def helper(username, password): u = User.create_user(username, password) u1 = User.create_user(username, password) assert u.can_view(u), "should be able to same instance" assert u.can_view(u1), "should be able to see other authenticated self" u2 = User.create_user(username) assert u.can_view(u2), "should be able to see other plain self"
def test_authed_teachers_cant_see_blueshirt(): u1 = User.create_user("teacher_coll1", "facebees") u2 = User.create_user("teacher_coll2", "noway") users = [u1, u2] a = User.create_user("blueshirt") assert not any([u.can_administrate(a) for u in users])
def set_user_details(requesting_user, userid): user_to_update = User.create_user(userid) can_admin = requesting_user.can_administrate(user_to_update) if request.form.get( "media_consent" ) == 'true' and requesting_user.can_record_media_consent: if not user_to_update.has_media_consent: user_to_update.got_media_consent() notify_ticket_available(user_to_update) user_to_update.save() if not can_admin: return '{}', 200 elif not can_admin: return AUTHORIZATION_DENIED assert can_admin user_to_update = User.create_user(userid) if request.form.has_key("new_email") and not requesting_user.is_blueshirt: new_email = request.form["new_email"] request_new_email(user_to_update, new_email) # Students aren't allowed to update their own names # at this point, if the requesting_user is valid, we know it's a self-edit if not requesting_user.is_student: fname = request.form.get("new_first_name") if fname: user_to_update.set_first_name(fname) lname = request.form.get("new_last_name") if lname: user_to_update.set_last_name(lname) if request.form.has_key("new_team"): team = request.form["new_team"] if (not user_to_update.is_blueshirt ) and requesting_user.manages_team(team): user_to_update.set_team(team) if request.form.has_key( "new_type" ) and requesting_user.is_teacher and user_to_update != requesting_user: if request.form["new_type"] == 'student': user_to_update.make_student() elif request.form["new_type"] == 'team-leader': user_to_update.make_teacher() if request.form.get("withdrawn") == 'true' and not user_to_update.has_withdrawn \ and requesting_user.can_withdraw(user_to_update): user_to_update.withdraw() user_to_update.save() # Do this separately and last because it makes an immediate change # to the underlying database, rather than waiting for save(). if request.form.has_key("new_password"): user_to_update.set_password(request.form["new_password"]) return '{}', 200
def form_helper(rq_user, rq_pass, new_fname, new_lname): new_email = "*****@*****.**" params = { "username": rq_user, "password": rq_pass, "first_name": new_fname, "last_name": new_lname, "email": new_email, "team": "team-ABC", "college": "college-1" } r, data = test_helpers.server_post("/registrations", params) status = r.status assert status == 202, data created = User.create_user('1_rt1') assert created.email == '' pending = PendingUser('1_rt1') assert pending.email == "*****@*****.**" assert pending.team == "team-ABC" assert pending.college == "college-1" email_datas = test_helpers.last_n_emails(2) student_ps = email_datas[0] template = student_ps.template_name assert template == 'new_user' to = student_ps.toaddr assert to == new_email vars = student_ps.template_vars assert new_fname == vars['name'] vcode = pending.verify_code assert vcode in vars['activation_url'] test_helpers.assert_load_template(template, vars) teacher = User.create_user(rq_user) teacher_ps = email_datas[1] template = teacher_ps.template_name assert template == 'user_requested' to = teacher_ps.toaddr assert to == teacher.email vars = teacher_ps.template_vars assert new_fname == vars['pu_first_name'] assert new_lname == vars['pu_last_name'] assert new_email == vars['pu_email'] assert '1_rt1' == vars['pu_username'] assert 'team-ABC' == vars['pu_team'] assert 'college the first' == vars['pu_college'] vars_str = teacher_ps.template_vars_json assert vcode not in vars_str, "Should not contain the verification code." test_helpers.assert_load_template(template, vars)
