def test_permission_for_user_himself(self):
queue = QueueFactory(creator=self.user)
count = 3
members = [UserFactory() for _ in range(count)]
for member in members:
password = fuzzy.FuzzyText().fuzz()
member.set_password(password)
member.save()
token = self.client.post(reverse('api_auth_login_api_view'), data={
'username': member.username,
'password': password
}).json()['key']
res = self.client.put(
reverse(
'api_queue_add_member_api_view',
kwargs={'pk': str(queue.id)}
),
data={'userId': member.id}, content_type='application/json',
HTTP_AUTHORIZATION=self._get_auth_header(token)
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(len(queue.members), count)
def test_member_operations(self):
queue = QueueFactory(creator=self.user)
count = 3
users = UserFactory.create_batch(count)
for user in users:
res = self.client.put(
reverse(
'api_queue_add_member_api_view',
kwargs={'pk': str(queue.id)}
),
data={'userId': str(user.id)}, content_type='application/json',
HTTP_AUTHORIZATION=self.access_header
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(queue.members, list(map(lambda x: str(x.id), users[::-1])))
for user in users:
res = self.client.put(
reverse(
'api_queue_move_member_to_end_api_view',
kwargs={'pk': str(queue.id)}
), data={'userId': str(user.id)}, content_type='application/json',
HTTP_AUTHORIZATION=self.access_header
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(queue.members[0], str(user.id))
queue.refresh_from_db()
self.assertEqual(queue.members, list(map(lambda x: str(x.id), users[::-1])))
queue.refresh_from_db()
self.assertEqual(queue.members, list(map(lambda x: str(x.id), users[::-1])))
for i in range(count):
user = users[i]
res = self.client.put(
reverse(
'api_queue_remove_member_api_view',
kwargs={'pk': str(queue.id)}
), data={'userId': str(user.id)}, content_type='application/json',
HTTP_AUTHORIZATION=self.access_header
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(len(queue.members), count - i - 1)
def test_update_queue(self):
queue = QueueFactory(creator=self.user)
new_name = fuzzy.FuzzyText().fuzz()
res = self.client.patch(
reverse(
'api_queue_retrieve_update_destroy_api_view',
kwargs={'pk': str(queue.id)}
), data={'name': new_name}, content_type='application/json',
HTTP_AUTHORIZATION=self.access_header
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(queue.name, new_name)
self.assertEqual(res.json()['name'], new_name)
def test_check_permission(self):
queue = QueueFactory(creator=self.user)
count = 3
members = [UserFactory() for _ in range(count)]
for member in members:
res = self.client.put(
reverse(
'api_queue_add_member_api_view',
kwargs={'pk': str(queue.id)}
),
data={'userId': member.id}, content_type='application/json',
HTTP_AUTHORIZATION=self.access_header
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(len(queue.members), count)
for i in range(count):
member = members[i]
member_request = members[(i + 1) % len(members)]
password = fuzzy.FuzzyText().fuzz()
member_request.set_password(password)
member_request.save()
key = self.client.post(reverse('api_auth_login_api_view'), data={
'username': member_request.username,
'password': password
}).json()['key']
res = self.client.put(
reverse(
'api_queue_remove_member_api_view',
kwargs={'pk': str(queue.id)}
), data={'userId': member.id}, content_type='application/json',
HTTP_AUTHORIZATION=self._get_auth_header(key)
)
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
queue.refresh_from_db()
self.assertEqual(len(queue.members), count)
def test_is_teacher_permissions(self):
user = UserFactory(is_teacher=True)
password = fuzzy.FuzzyText().fuzz()
user.set_password(password)
user.save()
key = self.client.post(reverse('api_auth_login_api_view'), data={
'username': user.username,
'password': password
}).json()['key']
queue = QueueFactory(creator=self.user)
for token in (self._get_auth_header(key), self.access_header):
res = self.client.put(
reverse(
'api_queue_add_member_api_view',
kwargs={'pk': str(queue.id)}
),
data={'userId': str(user.id)}, content_type='application/json',
HTTP_AUTHORIZATION=token
)
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
user_1, user_2 = UserFactory(), UserFactory()
queue.push_member(str(user_1.id))
queue.push_member(str(user_2.id))
queue.save()
queue.refresh_from_db()
self.assertEqual(queue.members, [str(user_2.id), str(user_1.id)])
res = self.client.put(
reverse('api_queue_skip_turn_api_view', kwargs={'pk': str(queue.id)}),
data={
'userId': str(user_1.id)
},
content_type='application/json',
HTTP_AUTHORIZATION=self._get_auth_header(key)
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(queue.members, [str(user_1.id), str(user_2.id)])
res = self.client.put(
reverse(
'api_queue_remove_member_api_view',
kwargs={'pk': str(queue.id)}
), data={'userId': str(user_2.id)}, content_type='application/json',
HTTP_AUTHORIZATION=self._get_auth_header(key)
)
self.assertEqual(res.status_code, status.HTTP_200_OK)
queue.refresh_from_db()
self.assertEqual(queue.members, [str(user_1.id)])