def challenge_set():
""" Creates a challenge with creator, 2 participants, and non participant.
To use this you must mark the test with @pytest.mark.django_db """
ChallengeSet = namedtuple(
'ChallengeSet',
[
'challenge',
'creator',
'admin',
'participant',
'participant1',
'non_participant',
],
)
creator = UserFactory()
challenge = ChallengeFactory(creator=creator)
admin = UserFactory()
challenge.add_admin(admin)
participant = UserFactory()
challenge.add_participant(participant)
participant1 = UserFactory()
challenge.add_participant(participant1)
non_participant = UserFactory()
try:
Challenge.objects.get(short_name=settings.MAIN_PROJECT_NAME)
except ObjectDoesNotExist:
ChallengeFactory(short_name=settings.MAIN_PROJECT_NAME)
return ChallengeSet(
challenge, creator, admin, participant, participant1, non_participant
)
def test_permissions_mixin(
rf: RequestFactory, admin_user, mocker, ChallengeSet
):
# admin_user is a superuser, not a challenge admin
creator = ChallengeSet.creator
challenge = ChallengeSet.challenge
participant = ChallengeSet.participant
non_participant = ChallengeSet.non_participant
# Messages need to be mocked when using request factory
mock_messages = mocker.patch(
"grandchallenge.core.permissions.mixins.messages"
).start()
mock_messages.INFO = "INFO"
assert_status(200, admin_user, AdminOnlyView, challenge, rf)
assert_status(200, creator, AdminOnlyView, challenge, rf)
assert_status(403, participant, AdminOnlyView, challenge, rf)
assert_status(403, non_participant, AdminOnlyView, challenge, rf)
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf
)
assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(
403, non_participant, ParticipantOrAdminOnlyView, challenge, rf
)
assert_redirect(
settings.LOGIN_URL,
AnonymousUser(),
ParticipantOrAdminOnlyView,
challenge,
rf,
)
# Make a 2nd challenge and make sure that the admins and participants
# here cannot see the first
creator2 = UserFactory()
challenge2 = ChallengeFactory(creator=creator2)
participant2 = UserFactory()
challenge2.add_participant(participant2)
assert_status(403, creator2, AdminOnlyView, challenge, rf)
assert_status(403, participant2, AdminOnlyView, challenge, rf)
assert_status(403, creator2, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(403, participant2, ParticipantOrAdminOnlyView, challenge, rf)
def generate_challenge_set():
creator = UserFactory()
challenge = ChallengeFactory(creator=creator)
admin = UserFactory()
challenge.add_admin(admin)
participant = UserFactory()
challenge.add_participant(participant)
participant1 = UserFactory()
challenge.add_participant(participant1)
non_participant = UserFactory()
return ChallengeSet(
challenge=challenge,
creator=creator,
admin=admin,
participant=participant,
participant1=participant1,
non_participant=non_participant,
)
def generate_challenge_set():
creator = UserFactory()
challenge = ChallengeFactory(creator=creator)
admin = UserFactory()
challenge.add_admin(admin)
participant = UserFactory()
challenge.add_participant(participant)
participant1 = UserFactory()
challenge.add_participant(participant1)
non_participant = UserFactory()
try:
Challenge.objects.get(short_name=settings.MAIN_PROJECT_NAME)
except ObjectDoesNotExist:
ChallengeFactory(short_name=settings.MAIN_PROJECT_NAME)
return ChallengeSet(
challenge=challenge,
creator=creator,
admin=admin,
participant=participant,
participant1=participant1,
non_participant=non_participant,
)
def generate_challenge_set():
creator = UserFactory()
challenge = ChallengeFactory(creator=creator)
admin = UserFactory()
challenge.add_admin(admin)
participant = UserFactory()
challenge.add_participant(participant)
participant1 = UserFactory()
challenge.add_participant(participant1)
non_participant = UserFactory()
try:
Challenge.objects.get(short_name=settings.MAIN_PROJECT_NAME)
except ObjectDoesNotExist:
ChallengeFactory(short_name=settings.MAIN_PROJECT_NAME)
return ChallengeSet(
challenge=challenge,
creator=creator,
admin=admin,
participant=participant,
participant1=participant1,
non_participant=non_participant,
)
def test_hidden_phase_visible_for_admins_but_not_participants(client):
ch = ChallengeFactory()
u = UserFactory()
ch.add_participant(u)
visible_phase = ch.phase_set.first()
hidden_phase = PhaseFactory(challenge=ch, public=False)
e1 = EvaluationFactory(submission__phase=visible_phase,
submission__creator=u)
e2 = EvaluationFactory(submission__phase=hidden_phase,
submission__creator=u)
for view_name, kwargs, status in [
# phase non-specific pages
("list", {}, 200),
("submission-list", {}, 200),
# visible phase
("detail", {
"pk": e1.pk
}, 200),
("submission-create", {
"slug": visible_phase.slug
}, 200),
("submission-detail", {
"pk": e1.submission.pk
}, 200),
("leaderboard", {
"slug": visible_phase.slug
}, 200),
# hidden phase
("detail", {
"pk": e2.pk
}, 403),
("submission-create", {
"slug": hidden_phase.slug
}, 200),
("submission-detail", {
"pk": e2.submission.pk
}, 403),
("leaderboard", {
"slug": hidden_phase.slug
}, 200),
]:
# for participants only the visible phase tab is visible
# and they do not have access to the detail pages of their evals and
# submissions from the hidden phase, and do not see subs/evals from the hidden
# phase on the respective list pages
response = get_view_for_user(
client=client,
viewname=f"evaluation:{view_name}",
reverse_kwargs={
"challenge_short_name": ch.short_name,
**kwargs
},
user=u,
)
assert response.status_code == status
if status == 200:
assert f"{visible_phase.title}</a>" in response.rendered_content
assert f"{hidden_phase.title}</a>" not in response.rendered_content
if "list" in view_name:
assert (f"<td>{visible_phase.title}</td>"
in response.rendered_content)
assert (f"<td>{hidden_phase.title}</td>"
not in response.rendered_content)
# for the admin both phases are visible and they have access to submissions
# and evals from both phases
response = get_view_for_user(
client=client,
viewname=f"evaluation:{view_name}",
reverse_kwargs={
"challenge_short_name": ch.short_name,
**kwargs
},
user=ch.admins_group.user_set.first(),
)
assert response.status_code == 200
assert f"{visible_phase.title}</a>" in response.rendered_content
assert f"{hidden_phase.title}</a>" in response.rendered_content
if "list" in view_name:
assert (f"<td>{visible_phase.title}</td>"
in response.rendered_content)
assert (f"<td>{hidden_phase.title}</td>"
in response.rendered_content)
