def test_access_api_can_manage_moderators_update_student_no_session(self):
"""Users with no session can't update user"""
update_user = UserFactory()
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
# Assign student group to user
lti_context.sync_user_groups(update_user, ["student"])
# Assign the permission
assign_perm("can_manage_moderator", api_user, forum, True)
#
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 403)
content = json.loads(response.content)
self.assertEqual(
content,
{"detail": "Authentication credentials were not provided."})
# Create the session and it should work
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
def test_access_api_can_manage_moderators_update_student_no_group_moderator(
self):
"""If moderator group doesn't exist user can be updated and group created
Case for forum created before this feature"""
update_user = UserFactory()
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
# Add group student
lti_context.sync_user_groups(update_user, ["student"])
# Assign the permission
assign_perm("can_manage_moderator", api_user, forum, True)
# Creates the session
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
# Data to promote user to moderator
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
def test_access_api_update_instructor_patch(self):
"""
Standard instructor call to patch user is allowed but doesn't change anything,
as serializer's attributes are read-only.
"""
# Creates a forum
user = UserFactory(id=1, public_username="******")
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
lti_context.sync_user_groups(user, ["instructor"])
assign_perm("can_manage_moderator", user, forum, True)
# Creates the session
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
data = {"id": 10, "public_username": "******"}
response = self.client.patch(
f"/api/v1.0/users/{user.id}/",
json.dumps(data),
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), {"id": 1, "public_username": "******"})
def test_access_api_update_instructor_post(self):
"""Post to update user is not allowed even for an instructor."""
# Creates a forum
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
lti_context.sync_user_groups(user, ["instructor"])
assign_perm("can_manage_moderator", user, forum, True)
# Creates the session
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
response = self.client.post(
f"/api/v1.0/users/{user.id}/",
content_type="application/json",
)
self.assertEqual(response.status_code, 405)
self.assertEqual(response.json(),
{"detail": 'Method "POST" not allowed.'})
def test_get_user_roles_other_context(self):
"""get_user_roles should return the list of the roles names without the specific
patterns cg:{context.id}:role: only the label of the roles and only for the
current context"""
lti_consumer = LTIConsumerFactory()
context = LTIContextFactory(lti_consumer=lti_consumer)
context2 = LTIContextFactory(lti_consumer=lti_consumer)
# Create user
user = UserFactory(lti_consumer=lti_consumer)
# Sync user groups in context with multiple roles
context.sync_user_groups(user, ["role1", "role2"])
# Sync user groups in context2 with other roles)
context2.sync_user_groups(user, ["newgroup"])
# check that the list of roles is returned
self.assertCountEqual(
["role1", "role2"],
context.get_user_roles(user),
)
self.assertCountEqual(
["newgroup"],
context2.get_user_roles(user),
)
def test_get_user_roles(self):
"""get_user_roles should return the list of the roles names
without the specific patterns cg:{context.id}:role: only the label
of the roles
"""
lti_consumer = LTIConsumerFactory()
context = LTIContextFactory(lti_consumer=lti_consumer)
# Create two users
user = UserFactory(lti_consumer=lti_consumer)
user2 = UserFactory(lti_consumer=lti_consumer)
# Sync user groups in context with multiple roles
context.sync_user_groups(user, ["role1", "role2"])
# check that the list of roles is returned
self.assertCountEqual(
["role1", "role2"],
context.get_user_roles(user),
)
# add an extra group
instructor_group = Group.objects.create(
name=f"{context.base_group_name}:role:instructor")
user.groups.add(instructor_group)
# check that the list of roles is returned
self.assertCountEqual(
["role1", "role2", "instructor"],
context.get_user_roles(user),
)
# check that group that are not roles get ignored
other_group = Group.objects.create(
name=f"{context.base_group_name}:other)")
user2.groups.add(other_group)
self.assertCountEqual(
[],
context.get_user_roles(user2),
)
def test_can_tell_if_the_user_is_instructor_of_this_forum():
"""
Given two users. User1 is student of the forum, User2 is instructor.
We control that is_user_instructor can detect if a user is an instructor.
