def test_publish_and_unpublish_topic(self): """Test the publish and unpublish functionality.""" self.login(self.ADMIN_EMAIL) response = self.get_html_response( '%s/%s' % (feconf.TOPIC_EDITOR_URL_PREFIX, self.topic_id)) csrf_token = self.get_csrf_token_from_response(response) # Test whether admin can publish and unpublish a topic. self.put_json('%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': True}, csrf_token=csrf_token) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertTrue(topic_rights.topic_is_published) self.put_json('%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': False}, csrf_token=csrf_token) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertFalse(topic_rights.topic_is_published) self.logout() self.login(self.NEW_USER_EMAIL) # Test that other users cannot access topic rights. self.put_json('%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': False}, csrf_token=csrf_token, expected_status_int=401) self.logout()
def test_publish_and_unpublish_topic(self): """Test the publish and unpublish functionality.""" self.login(self.ADMIN_EMAIL) with self.swap(constants, 'ENABLE_NEW_STRUCTURES', True): response = self.testapp.get( '%s/%s' % (feconf.TOPIC_EDITOR_URL_PREFIX, self.topic_id)) csrf_token = self.get_csrf_token_from_response(response) # Test whether admin can publish and unpublish a topic. json_response = self.put_json( '%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': True}, csrf_token=csrf_token) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertTrue(topic_rights.topic_is_published) json_response = self.put_json( '%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': False}, csrf_token=csrf_token) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertFalse(topic_rights.topic_is_published) self.logout() self.login(self.NEW_USER_EMAIL) # Test that other users cannot access topic rights. json_response = self.put_json( '%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': False}, csrf_token=csrf_token, expect_errors=True, expected_status_int=401) self.assertEqual(json_response['status_code'], 401) self.logout()
def test_cannot_publish_a_published_topic(self): topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertFalse(topic_rights.topic_is_published) topic_services.publish_topic(self.TOPIC_ID, self.user_id_admin) topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertTrue(topic_rights.topic_is_published) with self.assertRaisesRegexp( Exception, 'The topic is already published.'): topic_services.publish_topic(self.TOPIC_ID, self.user_id_admin)
def test_deassigning_manager_role(self): topic_services.assign_role( self.user_admin, self.user_a, topic_domain.ROLE_MANAGER, self.TOPIC_ID) topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertTrue(topic_services.check_can_edit_topic( self.user_a, topic_rights)) self.assertFalse(topic_services.check_can_edit_topic( self.user_b, topic_rights)) topic_services.assign_role( self.user_admin, self.user_a, topic_domain.ROLE_NONE, self.TOPIC_ID) self.assertFalse(topic_services.check_can_edit_topic( self.user_a, topic_rights)) self.assertFalse(topic_services.check_can_edit_topic( self.user_b, topic_rights)) topic_services.assign_role( self.user_admin, self.user_a, topic_domain.ROLE_NONE, self.TOPIC_ID) self.assertFalse(topic_services.check_can_edit_topic( self.user_a, topic_rights)) self.assertFalse(topic_services.check_can_edit_topic( self.user_b, topic_rights))
def test_admin_can_manage_topic(self): topic_services.create_new_topic_rights( self.topic_id, self.user_id_admin) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertTrue(topic_services.check_can_edit_topic( self.user_admin, topic_rights))
def test_publish_and_unpublish_topic(self): topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertFalse(topic_rights.topic_is_published) topic_services.publish_topic(self.TOPIC_ID, self.user_id_admin) with self.assertRaisesRegexp( Exception, 'The user does not have enough rights to unpublish the topic.'): topic_services.unpublish_topic(self.TOPIC_ID, self.user_id_a) topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertTrue(topic_rights.topic_is_published) topic_services.unpublish_topic(self.TOPIC_ID, self.user_id_admin) topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertFalse(topic_rights.topic_is_published) with self.assertRaisesRegexp( Exception, 'The user does not have enough rights to publish the topic.'): topic_services.publish_topic(self.TOPIC_ID, self.user_id_a)
def test_cannot_unpublish_an_unpublished_exploration(self): self.login(self.ADMIN_EMAIL) csrf_token = self.get_new_csrf_token() topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertFalse(topic_rights.topic_is_published) response = self.put_json( '%s/%s' % ( feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': False}, csrf_token=csrf_token, expected_status_int=401) self.assertEqual(response['error'], 'The topic is already unpublished.')
