def test_non_admin_update_permission_denied(self):
patch_data = {
'name': 'adfasdflkj;lkj'
}
[staff] = obj_build.make_staff_users(self.course, 1)
self.do_patch_object_permission_denied_test(
self.ag_test_case, self.client, staff, self.url, patch_data)
def setUp(self):
super().setUp()
self.group = obj_build.make_group()
self.student = self.group.members.first()
self.project = self.group.project
ag_models.ExpectedStudentFile.objects.validate_and_create(
pattern='*', max_num_matches=10, project=self.project)
self.submitted_files = [SimpleUploadedFile('file{}'.format(i),
'waaaluigi{}'.format(i).encode())
for i in range(3)]
self.submission = obj_build.make_submission(
group=self.group,
submitted_files=self.submitted_files,
status=Submission.GradingStatus.finished_grading)
self.handgrading_rubric = hg_models.HandgradingRubric.objects.validate_and_create(
project=self.project
) # type: hg_models.HandgradingRubric
[self.admin] = obj_build.make_admin_users(self.project.course, 1)
[self.staff] = obj_build.make_staff_users(self.project.course, 1)
[self.handgrader] = obj_build.make_users(1)
self.project.course.handgraders.add(self.handgrader)
self.client = APIClient()
self.course = self.handgrading_rubric.project.course
self.url = reverse('handgrading_result',
kwargs={'group_pk': self.submission.group.pk})
def test_non_admin_create_permission_denied(self):
project = obj_build.make_project()
[staff] = obj_build.make_staff_users(project.course, 1)
self.do_permission_denied_create_test(
ag_models.RerunSubmissionsTask.objects, APIClient(), staff,
reverse('rerun_submissions_tasks',
kwargs={'project_pk': project.pk}), {})
def test_staff_valid_list_cmds(self):
[staff] = obj_build.make_staff_users(self.course, 1)
self.client.force_authenticate(staff)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual([self.cmd1.to_dict(), self.cmd2.to_dict()], response.data)
def test_admin_or_staff_or_handgrader_valid_create(self):
[admin] = obj_build.make_admin_users(self.course, 1)
[handgrader] = obj_build.make_handgrader_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
for user in admin, handgrader, staff:
response = self.do_create_object_test(
handgrading_models.AppliedAnnotation.objects,
self.client,
user,
self.url,
self.data,
check_data=False)
loaded = handgrading_models.AppliedAnnotation.objects.get(
pk=response.data['pk'])
self.assert_dict_contents_equal(loaded.to_dict(), response.data)
annotation = handgrading_models.Annotation.objects.get(
pk=self.data['annotation'])
self.assertEqual(annotation.to_dict(), loaded.annotation.to_dict())
response_location_dict = loaded.location.to_dict()
for non_modifiable in ["pk", "last_modified"]:
response_location_dict.pop(non_modifiable)
self.assertEqual(self.data["location"], response_location_dict)
def test_staff_user_roles(self):
[staff] = obj_build.make_staff_users(self.course, 1)
expected = self.expected_response_base()
expected['is_staff'] = True
self.do_get_object_test(self.client, staff, self.url, expected)
def test_non_admin_update_permission_denied(self):
[staff] = obj_build.make_staff_users(self.course, 1)
patch_data = {
'name': 'mcnaieoa;dk',
}
self.do_patch_object_permission_denied_test(
self.ag_test_cmd, self.client, staff, self.url, patch_data)
def test_copy_course(self):
proj1 = obj_build.make_project()
course = proj1.course
proj2 = obj_build.make_project(course)
admins = obj_build.make_admin_users(course, 4)
staff = obj_build.make_staff_users(course, 3)
students = obj_build.make_student_users(course, 5)
handgraders = obj_build.make_handgrader_users(course, 2)
self.assertNotEqual(0, course.staff.count())
self.assertNotEqual(0, course.students.count())
self.assertNotEqual(0, course.handgraders.count())
name = 'stove'
new_course = copy_course(course, name, Semester.summer, 2019)
self.assertEqual(name, new_course.name)
self.assertEqual(Semester.summer, new_course.semester)
self.assertEqual(2019, new_course.year)
self.assertCountEqual(admins, new_course.admins.all())
self.assertSequenceEqual([], new_course.staff.all())
self.assertSequenceEqual([], new_course.students.all())
self.assertSequenceEqual([], new_course.handgraders.all())
old_project_pks = {proj.pk for proj in course.projects.all()}
new_project_pks = {proj.pk for proj in new_course.projects.all()}
self.assertTrue(old_project_pks.isdisjoint(new_project_pks))
self.assertSetEqual({proj.name
for proj in course.projects.all()},
{proj.name