Then a forum can be part of multiple contexts. If a user is instructor in one context,
he is considered intructor of this forum in all contexts. We add a new context to the forum
where user is instructor and test that user is now considered as instructor
"""
# load template
def get_rendered(topic, user):
template = Template(
"{% load custom_tags %}" +
"{% if topic|is_user_instructor:user %}YES{% else %}NO{% endif %}"
)
context = Context({"topic": topic, "user": user})
rendered = template.render(context)
return rendered
lti_consumer = LTIConsumerFactory()
# Create two LTI Context
context1 = LTIContextFactory(lti_consumer=lti_consumer)
context2 = LTIContextFactory(lti_consumer=lti_consumer)
# Create two users
user1 = UserFactory(lti_consumer=lti_consumer)
user2 = UserFactory(lti_consumer=lti_consumer)
# Sync user1 groups in context1 with role "student"
context1.sync_user_groups(user1, ["student"])
# Sync user1 groups in context2 with role "instructor"
context2.sync_user_groups(user1, ["instructor"])
# Sync user2 groups in context1 with role "instructor"
context1.sync_user_groups(user2, ["instructor"])
# Create forum and add context1
forum = ForumFactory(name="Initial forum name")
forum.lti_contexts.add(context1)
# Set up topic
topic = TopicFactory(forum=forum,
poster=user1,
subject="topic création")
# Chek that user1 is not instructor
assert get_rendered(topic, user1) == "NO"
# Chek that user2 is instructor
assert get_rendered(topic, user2) == "YES"
# Add forum to context2 where user1 has role "instructor"
forum.lti_contexts.add(context2)
# Check that user1 is now instructor as well
assert get_rendered(topic, user1) == "YES"
def test_forum_moderation_list_forums_view(self):
"""
Create forum in different LTIContext, make sure user can't move topics into it,
even if he has access to this forum.
"""
user = UserFactory()
lti_context1 = LTIContextFactory(lti_consumer=user.lti_consumer)
lti_context2 = LTIContextFactory(lti_consumer=user.lti_consumer)
forum1Lti1 = ForumFactory(name="Forum1")
forum2Lti1 = ForumFactory(name="Forum2")
forum3Lti2 = ForumFactory(name="Forum3")
forum4Lti2 = ForumFactory(name="Forum4")
# User is instructor in both forums
lti_context1.sync_user_groups(user, ["instructor"])
lti_context2.sync_user_groups(user, ["instructor"])
# Assign permission to the group for this forum
self._init_forum(forum1Lti1, lti_context1)
self._init_forum(forum2Lti1, lti_context1)
self._init_forum(forum3Lti2, lti_context2)
self._init_forum(forum4Lti2, lti_context2)
# Create a post for a topic part of lti_context1
topicForumLti1 = TopicFactory(forum=forum1Lti1)
PostFactory(topic=topicForumLti1, )
# Create a post for a topic part of lti_context2
topicForumLti2 = TopicFactory(forum=forum3Lti2)
PostFactory(topic=topicForumLti2, )
# Create the session and log in lti_context1
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context1.id
session.save()
# Requests url to move the topic
response = self.client.get(
f"/forum/moderation/topic/{topicForumLti1.slug}-{topicForumLti1.id}/move/"
)
# Checks we are on the right page
self.assertContains(response, "Move topic", html=True)
# Forum2 part of lti_context1 should be proposed not the others
self.assertContains(response, forum2Lti1.name)
self.assertNotContains(response, forum3Lti2.name)
self.assertNotContains(response, forum4Lti2.name)
# Change the session to connect user to lti_context2
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context2.id
session.save()
# Forum4 part of lti_context2 should be proposed not the others
response = self.client.get(
f"/forum/moderation/topic/{topicForumLti2.slug}-{topicForumLti2.id}/move/"
)
self.assertContains(response, forum4Lti2.name)
self.assertNotContains(response, forum2Lti1.name)
self.assertNotContains(response, forum1Lti1.name)
def test_forum_moderation_list_forums_with_deleted_form(self):
"""
Create three forums in the same LTIContext and archive one. Load the form to choose
to which forum the user wants to move the topic. Control that the forum deleted is
not part of the choice.