def form_helper(rq_user, rq_pass, new_fname, new_lname): new_email = "*****@*****.**" params = {"username":rq_user, "password":rq_pass, "first_name":new_fname, "last_name":new_lname, "email":new_email, "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) status = r.status assert status == 202, data created = User.create_user('1_rt1') assert created.email == '' pending = PendingUser('1_rt1') assert pending.email == "*****@*****.**" assert pending.team == "team-ABC" assert pending.college == "college-1" email_datas = test_helpers.last_n_emails(2) student_ps = email_datas[0] template = student_ps.template_name assert template == 'new_user' to = student_ps.toaddr assert to == new_email vars = student_ps.template_vars assert new_fname == vars['name'] vcode = pending.verify_code assert vcode in vars['activation_url'] test_helpers.assert_load_template(template, vars) teacher = User.create_user(rq_user) teacher_ps = email_datas[1] template = teacher_ps.template_name assert template == 'user_requested' to = teacher_ps.toaddr assert to == teacher.email vars = teacher_ps.template_vars assert new_fname == vars['pu_first_name'] assert new_lname == vars['pu_last_name'] assert new_email == vars['pu_email'] assert '1_rt1' == vars['pu_username'] assert 'team-ABC' == vars['pu_team'] assert 'college the first' == vars['pu_college'] vars_str = teacher_ps.template_vars_json assert vcode not in vars_str, "Should not contain the verification code." test_helpers.assert_load_template(template, vars)
def test_set_password(): u = User.create_user("teacher_coll1", "facebees") u.set_password("bacon") u.save() u = User.create_user("teacher_coll1", "bacon") assert u.can_administrate("student_coll1_1") u.set_password("facebees") u.save()
def helper(other_username): blueshirt = User.create_user("blueshirt-extra", "blueshirt") competitor = User.create_user(other_username) assert blueshirt.can_view(competitor), "Sanity check" details = competitor.details_dictionary_for(blueshirt) for keyname in ["username", "first_name", "last_name", "is_student", \ "is_team_leader", "has_withdrawn", "has_media_consent", \ "teams", "colleges"]: assert keyname in details assert not 'email' in details, "No need to be able to see their email"
def test_registration_rq_from_blueshirt(): new_email = "*****@*****.**" params = { "username": "******", "password": "******", "first_name": NEW_USER_FNAME, "last_name": NEW_USER_LNAME, "email": new_email, "team": "team-ABC", "college": "college-1", } r, data = test_helpers.server_post("/registrations", params) status = r.status assert status == 202, data created = User.create_user("1_rt1") assert created.email == "" pending = PendingUser("1_rt1") assert pending.email == "*****@*****.**" assert pending.team == "team-ABC" assert pending.college == "college-1" email_datas = test_helpers.last_n_emails(2) student_ps = email_datas[0] template = student_ps.template_name assert template == "new_user" to = student_ps.toaddr assert to == new_email vars = student_ps.template_vars assert NEW_USER_FNAME == vars["name"] vcode = pending.verify_code assert vcode in vars["activation_url"] teacher = User.create_user("blueshirt") teacher_ps = email_datas[1] template = teacher_ps.template_name assert template == "user_requested" to = teacher_ps.toaddr assert to == teacher.email vars = teacher_ps.template_vars assert NEW_USER_FNAME == vars["pu_first_name"] assert NEW_USER_LNAME == vars["pu_last_name"] assert new_email == vars["pu_email"] assert "1_rt1" == vars["pu_username"] assert "team-ABC" == vars["pu_team"] assert "college the first" == vars["pu_college"] vars_str = teacher_ps.template_vars_json assert vcode not in vars_str, "Should not contain the verification code."
