Example #1
0
 def delete(self, request, *args, **kwargs):
     """
     Delete a group for a user in a repo
     """
     # Get the user
     username = self.kwargs.get('username')
     user = User.objects.get(username=username)
     # Get the repo group type
     group_type = self.kwargs.get('group_type')
     repo_group_type = GroupTypes.get_repo_groupname_by_base(group_type)
     # Get the repo object
     repo = Repository.objects.get(slug=self.kwargs['repo_slug'])
     # if the group is administrators and this user is the last one
     # forbid to delete
     if (group_type == BaseGroupTypes.ADMINISTRATORS and
             is_last_admin_in_repo(user, repo)):
         return Response(
             data={
                 "detail": ("This is the last "
                            "administrator of the repository")
             },
             status=status.HTTP_400_BAD_REQUEST
         )
     remove_user_from_repo_group(user, repo, repo_group_type)
     return Response(status=status.HTTP_204_NO_CONTENT)
Example #2
0
 def remove_all_users_from_repo(self):
     """
     Helper method to remove all users from all repo groups.
     """
     # Remove all the users from all the groups in the repo.
     for user_group in list_users_in_repo(self.repo):
         user = User.objects.get(username=user_group.username)
         group_type = GroupTypes.get_repo_groupname_by_base(
             user_group.group_type)
         remove_user_from_repo_group(user, self.repo, group_type)
Example #3
0
 def remove_all_users_from_repo(self):
     """
     Helper method to remove all users from all repo groups.
     """
     # Remove all the users from all the groups in the repo.
     for user_group in list_users_in_repo(self.repo):
         user = User.objects.get(username=user_group.username)
         group_type = GroupTypes.get_repo_groupname_by_base(
             user_group.group_type
         )
         remove_user_from_repo_group(user, self.repo, group_type)
Example #4
0
    def test_upload_with_permissions(self):
        """GET upload page with different user permissions"""
        def check_user_no_permission():
            """
            Helper function to check that the user has
            no permission on the repo
            """
            # user cannot see the repository page
            self.assert_status_code(self.repository_url_slug, UNAUTHORIZED)
            # and cannot see the import page
            self.assert_status_code(self.import_url_slug, UNAUTHORIZED)

        self.logout()
        self.login(self.USERNAME_NO_REPO)
        # user has no permissions at all
        check_user_no_permission()
        # user has author permissions
        assign_user_to_repo_group(self.user_norepo, self.repo,
                                  GroupTypes.REPO_AUTHOR)
        # user can see the repository page
        self.assert_status_code(self.repository_url_slug, HTTP_OK)
        # but cannot see the import for the repo
        self.assert_status_code(self.import_url_slug, UNAUTHORIZED)
        # user has no permissions
        remove_user_from_repo_group(self.user_norepo, self.repo,
                                    GroupTypes.REPO_AUTHOR)
        check_user_no_permission()
        # user has curator permissions
        assign_user_to_repo_group(self.user_norepo, self.repo,
                                  GroupTypes.REPO_CURATOR)
        # user can see the repository page
        self.assert_status_code(self.repository_url_slug, HTTP_OK)
        # and can see the the import for the repo
        self.assert_status_code(self.import_url_slug, HTTP_OK)
        # remove curator permissions
        remove_user_from_repo_group(self.user_norepo, self.repo,
                                    GroupTypes.REPO_CURATOR)
        check_user_no_permission()
        # user has admin permissions
        assign_user_to_repo_group(self.user_norepo, self.repo,
                                  GroupTypes.REPO_ADMINISTRATOR)
        # user can see the repository page
        self.assert_status_code(self.repository_url_slug, HTTP_OK)
        # and can see the the import for the repo
        self.assert_status_code(self.import_url_slug, HTTP_OK)
Example #5
0
    def test_remove_user_from_group(self):
        """
        Test for api.remove_user_from_repo_group
        """
        repo = Repository.objects.create(
            name=self.repo_name,
            description=self.repo_desc,
            created_by=self.user
        )
        admin = Group.objects.get(name=self.group_admin)
        self.assertIn(self.user, admin.user_set.all())

        api.remove_user_from_repo_group(
            self.user,
            repo,
            group_type=GroupTypes.REPO_ADMINISTRATOR
        )
        self.assertNotIn(self.user, admin.user_set.all())
 def test_listing_importcourse_perms(self):
     """
     Tests the listing page with different user permissions
     to check who can see the import course html
     """
     self.logout()
     self.login(self.USERNAME_NO_REPO)
     # user has no permissions at all
     self.assert_status_code(self.repository_url, UNAUTHORIZED)