"""
user = UserFactory()
lti_context = LTIContextFactory(lti_consumer=user.lti_consumer)
forum1 = ForumFactory(name="Forum1")
forum2 = ForumFactory(name="Forum2")
forum3 = ForumFactory(name="Forum3")
lti_context.sync_user_groups(user, ["instructor"])
# Assign permission to the group for this forum
self._init_forum(forum1, lti_context)
self._init_forum(forum2, lti_context)
self._init_forum(forum3, lti_context)
# Create a post for a topic part of lti_context
topicForum1 = TopicFactory(forum=forum1)
PostFactory(topic=topicForum1, )
topicForum2 = TopicFactory(forum=forum2)
PostFactory(topic=topicForum2, )
topicForum3 = TopicFactory(forum=forum3)
PostFactory(topic=topicForum3, )
# Create the session and logged in lti_context
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
form = TopicMoveForm(user=user,
lti_context=lti_context,
topic=topicForum1)
# Check that only the forum that is allowed is proposed as choice
self.assertEqual(
form.fields["forum"].choices,
[
(forum1.id, {
"label": " Forum1",
"disabled": True
}),
(
forum2.id,
"{} {}".format("-" * forum2.margin_level, forum2.name),
),
(
forum3.id,
"{} {}".format("-" * forum3.margin_level, forum3.name),
),
],
)
# Archive the forum2
forum2.archived = True
forum2.save()
form = TopicMoveForm(user=user,
lti_context=lti_context,
topic=topicForum1)
# Check that forum2 is not proposed as choice anymore as it has been archived
self.assertEqual(
form.fields["forum"].choices,
[
(forum1.id, {
"label": " Forum1",
"disabled": True
}),
(
forum3.id,
"{} {}".format("-" * forum3.margin_level, forum3.name),
),
],
)
# We try to move topic from forum1 to forum2 even if forum2 has been archived
response = self.client.post(
f"/forum/moderation/topic/{topicForum1.slug}-{topicForum1.id}/move/",
data={"forum": {forum2.id}},
follow=True,
)
self.assertEqual(response.status_code, 200)
# Control that we get an error and the move is not executed
self.assertContains(
response,
f"Select a valid choice. {forum2.id} is not one of the available choices.",
html=True,
)
def test_forum_moderation_list_forums_form(self):
"""
Create forum in different LTIContext. Load the form to choose to which forum
user wants to move the topic. Try to move it to a forum that is not allowed and
control that it's not possible.
"""
user = UserFactory()
lti_context1 = LTIContextFactory(lti_consumer=user.lti_consumer)
lti_context2 = LTIContextFactory(lti_consumer=user.lti_consumer)
forum1Lti1 = ForumFactory(name="Forum1")
forum2Lti1 = ForumFactory(name="Forum2")
forum3Lti2 = ForumFactory(name="Forum3")
# User is instructor in both forums
lti_context1.sync_user_groups(user, ["instructor"])
lti_context2.sync_user_groups(user, ["instructor"])
# Assign permission to the group for this forum
self._init_forum(forum1Lti1, lti_context1)
self._init_forum(forum2Lti1, lti_context1)
self._init_forum(forum3Lti2, lti_context2)
# Create a post for a topic part of lti_context1
topicForumLti1 = TopicFactory(forum=forum1Lti1)
PostFactory(topic=topicForumLti1, )
# Create the session and logged in lti_context1
self.client.force_login(user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context1.id
session.save()
form = TopicMoveForm(user=user,
lti_context=lti_context1,
topic=topicForumLti1)
# Check that only the forum that is allowed is proposed as choice
self.assertEqual(
form.fields["forum"].choices,
[
(forum1Lti1.id, {
"label": " Forum1",
"disabled": True
}),
(
forum2Lti1.id,
"{} {}".format("-" * forum2Lti1.margin_level,
forum2Lti1.name),
),
],
)
# We move the forum to topic2 part of the same lti_context1
response = self.client.post(
f"/forum/moderation/topic/{topicForumLti1.slug}-{topicForumLti1.id}/move/",
data={"forum": {forum2Lti1.id}},
follow=True,
)
self.assertEqual(response.status_code, 200)
self.assertContains(response,
"This topic has been moved successfully.")