def test_create_new_topic_rights(self): topic_services.create_new_topic_rights(self.topic_id, self.user_id_admin) topic_services.assign_role(self.user_admin, self.user_id_a, topic_domain.ROLE_MANAGER, self.topic_id) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertTrue( topic_services.check_can_edit_topic(self.user_a, topic_rights)) self.assertFalse( topic_services.check_can_edit_topic(self.user_b, topic_rights))
def test_non_admin_cannot_assign_roles(self): with self.assertRaisesRegexp( Exception, 'UnauthorizedUserException: Could not assign new role.'): topic_services.assign_role( self.user_b, self.user_a, topic_domain.ROLE_MANAGER, self.TOPIC_ID) topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertFalse(topic_services.check_can_edit_topic( self.user_a, topic_rights)) self.assertFalse(topic_services.check_can_edit_topic( self.user_b, topic_rights))
def test_can_delete_story(self, topic_id, **kwargs): if not self.user_id: raise base.UserFacingExceptions.NotLoggedInException topic_rights = topic_services.get_topic_rights(topic_id) if topic_rights is None: raise base.UserFacingExceptions.PageNotFoundException if topic_services.check_can_edit_topic(self.user, topic_rights): return handler(self, topic_id, **kwargs) else: raise self.UnauthorizedUserException( 'You do not have credentials to delete this story.')
def test_reassigning_manager_role_to_same_user(self): topic_services.assign_role(self.user_admin, self.user_a, topic_domain.ROLE_MANAGER, self.TOPIC_ID) with self.assertRaisesRegexp( Exception, 'This user already is a manager for this topic'): topic_services.assign_role(self.user_admin, self.user_a, topic_domain.ROLE_MANAGER, self.TOPIC_ID) topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertTrue( topic_services.check_can_edit_topic(self.user_a, topic_rights)) self.assertFalse( topic_services.check_can_edit_topic(self.user_b, topic_rights))
def test_cannot_publish_a_published_exploration(self): self.login(self.ADMIN_EMAIL) response = self.get_html_response( '%s/%s' % (feconf.TOPIC_EDITOR_URL_PREFIX, self.topic_id)) csrf_token = self.get_csrf_token_from_response(response) self.put_json('%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': True}, csrf_token=csrf_token) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertTrue(topic_rights.topic_is_published) response = self.put_json( '%s/%s' % (feconf.TOPIC_STATUS_URL_PREFIX, self.topic_id), {'publish_status': True}, csrf_token=csrf_token, expected_status_int=401) self.assertEqual(response['error'], 'The topic is already published.')
def test_manager_cannot_assign_roles(self): topic_services.create_new_topic_rights(self.topic_id, self.user_id_admin) topic_services.assign_role(self.user_admin, self.user_id_a, topic_domain.ROLE_MANAGER, self.topic_id) with self.assertRaisesRegexp( Exception, 'UnauthorizedUserException: Could not assign new role.'): topic_services.assign_role(self.user_a, self.user_id_b, topic_domain.ROLE_MANAGER, self.topic_id) topic_rights = topic_services.get_topic_rights(self.topic_id) self.assertTrue( topic_services.check_can_edit_topic(self.user_a, topic_rights)) self.assertFalse( topic_services.check_can_edit_topic(self.user_b, topic_rights))
def get(self, topic_id): """Returns the TopicRights object of a topic.""" topic_rights = topic_services.get_topic_rights(topic_id, strict=False) if topic_rights is None: raise self.InvalidInputException( 'Expected a valid topic id to be provided.') user_actions_info = user_services.UserActionsInfo(self.user_id) can_edit_topic = topic_services.check_can_edit_topic( user_actions_info, topic_rights) can_publish_topic = (role_services.ACTION_CHANGE_TOPIC_STATUS in user_actions_info.actions) self.values.update({ 'can_edit_topic': can_edit_topic, 'published': topic_rights.topic_is_published, 'can_publish_topic': can_publish_topic }) self.render_json(self.values)
def test_admin_can_manage_topic(self): topic_rights = topic_services.get_topic_rights(self.TOPIC_ID) self.assertTrue(topic_services.check_can_edit_topic( self.user_admin, topic_rights))