     # user has author permissions and cannot see the import for the repo
     assign_user_to_repo_group(self.user_norepo, self.repo,
                               GroupTypes.REPO_AUTHOR)
     body = self.assert_status_code(self.repository_url,
                                    HTTP_OK,
                                    return_body=True)
     self.assertFalse("Import Course</a>" in body)
     # user has no permissions
     remove_user_from_repo_group(self.user_norepo, self.repo,
                                 GroupTypes.REPO_AUTHOR)
     self.assert_status_code(self.repository_url, UNAUTHORIZED)
     # user has curator permissions and can see the the import for the repo
     assign_user_to_repo_group(self.user_norepo, self.repo,
                               GroupTypes.REPO_CURATOR)
     body = self.assert_status_code(self.repository_url,
                                    HTTP_OK,
                                    return_body=True)
     self.assertTrue("Import Course</a>" in body)
     # user has no permissions
     remove_user_from_repo_group(self.user_norepo, self.repo,
                                 GroupTypes.REPO_CURATOR)
     self.assert_status_code(self.repository_url, UNAUTHORIZED)
     # user has admin permissions and can see the the import for the repo
     assign_user_to_repo_group(self.user_norepo, self.repo,
                               GroupTypes.REPO_ADMINISTRATOR)
     body = self.assert_status_code(self.repository_url,
                                    HTTP_OK,
                                    return_body=True)
     self.assertTrue("Import Course</a>" in body)
Example #7
0
 def test_is_last_admin_in_repo(self):
     """
     Test for is_last_admin_in_repo
     """
     # By default the repo creator is also administrator
     self.assertTrue(
         api.is_last_admin_in_repo(self.user, self.repo)
     )
     # Add another user to the administrators.
     api.assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_ADMINISTRATOR
     )
     self.assertFalse(
         api.is_last_admin_in_repo(self.user, self.repo)
     )
     # Remove the first user from the administrators.
     api.remove_user_from_repo_group(
         self.user,
         self.repo,
         GroupTypes.REPO_ADMINISTRATOR
     )
     # Add user to the curators.
     api.assign_user_to_repo_group(
         self.user,
         self.repo,
         GroupTypes.REPO_CURATOR
     )
     # The user is not the last of the admins because he is not admin
     self.assertFalse(
         api.is_last_admin_in_repo(self.user, self.repo)
     )
     # The other user is indeed the last admin
     self.assertTrue(
         api.is_last_admin_in_repo(self.user_norepo, self.repo)
     )
Example #8
0
 def test_upload_with_permissions(self):
     """GET upload page with different user permissions"""
     def check_user_no_permission():
         """
         Helper function to check that the user has
         no permission on the repo
         """
         # user cannot see the repository page
         self.assert_status_code(
             self.repository_url_slug,
             UNAUTHORIZED
         )
         # and cannot see the import page
         self.assert_status_code(
             self.import_url_slug,
             UNAUTHORIZED
         )
     self.logout()
     self.login(self.USERNAME_NO_REPO)
     # user has no permissions at all
     check_user_no_permission()
     # user has author permissions
     assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_AUTHOR
     )
     # user can see the repository page
     self.assert_status_code(
         self.repository_url_slug,
         HTTP_OK
     )
     # but cannot see the import for the repo
     self.assert_status_code(
         self.import_url_slug,
         UNAUTHORIZED
     )
     # user has no permissions
     remove_user_from_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_AUTHOR
     )
     check_user_no_permission()
     # user has curator permissions
     assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_CURATOR
     )
     # user can see the repository page
     self.assert_status_code(
         self.repository_url_slug,
         HTTP_OK
     )
     # and can see the the import for the repo
     self.assert_status_code(
         self.import_url_slug,
         HTTP_OK
     )
     # remove curator permissions
     remove_user_from_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_CURATOR
     )
     check_user_no_permission()
     # user has admin permissions
     assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_ADMINISTRATOR
     )
     # user can see the repository page
     self.assert_status_code(
         self.repository_url_slug,
         HTTP_OK
     )
     # and can see the the import for the repo
     self.assert_status_code(
         self.import_url_slug,
         HTTP_OK
     )
Example #9
0
 def test_list_users_in_repo_no_base_group_type_specified(self):
     """
     Test for list_users_in_repo
     """
     self.assertListEqual(
         api.list_users_in_repo(self.repo),
         [
             UserGroup(self.user.username, BaseGroupTypes.ADMINISTRATORS)
         ]
     )