# We force the request on the forum that is not allowed
response = self.client.post(
f"/forum/moderation/topic/{topicForumLti1.slug}-{topicForumLti1.id}/move/",
data={"forum": {forum3Lti2.id}},
follow=True,
)
self.assertEqual(response.status_code, 200)
# Controls that we get an error and the move is not executed
self.assertContains(
response,
f"Select a valid choice. {forum3Lti2.id} is not one of the available choices.",
html=True,
)
def test_sync_user_groups(self):
"""Test group synchronization"""
# Create a LTI Consumer
lti_consumer = LTIConsumerFactory()
# Create 2 LTI Contexts for lti_consumer
context1 = LTIContextFactory(lti_consumer=lti_consumer)
context2 = LTIContextFactory(lti_consumer=lti_consumer)
# Create an unrelated django group
unrelated_group = Group.objects.create(name="unrelated_django_group")
# Initialize a user with no group
user = UserFactory(lti_consumer=lti_consumer)
self.assertEqual(0, user.groups.count())
# Sync user groups in context1 with role "student"
context1.sync_user_groups(user, ["student"])
self.assertCountEqual(
[
context1.base_group_name,
f"{context1.base_group_name}:role:student"
],
list(user.groups.values_list("name", flat=True)),
)
# Add the user to an unrelated django group
user.groups.add(unrelated_group)
# Sync user groups in context2 with multiple roles
context2.sync_user_groups(user, ["role1", "role2"])
self.assertCountEqual(
[
unrelated_group.name,
context1.base_group_name,
f"{context1.base_group_name}:role:student",
context2.base_group_name,
f"{context2.base_group_name}:role:role1",
f"{context2.base_group_name}:role:role2",
],
list(user.groups.values_list("name", flat=True)),
)
# Sync user groups in context 2 with another role
context2.sync_user_groups(user, ["instructor"])
self.assertCountEqual(
[
unrelated_group.name,
context1.base_group_name,
f"{context1.base_group_name}:role:student",
context2.base_group_name,
f"{context2.base_group_name}:role:instructor",
],
list(user.groups.values_list("name", flat=True)),
)
# Sync user groups in context 1 with no role
context1.sync_user_groups(user, [])
self.assertCountEqual(
[
unrelated_group.name,
context1.base_group_name,
context2.base_group_name,
f"{context2.base_group_name}:role:instructor",
],
list(user.groups.values_list("name", flat=True)),
)
# Create another LTIConsumer
lti_consumer2 = LTIConsumerFactory()
# Create a LTI Context for lti_consumer2
context3 = LTIContextFactory(lti_consumer=lti_consumer2)
# Create a user for this LTI Context
user2 = UserFactory(lti_consumer=lti_consumer2)
# Check the PermissionDenied gets called as the user in not part of this LTIContext
with self.assertRaises(PermissionDenied):
context3.sync_user_groups(user, ["instructor"])
# Check the PermissionDenied gets called as the user in not part of this LTIContext
with self.assertRaises(PermissionDenied):
context2.sync_user_groups(user2, [])
def test_sync_user_with_internal_moderators_groups(self):
"""
Test that internal group moderator doesn't get removed using sync_user_groups
"""
lti_consumer = LTIConsumerFactory()
context = LTIContextFactory(lti_consumer=lti_consumer)
# Initialize a user with no group
user = UserFactory(lti_consumer=lti_consumer)
self.assertEqual(0, user.groups.count())
# Sync user groups in context with role "student"
context.sync_user_groups(user, ["student"])
self.assertCountEqual(
[
context.base_group_name,
f"{context.base_group_name}:role:student"
],
list(user.groups.values_list("name", flat=True)),
)
# Add the user to moderator group
group_moderator_name = context.get_group_role_name(
_FORUM_ROLE_MODERATOR)
group_moderator = Group.objects.create(name=group_moderator_name)
user.groups.add(group_moderator)
user.save()
# confirm group has been added
self.assertCountEqual(
[
context.base_group_name,
f"{context.base_group_name}:role:student",
f"{context.base_group_name}:role:moderator",
],
list(user.groups.values_list("name", flat=True)),
)
# Sync user groups in context with funnyrole group
context.sync_user_groups(user, ["funnyrole"])
self.assertCountEqual(
["funnyrole", "moderator"],
context.get_user_roles(user),
)
# User should still have the moderator group
self.assertCountEqual(
[
context.base_group_name,
f"{context.base_group_name}:role:funnyrole",
f"{context.base_group_name}:role:moderator",
],
list(user.groups.values_list("name", flat=True)),
)
# creates a new context
context2 = LTIContextFactory(lti_consumer=lti_consumer)
context2.sync_user_groups(user, ["instructor"])
# moderator group should not exist in this context
self.assertCountEqual(
[
context.base_group_name,
f"{context.base_group_name}:role:funnyrole",
f"{context.base_group_name}:role:moderator",
context2.base_group_name,
f"{context2.base_group_name}:role:instructor",
],
list(user.groups.values_list("name", flat=True)),
)
class ForumConversationTestPostCreateView(TestCase):
"""Test post form of a forum overridden from django_machina"""
def setUp(self):
super().setUp()
