def test_course_subject_read_list_user_or_staff(self): """ Any user, staff or not, should be able to read the list of course subjects. """ nb = randint(1, 3) CourseSubjectFactory.create_batch(nb) for user in [UserFactory(), UserFactory(is_staff=True)]: self.client.login(username=user.username, password='******') response = self.client.get('/fun/api/course_subjects/') self.assertEqual(response.status_code, 200) content = json.loads(response.content) self.assertEqual(len(content['results']), nb) # The object returned should have all 7 fields self.assertEqual(len(content['results'][0]), 7)
def test_course_subject_update_anonymous(self): """ Anonymous users should not have the possibility to update a subject through the API. A 405 code is returned (and not 403) because the functionnality is not just forbidden by not even available. """ subject = CourseSubjectFactory(score=11) data = json.dumps({'score': randint(0, 100)}) response = self.client.put( '/fun/api/course_subjects/{:d}/'.format(subject.id), data, content_type='application/json') self.assertEqual(response.status_code, 405) subject.refresh_from_db() self.assertEqual(subject.score, 11)
def test_course_subject_update_anonymous(self): """ Anonymous users should not have the possibility to update a subject through the API. A 405 code is returned (and not 403) because the functionnality is not just forbidden by not even available. """ subject = CourseSubjectFactory(score=11) data = json.dumps({'score': randint(0, 100)}) response = self.client.put('/fun/api/course_subjects/{:d}/'.format( subject.id), data, content_type='application/json') self.assertEqual(response.status_code, 405) subject.refresh_from_db() self.assertEqual(subject.score, 11)
def test_course_subject_update_user(self): """ Authenticated users, event staff, should not have the possibility to update a course subject through the API. A 405 code is returned (and not 403) because the functionnality is not just forbidden by not even available. """ for user in [UserFactory(), UserFactory(is_staff=True)]: self.client.login(username=user.username, password='******') subject = CourseSubjectFactory(score=11) data = json.dumps({'score': randint(0, 100)}) response = self.client.put( '/fun/api/course_subjects/{:d}/'.format(subject.id), data, content_type='application/json') self.assertEqual(response.status_code, 405) subject.refresh_from_db() self.assertEqual(subject.score, 11)
def test_course_subject_update_user(self): """ Authenticated users, event staff, should not have the possibility to update a course subject through the API. A 405 code is returned (and not 403) because the functionnality is not just forbidden by not even available. """ for user in [UserFactory(), UserFactory(is_staff=True)]: self.client.login(username=user.username, password='******') subject = CourseSubjectFactory(score=11) data = json.dumps({'score': randint(0, 100)}) response = self.client.put('/fun/api/course_subjects/{:d}/'.format( subject.id), data, content_type='application/json') self.assertEqual(response.status_code, 405) subject.refresh_from_db() self.assertEqual(subject.score, 11)
def test_course_subject_read_list_anonymous(self): """ Anonymous users should be able to read the list of course subjects. Results should be ordered by decreasing score first, then by increasing name, then by increasing id. """ subject1 = CourseSubjectFactory(score=1, name=u'Aztèques') subject2 = CourseSubjectFactory(score=2) subject3 = CourseSubjectFactory(score=1, name=u'Algèbre') subject4 = CourseSubjectFactory(score=1, name=u'Aztèques') subject5 = CourseSubjectFactory(score=1, name=u'Algèbre') response = self.client.get('/fun/api/course_subjects/') self.assertEqual(response.status_code, 200) content = json.loads(response.content) self.assertEqual(len(content['results']), 5) self.assertEqual(content['results'][0]['name'], subject2.name) self.assertEqual(unicode(content['results'][1]['name']), subject3.name) self.assertEqual(content['results'][2]['name'], subject5.name) self.assertEqual(content['results'][3]['name'], subject1.name) self.assertEqual(content['results'][4]['name'], subject4.name)
def test_course_subject_delete_anonymous(self): """ Anonymous users should not be allowed to delete a course subject through the API. A 405 code is returned (and not 403) because the functionnality is not just forbidden by not even available. """ subject = CourseSubjectFactory() response = self.client.delete('/fun/api/course_subjects/{:d}/'.format( subject.id)) self.assertEqual(response.status_code, 405) self.assertTrue(CourseSubject.objects.filter(id=subject.id).exists())
def test_only_display_courses_for_a_specific_subject(self): subject = CourseSubjectFactory(slug='test-subject') UniversityFactory(slug='another-subject') self.active_1.subjects.add(subject) filter_data = {'subject': 'test-subject'} response = self.client.get(self.api_url, filter_data) self.assertContains(response, self.active_1.title) self.assertNotContains(response, self.active_2.title) filter_data = {'subject': 'another-subject'} response = self.client.get(self.api_url, filter_data) self.assertNotContains(response, self.active_1.title) self.assertNotContains(response, self.active_2.title)
def test_subjet_score_only_available_if_logged_in_as_admin(self): subject = CourseSubjectFactory(slug='test-subject') UniversityFactory(slug='another-subject') self.active_1.subjects.add(subject) filter_data = {'subject': 'test-subject'} self.login_as_admin() response = self.client.get(self.api_url, filter_data) response_data = json.loads(response.content) self.assertIn('score', response_data['results'][0]['subjects'][0]) self.client.logout() response = self.client.get(self.api_url, filter_data) response_data = json.loads(response.content) self.assertNotIn('score', response_data['results'][0]['subjects'][0])
def test_course_subject_delete_user(self): """ Authenticated users, even staff, should not have the possibility to delete a course subject through the API. A 405 code is returned (and not 403) because the functionnality is not just forbidden by not even available. """ for user in [UserFactory(), UserFactory(is_staff=True)]: self.client.login(username=user.username, password='******') subject = CourseSubjectFactory() response = self.client.delete( '/fun/api/course_subjects/{:d}/'.format(subject.id)) self.assertEqual(response.status_code, 405) self.assertTrue( CourseSubject.objects.filter(id=subject.id).exists())
def test_course_subject_read_detail_anonymous(self): """ Anonymous users should be able to read a course subject detail. """ subject = CourseSubjectFactory() response = self.client.get('/fun/api/course_subjects/{:d}/'.format( subject.id)) self.assertEqual(response.status_code, 200) content = json.loads(response.content) self.maxDiff = None self.assertEqual( content, { 'name': subject.name, 'short_name': subject.short_name, 'image': 'http://testserver{:s}'.format(subject.image.url), 'featured': subject.featured, 'score': subject.score, 'id': subject.id, 'description': subject.description })
def test_course_subject_read_detail_user_or_staff(self): """ Any user, staff or not, should be able to read a subject detail. """ subject = CourseSubjectFactory() for user in [UserFactory(), UserFactory(is_staff=True)]: self.client.login(username=user.username, password='******') response = self.client.get('/fun/api/course_subjects/{:d}/'.format( subject.id)) self.assertEqual(response.status_code, 200) content = json.loads(response.content) self.assertEqual( content, { 'name': subject.name, 'short_name': subject.short_name, 'image': 'http://testserver{:s}'.format(subject.image.url), 'featured': subject.featured, 'score': subject.score, 'id': subject.id, 'description': subject.description })