def set_user_details(requesting_user, userid): user_to_update = User.create_user(userid) can_admin = requesting_user.can_administrate(user_to_update) if request.form.get("media_consent") == 'true' and requesting_user.can_record_media_consent: if not user_to_update.has_media_consent: user_to_update.got_media_consent() notify_ticket_available(user_to_update) user_to_update.save() if not can_admin: return '{}', 200 elif not can_admin: return AUTHORIZATION_DENIED assert can_admin user_to_update = User.create_user(userid) if request.form.has_key("new_email") and not requesting_user.is_blueshirt: new_email = request.form["new_email"] request_new_email(user_to_update, new_email) # Students aren't allowed to update their own names # at this point, if the requesting_user is valid, we know it's a self-edit if not requesting_user.is_student: fname = request.form.get("new_first_name") if fname: user_to_update.set_first_name(fname) lname = request.form.get("new_last_name") if lname: user_to_update.set_last_name(lname) if request.form.has_key("new_team"): team = request.form["new_team"] if (not user_to_update.is_blueshirt) and requesting_user.manages_team(team): user_to_update.set_team(team) if request.form.has_key("new_type") and requesting_user.is_teacher and user_to_update != requesting_user: if request.form["new_type"] == 'student': user_to_update.make_student() elif request.form["new_type"] == 'team-leader': user_to_update.make_teacher() if request.form.get("withdrawn") == 'true' and not user_to_update.has_withdrawn \ and requesting_user.can_withdraw(user_to_update): user_to_update.withdraw() user_to_update.save() # Do this separately and last because it makes an immediate change # to the underlying database, rather than waiting for save(). if request.form.has_key("new_password"): user_to_update.set_password(request.form["new_password"]) return '{}', 200
def test_registration_email_in_use(): params = {"username":"******", "password":"******", "first_name":NEW_USER_FNAME, "last_name":NEW_USER_LNAME, "email":"*****@*****.**", # student_coll2_2 "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) assert r.status == 403 assert 'DETAILS_ALREADY_USED' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('1_rt1') assert False, "Should not have created user" except: pass pending = PendingUser('1_rt1') assert not pending.in_db test_helpers.assert_no_emails()
def test_new_user_not_allowed(): try: ru = User.create_user("student_coll1_1", "cows") User.create_new_user(ru, 'college-1', 'first', 'last') assert False except Exception as e: assert "student_coll1_1" in str(e)
def test_new_user_not_authed(): try: ru = User.create_user("teacher_coll1") User.create_new_user(ru, 'college-1', 'first', 'last') assert False except Exception as e: assert "teacher_coll1" in str(e)
def test_registration_rq_from_student(): test_helpers.delete_db() params = {"username":"******", "password":"******", "first_name":"register", "last_name":"this.user", "email":"*****@*****.**", "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) status = r.status assert status == 403 assert 'YOU_CANT_REGISTER_USERS' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('2_rt1') assert False, "Should not have created user" except: pass pending = PendingUser('2_rt1') assert not pending.in_db test_helpers.assert_no_emails()
def test_authed_blueshirt_cant_see_other_students(): a = User.create_user("blueshirt", "blueshirt") users = ["student_coll2_2", "student_coll2_1"] results = [a.can_administrate(user) for user in users] assert not any(results)
def test_registration_email_in_use(): params = { "username": "******", "password": "******", "first_name": NEW_USER_FNAME, "last_name": NEW_USER_LNAME, "email": "*****@*****.**", # student_coll2_2 "team": "team-ABC", "college": "college-1", } r, data = test_helpers.server_post("/registrations", params) assert r.status == 403 assert "DETAILS_ALREADY_USED" in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user("1_rt1") assert False, "Should not have created user" except: pass pending = PendingUser("1_rt1") assert not pending.in_db test_helpers.assert_no_emails()
def test_registration_bad_frist_name(): params = {"username":"******", "password":"******", "first_name":NEW_USER_FNAME, "last_name":'2'+NEW_USER_LNAME, "email":"*****@*****.**", "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) assert r.status == 403 assert 'BAD_LAST_NAME' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('1_rt1') assert False, "Should not have created user" except: pass pending = PendingUser('1_rt1') assert not pending.in_db test_helpers.assert_no_emails()
