def test_gdpr(self):
user = factory.Student()
user2 = factory.Student()
admin = factory.Admin()
# Test if users cant access other data
api.get(self,
'users/GDPR',
params={'pk': user2.pk},
user=user,
status=403)
# Test all the gdpr calls
for _ in range(
int(api_settings.DEFAULT_THROTTLE_RATES['gdpr'].split('/')
[0])):
api.get(self, 'users/GDPR', params={'pk': 0}, user=user)
# Test timeout
api.get(self, 'users/GDPR', params={'pk': 0}, user=user, status=429)
# Test admin
api.get(self, 'users/GDPR', params={'pk': user.pk}, user=admin)
# Test no timeout for admin
for _ in range(
int(api_settings.DEFAULT_THROTTLE_RATES['gdpr'].split('/')
[0])):
api.get(self, 'users/GDPR', params={'pk': 0}, user=admin)
api.get(self, 'users/GDPR', params={'pk': 0}, user=admin)
def test_rest(self):
# Test the basic rest functionality as a superuser
api.test_rest(self,
'assignments',
create_params=self.create_params,
get_params={'course_id': self.course.pk},
update_params={'description': 'test_description2'},
delete_params={'course_id': self.course.pk},
user=factory.Admin())
# Test the basic rest functionality as a teacher
api.test_rest(self,
'assignments',
create_params=self.create_params,
get_params={'course_id': self.course.pk},
update_params={'description': 'test_description2'},
delete_params={'course_id': self.course.pk},
user=self.teacher)
# Test the basic rest functionality as a student
api.test_rest(self,
'assignments',
create_params=self.create_params,
create_status=403,
user=factory.Student())
def test_update(self):
assignment = api.create(self,
'assignments',
params=self.create_params,
user=self.teacher)['assignment']
# Try to publish the assignment
# TODO: Test cannot unpublish when there are entries inside
api.update(self,
'assignments',
params={
'pk': assignment['id'],
'published': True
},
user=factory.Student(),
status=403)
api.update(self,
'assignments',
params={
'pk': assignment['id'],
'published': True
},
user=self.teacher)
api.update(self,
'assignments',
params={
'pk': assignment['id'],
'published': True
},
user=factory.Admin())
def setUp(self):
self.admin = factory.Admin()
self.student = factory.Student()
self.journal = factory.Journal(user=self.student)
self.TA = factory.Student()
nfac.make_participation(
user=self.TA,
course=self.journal.assignment.courses.first(),
role=self.journal.assignment.courses.first().role_set.get(
name='TA'))
self.teacher = self.journal.assignment.courses.first().author
self.comment = factory.StudentComment(
entry__node__journal=self.journal)
self.TA_comment = nfac.make_comment(self.comment.entry, self.TA,
'TA comment', False)
self.teacher_comment = nfac.make_comment(self.comment.entry,
self.teacher,
'Teacher comment', False)
set_entry_comment_counts(self)
assert self.teacher.has_permission('can_grade', self.journal.assignment), \
'Teacher requires can_grade permission in the relevant assignment'
assert self.TA.has_permission('can_grade', self.journal.assignment), \
'TA requires can_grade permission in the relevant assignment'
assert not self.teacher_comment.published, 'Teacher comment should be unpublished.'
assert not self.TA_comment.published, 'TA comment should be unpublished.'