for proj in new_course.projects.all()})
def test_admin_or_staff_or_handgrader_valid_get(self):
[admin] = obj_build.make_admin_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
[handgrader] = obj_build.make_handgrader_users(self.course, 1)
for user in admin, staff, handgrader:
self.do_get_object_test(self.client, user, self.url,
self.applied_annotation.to_dict())
def test_non_admin_update_permission_denied(self):
patch_data = {
'max_points': 30,
}
[staff] = obj_build.make_staff_users(self.course, 1)
self.do_patch_object_permission_denied_test(self.handgrading_rubric,
self.client, staff,
self.url, patch_data)
def test_admin_or_staff_valid_create_without_location(self):
[admin] = obj_build.make_admin_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
data = {"text": "Sample comment text."}
for user in admin, staff:
self.do_create_object_test(handgrading_models.Comment.objects,
self.client, user, self.url, data)
def test_non_admin_list_project_download_tasks_permission_denied(self):
[staff] = obj_build.make_staff_users(self.project.course, 1)
[handgrader] = obj_build.make_handgrader_users(self.project.course, 1)
url = reverse('project-download-tasks', kwargs={'pk': self.project.pk})
for user in staff, handgrader:
self.client.force_authenticate(user)
response = self.client.get(url)
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_non_admin_set_order_permission_denied(self):
[staff] = obj_build.make_staff_users(self.course, 1)
self.client.force_authenticate(staff)
original_order = list(self.ag_test_case.get_agtestcommand_order())
response = self.client.put(self.url, original_order[::-1])
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
self.assertSequenceEqual(original_order, self.ag_test_case.get_agtestcommand_order())
def setUp(self):
super().setUp()
self.project = obj_build.make_project(max_group_size=2)
self.course = self.project.course
self.student_users = unsorted_users(obj_build.make_student_users(self.course, 2))
self.staff_users = unsorted_users(obj_build.make_staff_users(self.course, 2))
self.guest_group = obj_build.make_users(2)
def test_non_admin_set_order_permission_denied(self):
[staff] = obj_build.make_staff_users(self.project.course, 1)
self.client.force_authenticate(staff)
response = self.client.put(self.url, self.suite_pks[::-1])
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
self.assertSequenceEqual(self.suite_pks,
self.project.get_studenttestsuite_order())
def test_non_admin_update_permission_denied(self):
patch_data = {
"short_description": "Changing short description.",
"long_description": "Changing loooooooong description.",
"points": 40,
}
[staff] = obj_build.make_staff_users(self.course, 1)
self.do_patch_object_permission_denied_test(
self.criterion, self.client, staff, self.url, patch_data)
def test_non_admin_create_permission_denied(self):
[staff] = obj_build.make_staff_users(self.project.course, 1)
self.do_permission_denied_create_test(ag_models.AGTestSuite.objects,
self.client, staff, self.url,
self.create_data)
[enrolled] = obj_build.make_student_users(self.project.course, 1)
self.do_permission_denied_create_test(ag_models.AGTestSuite.objects,
self.client, enrolled, self.url,
self.create_data)
def setUp(self):
super().setUp()
self.course = obj_build.make_course()
self.client = APIClient()
self.url = reverse('course-handgraders', kwargs={'pk': self.course.pk})
[self.admin] = obj_build.make_admin_users(self.course, 1)
[self.staff] = obj_build.make_staff_users(self.course, 1)
[self.student] = obj_build.make_student_users(self.course, 1)
[self.guest] = obj_build.make_users(1)
def test_non_admin_create_permission_denied(self):
[enrolled] = obj_build.make_student_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
[handgrader] = obj_build.make_users(1)
self.project.course.handgraders.add(handgrader)
for user in [enrolled, staff, handgrader]:
self.do_permission_denied_create_test(
handgrading_models.HandgradingRubric.objects, self.client,
user, self.url, self.data)
def test_non_admin_create_permission_denied(self):
data = {'name': 'advnaieroa'}
[staff] = obj_build.make_staff_users(self.ag_test_suite.project.course, 1)
self.do_permission_denied_create_test(
ag_models.AGTestCase.objects, self.client, staff, self.url, data)
[enrolled] = obj_build.make_student_users(self.ag_test_suite.project.course, 1)
self.do_permission_denied_create_test(
ag_models.AGTestCase.objects, self.client, enrolled, self.url, data)