def test_registration_name_in_use(): params = {"username":"******", "password":"******", "first_name":'student2', # student_coll1_2 "last_name":'student', "email":"*****@*****.**", "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) status = r.status assert status == 403, data assert 'DETAILS_ALREADY_USED' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('1_ss1') assert False, "Should not have created user" except: pass pending = PendingUser('1_ss1') assert not pending.in_db test_helpers.assert_no_emails()
def test_authed_blueshirt_can_see_own_students(): a = User.create_user("blueshirt", "blueshirt") users = ["student_coll1_1", "teacher_coll1"] results = [a.can_administrate(user) for user in users] assert all(results)
def test_authed_teacher_cant_see_other_students(): a = User.create_user("teacher_coll1", "facebees") users = ["student_coll2_1", "student_coll2_2"] results = [a.can_administrate(user) for user in users] assert not any(results)
def test_registration_rq_from_student(): test_helpers.delete_db() params = { "username": "******", "password": "******", "first_name": "register", "last_name": "this.user", "email": "*****@*****.**", "team": "team-ABC", "college": "college-1", } r, data = test_helpers.server_post("/registrations", params) status = r.status assert status == 403 assert "YOU_CANT_REGISTER_USERS" in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user("2_rt1") assert False, "Should not have created user" except: pass pending = PendingUser("2_rt1") assert not pending.in_db test_helpers.assert_no_emails()
def test_student_post_doesnt_set_first_last_name(): old_first = "student1i" old_last = "student" params = { "username": "******", "password": "******", "new_first_name": "asdf", "new_last_name": "cheese", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 details_dict = User("student_coll1_1").details_dictionary_for( User.create_user("student_coll1_1", "cows")) # restore original data u = User("student_coll1_1") u.set_first_name(old_first) u.set_last_name(old_last) u.save() assert details_dict["first_name"] == old_first assert details_dict["last_name"] == old_last
def send_password_reset(requesting_user, userid): user_to_update = User.create_user(userid) if not requesting_user.can_administrate(user_to_update): return AUTHORIZATION_DENIED verify_code = helpers.create_verify_code(user_to_update.username, requesting_user.username) ppr = PendingPasswordReset(user_to_update.username) ppr.requestor_username = requesting_user.username ppr.verify_code = verify_code ppr.save() log_action('sending password reset', ppr) url = url_for('reset_password', username=user_to_update.username, code=verify_code, _external=True) ppr.send_reset_email( user_to_update.email, user_to_update.first_name, url, "{0} {1}".format(requesting_user.first_name, requesting_user.last_name), ) return "{}", 202
def test_user_properties_team_leader(): u = User.create_user("teacher_coll2", "noway") data = u.details_dictionary_for(u) assert data['is_team_leader'] assert not data['is_student'] assert not data['is_blueshirt']
def test_user_properties_student(): u = User.create_user("student_coll1_1", "cows") data = u.details_dictionary_for(u) assert data['is_student'] assert not data['is_team_leader'] assert not data['is_blueshirt']
def test_team_set_in_user(): u = User.create_user('st_user1') u.set_team(NEW_TEAM_NAME) u.save() u_teams = [t.name for t in u.teams] assert set(u_teams) == set([NEW_TEAM_NAME])
def test_college_set_in_user(): u = User.create_user('st_user1') u.set_college(NEW_COLLEGE_NAME) u.save() u_colleges = u.colleges assert set(u_colleges) == set([NEW_COLLEGE_NAME])
def test_new_user_wrong_college(): try: ru = User.create_user("teacher_coll1", "facebees") User.create_new_user(ru, 'college-2', 'first', 'last') assert False except Exception as e: assert "teacher_coll1" in str(e) assert 'college-2' in str(e)
def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days=2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name, 'last_name': u.last_name, 'password': new_pass, 'email': u.email, 'username': username, 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def test_withdrawn_true_2(): username = '******' sru = create_withdrawn(username) password = '******' sru.set_passwd(new=password) u = User.create_user(username, password) data = u.details_dictionary_for(u) assert data['has_withdrawn']
def test_team_set_in_db(): u = User.create_user('st_user1') u.set_team(NEW_TEAM_NAME) u.save() sru = srusers.user('st_user1') sru_groups = sru.groups() assert set(sru_groups) == set([NEW_TEAM_NAME, 'st_other_group'])
def test_media_consent_true_2(): username = '******' sru = create_media_consent(username) password = '******' sru.set_passwd(new=password) u = User.create_user(username, password) data = u.details_dictionary_for(u) assert data['has_media_consent']
def test_media_consent_true_1(): username = '******' sru = srusers.user(username) sru.cname = 'admin' sru.sname = 'consent' sru.email = '' sru.save() # Sanity check u = User.create_user(username) assert not u.can_record_media_consent g = srusers.group('media-consent-admin') g.user_add(sru) g.save() u = User.create_user(username) assert u.can_record_media_consent
