def test_single_organization(self):
"""
Ensure multiple orgs to be forbidden.
"""
my_site = SiteFactory(domain='my_site.org')
other_site = SiteFactory(domain='other_site.org') # ensure no collision.
my_org = OrganizationFactory.create(sites=[my_site])
OrganizationFactory.create(sites=[other_site]) # ensure no collision.
request = Mock(get_host=Mock(return_value=my_site.domain))
assert my_org == get_current_organization(request)
def test_two_organizations(self):
"""
Ensure multiple orgs to be forbidden.
"""
site = SiteFactory.create(domain='my_site.org')
OrganizationFactory.create_batch(2, sites=[site])
request = Mock(site=site)
with pytest.raises(Organization.MultipleObjectsReturned):
get_current_organization(request)
def setup(self, client):
client.defaults['SERVER_NAME'] = self.domain
self.user = UserFactory.create(username='******')
self.site = SiteFactory.create(domain=self.domain)
self.my_org = OrganizationFactory.create(name='my_org', sites=[self.site])
self.other_org = OrganizationFactory.create(name='other_org')
self.staff = UserOrganizationMapping.objects.create(
user=self.user,
organization=self.my_org,
is_amc_admin=True,
)
client.force_login(self.user)
def test_on_main_site_without_uuid_parameter(self, settings):
"""
Non superusers shouldn't use the CAG on main site ( e.g. tahoe.appsembler.com/admin ).
"""
main_site = SiteFactory.create(domain='main_site')
settings.SITE_ID = main_site.id
customer_site = SiteFactory.create(domain='customer_site')
OrganizationFactory.create(sites=[customer_site
]) # Creates customer_org
superuser = UserFactory.create(is_superuser=True)
request = Mock(site=main_site, user=superuser, GET={})
with pytest.raises(Organization.DoesNotExist,
match=r'Tahoe.*Should not find.*SITE_ID'):
get_requested_organization(request)
def test_on_customer_site(self):
"""
Customer sites can use CAG APIs.
"""
site = SiteFactory.create(domain='my_site.org')
expected_org = OrganizationFactory.create(sites=[site])
non_superuser = UserFactory.create()
request = Mock(site=site, user=non_superuser, GET={})
requested_org = get_requested_organization(request)
assert requested_org == expected_org, 'Should return the site organization'
def test_multiple_user_orgs(self, username, allow, log_call_count):
"""
Prevent users from having multiple orgs.
"""
self.request.user = get_user_model().objects.get(username=username)
org2 = OrganizationFactory(sites=[self.site])
UserOrganizationMapping.objects.create(user=self.request.user, organization=org2),
with patch('course_access_groups.permissions.log') as mock_log:
permission = IsSiteAdminUser().has_permission(self.request, None)
assert mock_log.exception.call_count == log_call_count
assert permission == allow, 'Incorrect permission for user: "******"'.format(username=username)
def test_allow_public_courses(self, default_has_access):
"""
Public courses should be allowed to non-members.
Via the `PublicCourse` model.
"""
org = OrganizationFactory.create()
OrganizationCourse.objects.create(course_id=str(self.course.id),
organization=org)
UserOrganizationMapping.objects.create(
user=self.user,
organization=org,
)
PublicCourseFactory.create(course=self.course)
assert user_has_access(self.user, self.course, default_has_access,
{}) == default_has_access
def test_on_main_site_with_uuid_parameter(self, settings):
"""
Superusers can use the `get_requested_organization` helper with `organization_uuid`.
"""
main_site = SiteFactory.create(domain='main_site')
settings.SITE_ID = main_site.id
customer_site = SiteFactory.create(domain='customer_site')
customer_org = OrganizationFactory.create(sites=[customer_site])
superuser = UserFactory.create(is_superuser=True)
request = Mock(site=main_site,
user=superuser,
GET={
'organization_uuid': customer_org.edx_uuid,
})
requested_org = get_requested_organization(request)
assert requested_org == customer_org, 'Should return the site organization'
def test_org_admins_have_access(self, default_has_access):
"""
Organization-wide admins have access to all org courses.
"""
user = UserFactory.create()
organization = OrganizationFactory.create()
OrganizationCourse.objects.create(course_id=str(self.course.id),
organization=organization)
UserOrganizationMapping.objects.create(
user=user,
organization=organization,
is_amc_admin=True,
)
assert user_has_access(user, self.course, default_has_access,
{}) == default_has_access
# Basic test for `is_organization_staff` to ensure `user.is_active` is respected.
inactive = UserFactory.create(is_active=False)
assert not user_has_access(inactive, self.course, default_has_access,
{})
def setup(self, db, monkeypatch, standard_test_users):
self.site = SiteFactory.create()
self.organization = OrganizationFactory(sites=[self.site])
self.callers = [
UserFactory.create(username='******'),
UserFactory.create(username='******'),
UserFactory.create(username='******'),
]
self.user_organization_mappings = [
UserOrganizationMapping.objects.create(
user=self.callers[0], organization=self.organization),
UserOrganizationMapping.objects.create(
user=self.callers[1],
organization=self.organization,
is_amc_admin=True)
]
self.callers += standard_test_users
self.request = APIRequestFactory().get('/')
self.request.site = self.site
monkeypatch.setattr(sites_shortcuts, 'get_current_site',
self.get_test_site)
def test_on_main_site_with_uuid_parameter_non_staff(self, settings):
"""
Non superusers shouldn't be able to use the `organization_uuid` parameters.
"""
main_site = SiteFactory.create(domain='main_site')
settings.SITE_ID = main_site.id
customer_site = SiteFactory.create(domain='customer_site')
customer_org = OrganizationFactory.create(sites=[customer_site])
non_superuser = UserFactory.create()
request = Mock(site=main_site,
user=non_superuser,
GET={
'organization_uuid': customer_org.edx_uuid,
})
with pytest.raises(
PermissionDenied,
match=r'Not permitted to use the `organization_uuid` parameter.'
):
get_requested_organization(request)