assert self.entry_comments == 3, 'Journal should have 3 comments total'
assert self.entry_published_comments == 1, 'Journal should have 3 comments of which only one is published'
assert self.entry_unpublished_comments == 2, 'Expected 2 unpublished comments'
def test_rest(self):
api.test_rest(self,
'users',
create_params=self.create_params,
get_is_create=False,
update_params={'username': '******'},
user=factory.Admin())
def setUp(self):
self.teacher = factory.Teacher()
self.admin = factory.Admin()
self.course = factory.Course(author=self.teacher)
self.create_params = {
'name': 'test',
'description': 'test_description',
'course_id': self.course.pk
}
def setUp(self):
self.create_params = {'name': 'test_course', 'abbreviation': 'TC'}
self.student = factory.Student()
self.teacher1 = factory.Teacher()
self.teacher2 = factory.Teacher()
self.admin = factory.Admin()
self.course1 = factory.Course(author=self.teacher1)
self.course2 = factory.Course(author=self.teacher1)
self.course3 = factory.Course(author=self.teacher2)
def test_names(self):
assignment = self.journal.assignment
course = assignment.courses.first()
url = 'names/{}/{}/{}'.format(course.id, assignment.id,
self.journal.id)
# Check if these users can view the names
api.get(self, url, user=self.student)
api.get(self, url, user=self.teacher)
api.get(self, url, user=factory.Admin())
# CHeck if a random student cannot view the names
api.get(self, url, user=factory.Student(), status=403)
def test_update(self):
user = factory.Student()
user2 = factory.Student()
admin = factory.Admin()
# Test update the own user
old_username = user.username
resp = api.update(self,
'users',
params={
'pk': 0,
'username': '******',
'full_name': 'abc'
},
user=user)['user']
assert resp[
'username'] == old_username, 'Username should not be updated'
assert resp['full_name'] == 'abc', 'Firstname should be updated'
# Test update user as admin
resp = api.update(self,
'users',
params={
'pk': user.pk,
'full_name': 'not_admin'
},
user=admin)['user']
assert resp['full_name'] == 'not_admin', 'Firstname should be updated'
# Test update other user as user
api.update(self,
'users',
params={
'pk': user.pk,
'full_name': 'not_admin'
},
user=user2,
status=403)
is_test_student = factory.TestUser(lti_id=None)
resp = api.update(self,
'users',
user=is_test_student,
params={
'email': '*****@*****.**',
'pk': is_test_student.pk
})['user']
is_test_student = User.objects.get(pk=is_test_student.pk)
assert is_test_student.is_test_student, 'Test student status should remain intact after updating email.'
assert not is_test_student.verified_email, 'Updating email without LTI should not validate said email.'
assert resp['email'] == '*****@*****.**', 'Email should be updated'
def test_lti_delete(self):
assignment = factory.LtiAssignment()
course = assignment.courses.first()
assert assignment.active_lti_id in course.assignment_lti_id_set, \
'assignment lti_id should be in assignment_lti_id_set of course before anything is deleted'
# Test if deletion is possible to delete assignment if it has only one lti id
api.delete(self,
'assignments',
params={
'pk': assignment.pk,
'course_id': course.pk
},
user=factory.Admin())
assert assignment.active_lti_id not in Course.objects.get(pk=course.pk).assignment_lti_id_set, \
'assignment lti_id should get removed from the assignment_lti_id_set from the course'
assignment = factory.LtiAssignment()
course = assignment.courses.first()
course2 = factory.LtiCourse()
assignment.courses.add(course2)
assignment.lti_id_set.append('second' + assignment.active_lti_id)
assignment.save()
# Test is deletion is not possible from connected LTI course
api.delete(self,
'assignments',
params={
'pk': assignment.pk,
'course_id': course.pk
},
user=factory.Admin(),
status=400)
# Test is deletion is possible from other course
api.delete(self,
'assignments',
params={
'pk': assignment.pk,
'course_id': course2.pk
},
user=factory.Admin())
def test_get(self):
comments = api.get(self,
'comments',
params={'entry_id': self.teacher_comment.entry.pk},