def test_authed_can_see_self(): user_passwords = [("teacher_coll1", "facebees"), ("student_coll1_1", "cows"), ("teacher_coll2", "noway"), ("blueshirt", "blueshirt")] user_objects = [User.create_user(u[0], u[1]) for u in user_passwords] results = [user.can_administrate(user.username) for user in user_objects] assert all(results)
def test_college_set_in_db(): u = User.create_user('st_user1') u.set_college(NEW_COLLEGE_NAME) u.save() sru = srusers.user('st_user1') sru_groups = sru.groups() assert set(sru_groups) == set([NEW_COLLEGE_NAME, 'st_other_group'])
def test_media_consent_grant(): username = '******' sru = srusers.user(username) sru.cname = 'to' sru.sname = 'consent' sru.email = '' sru.save() u = User.create_user(username) # Sanity check assert not u.has_media_consent, "Fresh user should not have granted media consent" u.got_media_consent() u.save() assert u.has_media_consent, "Should have recorded the media-consent grant" # Fresh instance u = User.create_user(username) assert u.has_media_consent, "Media consent grant should persist"
def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days = 2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name , 'last_name': u.last_name , 'password': new_pass , 'email': u.email , 'username': username , 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def test_details_dictionary_for_team_leader_member(): u = User.create_user("teacher_coll1", "facebees") data = assert_college_1_details_dictionary_for(u) expected_users = [ "teacher_coll1", "student_coll1_1", "student_coll1_2", "withdrawn_student", ] actual_users = data["users"] assert actual_users == expected_users
def test_make_student(): u = User.create_user('st_user1') u.make_student() u.save() assert not u.is_teacher students = srusers.group('students').members assert 'st_user1' in students teachers = srusers.group('teachers').members assert 'st_user1' not in teachers
def user_details(userid): ah = AuthHelper(request) if ah.auth_will_succeed and ah.user.can_administrate(userid): user = User.create_user(userid) details = user.details_dictionary_for(ah.user) email_change_rq = PendingEmail(userid) if email_change_rq.in_db: new_email = email_change_rq.new_email if new_email != details['email']: details['new_email'] = new_email return json.dumps(details), 200 else: return ah.auth_error_json, 403
def test_make_student_teacher(): students = srusers.group('students') students.user_add('st_user1') students.save() u = User.create_user('st_user1') u.make_teacher() u.save() assert u.is_teacher teachers = srusers.group('teachers').members assert 'st_user1' in teachers students = srusers.group('students').members assert 'st_user1' not in students
def user_details(requesting_user, userid): if not requesting_user.can_view(userid): return AUTHORIZATION_DENIED user = User.create_user(userid) details = user.details_dictionary_for(requesting_user) if 'email' in details: # The requesting user can view the emails -- also tell them # about any pending changes. email_change_rq = PendingEmail(user.username) if email_change_rq.in_db: new_email = email_change_rq.new_email if new_email != details['email']: details['new_email'] = new_email return json.dumps(details), 200
def test_activate_success(): username = '******' rq_user = User.create_user("teacher_coll1", "facebees") cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate') assert cu.username == username pu = create_pending_user(username) pu.save() r,data = test_helpers.server_get("/activate/" + username + "/bibble") status = r.status assert status == 200, data u = User(username) email = u.email assert pu.email == email teams = [t.name for t in u.teams] assert pu.team in teams colleges = u.colleges assert pu.college in colleges students = srusers.group('students').members assert username in students pu = PendingUser(username) assert not pu.in_db, "registration DB entry should have been removed" # ensure we sent the team-leader a confirmation ps = test_helpers.last_email() toaddr = ps.toaddr tl_email = rq_user.email assert toaddr == tl_email vars = ps.template_vars tl_name = rq_user.first_name assert tl_name == vars['name'] first_name = cu.first_name assert first_name == vars['au_first_name'] last_name = cu.last_name assert last_name == vars['au_last_name'] assert username == vars['au_username'] template = ps.template_name assert template == 'user_activated_team_leader'
