def test_non_admin_update_permission_denied(self): patch_data = { 'name': 'adfasdflkj;lkj' } [staff] = obj_build.make_staff_users(self.course, 1) self.do_patch_object_permission_denied_test( self.ag_test_case, self.client, staff, self.url, patch_data)
def setUp(self): super().setUp() self.group = obj_build.make_group() self.student = self.group.members.first() self.project = self.group.project ag_models.ExpectedStudentFile.objects.validate_and_create( pattern='*', max_num_matches=10, project=self.project) self.submitted_files = [SimpleUploadedFile('file{}'.format(i), 'waaaluigi{}'.format(i).encode()) for i in range(3)] self.submission = obj_build.make_submission( group=self.group, submitted_files=self.submitted_files, status=Submission.GradingStatus.finished_grading) self.handgrading_rubric = hg_models.HandgradingRubric.objects.validate_and_create( project=self.project ) # type: hg_models.HandgradingRubric [self.admin] = obj_build.make_admin_users(self.project.course, 1) [self.staff] = obj_build.make_staff_users(self.project.course, 1) [self.handgrader] = obj_build.make_users(1) self.project.course.handgraders.add(self.handgrader) self.client = APIClient() self.course = self.handgrading_rubric.project.course self.url = reverse('handgrading_result', kwargs={'group_pk': self.submission.group.pk})
def test_non_admin_create_permission_denied(self): project = obj_build.make_project() [staff] = obj_build.make_staff_users(project.course, 1) self.do_permission_denied_create_test( ag_models.RerunSubmissionsTask.objects, APIClient(), staff, reverse('rerun_submissions_tasks', kwargs={'project_pk': project.pk}), {})
def test_staff_valid_list_cmds(self): [staff] = obj_build.make_staff_users(self.course, 1) self.client.force_authenticate(staff) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual([self.cmd1.to_dict(), self.cmd2.to_dict()], response.data)
def test_admin_or_staff_or_handgrader_valid_create(self): [admin] = obj_build.make_admin_users(self.course, 1) [handgrader] = obj_build.make_handgrader_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) for user in admin, handgrader, staff: response = self.do_create_object_test( handgrading_models.AppliedAnnotation.objects, self.client, user, self.url, self.data, check_data=False) loaded = handgrading_models.AppliedAnnotation.objects.get( pk=response.data['pk']) self.assert_dict_contents_equal(loaded.to_dict(), response.data) annotation = handgrading_models.Annotation.objects.get( pk=self.data['annotation']) self.assertEqual(annotation.to_dict(), loaded.annotation.to_dict()) response_location_dict = loaded.location.to_dict() for non_modifiable in ["pk", "last_modified"]: response_location_dict.pop(non_modifiable) self.assertEqual(self.data["location"], response_location_dict)
def test_staff_user_roles(self): [staff] = obj_build.make_staff_users(self.course, 1) expected = self.expected_response_base() expected['is_staff'] = True self.do_get_object_test(self.client, staff, self.url, expected)
def test_non_admin_update_permission_denied(self): [staff] = obj_build.make_staff_users(self.course, 1) patch_data = { 'name': 'mcnaieoa;dk', } self.do_patch_object_permission_denied_test( self.ag_test_cmd, self.client, staff, self.url, patch_data)
def test_copy_course(self): proj1 = obj_build.make_project() course = proj1.course proj2 = obj_build.make_project(course) admins = obj_build.make_admin_users(course, 4) staff = obj_build.make_staff_users(course, 3) students = obj_build.make_student_users(course, 5) handgraders = obj_build.make_handgrader_users(course, 2) self.assertNotEqual(0, course.staff.count()) self.assertNotEqual(0, course.students.count()) self.assertNotEqual(0, course.handgraders.count()) name = 'stove' new_course = copy_course(course, name, Semester.summer, 2019) self.assertEqual(name, new_course.name) self.assertEqual(Semester.summer, new_course.semester) self.assertEqual(2019, new_course.year) self.assertCountEqual(admins, new_course.admins.all()) self.assertSequenceEqual([], new_course.staff.all()) self.assertSequenceEqual([], new_course.students.all()) self.assertSequenceEqual([], new_course.handgraders.all()) old_project_pks = {proj.pk for proj in course.projects.all()} new_project_pks = {proj.pk for proj in new_course.projects.all()} self.assertTrue(old_project_pks.isdisjoint(new_project_pks)) self.assertSetEqual({proj.name for proj in course.projects.all()}, {proj.name for proj in new_course.projects.all()})
