def test_can_view_own_profile(self):
"""
Users are allowed to view their own profile.
"""
perm = CanSeeIfNotPrivate()
request = Mock(user=self.other_user)
view = Mock(kwargs={'user': self.other_user_id})
assert perm.has_permission(request, view) is True
def test_users_can_view_public_profile(self):
"""
Users are allowed to view public profile.
"""
perm = CanSeeIfNotPrivate()
with mute_signals(post_save):
ProfileFactory.create(user=self.profile_user,
account_privacy=Profile.PUBLIC)
request = Mock(user=self.other_user)
view = Mock(kwargs={'user': self.profile_user_id})
assert perm.has_permission(request, view) is True
def test_cant_view_public_if_anonymous_user(self):
"""
Anonymous are not supposed to view private profiles.
"""
perm = CanSeeIfNotPrivate()
with mute_signals(post_save):
ProfileFactory.create(user=self.profile_user,
account_privacy=Profile.PUBLIC)
request = Mock(user=Mock(is_anonymous=Mock(return_value=True)))
view = Mock(kwargs={'user': self.profile_user_id})
assert perm.has_permission(request, view) is True
def test_cant_view_if_privacy_weird(self):
"""
Users can not open profiles with ambiguous account_privacy settings.
"""
perm = CanSeeIfNotPrivate()
with mute_signals(post_save):
ProfileFactory.create(user=self.profile_user,
account_privacy='weird_setting')
request = Mock(user=self.other_user)
view = Mock(kwargs={'user': self.profile_user_id})
with self.assertRaises(Http404):
perm.has_permission(request, view)
def test_cant_view_if_non_verified_mm_user(self):
"""
Non verified micromaster users are not supposed to view public_to_mm profiles.
"""
perm = CanSeeIfNotPrivate()
with mute_signals(post_save):
ProfileFactory.create(user=self.profile_user,
account_privacy=Profile.PUBLIC_TO_MM)
request = Mock(user=self.other_user)
view = Mock(kwargs={'user': self.profile_user_id})
with self.assertRaises(Http404):
perm.has_permission(request, view)
def test_cant_view_if_privacy_is_private(self):
"""
Users are not supposed to view private profiles.
"""
perm = CanSeeIfNotPrivate()
with mute_signals(post_save):
ProfileFactory.create(user=self.profile_user,
account_privacy=Profile.PRIVATE)
request = Mock(user=self.other_user)
view = Mock(kwargs={'user': self.profile_user_id})
with self.assertRaises(Http404):
perm.has_permission(request, view)
def test_can_view_if_verified_mm_user(self):
"""
Verified MM users are allowed to view public_to_mm profile.
"""
perm = CanSeeIfNotPrivate()
with mute_signals(post_save):
ProfileFactory.create(user=self.profile_user,
account_privacy=Profile.PUBLIC_TO_MM)
with mute_signals(post_save):
verified_user = UserFactory.create()
username = "******".format(verified_user.username)
verified_user.social_auth.create(provider=EdxOrgOAuth2.name,
uid=username)
ProfileFactory.create(user=verified_user,
verified_micromaster_user=True)
request = Mock(user=verified_user)
view = Mock(kwargs={'user': self.profile_user_id})
assert perm.has_permission(request, view) is True
def get(self, request, *args, **kwargs):
"""
Handle GET requests
"""
user = kwargs.pop('user')
if user is not None:
if not CanSeeIfNotPrivate().has_permission(request, self):
raise Http404
elif request.user.is_anonymous():
# /users/ redirects to logged in user's page, but user is not logged in here
raise Http404
return super(UsersView, self).get(request, *args, **kwargs)
def test_instructor_can_see_profile(self):
"""
Instructors can see private profile of user with same program
"""
# Create a private profile for profile user
ProfileFactory.create(
user=self.profile_user,
verified_micromaster_user=False,
account_privacy=Profile.PRIVATE,
)
# Assign profile user to a program
program = ProgramFactory.create()
ProgramEnrollment.objects.create(
program=program,
user=self.profile_user,
)
# Make self.other_user an instructor of that program
role = Role.objects.create(
user=self.other_user,
program=program,
role=Instructor.ROLE_ID,
)
perm = CanSeeIfNotPrivate()
request = Mock(user=self.other_user)
view = Mock(kwargs={'user': self.profile_user_id})
assert perm.has_permission(request, view) is True
# Change role.program and assert that user no longer has permission to see private profile
role.program = ProgramFactory.create()
role.save()
with self.assertRaises(Http404):
perm.has_permission(request, view)
def setUp(self):
super().setUp()
self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
self.perm = CanSeeIfNotPrivate()
class CanSeeIfNotPrivateTests(MockedESTestCase):
"""
Tests for CanSeeIfNotPrivate permissions
"""
def setUp(self):
super().setUp()
self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
self.perm = CanSeeIfNotPrivate()
def get_social_auth_uid(self, user):
"""Helper method to get social_auth uid for a user"""
return get_social_auth(user).uid
def test_cant_view_if_privacy_is_private(self):
"""
Users are not supposed to view private profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PRIVATE)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
@ddt.data(Profile.PUBLIC_TO_MM, Profile.PRIVATE)
def test_cant_view_if_anonymous_user(self, account_privacy_setting):
"""
Anonymous are not supposed to view public_to_mm or private profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=account_privacy_setting)
request = Mock(user=Mock(is_anonymous=True))
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def test_can_view_public_if_anonymous_user(self):
"""
Anonymous can view public profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)
request = Mock(user=Mock(is_anonymous=True))
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
assert self.perm.has_permission(request, view) is True
def test_cant_view_if_non_verified_mm_user(self):
"""
Non verified micromaster users are not supposed to view public_to_mm profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def test_cant_view_if_privacy_weird(self):
"""
Users can not open profiles with ambiguous account_privacy settings.
