def test_has_object_permission_post(self):
# In reality, POST to an existing object should 405
# Project Layer: Faculty
perm = LayerPermission()
layer = LayerFactory.create(title='A Layer Title',
content_object=self.sandbox_course_project)
req = RequestFactory().post(
reverse('api-layer-detail', kwargs={'pk': layer.pk}))
req.data = {
'content_object':
reverse('api-response-detail',
kwargs={'pk': layer.content_object.pk})
}
req.user = self.faculty
self.assertTrue(perm.has_object_permission(req, None, layer))
# Project Layer: Student
req.user = self.student
self.assertFalse(perm.has_object_permission(req, None, layer))
# Project Layer: non-course user
req.user = self.alt_student
self.assertFalse(perm.has_object_permission(req, None, layer))
# Project Layer: anon
req.user = self.anon
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: Faculty
perm = LayerPermission()
layer = LayerFactory.create(
title='A Layer Title', content_object=self.sandbox_course_response)
req = RequestFactory().post(
reverse('api-layer-detail', kwargs={'pk': layer.pk}))
req.data = {
'content_object':
reverse('api-response-detail',
kwargs={'pk': layer.content_object.pk})
}
req.user = self.faculty
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: Student
req.user = self.student
self.assertTrue(perm.has_object_permission(req, None, layer))
# Response Layer: classmate
req.user = self.classmate
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: non-course user
req.user = self.classmate
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: anon
req.user = self.anon
self.assertFalse(perm.has_object_permission(req, None, layer))
def test_has_object_permission_delete(self):
# Project Layer: Faculty
perm = LayerPermission()
layer = LayerFactory.create(title='A Layer Title',
content_object=self.sandbox_course_project)
req = RequestFactory().delete(
reverse('api-layer-detail', kwargs={'pk': layer.pk}))
req.user = self.faculty
self.assertTrue(perm.has_object_permission(req, None, layer))
# Project Layer: Student
req.user = self.student
self.assertFalse(perm.has_object_permission(req, None, layer))
# Project Layer: non-course user
req.user = self.alt_student
self.assertFalse(perm.has_object_permission(req, None, layer))
# Project Layer: anon
req.user = self.anon
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: Faculty
perm = LayerPermission()
layer = LayerFactory.create(
title='A Layer Title', content_object=self.sandbox_course_response)
req = RequestFactory().delete(
reverse('api-layer-detail', kwargs={'pk': layer.pk}))
req.user = self.faculty
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: Student
req.user = self.student
self.assertTrue(perm.has_object_permission(req, None, layer))
# Response Layer: classmate
req.user = self.classmate
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: non-course user
req.user = self.classmate
self.assertFalse(perm.has_object_permission(req, None, layer))
# Response Layer: anon
req.user = self.anon
self.assertFalse(perm.has_object_permission(req, None, layer))
def setUp(self):
self.setup_course()
self.layer_permission_helper = \
LayerPermission().layer_permission_helper
self.anon = AnonymousUser()
self.classmate = UserFactory.create(first_name='Student',
last_name='Two',
email='*****@*****.**')
self.registrar_course.group.user_set.add(self.classmate)
self.classmate_response = ResponseFactory.create(
activity=self.sandbox_course_activity, owners=[self.classmate])
self.classmate_layer = LayerFactory.create(
title='Classmate layer', content_object=self.classmate_response)
def test_layer_permission_helper_project_faculty(self):
"""
- If the Layer is associated with a Project, and the user is faculty in
Layer => Project => Course
"""
layer = LayerFactory(title='A Layer Title',
content_object=self.sandbox_course_project)
self.assertTrue(self.layer_permission_helper(layer, self.faculty))
# Check with unrelated faculty
self.assertFalse(self.layer_permission_helper(layer, self.alt_faculty))
# Check with anon user
self.assertFalse(self.layer_permission_helper(layer, self.anon))
def test_has_object_permission_get(self):
with patch.object(LayerPermission, 'layer_permission_helper') \
as mock_layer_permission_helper:
perm = LayerPermission()
layer = LayerFactory.create(
title='A Layer Title',
content_object=self.sandbox_course_project)
req = RequestFactory().get(
reverse('api-layer-detail',
kwargs={'pk': self.classmate_layer.pk}))
# Check that layer_permission_helper is called
req.user = self.student
perm.has_object_permission(req, None, layer)
self.assertTrue(mock_layer_permission_helper.called)
def test_layer_permission_helper_draft_response(self):
"""
- If the Layer is associated with a Response, and the user is an owner
of the Response
"""
# Check owner
layer = LayerFactory(title='A Layer Title',
content_object=self.sandbox_course_response)
self.assertTrue(self.layer_permission_helper(layer, self.student))
# Check faculty
self.assertEqual(self.sandbox_course_response.status, Response.DRAFT)
self.assertFalse(self.layer_permission_helper(layer, self.faculty))
# Check classmate
self.assertFalse(self.layer_permission_helper(layer, self.classmate))
# Check non-course student
self.assertFalse(self.layer_permission_helper(layer, self.alt_student))
def test_layer_permission_helper_project_student(self):
"""
- If the Layer is associated with a Project, the user is a student in
Layer => Project => Course, and the Project has an Activity
"""
layer = LayerFactory(title='A Layer Title',
content_object=self.sandbox_course_project)
self.assertTrue(
hasattr(self.sandbox_course_project, 'activity')
and isinstance(self.sandbox_course_project.activity, Activity))
self.assertTrue(self.layer_permission_helper(layer, self.student))
# Check with non-course student
self.assertFalse(self.layer_permission_helper(layer, self.alt_student))
# Check after removing the activity
layer.content_object.activity.delete()
layer.content_object.refresh_from_db()
self.assertFalse(self.layer_permission_helper(layer, self.student))
def test_layer_permission_helper_submitted_response(self):
"""
- If the Layer is associated with a Response, the Response state is not
"Draft", and the user is faculty in Layer => Response => Activity =>
Project => Course
"""
layer = LayerFactory(title='A Layer Title',
content_object=self.sandbox_course_response)
self.sandbox_course_response.status = Response.SUBMITTED
self.sandbox_course_response.save()
# Check owner
self.assertTrue(self.layer_permission_helper(layer, self.student))
# Check faculty
self.assertTrue(self.layer_permission_helper(layer, self.faculty))
# Check classmate who's response is still a draft
self.assertFalse(self.layer_permission_helper(layer, self.classmate))
# Check non-course student
self.assertFalse(self.layer_permission_helper(layer, self.alt_student))