def test_teacher_view_asset(self, client, fake_auth, mock_asset): """Authorized user can view asset.""" course = Course.find_by_id(mock_asset.course_id) instructors = list(filter(lambda u: is_teaching(u), course.users)) fake_auth.login(instructors[0].id) asset = _api_get_asset(asset_id=mock_asset.id, client=client) assert asset['id'] == mock_asset.id
def test_delete_asset_by_teacher(self, client, fake_auth, mock_asset, mock_category): """Authorized user can delete asset.""" course = Course.find_by_id(mock_asset.course_id) instructors = list(filter(lambda u: is_teaching(u), course.users)) fake_auth.login(instructors[0].id) self._verify_delete_asset(mock_asset.id, client)
def test_teacher_download(self, app, client, fake_auth, mock_asset): """Authorized user can download asset.""" course = Course.find_by_id(mock_asset.course_id) instructors = list(filter(lambda u: is_teaching(u), course.users)) fake_auth.login(instructors[0].id) # TODO: Mock S3 so authorized user actually gets download. For now, 404 oddly indicates success. self._api_download_asset(app, asset_id=mock_asset.id, client=client, expected_status_code=404)
def test_teachers_cannot_update(self, client, fake_auth): """Denies teacher.""" instructor = next(user for user in User.query.all() if is_teaching(user)) fake_auth.login(instructor.id) self._api_update_comment( client, body='Unauthorized instructor hack!', comment_id=1, expected_status_code=404, )
def test_increment_asset_view_count(self, client, fake_auth, mock_asset): course = Course.find_by_id(mock_asset.course_id) instructors = list(filter(lambda u: is_teaching(u), course.users)) # Instructor 1 increments view count. fake_auth.login(instructors[0].id) asset = _api_get_asset(asset_id=mock_asset.id, client=client) assert asset['views'] == 1 # Instructor 2 increments view count. fake_auth.login(instructors[1].id) asset = _api_get_asset(asset_id=mock_asset.id, client=client) assert asset['views'] == 2 # Repeat views do not increment, fake_auth.login(instructors[0].id) asset = _api_get_asset(asset_id=mock_asset.id, client=client) assert asset['views'] == 2 # Views by asset owners do not increment. fake_auth.login(mock_asset.users[0].id) asset = _api_get_asset(asset_id=mock_asset.id, client=client) assert asset['views'] == 2
def is_teaching(self): return is_teaching(self)
def can_update_asset(user, asset): user_id = _get_user_id(user) user_ids = [user.id for user in asset.users] return user.course.id == asset.course_id and (is_teaching(user) or user_id in user_ids)