# Setup
# Create consumer, context and user
self.lti_consumer = LTIConsumerFactory()
self.context = LTIContextFactory(lti_consumer=self.lti_consumer)
# Create forum and add context
self.forum = ForumFactory(name="Forum")
self.forum.lti_contexts.add(self.context)
def test_list_active_users_empty_topic_with_no_post(self):
"""
The form loads the list of active users for the current topic. We control that the list
is empty when topic has no post
"""
# Setup
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
self.context.sync_user_groups(user1, ["student"])
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user1)
# Load PostForm for user1
form = PostForm(user=user1, forum=self.forum, topic=topic)
# No post created yet, mentions should be empty
assert form.fields["content"].widget.attrs["mentions"] == []
def test_list_active_users_ignore_current_user(self):
"""
The form loads the list of active users for the current topic. We control that the list
ignores the current user
"""
# Setup
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user2 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user2, ["student"])
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user1)
# Add a Post for user1
PostFactory(topic=topic, poster=user1)
# User2 loads the form
form = PostForm(user=user2, forum=self.forum, topic=topic)
# User1 must be listed in users
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Benoit",
"user": user1.id,
}
]
# User1 loads the form
form = PostForm(user=user1, forum=self.forum, topic=topic)
# Check current user is ignored in the list
assert form.fields["content"].widget.attrs["mentions"] == []
def test_list_active_users_ordered_by_alphabetical_order(self):
"""
The form loads the list of active users for the current topic. We control that the list is
rendered in alphabetical order
"""
# Setup
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user2 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user3 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user4 = UserFactory(lti_consumer=self.lti_consumer)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user2, ["student"])
self.context.sync_user_groups(user3, ["student"])
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user1)
# Add post with user1
PostFactory(topic=topic, poster=user1)
# user2 loads the form
form = PostForm(
user=user2,
forum=self.forum,
topic=topic,
)
# user2 sees user1
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Benoit",
"user": user1.id,
},
]
# Add posts from user2
PostFactory(topic=topic, poster=user2)
# Load form from user 3
form = PostForm(user=user3, forum=self.forum, topic=topic)
# Alfred should be before Benoit
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
{
"name": "Benoit",
"user": user1.id,
},
]
# Add posts from user3
PostFactory(topic=topic, poster=user3)
form = PostForm(user=user4, forum=self.forum, topic=topic)
# Alfred should be before Aurélien and before Benoit
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
{
"name": "Aurélien",
"user": user3.id,
},
{
"name": "Benoit",
"user": user1.id,
},
]
# Loads topic form loaded when editing first post
form = TopicForm(user=user4, forum=self.forum, topic=topic)
# we should have the list of users identical than when post form is loaded
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
{
"name": "Aurélien",
"user": user3.id,
},
{
"name": "Benoit",
"user": user1.id,
},
]
def test_list_active_users_has_distinct_users(self):
"""
The form loads the list of active users for the current topic. We control that the list
only contains distinct users
"""
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user2 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user2, ["student"])
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user1)
# Add three posts from user1 and two from user2
initial_post_count = Post.objects.count()
PostFactory(topic=topic, poster=user1)
PostFactory(topic=topic, poster=user1)
PostFactory(topic=topic, poster=user1)
PostFactory(topic=topic, poster=user2)
PostFactory(topic=topic, poster=user2)
# Confirms Posts got created
self.assertEqual(Post.objects.count(), initial_post_count + 5)
# user2 loads the form
form = PostForm(user=user2, forum=self.forum, topic=topic)
# user2 only see one time user1
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Benoit",
"user": user1.id,
}
]
# user2 loads topic form loaded when editing first post
form = TopicForm(user=user2, forum=self.forum, topic=topic)
# we should have the list of users identical than when post form is loaded
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Benoit",
"user": user1.id,
}
]
# user1 loads the form
form = PostForm(user=user1, forum=self.forum, topic=topic)
# user1 only see one time user1
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
]
# user1 loads topic form loaded when editing first post
form = TopicForm(user=user1, forum=self.forum, topic=topic)
# we should have the list of users identical than when post form is loaded
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
