Exemple #1
0
    def test_update(self):
        # Test invalid params
        api.update(self,
                   'roles',
                   params={'pk': self.course.pk},
                   user=self.teacher,
                   status=400)

        # Test successful
        role = VLE.models.Role.objects.filter(course=self.course,
                                              name='Teacher').first()
        resp = api.update(self,
                          'roles',
                          params={
                              'pk':
                              self.course.pk,
                              'roles': [{
                                  'name':
                                  role.name,
                                  'can_edit_course_roles':
                                  not role.can_edit_course_roles
                              }]
                          },
                          user=self.teacher)
        assert role.can_edit_course_roles != resp['roles'][0][
            'can_edit_course_roles']

        # Test not can_edit_course_roles
        api.update(self,
                   'roles',
                   params={'pk': self.course.pk},
                   user=self.teacher,
                   status=403)
Exemple #2
0
    def test_update(self):
        user = factory.Student()
        user2 = factory.Student()
        admin = factory.Admin()

        # Test update the own user
        old_username = user.username
        resp = api.update(self,
                          'users',
                          params={
                              'pk': 0,
                              'username': '******',
                              'full_name': 'abc'
                          },
                          user=user)['user']
        assert resp[
            'username'] == old_username, 'Username should not be updated'
        assert resp['full_name'] == 'abc', 'Firstname should be updated'

        # Test update user as admin
        resp = api.update(self,
                          'users',
                          params={
                              'pk': user.pk,
                              'full_name': 'not_admin'
                          },
                          user=admin)['user']
        assert resp['full_name'] == 'not_admin', 'Firstname should be updated'

        # Test update other user as user
        api.update(self,
                   'users',
                   params={
                       'pk': user.pk,
                       'full_name': 'not_admin'
                   },
                   user=user2,
                   status=403)

        is_test_student = factory.TestUser(lti_id=None)
        resp = api.update(self,
                          'users',
                          user=is_test_student,
                          params={
                              'email': '*****@*****.**',
                              'pk': is_test_student.pk
                          })['user']
        is_test_student = User.objects.get(pk=is_test_student.pk)
        assert is_test_student.is_test_student, 'Test student status should remain intact after updating email.'
        assert not is_test_student.verified_email, 'Updating email without LTI should not validate said email.'
        assert resp['email'] == '*****@*****.**', 'Email should be updated'
Exemple #3
0
    def test_update(self):
        api.update(self,
                   'participations',
                   params=self.update_params,
                   user=self.student,
                   status=403)

        api.update(self,
                   'participations',
                   params=self.update_params,
                   user=self.teacher)

        # Check cannot update role without can_edit_course_roles permissions
        Role.objects.filter(course=self.course).update(
            can_edit_course_roles=False)
        api.update(self,
                   'participations',
                   params=self.update_params,
                   user=self.teacher,
                   status=403)
        self.update_params.pop('role', None)
        api.update(self,
                   'participations',
                   params=self.update_params,
                   user=self.teacher)
Exemple #4
0
    def check_comment_update(self, comment, user, should_succeed):
        update_msg = ''.join(
            random.choice(string.ascii_letters + string.digits)
            for _ in range(50))
        comment_before_op = Comment.objects.get(pk=comment.pk)

        if should_succeed:
            old_comment_resp = api.get(self,
                                       'comments',
                                       params={'pk': comment.pk},
                                       user=user)['comment']

        comment_resp = api.update(self,
                                  'comments',
                                  params={
                                      'pk': comment.pk,
                                      'text': update_msg
                                  },
                                  user=user,
                                  status=200 if should_succeed else 403)

        comment_after_op = Comment.objects.get(pk=comment.pk)

        if should_succeed:
            comment_resp = comment_resp['comment']
            assert comment_resp['text'] == update_msg, 'Text should be updated'
            assert comment_resp['creation_date'] == old_comment_resp[
                'creation_date'], 'Creation date modified'
            assert comment_resp['last_edited'] != old_comment_resp[
                'last_edited'], 'Last edited not updated'
            assert comment_resp[
                'last_edited_by'] == user.full_name, 'Last edited by incorrect'
        else:
            assert_comments_are_equal(comment_before_op, comment_after_op)
Exemple #5
0
    def test_update(self):
        api.update(self,
                   'instance',
                   params={'pk': 0},
                   user=factory.Teacher(),
                   status=403)

        admin = factory.Admin()
        resp = api.update(self,
                          'instance',
                          params={
                              'pk': 0,
                              'name': 'B1'
                          },
                          user=admin)
        assert resp['instance']['name'] == 'B1'
Exemple #6
0
    def test_update(self):
        # Check if students cannot update journals
        api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.student, status=403)

