1, can_comment=True, can_have_journal=True)