]
def test_list_active_users_only_concerns_writer_of_current_topic(self):
"""
The form loads the list of active users for the current topic. We control that the list
only contains writers involved in the current topic and no other users
"""
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user2 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user3 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user4 = UserFactory(
lti_consumer=self.lti_consumer,
)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user2, ["student"])
self.context.sync_user_groups(user3, ["student"])
self.context.sync_user_groups(user4, ["student"])
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user1)
# Add two posts for topic
PostFactory(topic=topic, poster=user1)
PostFactory(topic=topic, poster=user2)
# user4 loads the form
form = PostForm(user=user4, forum=self.forum, topic=topic)
# Two users should be listed
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
{
"name": "Benoit",
"user": user1.id,
},
]
# Set up new topic and initial post with user3
topic2 = TopicFactory(forum=self.forum, poster=user3)
PostFactory(topic=topic2, poster=user3)
# user4 loads the form for topic2
form = PostForm(
user=user4,
forum=self.forum,
topic=topic2,
)
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Aurélien",
"user": user3.id,
}
]
# user4 loads topic, nothing should have changed as user3 only posted in another topic
form = PostForm(
user=user4,
forum=self.forum,
topic=topic,
)
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
{
"name": "Benoit",
"user": user1.id,
},
]
# user4 loads topic form loaded when editing first post
form = TopicForm(user=user4, forum=self.forum, topic=topic)
# we should have the list of users identical than when post form is loaded
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Alfred",
"user": user2.id,
},
{
"name": "Benoit",
"user": user1.id,
},
]
def test_list_active_users_only_concerns_users_with_approved_posts(self):
"""
The form loads the list of active users for the current topic. We control that the list
only concerns users that have approved posts
"""
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user2 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user2, ["student"])
topic = TopicFactory(forum=self.forum, poster=user1)
post = PostFactory(topic=topic, poster=user1)
form = PostForm(user=user2, forum=self.forum, topic=topic)
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Benoit",
"user": user1.id,
}
]
# Post of user1 gets unapproved
post.approved = False
post.save()
# Load form from user2
form = PostForm(
user=user2,
forum=self.forum,
topic=topic,
)
# List of active users should be empty
assert form.fields["content"].widget.attrs["mentions"] == []
def test_list_active_users_only_concerns_active_users(self):
"""
The form loads the list of active users for the current topic. We control that the list
only concerns users that have the status active
"""
user1 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
user2 = UserFactory(
lti_consumer=self.lti_consumer,
public_username="******",
)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user2, ["student"])
topic = TopicFactory(forum=self.forum, poster=user1)
# controls form topic, the one loaded when there's no post
form = TopicForm(user=user2, forum=self.forum, topic=topic)
assert form.fields["content"].widget.attrs.get("mentions", None) is None
# controls post topic
PostFactory(topic=topic, poster=user1)
form = PostForm(user=user2, forum=self.forum, topic=topic)
assert form.fields["content"].widget.attrs["mentions"] == [
{
"name": "Benoit",
"user": user1.id,
}
]
# user1 becomes inactive
user1.is_active = False
user1.save()
# Add another post to load the list in topic form
PostFactory(topic=topic, poster=user1)
# user3 loads the form for topic
form = PostForm(user=user2, forum=self.forum, topic=topic)
# We should only see user1 in the list of active users for this topic
assert form.fields["content"].widget.attrs["mentions"] == []
# user3 loads the form for first post, topic form is loaded
form = TopicForm(user=user2, forum=self.forum, topic=topic)
# mention param exist now but it's empty
assert form.fields["content"].widget.attrs["mentions"] == []
def test_access_topic_reply_form(self):
"""
The post form in a created topic is overridden from django_machina,
we control it still loads as expected
"""
user = UserFactory(lti_consumer=self.lti_consumer)
assign_perm("can_read_forum", user, self.forum)
assign_perm("can_reply_to_topics", user, self.forum)
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user)
PostFactory(topic=topic)
# authenticate the user related to consumer
self.client.force_login(user)
url_topic_reply = (
f"/forum/forum/{self.forum.slug}-{self.forum.pk}"
f"/topic/{topic.slug}-{topic.pk}/post/create/"
)
# Run
response = self.client.get(url_topic_reply, follow=True)
# Check
assert response.status_code == 200
