def test_admin_change_late_day_count_for_other_course_permission_denied( self): admin = obj_build.make_admin_user(self.course) # Student for other course other_course = obj_build.make_course() other_course_student = obj_build.make_student_user(other_course) self.assertFalse(other_course.is_admin(admin)) self.client.force_authenticate(admin) response = self.client.put( self.get_pk_url(other_course_student, other_course), {'late_days_remaining': 10}) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) response = self.client.put( self.get_username_url(other_course_student, other_course), {'late_days_remaining': 10}) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) # Guest for other course other_guest = obj_build.make_user() response = self.client.put(self.get_pk_url(other_guest, other_course), {'late_days_remaining': 7}) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) other_guest = obj_build.make_user() response = self.client.put( self.get_username_url(other_guest, other_course), {'late_days_remaining': 7}) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_guest_view_other_late_day_count_permission_denied(self): guest1 = obj_build.make_user() guest2 = obj_build.make_user() self.client.force_authenticate(guest1) response = self.client.get(self.get_pk_url(guest2, self.course)) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) response = self.client.get(self.get_username_url(guest2, self.course)) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_error_missing_body_params(self): superuser = obj_build.make_user(superuser=True) new_name = 'steve' new_semester = ag_models.Semester.summer new_year = 2019 self.client.force_authenticate(superuser) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': new_name, 'new_semester': new_semester.value }) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': new_name, 'new_year': new_year }) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_semester': new_semester.value, 'new_year': new_year }) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code)
def test_staff_view_late_day_count_for_other_course_permission_denied( self): staff = obj_build.make_staff_user(self.course) # Student for other course other_course = obj_build.make_course() other_course_student = obj_build.make_student_user(other_course) self.assertFalse(other_course.is_staff(staff)) self.client.force_authenticate(staff) response = self.client.get( self.get_pk_url(other_course_student, other_course)) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) response = self.client.get( self.get_username_url(other_course_student, other_course)) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) # Guest for other course other_guest = obj_build.make_user() response = self.client.get(self.get_pk_url(other_guest, other_course)) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) response = self.client.get( self.get_username_url(other_guest, other_course)) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_guest_get_project(self): self.project.validate_and_update(visible_to_students=True, guests_can_submit=True) guest = obj_build.make_user() self.do_get_object_test( self.client, guest, self.url, exclude_dict(self.project.to_dict(), ['closing_time', 'instructor_files']))
def test_other_create_course_permission_denied(self): guest = obj_build.make_user() name = 'spam' self.client.force_authenticate(guest) response = self.client.post(reverse('course-list'), {'name': name}) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) self.assertEqual(0, ag_models.Course.objects.count())
def test_superuser_create_course(self): superuser = obj_build.make_user(superuser=True) self.client.force_authenticate(superuser) name = 'new_course' response = self.client.post(reverse('course-list'), {'name': name}) self.assertEqual(status.HTTP_201_CREATED, response.status_code) loaded_course = ag_models.Course.objects.get(name=name) self.assertEqual(loaded_course.to_dict(), response.data) self.assertTrue(loaded_course.is_admin(superuser))
def test_user_cannot_copy_courses_permission_denied(self): user = obj_build.make_user(superuser=False) self.client.force_authenticate(user) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': 'New', 'new_semester': ag_models.Semester.summer.value, 'new_year': 2021 }) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_user_with_create_course_permission_create_course(self): user = obj_build.make_user() user.user_permissions.add( Permission.objects.get(codename='create_course')) self.client.force_authenticate(user) response = self.client.post(reverse('course-list'), {'name': 'waluigi'}) self.assertEqual(status.HTTP_201_CREATED, response.status_code) loaded_course = ag_models.Course.objects.get(name='waluigi') self.assertEqual(loaded_course.to_dict(), response.data) self.assertTrue(loaded_course.is_admin(user))
def test_user_can_copy_course_but_not_admin_permission_denied(self): user = obj_build.make_user() user.user_permissions.add( Permission.objects.get(codename='create_course')) self.client.force_authenticate(user) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': 'New', 'new_semester': ag_models.Semester.summer.value, 'new_year': 2021 }) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_other_add_project_permission_denied(self): staff = obj_build.make_staff_user(self.course) student = obj_build.make_student_user(self.course) handgrader = obj_build.make_handgrader_user(self.course) guest = obj_build.make_user() project_name = 'project123' for user in staff, student, handgrader, guest: self.client.force_authenticate(user) response = self.client.post(self.url, {'name': project_name}) self.assertEqual(403, response.status_code) with self.assertRaises(exceptions.ObjectDoesNotExist): ag_models.Project.objects.get(name=project_name)
def test_invalid_semester(self): course = obj_build.make_course(semester=ag_models.Semester.winter, year=2019) url = reverse('course-by-fields', kwargs={ 'name': course.name, 'semester': 'bad', 'year': course.year }) guest = obj_build.make_user() self.client.force_authenticate(guest) response = self.client.get(url) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code)
def test_error_non_unique_course(self): superuser = obj_build.make_user(superuser=True) self.client.force_authenticate(superuser) self.course.semester = ag_models.Semester.fall self.course.year = 2017 self.course.save() response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': self.course.name, 'new_semester': self.course.semester.value, 'new_year': self.course.year }) self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code) self.assertIn('exists', response.data['__all__'][0])
def test_get_course_by_name_semester_and_year(self): course = obj_build.make_course(semester=ag_models.Semester.winter, year=2019) url = reverse('course-by-fields', kwargs={ 'name': course.name, 'semester': course.semester.value, 'year': course.year }) guest = obj_build.make_user() self.client.force_authenticate(guest) response = self.client.get(url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertEqual(course.to_dict(), response.data)
def test_superuser_view_calls_copy_course(self): superuser = obj_build.make_user(superuser=True) dummy_course = obj_build.make_course() mock_copy_course = mock.Mock(return_value=dummy_course) with mock.patch( 'autograder.rest_api.views.course_views.course_views.copy_course', new=mock_copy_course): self.client.force_authenticate(superuser) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': 'Clone', 'new_semester': ag_models.Semester.winter.value, 'new_year': 2020 }) mock_copy_course.assert_called_once_with( course=self.course, new_course_name='Clone', new_course_semester=ag_models.Semester.winter, new_course_year=2020)
def test_superuser_copy_course_new_name_semester_year(self): superuser = obj_build.make_user(superuser=True) new_name = 'steve' new_semester = ag_models.Semester.summer new_year = 2019 self.client.force_authenticate(superuser) response = self.client.post( reverse('copy-course', kwargs={'course_pk': self.course.pk}), { 'new_name': new_name, 'new_semester': new_semester.value, 'new_year': new_year }) self.assertEqual(status.HTTP_201_CREATED, response.status_code) new_course = ag_models.Course.objects.get(pk=response.data['pk']) self.assertEqual(new_name, new_course.name) self.assertEqual(new_semester, new_course.semester) self.assertEqual(new_year, new_course.year) self.assertEqual(new_course.to_dict(), response.data)
def test_guest_get_guest_allowed_hidden_project_permission_denied(self): self.project.validate_and_update(visible_to_students=False, guests_can_submit=True) guest = obj_build.make_user() self.do_permission_denied_get_test(self.client, guest, self.url)
def test_other_list_projects_permission_denied(self): guest = obj_build.make_user() self.do_permission_denied_get_test(self.client, guest, self.url)
def setUp(self): super().setUp() self.course = obj_build.make_course() self.user = obj_build.make_user()
def test_guest_view_own_late_day_count(self): guest = obj_build.make_user() self.do_get_late_days_test(guest, guest, self.course, self.initial_num_late_days)