        # Check if teacher can only update the published state
        api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.teacher, status=403)
        api.update(self, 'journals', params={'pk': self.journal.pk, 'published': True}, user=self.teacher)

        # Check if the admin can update the journal
        api.update(self, 'journals', params={'pk': self.journal.pk, 'user': factory.Student().pk}, user=factory.Admin())
Exemple #7
0
    def test_password(self):
        user = factory.Student()

        user_factory.DEFAULT_PASSWORD
        # Test with wrong password
        api.update(self,
                   'users/password',
                   params={
                       'old_password': '******',
                       'new_password': '******'
                   },
                   user=user,
                   status=400)

        # Test with invalid new password
        api.update(self,
                   'users/password',
                   params={
                       'old_password': user_factory.DEFAULT_PASSWORD,
                       'new_password': '******'
                   },
                   user=user,
                   status=400)

        # Test with valid new password
        api.update(self,
                   'users/password',
                   params={
                       'old_password': user_factory.DEFAULT_PASSWORD,
                       'new_password': '******'
                   },
                   user=user)
Exemple #8
0
    def test_update(self):
        assignment = api.create(self,
                                'assignments',
                                params=self.create_params,
                                user=self.teacher)['assignment']

        # Try to publish the assignment
        # TODO: Test cannot unpublish when there are entries inside
        api.update(self,
                   'assignments',
                   params={
                       'pk': assignment['id'],
                       'published': True
                   },
                   user=factory.Student(),
                   status=403)
        api.update(self,
                   'assignments',
                   params={
                       'pk': assignment['id'],
                       'published': True
                   },
                   user=self.teacher)
        api.update(self,
                   'assignments',
                   params={
                       'pk': assignment['id'],
                       'published': True
                   },
                   user=factory.Admin())
Exemple #9
0
    def test_copyable(self):
        teacher = factory.Teacher()
        course = factory.Course(author=teacher)
        assignment = factory.TemplateAssignment(courses=[course])
        factory.TemplateFormat(assignment=assignment)
        assignment2 = factory.TemplateAssignment(courses=[course])
        factory.TemplateFormat(assignment=assignment2)
        journal = factory.Journal(assignment=assignment2)
        [factory.Entry(node__journal=journal) for _ in range(4)]

        resp = api.get(self,
                       'assignments/copyable',
                       params={'pk': assignment.pk},
                       user=teacher)['data']
        assert len(resp[0]['assignments']) == 1
        assert resp[0]['course'][
            'id'] == course.id, 'copyable assignments should be displayed'

        before_id = api.get(self,
                            'formats',
                            params={'pk': assignment2.pk},
                            user=teacher)['format']['templates'][0]['id']
        before_from_id = api.get(self,
                                 'formats',
                                 params={'pk': assignment.pk},
                                 user=teacher)['format']['templates'][0]['id']
        resp = api.update(self,
                          'formats/copy',
                          params={
                              'pk': assignment2.pk,
                              'from_assignment_id': assignment.pk
                          },
                          user=teacher)
        after_id = api.get(self,
                           'formats',
                           params={'pk': assignment2.pk},
                           user=teacher)['format']['templates'][0]['id']

        after_from_id = api.get(self,
                                'formats',
                                params={'pk': assignment.pk},
                                user=teacher)['format']['templates'][0]['id']
        assert before_id != after_id, 'Assignment should be changed'
        assert before_from_id == after_from_id, 'From assignment templates should be unchanged'