"""
new_profile = SocialProfileFactory.create(account_privacy='weird_setting')
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def test_can_view_own_profile(self):
"""
Users are allowed to view their own profile.
"""
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(self.user)})
assert self.perm.has_permission(request, view) is True
def test_users_can_view_public_profile(self):
"""
Users are allowed to view public profile.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
assert self.perm.has_permission(request, view) is True
def test_can_view_if_verified_mm_user(self):
"""
Verified MM users are allowed to view public_to_mm profile.
"""
new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user
program = ProgramFactory.create()
for user in [new_user, verified_user]:
ProgramEnrollment.objects.create(
program=program,
user=user,
)
request = Mock(user=verified_user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
assert self.perm.has_permission(request, view) is True
def test_view_public_to_mm_when_no_common_programs(self):
"""
Users are not allowed to view public_to_mm profile if there are no common programs.
"""
new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user
request = Mock(user=verified_user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
@ddt.data(Staff.ROLE_ID, Instructor.ROLE_ID)
def test_roles_can_see_profile(self, role_to_set):
"""
Staff and Instructors can see private profile of user with same program
"""
# Create a private profile
new_user = SocialProfileFactory.create(
verified_micromaster_user=False,
account_privacy=Profile.PRIVATE,
).user
program = ProgramFactory.create()
ProgramEnrollment.objects.create(
program=program,
user=new_user,
)
# Make self.unverified_user a staff of that program
role = Role.objects.create(
user=self.user,
program=program,
role=role_to_set,
)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
assert self.perm.has_permission(request, view) is True
# Change role.program and assert that user no longer has permission to see private profile
role.program = ProgramFactory.create()
role.save()
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def setUp(self):
super(CanSeeIfNotPrivateTests, self).setUp()
self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
self.perm = CanSeeIfNotPrivate()
class CanSeeIfNotPrivateTests(MockedESTestCase):
"""
Tests for CanSeeIfNotPrivate permissions
"""
def setUp(self):
super(CanSeeIfNotPrivateTests, self).setUp()
self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
self.perm = CanSeeIfNotPrivate()
def get_social_auth_uid(self, user):
"""Helper method to get social_auth uid for a user"""
return get_social_auth(user).uid
def test_cant_view_if_privacy_is_private(self):
"""
Users are not supposed to view private profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PRIVATE)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
@ddt.data(Profile.PUBLIC_TO_MM, Profile.PRIVATE)
def test_cant_view_if_anonymous_user(self, account_privacy_setting):
"""
Anonymous are not supposed to view public_to_mm or private profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=account_privacy_setting)
request = Mock(user=Mock(is_anonymous=True))
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def test_can_view_public_if_anonymous_user(self):
"""
Anonymous can view public profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)
request = Mock(user=Mock(is_anonymous=True))
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
assert self.perm.has_permission(request, view) is True
def test_cant_view_if_non_verified_mm_user(self):
"""
Non verified micromaster users are not supposed to view public_to_mm profiles.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def test_cant_view_if_privacy_weird(self):
"""
Users can not open profiles with ambiguous account_privacy settings.
"""
new_profile = SocialProfileFactory.create(account_privacy='weird_setting')
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
def test_can_view_own_profile(self):
"""
Users are allowed to view their own profile.
"""
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(self.user)})
assert self.perm.has_permission(request, view) is True
def test_users_can_view_public_profile(self):
"""
Users are allowed to view public profile.
"""
new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
assert self.perm.has_permission(request, view) is True
def test_can_view_if_verified_mm_user(self):
"""
Verified MM users are allowed to view public_to_mm profile.
"""
new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user
program = ProgramFactory.create()
for user in [new_user, verified_user]:
ProgramEnrollment.objects.create(
program=program,
user=user,
)
request = Mock(user=verified_user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
assert self.perm.has_permission(request, view) is True
def test_view_public_to_mm_when_no_common_programs(self):
"""
Users are not allowed to view public_to_mm profile if there are no common programs.
"""
new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user
request = Mock(user=verified_user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
with self.assertRaises(Http404):
self.perm.has_permission(request, view)
@ddt.data(Staff.ROLE_ID, Instructor.ROLE_ID)
def test_roles_can_see_profile(self, role_to_set):
"""
Staff and Instructors can see private profile of user with same program
"""
# Create a private profile
new_user = SocialProfileFactory.create(
verified_micromaster_user=False,
account_privacy=Profile.PRIVATE,
).user
program = ProgramFactory.create()
ProgramEnrollment.objects.create(
program=program,
user=new_user,
)
# Make self.unverified_user a staff of that program
role = Role.objects.create(
user=self.user,
program=program,
role=role_to_set,
)
request = Mock(user=self.user)
view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
assert self.perm.has_permission(request, view) is True
# Change role.program and assert that user no longer has permission to see private profile
role.program = ProgramFactory.create()
role.save()
with self.assertRaises(Http404):
self.perm.has_permission(request, view)