def test_admin_or_staff_or_handgrader_valid_get(self): [admin] = obj_build.make_admin_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) [handgrader] = obj_build.make_handgrader_users(self.course, 1) for user in admin, staff, handgrader: self.do_get_object_test(self.client, user, self.url, self.applied_annotation.to_dict())
def test_non_admin_update_permission_denied(self): patch_data = { 'max_points': 30, } [staff] = obj_build.make_staff_users(self.course, 1) self.do_patch_object_permission_denied_test(self.handgrading_rubric, self.client, staff, self.url, patch_data)
def test_admin_or_staff_valid_create_without_location(self): [admin] = obj_build.make_admin_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) data = {"text": "Sample comment text."} for user in admin, staff: self.do_create_object_test(handgrading_models.Comment.objects, self.client, user, self.url, data)
def test_non_admin_list_project_download_tasks_permission_denied(self): [staff] = obj_build.make_staff_users(self.project.course, 1) [handgrader] = obj_build.make_handgrader_users(self.project.course, 1) url = reverse('project-download-tasks', kwargs={'pk': self.project.pk}) for user in staff, handgrader: self.client.force_authenticate(user) response = self.client.get(url) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_non_admin_set_order_permission_denied(self): [staff] = obj_build.make_staff_users(self.course, 1) self.client.force_authenticate(staff) original_order = list(self.ag_test_case.get_agtestcommand_order()) response = self.client.put(self.url, original_order[::-1]) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) self.assertSequenceEqual(original_order, self.ag_test_case.get_agtestcommand_order())
def setUp(self): super().setUp() self.project = obj_build.make_project(max_group_size=2) self.course = self.project.course self.student_users = unsorted_users(obj_build.make_student_users(self.course, 2)) self.staff_users = unsorted_users(obj_build.make_staff_users(self.course, 2)) self.guest_group = obj_build.make_users(2)
def test_non_admin_set_order_permission_denied(self): [staff] = obj_build.make_staff_users(self.project.course, 1) self.client.force_authenticate(staff) response = self.client.put(self.url, self.suite_pks[::-1]) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) self.assertSequenceEqual(self.suite_pks, self.project.get_studenttestsuite_order())
def test_non_admin_update_permission_denied(self): patch_data = { "short_description": "Changing short description.", "long_description": "Changing loooooooong description.", "points": 40, } [staff] = obj_build.make_staff_users(self.course, 1) self.do_patch_object_permission_denied_test( self.criterion, self.client, staff, self.url, patch_data)
def test_non_admin_create_permission_denied(self): [staff] = obj_build.make_staff_users(self.project.course, 1) self.do_permission_denied_create_test(ag_models.AGTestSuite.objects, self.client, staff, self.url, self.create_data) [enrolled] = obj_build.make_student_users(self.project.course, 1) self.do_permission_denied_create_test(ag_models.AGTestSuite.objects, self.client, enrolled, self.url, self.create_data)
def setUp(self): super().setUp() self.course = obj_build.make_course() self.client = APIClient() self.url = reverse('course-handgraders', kwargs={'pk': self.course.pk}) [self.admin] = obj_build.make_admin_users(self.course, 1) [self.staff] = obj_build.make_staff_users(self.course, 1) [self.student] = obj_build.make_student_users(self.course, 1) [self.guest] = obj_build.make_users(1)
def test_non_admin_create_permission_denied(self): [enrolled] = obj_build.make_student_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) [handgrader] = obj_build.make_users(1) self.project.course.handgraders.add(handgrader) for user in [enrolled, staff, handgrader]: self.do_permission_denied_create_test( handgrading_models.HandgradingRubric.objects, self.client, user, self.url, self.data)
def test_non_admin_create_permission_denied(self): data = {'name': 'advnaieroa'} [staff] = obj_build.make_staff_users(self.ag_test_suite.project.course, 1) self.do_permission_denied_create_test( ag_models.AGTestCase.objects, self.client, staff, self.url, data) [enrolled] = obj_build.make_student_users(self.ag_test_suite.project.course, 1) self.do_permission_denied_create_test( ag_models.AGTestCase.objects, self.client, enrolled, self.url, data)