def user_details(userid): ah = AuthHelper(request) if not (ah.auth_will_succeed and ah.user.can_view(userid)): return ah.auth_error_json, 403 user = User.create_user(userid) details = user.details_dictionary_for(ah.user) if 'email' in details: """Then the requesting user can view the emails -- also tell them about any pending changes.""" email_change_rq = PendingEmail(user.username) if email_change_rq.in_db: new_email = email_change_rq.new_email if new_email != details['email']: details['new_email'] = new_email return json.dumps(details), 200
def test_post_sets_first_last_name(): old_first = "student1i" old_last = "student" params = {"username":"******", "password":"******", "new_first_name":"asdf", "new_last_name":"cheese", } r,data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 details_dict = User("student_coll1_1").details_dictionary_for(User.create_user("student_coll1_1", "cows")) assert details_dict["first_name"] == "asdf" assert details_dict["last_name"] == "cheese" u = User("student_coll1_1") u.set_first_name(old_first) u.set_last_name(old_last) u.save()
def test_verify_success(self): username = "******" setup_password_reset(username, 'bees') r, data = test_helpers.server_get("/reset_password/" + username + "/bees") self.assertEqual(200, r.status, data) try: match = re.search(r'"password": "******"]+)"', data) self.assertTrue(match, "Failed to extract password") new_password = match.group(1) user = User.create_user(username, new_password) self.assertTrue(user.is_authenticated, "Wrong password ({0}) found in page!".format(new_password)) finally: User(username).set_password('cows') ppr = PendingPasswordReset('student_coll1_1') self.assertFalse(ppr.in_db, "{0} should no longer in the database.".format(ppr))
def test_details_dictionary_for_blueshirt_non_member(): u = User.create_user("blueshirt") c = College("college-2") data = c.details_dictionary_for(u) actual_name = data["name"] assert actual_name == "secondary college" actual_teams = data["teams"] assert actual_teams == ["team-QWZ"] assert "users" not in data actual_counts = data["counts"] expected_counts = { 'team_leaders': 1, 'students': 2, 'media_consent': 0, 'withdrawn': 0, } assert actual_counts == expected_counts
def set_user_details(userid): ah = AuthHelper(request) if ah.auth_will_succeed and ah.user.can_administrate(userid): user_to_update = User.create_user(userid) if request.form.has_key("new_email") and not ah.user.is_blueshirt: new_email = request.form["new_email"] request_new_email(user_to_update, new_email) if request.form.has_key("new_password"): user_to_update.set_password(request.form["new_password"]) if request.form.has_key("new_first_name"): user_to_update.set_first_name(request.form["new_first_name"]) if request.form.has_key("new_last_name"): user_to_update.set_last_name(request.form["new_last_name"]) if request.form.has_key("new_team"): team = request.form["new_team"] if (not user_to_update.is_blueshirt) and ah.user.manages_team(team): user_to_update.set_team(team) user_to_update.save() return '{}', 200 else: return ah.auth_error_json, 403
def set_user_details(userid): ah = AuthHelper(request) if not (ah.auth_will_succeed and ah.user.can_administrate(userid)): return ah.auth_error_json, 403 user_to_update = User.create_user(userid) if request.form.has_key("new_email") and not ah.user.is_blueshirt: new_email = request.form["new_email"] request_new_email(user_to_update, new_email) # Students aren't allowed to update their own names # at this point, if the ah.user is valid, we know it's a self-edit if request.form.has_key("new_first_name") and not ah.user.is_student and request.form["new_first_name"] != '': user_to_update.set_first_name(request.form["new_first_name"]) if request.form.has_key("new_last_name") and not ah.user.is_student and request.form["new_last_name"] != '': user_to_update.set_last_name(request.form["new_last_name"]) if request.form.has_key("new_team"): team = request.form["new_team"] if (not user_to_update.is_blueshirt) and ah.user.manages_team(team): user_to_update.set_team(team) if request.form.has_key("new_type") and ah.user.is_teacher and user_to_update != ah.user: if request.form["new_type"] == 'student': user_to_update.make_student() elif request.form["new_type"] == 'team-leader': user_to_update.make_teacher() if request.form.has_key("withdrawn") and request.form['withdrawn'] == 'true' \ and ah.user.can_withdraw(user_to_update): user_to_update.withdraw() user_to_update.save() # Do this separately and last because it makes an immediate change # to the underlying database, rather than waiting for save(). if request.form.has_key("new_password"): user_to_update.set_password(request.form["new_password"]) return '{}', 200
def test_details_dictionary_for_student_member(): u = User.create_user("student_coll1_1") data = assert_college_1_details_dictionary_for(u) actual_users = data["users"] assert actual_users == []
def test_details_dictionary_for_non_member(): c = College("college-1") u = User.create_user("student_coll2_1") with assert_raises(AssertionError): c.details_dictionary_for(u)