def test_available_tasks_for_anon_user(self): anonymous_user = AnonymousUser() user = User.objects.create_user('user', password='******') project_protected = Project( active=True, login_required=True, ) project_protected.save() self.assertEqual(len(Project.all_available_for(anonymous_user)), 0) self.assertEqual(len(Project.all_available_for(user)), 2) # Project created by setUp batch_protected = Batch(project=project_protected) batch_protected.save() Task(batch=batch_protected).save() self.assertEqual(len(batch_protected.available_tasks_for(anonymous_user)), 0) self.assertEqual(len(batch_protected.available_tasks_for(user)), 1) project_unprotected = Project( active=True, login_required=False, ) project_unprotected.save() batch_unprotected = Batch(project=project_unprotected) batch_unprotected.save() Task(batch=batch_unprotected).save() self.assertEqual(len(Project.all_available_for(anonymous_user)), 1) self.assertEqual(len(Project.all_available_for(user)), 3) self.assertEqual(len(project_unprotected.batches_available_for(anonymous_user)), 1) self.assertEqual(len(project_unprotected.batches_available_for(user)), 1) self.assertEqual(len(batch_unprotected.available_tasks_for(anonymous_user)), 1) self.assertEqual(len(batch_unprotected.available_tasks_for(user)), 1)
def test_available_for_active_flag(self): user = User.objects.create_user('testuser', password='******') self.assertEqual(len(Project.all_available_for(user)), 0) Project(active=False, ).save() self.assertEqual(len(Project.all_available_for(user)), 0) Project(active=True, ).save() self.assertEqual(len(Project.all_available_for(user)), 1)
def test_available_for_login_required(self): anonymous_user = AnonymousUser() self.assertEqual(len(Project.all_available_for(anonymous_user)), 0) Project(login_required=True, ).save() self.assertEqual(len(Project.all_available_for(anonymous_user)), 0) authenticated_user = User.objects.create_user('testuser', password='******') self.assertEqual(len(Project.all_available_for(authenticated_user)), 1)
def test_all_available_for_login_required(self): anonymous_user = AnonymousUser() self.assertEqual(len(Project.all_available_for(anonymous_user)), 0) Project( login_required=True, ).save() self.assertEqual(len(Project.all_available_for(anonymous_user)), 0) authenticated_user = User.objects.create_user('testuser', password='******') self.assertEqual(len(Project.all_available_for(authenticated_user)), 1)
def test_all_available_for_active_flag(self): user = User.objects.create_user('testuser', password='******') self.assertEqual(len(Project.all_available_for(user)), 0) Project( active=False, ).save() self.assertEqual(len(Project.all_available_for(user)), 0) Project( active=True, ).save() self.assertEqual(len(Project.all_available_for(user)), 1)
def index(request): """ Security behavior: - Anyone can access the page, but the page only shows the user information they have access to. """ abandoned_assignments = [] if request.user.is_authenticated: for ha in TaskAssignment.objects.filter(assigned_to=request.user).filter(completed=False): abandoned_assignments.append({ 'task': ha.task, 'task_assignment_id': ha.id }) # Create a row for each Batch that has Tasks available for the current user batch_rows = [] for project in Project.all_available_for(request.user): for batch in project.batches_available_for(request.user): total_tasks_available = batch.total_available_tasks_for(request.user) if total_tasks_available > 0: batch_rows.append({ 'project_name': project.name, 'batch_name': batch.name, 'batch_published': batch.created_at, 'assignments_available': total_tasks_available, 'preview_next_task_url': reverse('preview_next_task', kwargs={'batch_id': batch.id}), 'accept_next_task_url': reverse('accept_next_task', kwargs={'batch_id': batch.id}) }) return render(request, 'index.html', { 'abandoned_assignments': abandoned_assignments, 'batch_rows': batch_rows })
def index(request): """ Security behavior: - Anyone can access the page, but the page only shows the user information they have access to. """ abandoned_assignments = [] if request.user.is_authenticated: for ha in TaskAssignment.objects.filter(assigned_to=request.user).filter(completed=False): abandoned_assignments.append({ 'task': ha.task, 'task_assignment_id': ha.id }) # Create a row for each Batch that has Tasks available for the current user batch_rows = [] for project in Project.all_available_for(request.user): for batch in project.batches_available_for(request.user): total_tasks_available = batch.total_available_tasks_for(request.user) if total_tasks_available > 0: batch_rows.append({ 'project_name': project.name, 'batch_name': batch.name, 'batch_published': batch.created_at, 'assignments_available': total_tasks_available, 'preview_next_task_url': reverse('preview_next_task', kwargs={'batch_id': batch.id}), 'accept_next_task_url': reverse('accept_next_task', kwargs={'batch_id': batch.id}) }) return render(request, 'index.html', { 'abandoned_assignments': abandoned_assignments, 'batch_rows': batch_rows })
def test_all_available_for_custom_permissions(self): user = User.objects.create_user('testuser', password='******') group = Group.objects.create(name='testgroup') user.groups.add(group) project = Project(custom_permissions=True) project.save() self.assertEqual(len(project.all_available_for(user)), 0) # Verify that giving the group access also gives the group members access self.assertFalse(user.has_perm('can_work_on', project)) assign_perm('can_work_on', group, project) self.assertEqual(len(project.all_available_for(user)), 1) # add superusers should have access to it self.assertEqual(len(project.all_available_for(self.admin)), 1)