def test_admin_or_staff_or_handgrader_valid_list_comments(self): [admin] = obj_build.make_admin_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) [handgrader] = obj_build.make_handgrader_users(self.course, 1) for user in admin, handgrader, staff: self.client.force_authenticate(user) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual(self.comment.to_dict(), response.data[0])
def test_staff_valid_retrieve(self): [staff] = obj_build.make_staff_users(self.course, 1) [admin] = obj_build.make_admin_users(self.course, 1) [handgrader] = obj_build.make_users(1) self.handgrading_rubric.project.course.handgraders.add(handgrader) for user in [admin, staff, handgrader]: self.client.force_authenticate(user) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual(self.handgrading_rubric.to_dict(), response.data)
def test_admin_or_staff_or_handgrader_update_bad_values(self): bad_data = { "location": "Not an editable field!", } [admin] = obj_build.make_admin_users(self.course, 1) [handgrader] = obj_build.make_handgrader_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) for user in admin, staff, handgrader: self.do_patch_object_invalid_args_test(self.applied_annotation, self.client, user, self.url, bad_data)
def test_non_admin_permission_denied(self): [staff] = obj_build.make_staff_users(self.project.course, 1) self.client.force_authenticate(staff) response = self.client.post( reverse('project-all-submission-scores', kwargs={'pk': self.project.pk})) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) response = self.client.post( reverse('project-ultimate-submission-scores', kwargs={'pk': self.project.pk})) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_staff_get_order(self): [staff] = obj_build.make_staff_users(self.course, 1) self.client.force_authenticate(staff) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual([self.cmd1.pk, self.cmd2.pk], response.data) new_order = [self.cmd2.pk, self.cmd1.pk] self.ag_test_case.set_agtestcommand_order(new_order) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual(new_order, response.data)
def test_non_admin_create_permission_denied(self): data = { 'name': 'xcm,vnm,xczv', 'cmd': 'echo "wow"', } [staff] = obj_build.make_staff_users(self.course, 1) self.do_permission_denied_create_test( ag_models.AGTestCommand.objects, self.client, staff, self.url, data) [enrolled] = obj_build.make_student_users(self.course, 1) self.do_permission_denied_create_test( ag_models.AGTestCommand.objects, self.client, enrolled, self.url, data)
def test_admin_or_staff_valid_create_with_location(self): [admin] = obj_build.make_admin_users(self.course, 1) [staff] = obj_build.make_staff_users(self.course, 1) for user in admin, staff: response = self.do_create_object_test( handgrading_models.Comment.objects, self.client, user, self.url, self.data, check_data=False) self._check_valid_comment_with_location_created(response)
def test_non_admin_set_order_permission_denied(self): [staff] = obj_build.make_staff_users(self.course, 1) [enrolled] = obj_build.make_student_users(self.course, 1) [handgrader] = obj_build.make_handgrader_users(self.course, 1) for user in staff, enrolled, handgrader: self.client.force_authenticate(user) original_order = list(self.handgrading_rubric.get_criterion_order()) response = self.client.put(self.url, original_order[::-1]) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code) self.assertSequenceEqual(original_order, self.handgrading_rubric.get_criterion_order())
def test_staff_get_order(self): [staff] = obj_build.make_staff_users(self.project.course, 1) self.client.force_authenticate(staff) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual(self.suite_pks, response.data) new_order = self.suite_pks[::-1] self.project.set_studenttestsuite_order(new_order) response = self.client.get(self.url) self.assertEqual(status.HTTP_200_OK, response.status_code) self.assertSequenceEqual(new_order, response.data)
def test_non_admin_get_download_task_result_permission_denied(self): [admin] = obj_build.make_admin_users(self.project.course, 1) [staff] = obj_build.make_staff_users(self.project.course, 1) task = ag_models.DownloadTask.objects.validate_and_create( project=self.project, creator=admin, download_type=ag_models.DownloadType.all_scores, progress=100) url = reverse('download_tasks-result', kwargs={'pk': task.pk}) self.client.force_authenticate(staff) response = self.client.get(url) self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)