     # Remove the user from the administrators.
     api.remove_user_from_repo_group(
         self.user,
         self.repo,
         GroupTypes.REPO_ADMINISTRATOR
     )
     # No users in the repo.
     self.assertListEqual(
         api.list_users_in_repo(self.repo),
         []
     )
     # Add user to the curators.
     api.assign_user_to_repo_group(
         self.user,
         self.repo,
         GroupTypes.REPO_CURATOR
     )
     self.assertListEqual(
         api.list_users_in_repo(self.repo),
         [
             UserGroup(self.user.username, BaseGroupTypes.CURATORS)
         ]
     )
     # Add user back to the administrators.
     api.assign_user_to_repo_group(
         self.user,
         self.repo,
         GroupTypes.REPO_ADMINISTRATOR
     )
     self.assertListEqual(
         self.sort_user_group(
             api.list_users_in_repo(self.repo)
         ),
         self.sort_user_group(
             [
                 UserGroup(
                     self.user.username,
                     BaseGroupTypes.ADMINISTRATORS
                 ),
                 UserGroup(
                     self.user.username,
                     BaseGroupTypes.CURATORS
                 )
             ]
         )
     )
     # Add another user to the authors.
     api.assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_AUTHOR
     )
     self.assertListEqual(
         self.sort_user_group(
             api.list_users_in_repo(self.repo)
         ),
         self.sort_user_group(
             [
                 UserGroup(
                     self.user.username,
                     BaseGroupTypes.ADMINISTRATORS
                 ),
                 UserGroup(
                     self.user.username,
                     BaseGroupTypes.CURATORS
                 ),
                 UserGroup(
                     self.user_norepo.username,
                     BaseGroupTypes.AUTHORS
                 )
             ]
         )
     )
     # Adding again the same user in the same group
     # will not create multiple instances.
     api.assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_AUTHOR
     )
     self.assertListEqual(
         self.sort_user_group(
             api.list_users_in_repo(self.repo)
         ),
         self.sort_user_group(
             [
                 UserGroup(
                     self.user.username,
                     BaseGroupTypes.ADMINISTRATORS
                 ),
                 UserGroup(
                     self.user.username,
                     BaseGroupTypes.CURATORS
                 ),
                 UserGroup(
                     self.user_norepo.username,
                     BaseGroupTypes.AUTHORS
                 )
             ]
         )
     )
 def test_listing_importcourse_perms(self):
     """
     Tests the listing page with different user permissions
     to check who can see the import course html
     """
     self.logout()
     self.login(self.USERNAME_NO_REPO)
     # user has no permissions at all
     self.assert_status_code(
         self.repository_url,
         UNAUTHORIZED
     )
     # user has author permissions and cannot see the import for the repo
     assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_AUTHOR
     )
     body = self.assert_status_code(
         self.repository_url,
         HTTP_OK,
         return_body=True
     )
     self.assertFalse("Import Course</a>" in body)
     # user has no permissions
     remove_user_from_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_AUTHOR
     )
     self.assert_status_code(
         self.repository_url,
         UNAUTHORIZED
     )
     # user has curator permissions and can see the the import for the repo
     assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_CURATOR
     )
     body = self.assert_status_code(
         self.repository_url,
         HTTP_OK,
         return_body=True
     )
     self.assertTrue("Import Course</a>" in body)
     # user has no permissions
     remove_user_from_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_CURATOR
     )
     self.assert_status_code(
         self.repository_url,
         UNAUTHORIZED
     )
     # user has admin permissions and can see the the import for the repo
     assign_user_to_repo_group(
         self.user_norepo,
         self.repo,
         GroupTypes.REPO_ADMINISTRATOR
     )
     body = self.assert_status_code(
         self.repository_url,
         HTTP_OK,
         return_body=True
     )
     self.assertTrue("Import Course</a>" in body)