def test_params_form_user_current_topic(self):
"""
The form send forum and poster information to the editor
"""
user1 = UserFactory(lti_consumer=self.lti_consumer)
user2 = UserFactory(lti_consumer=self.lti_consumer)
self.context.sync_user_groups(user1, ["student"])
self.context.sync_user_groups(user1, ["student"])
# Set up topic and initial post
topic = TopicFactory(forum=self.forum, poster=user1)
PostFactory(topic=topic, poster=user1)
PostFactory(topic=topic, poster=user2)
# Load TopicForm
form = TopicForm(user=user1, forum=self.forum, topic=topic)
assert form.fields["content"].widget.attrs["forum"] == topic.forum.id
# PostForm has the parameters as well
form = PostForm(user=user2, forum=self.forum, topic=topic)
assert form.fields["content"].widget.attrs["forum"] == topic.forum.id
def test_render_block_is_admin_of_this_forum(self):
"""
check that the admin icon is present on the different views
as expected
"""
lti_consumer = LTIConsumerFactory()
# Create two users
user1 = UserFactory(public_username="******",
lti_consumer=lti_consumer)
user2 = UserFactory(public_username="******",
lti_consumer=lti_consumer)
# Create an LTI Context
context = LTIContextFactory(lti_consumer=lti_consumer)
# Sync user1 groups in context with role "administrator"
context.sync_user_groups(user1, ["administrator"])
# Sync user1 groups in context with role "student"
context.sync_user_groups(user2, ["student"])
# Create forum and add context
forum = ForumFactory(name="forum_test")
forum.lti_contexts.add(context)
# assign permission to the group for this forum
self._init_forum(forum, context)
# Set up topic
topic1 = TopicFactory(forum=forum, poster=user1)
# Set up post
PostFactory.create(
topic=topic1,
poster=user1,
)
# log user1
self.client.force_login(user1)
# accessing forum view
response = self.client.get(reverse("forum:index"))
html = lxml.html.fromstring(response.content)
forum_last_post = str(
etree.tostring(html.cssselect(".forum-last-post")[0]))
# control that the administrator's icon is present
self.assertTrue((
'<i class="icon_writer fas fa-award" aria-hidden="true" title="Administrator">'
'<span class="sr-only">Administrator</span>'
"</i>") in forum_last_post)
# control that it's the right user's profile link
self.assertTrue(
(f'<a href="/forum/member/profile/{user1.id}/">Valéry</a>'
) in forum_last_post)
# accessing forum topic listing view
response = self.client.get(
reverse("forum:forum", kwargs={
"slug": forum.slug,
"pk": forum.pk
}))
html = lxml.html.fromstring(response.content)
# check that the topic creation writer contains the icon for administrator's role
topic_created = str(etree.tostring(
html.cssselect(".topic-created")[0]))
# control that the administrator's icon is present
self.assertTrue((
'<i class="icon_writer fas fa-award" aria-hidden="true" title="Administrator">'
'<span class="sr-only">Administrator</span>'
"</i>") in topic_created)
# control that it's the right user's profile link
self.assertTrue(
(f'<a href="/forum/member/profile/{user1.id}/">Valéry</a>'
) in topic_created)
# check that the last post creation writer contains the icon for instructor's role
html = lxml.html.fromstring(response.content)
topic_last_post = str(
etree.tostring(html.cssselect(".topic-last-post")[0]))
# control that the administrator's icon is present
self.assertTrue((
'<i class="icon_writer fas fa-award" aria-hidden="true" title="Administrator">'
'<span class="sr-only">Administrator</span>'
"</i>") in topic_last_post)
# control that it's the right user's profile link
self.assertTrue(
f'<a href="/forum/member/profile/{user1.id}/">Valéry</a>' in
topic_last_post)
# user2 add a post to the topic, last message is now from a student
PostFactory.create(
topic=topic1,
poster=user2,
)
# reload the topic list view
response = self.client.get(
reverse("forum:forum", kwargs={
"slug": forum.slug,
"pk": forum.pk
}))
html = lxml.html.fromstring(response.content)
topic_created = str(etree.tostring(
html.cssselect(".topic-created")[0]))
# control that the administrator's icon is present
self.assertTrue((
'<i class="icon_writer fas fa-award" aria-hidden="true" title="Administrator">'
'<span class="sr-only">Administrator</span>'
"</i>") in topic_created)
# control that it's the right user's profile link
self.assertTrue(
(f'<a href="/forum/member/profile/{user1.id}/">Valéry</a>'
) in topic_created)
topic_last_post = str(
etree.tostring(html.cssselect(".topic-last-post")[0]))
# check that there's no more icon as the post has been created by a student
self.assertFalse("Administrator" in topic_last_post)
# control that it's the right user's profile link
self.assertTrue(
(f'<a href="/forum/member/profile/{user2.id}/">François</a>'
) in topic_last_post)
# accessing forum view
response = self.client.get(reverse("forum:index"))
# check that there's no more icon in this view as a new post has been created by a student
self.assertNotContains(response, "icon_writer fas fa-award")