def test_admin_or_staff_or_handgrader_valid_list_comments(self):
[admin] = obj_build.make_admin_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
[handgrader] = obj_build.make_handgrader_users(self.course, 1)
for user in admin, handgrader, staff:
self.client.force_authenticate(user)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual(self.comment.to_dict(), response.data[0])
def test_staff_valid_retrieve(self):
[staff] = obj_build.make_staff_users(self.course, 1)
[admin] = obj_build.make_admin_users(self.course, 1)
[handgrader] = obj_build.make_users(1)
self.handgrading_rubric.project.course.handgraders.add(handgrader)
for user in [admin, staff, handgrader]:
self.client.force_authenticate(user)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual(self.handgrading_rubric.to_dict(),
response.data)
def test_admin_or_staff_or_handgrader_update_bad_values(self):
bad_data = {
"location": "Not an editable field!",
}
[admin] = obj_build.make_admin_users(self.course, 1)
[handgrader] = obj_build.make_handgrader_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
for user in admin, staff, handgrader:
self.do_patch_object_invalid_args_test(self.applied_annotation,
self.client, user, self.url,
bad_data)
def test_non_admin_permission_denied(self):
[staff] = obj_build.make_staff_users(self.project.course, 1)
self.client.force_authenticate(staff)
response = self.client.post(
reverse('project-all-submission-scores',
kwargs={'pk': self.project.pk}))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
response = self.client.post(
reverse('project-ultimate-submission-scores',
kwargs={'pk': self.project.pk}))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_staff_get_order(self):
[staff] = obj_build.make_staff_users(self.course, 1)
self.client.force_authenticate(staff)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual([self.cmd1.pk, self.cmd2.pk], response.data)
new_order = [self.cmd2.pk, self.cmd1.pk]
self.ag_test_case.set_agtestcommand_order(new_order)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual(new_order, response.data)
def test_non_admin_create_permission_denied(self):
data = {
'name': 'xcm,vnm,xczv',
'cmd': 'echo "wow"',
}
[staff] = obj_build.make_staff_users(self.course, 1)
self.do_permission_denied_create_test(
ag_models.AGTestCommand.objects, self.client, staff, self.url, data)
[enrolled] = obj_build.make_student_users(self.course, 1)
self.do_permission_denied_create_test(
ag_models.AGTestCommand.objects, self.client, enrolled, self.url, data)
def test_admin_or_staff_valid_create_with_location(self):
[admin] = obj_build.make_admin_users(self.course, 1)
[staff] = obj_build.make_staff_users(self.course, 1)
for user in admin, staff:
response = self.do_create_object_test(
handgrading_models.Comment.objects,
self.client,
user,
self.url,
self.data,
check_data=False)
self._check_valid_comment_with_location_created(response)
def test_non_admin_set_order_permission_denied(self):
[staff] = obj_build.make_staff_users(self.course, 1)
[enrolled] = obj_build.make_student_users(self.course, 1)
[handgrader] = obj_build.make_handgrader_users(self.course, 1)
for user in staff, enrolled, handgrader:
self.client.force_authenticate(user)
original_order = list(self.handgrading_rubric.get_criterion_order())
response = self.client.put(self.url, original_order[::-1])
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
self.assertSequenceEqual(original_order, self.handgrading_rubric.get_criterion_order())
def test_staff_get_order(self):
[staff] = obj_build.make_staff_users(self.project.course, 1)
self.client.force_authenticate(staff)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual(self.suite_pks, response.data)
new_order = self.suite_pks[::-1]
self.project.set_studenttestsuite_order(new_order)
response = self.client.get(self.url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual(new_order, response.data)
def test_non_admin_get_download_task_result_permission_denied(self):
[admin] = obj_build.make_admin_users(self.project.course, 1)
[staff] = obj_build.make_staff_users(self.project.course, 1)
task = ag_models.DownloadTask.objects.validate_and_create(
project=self.project,
creator=admin,
download_type=ag_models.DownloadType.all_scores,
progress=100)
url = reverse('download_tasks-result', kwargs={'pk': task.pk})
self.client.force_authenticate(staff)
response = self.client.get(url)
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)