def test_access_permitted_for_active_flag(self):
user = User.objects.create_user('testuser', password='******')
self.assertEqual(len(Batch.access_permitted_for(user)), 0)
active_project = Project.objects.create()
inactive_project = Project.objects.create(active=False)
Batch.objects.create(
active=False,
project=active_project,
)
self.assertEqual(len(Batch.access_permitted_for(user)), 0)
Batch.objects.create(active=False, project=inactive_project)
self.assertEqual(len(Batch.access_permitted_for(user)), 0)
Batch.objects.create(active=True, project=inactive_project)
self.assertEqual(len(Batch.access_permitted_for(user)), 0)
Batch.objects.create(
active=True,
project=active_project,
)
self.assertEqual(len(Batch.access_permitted_for(user)), 1)
def test_available_tasks_for_anon_user(self):
anon_user = AnonymousUser()
user = User.objects.create_user('user', password='******')
self.assertEqual(len(Batch.access_permitted_for(user)), 0)
batch_protected = Batch.objects.create(
active=True,
login_required=True,
project=self.project
)
self.assertEqual(len(Batch.access_permitted_for(anon_user)), 0)
self.assertEqual(len(Batch.access_permitted_for(user)), 1)
Task.objects.create(batch=batch_protected)
self.assertEqual(len(batch_protected.available_tasks_for(anon_user)), 0)
self.assertEqual(
Batch.available_task_counts_for(self.batch_query, anon_user)[batch_protected.id], 0)
self.assertEqual(len(batch_protected.available_tasks_for(user)), 1)
self.assertEqual(
Batch.available_task_counts_for(self.batch_query, user)[batch_protected.id], 1)
batch_unprotected = Batch.objects.create(
active=True,
login_required=False,
project=self.project
)
Task.objects.create(batch=batch_unprotected)
self.assertEqual(len(Batch.access_permitted_for(anon_user)), 1)
self.assertEqual(len(Batch.access_permitted_for(user)), 2)
self.assertEqual(len(batch_unprotected.available_tasks_for(anon_user)), 1)
self.assertEqual(
Batch.available_task_counts_for(self.batch_query, anon_user)[batch_unprotected.id], 1)
self.assertEqual(len(batch_unprotected.available_tasks_for(user)), 1)
self.assertEqual(
Batch.available_task_counts_for(self.batch_query, user)[batch_unprotected.id], 1)
def test_access_permitted_for_login_required(self):
anonymous_user = AnonymousUser()
self.assertEqual(len(Batch.access_permitted_for(anonymous_user)), 0)
project = Project.objects.create()
Batch.objects.create(login_required=True, project=project)
self.assertEqual(len(Batch.access_permitted_for(anonymous_user)), 0)
authenticated_user = User.objects.create_user('testuser', password='******')
self.assertEqual(len(Batch.access_permitted_for(authenticated_user)), 1)
def index(request):
"""
Security behavior:
- Anyone can access the page, but the page only shows the user
information they have access to.
"""
abandoned_assignments = []
if request.user.is_authenticated:
for ha in TaskAssignment.objects.filter(
assigned_to=request.user).filter(completed=False):
abandoned_assignments.append({
'task': ha.task,
'task_assignment_id': ha.id
})
batch_list = Batch.access_permitted_for(request.user)
batch_query = Batch.objects.filter(id__in=[b.id for b in batch_list])
available_task_counts = Batch.available_task_counts_for(
batch_query, request.user)
batch_rows = []
for batch in batch_query.values('created_at', 'id', 'name',
'project__name'):
total_tasks_available = available_task_counts[batch['id']]
if total_tasks_available > 0:
batch_rows.append({
'project_name':
batch['project__name'],
'batch_name':
batch['name'],
'batch_published':
batch['created_at'],
'assignments_available':
total_tasks_available,
'preview_next_task_url':
reverse('preview_next_task', kwargs={'batch_id': batch['id']}),
'accept_next_task_url':
reverse('accept_next_task', kwargs={'batch_id': batch['id']})
})
return render(request, 'index.html', {
'abandoned_assignments': abandoned_assignments,
'batch_rows': batch_rows
})