        assert len(utils.get_journal_entries(
            journal)) == 4, 'Old entries should not be removed'
Exemple #10
0
    def test_update(self):
        # Test if other then a superuser or the author self can update the course
        api.update(self,
                   'courses',
                   params={
                       'pk': self.course1.pk,
                       'abbreviation': 'TC2'
                   },
                   user=self.teacher2,
                   status=403)
        api.update(self,
                   'courses',
                   params={
                       'pk': self.course2.pk,
                       'abbreviation': 'TC2'
                   },
                   user=self.teacher2,
                   status=403)

        update_resp = api.update(self,
                                 'courses',
                                 params={
                                     'pk': self.course2.pk,
                                     'abbreviation': 'TC2'
                                 },
                                 user=self.teacher1)['course']
        assert update_resp[
            'abbreviation'] == 'TC2', 'Teacher could not update the course'
        update_resp = api.update(self,
                                 'courses',
                                 params={
                                     'pk': self.course2.pk,
                                     'abbreviation': 'TC3'
                                 },
                                 user=self.admin)['course']
        assert update_resp[
            'abbreviation'] == 'TC3', 'Superuser could not update the course'
Exemple #11
0
 def test_update(self):
     # TODO: Improve template testing
     api.update(self,
                'formats',
                params={
                    'pk': self.assignment.pk,
                    'assignment_details': None,
                    'templates': [],
                    'presets': [],
                    'removed_presets': [],
                    'removed_templates': []
                },
                user=factory.Student(),
                status=403)
     api.update(self,
                'formats',
                params={
                    'pk': self.assignment.pk,
                    'assignment_details': None,
                    'templates': [],
                    'presets': [],
                    'removed_presets': [],
                    'removed_templates': []
                },
                user=self.teacher)
     api.update(self,
                'formats',
                params={
                    'pk': self.assignment.pk,
                    'assignment_details': None,
                    'templates': [],
                    'presets': [],
                    'removed_presets': [],
                    'removed_templates': []
                },
                user=factory.Admin())
Exemple #12
0
    def test_lti_update(self):
        # Valid LTI coupling to pre-existing account
        user = factory.Student(verified_email=False)
        resp = api.update(self,
                          'users',
                          user=user,
                          params={
                              **gen_jwt_params(params={
                                  'user_id':
                                  'valid_id1',
                                  'custom_user_full_name':
                                  'new full name',
                                  'custom_user_email':
                                  '*****@*****.**',
                                  'custom_user_image':
                                  'https://new.com/img.png',
                              },
                                               user=user),
                              'pk':
                              user.pk,
                          })['user']
        user = User.objects.get(pk=user.pk)
        assert user.lti_id, 'Pre-existing user should now be linked via LTI'
        assert resp[
            'full_name'] == 'new full name' and user.full_name == 'new full name', 'Full name should be updated'
        assert user.verified_email, 'Updating email via LTI should also verify it'
        assert resp[
            'email'] == '*****@*****.**' and user.email == '*****@*****.**', 'Email should be updated'
        assert user.profile_picture == 'https://new.com/img.png', 'Profile picture should be updated.'

        # Cannot couple an account using an already known LTI id
        user2 = factory.Student()
        resp = api.update(self,
                          'users',
                          user=user2,
                          params={
                              **gen_jwt_params(params={'user_id': user.lti_id},
                                               user=user2),
                              'pk':
                              user2.pk,
                          },
                          status=400)
        assert 'lti id already exists' in resp['description']

        # Cannot link to a user when the email address is already claimed
        resp = api.update(
            self,
            'users',
            user=user2,
            params={
                **gen_jwt_params(params={'custom_user_email': user.email}),
                'pk':
                user2.pk,
            },
            status=400)
        assert 'is taken' in resp[
            'description'], 'Cannot link to a user when the email address is already claimed'

        # It is forbidden to link a test account to an existing account
        lti_teacher = factory.LtiTeacher()
        resp = api.update(
            self,
            'users',
            user=lti_teacher,
            params={
                **gen_jwt_params(params=factory.JWTTestUserParams()),
                'pk': 0,
            },
            status=403)
        teacher = factory.Teacher()
        resp = api.update(
            self,
            'users',
            user=teacher,
            params={
                **gen_jwt_params(params=factory.JWTTestUserParams()),
                'pk': 0,
            },
            status=403)