# access list of posts from the topic
response = self.client.get(
reverse(
"forum_conversation:topic",
kwargs={
"forum_slug": forum.slug,
"forum_pk": forum.pk,
"slug": topic1.slug,
"pk": topic1.id,
},
))
# access 'post an answer' it should list the other posts of the topic
response = self.client.get(
f"/forum/forum/{forum.slug}-{forum.pk}/topic/{topic1.slug}-{topic1.pk}/post/create/"
)
html = lxml.html.fromstring(response.content)
# check that for the posts in this topic we have the one from the instructor with the icon
# check that for the message on first position there is no icon for the student
html_first_post = str(etree.tostring(html.cssselect(".text-muted")[0]))
self.assertFalse("Administrator" in html_first_post)
self.assertTrue(
(f'<a href="/forum/member/profile/{user2.id}/">François</a>'
) in html_first_post)
# check that for the second message we have the instructor's icon
html_second_post = str(etree.tostring(
html.cssselect(".text-muted")[1]))
self.assertTrue((
'<i class="icon_writer fas fa-award" aria-hidden="true" title="Administrator">'
'<span class="sr-only">Administrator</span>'
"</i>") in html_second_post)
self.assertTrue(
(f'<a href="/forum/member/profile/{user1.id}/">Valéry</a>'
) in html_second_post)
def test_access_api_can_manage_moderators_update_student_no_group_context(
self):
"""
We can't access endpoints targeting a user that don't have any group for this
context. Only a user having a student group can add the moderator group.
"""
update_user = UserFactory()
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
# Assign the permission
assign_perm("can_manage_moderator", api_user, forum, True)
# Creates the session
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
# Same for promoting/removing user to moderator
action = random.choice(
["add_group_moderator", "remove_group_moderator"])
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/{action}/",
content_type="application/json",
)
# no such user exist in this group context
self.assertEqual(response.status_code, 404)
# Add group and endpoints are now accessible
lti_context.sync_user_groups(update_user, ["another_role"])
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/remove_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
# Check list group of the user, moderator hasn't been added
# as user doesn't have specificaly the student's group
self.assertCountEqual(
[
lti_context.base_group_name,
f"{lti_context.base_group_name}:role:another_role",
],
list(update_user.groups.values_list("name", flat=True)),
)
# Set group student
lti_context.sync_user_groups(update_user, ["student"])
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
# now it's added
self.assertCountEqual(
[
lti_context.base_group_name,
f"{lti_context.base_group_name}:role:student",
f"{lti_context.base_group_name}:role:moderator",
],
list(update_user.groups.values_list("name", flat=True)),
)
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/remove_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
def test_access_api_can_manage_moderators_update_student_promote_revoke(
self):
"""
Promote and revoke a user with right context, permission, group
Test to validate that update request API is working when everything
is set properly.
"""
update_user = UserFactory(id=1, public_username="******")
api_user = UserFactory(lti_consumer=update_user.lti_consumer)
lti_context = LTIContextFactory(lti_consumer=update_user.lti_consumer)
forum = ForumFactory()
forum.lti_contexts.add(lti_context)
# Assign student group to user
lti_context.sync_user_groups(update_user, ["student"])
# Check list group of the user
self.assertCountEqual(
[
lti_context.base_group_name,
f"{lti_context.base_group_name}:role:student",
],
list(update_user.groups.values_list("name", flat=True)),
)
# Assign the permission
assign_perm("can_manage_moderator", api_user, forum, True)
# Creates the session
self.client.force_login(api_user, "ashley.auth.backend.LTIBackend")
session = self.client.session
session[SESSION_LTI_CONTEXT_ID] = lti_context.id
session.save()
# Promote user to moderator
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/add_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), {
"id": 1,
"public_username": "******"
})
# Check group moderator is part of group of the user
self.assertCountEqual(
[
lti_context.base_group_name,
f"{lti_context.base_group_name}:role:student",
f"{lti_context.base_group_name}:role:moderator",
],
list(update_user.groups.values_list("name", flat=True)),
)
# Then Revoke user to moderator
response = self.client.patch(
f"/api/v1.0/users/{update_user.id}/remove_group_moderator/",
content_type="application/json",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), {
"id": 1,
"public_username": "******"
})
# Check group moderator is not part of users's group
self.assertCountEqual(
[
lti_context.base_group_name,
f"{lti_context.base_group_name}:role:student",
],
list(update_user.groups.values_list("name", flat=True)),
)