user=self.student)['comments']
assert len(
comments
) == self.entry_published_comments, 'Student can only see published comments'
api.get(self,
'comments',
params={'pk': self.teacher_comment.pk},
user=self.student,
status=403)
api.get(self,
'comments',
params={'pk': self.teacher_comment.pk},
user=self.teacher)
comments = api.get(self,
'comments',
params={'entry_id': self.comment.entry.pk},
user=self.teacher)['comments']
assert len(
comments
) == self.entry_comments, 'Teacher should be able to see all comments'
self.teacher_comment.published = True
self.teacher_comment.save()
self.entry_published_comments = self.entry_published_comments + 1
self.entry_unpublished_comments = self.entry_unpublished_comments - 1
comments = api.get(self,
'comments',
params={'entry_id': self.teacher_comment.entry.pk},
user=self.student)['comments']
assert len(
comments
) == self.entry_published_comments, 'Student should be able to see published comments'
api.get(self,
'comments',
params={'entry_id': self.comment.entry.pk},
user=factory.Student(),
status=403)
api.get(self,
'comments',
params={'entry_id': self.comment.entry.pk},
user=factory.Admin())
def test_delete(self):
user = factory.Student()
user2 = factory.Student()
user3 = factory.Student()
admin = factory.Admin()
admin2 = factory.Admin()
# Test to delete user as other user
api.delete(self,
'users',
params={'pk': user2.pk},
user=user,
status=403)
# Test to delete own user
api.delete(self, 'users', params={'pk': user.pk}, user=user)
api.get(self, 'users', params={'pk': user.pk}, user=admin, status=404)
api.delete(self, 'users', params={'pk': 0}, user=user2)
api.get(self, 'users', params={'pk': user2.pk}, user=admin, status=404)
# Test to delete user as admin
api.delete(self, 'users', params={'pk': user3.pk}, user=admin)
api.get(self, 'users', params={'pk': user3.pk}, user=admin, status=404)
# Test to see if the last admin cannot be removed
api.delete(self, 'users', params={'pk': admin2.pk}, user=admin)
api.delete(self,
'users',
params={'pk': admin.pk},
user=admin,
status=400)
api.get(self,
'users',
params={'pk': admin2.pk},
user=admin,
status=404)
def test_update(self):
api.update(self,
'instance',
params={'pk': 0},
user=factory.Teacher(),
status=403)
admin = factory.Admin()
resp = api.update(self,
'instance',
params={
'pk': 0,
'name': 'B1'
},
user=admin)
assert resp['instance']['name'] == 'B1'
def test_get(self):
api.get(self,
'nodes',
params={'journal_id': self.journal.pk},
user=self.student)
api.get(self,
'nodes',
params={'journal_id': self.journal.pk},
user=factory.Admin())
api.get(self,
'nodes',
params={'journal_id': self.journal.pk},
user=factory.Teacher(),
status=403)
api.get(self,
'nodes',
params={'journal_id': self.journal.pk},
user=self.teacher)
def test_get(self):
student = factory.Student()
admin = factory.Admin()
journal = factory.Journal(user=student)
teacher = journal.assignment.courses.first().author
# Test get all users
api.get(self, 'users', user=student, status=403)
resp = api.get(self, 'users', user=admin)['users']
assert len(resp) == User.objects.count(
), 'Test if the admin got all the users'
# Test get own user
resp = api.get(self, 'users', params={'pk': 0}, user=student)['user']
assert 'id' in resp, 'Test if the student got userdata'
assert 'verified_email' in resp, 'Test if the student got all their userdata'
resp = api.get(self, 'users', params={'pk': 0}, user=admin)['user']
assert resp[
'is_superuser'], 'Admin user should be flagged as superuser.'
# Check if a user cant see other users data
api.get(self,
'users',
params={'pk': admin.pk},
user=student,
status=403)
# Test get user as supervisor
assert permissions.is_user_supervisor_of(
teacher, student), 'Teacher should be supervisor of student'
resp = api.get(self, 'users', params={'pk': student.pk},
user=teacher)['user']
assert 'username' in resp, 'Supervisor can retrieve basic supervisee data'
assert 'full_name' in resp, 'Supervisor can retrieve basic supervisee data'
assert 'verified_email' not in resp, 'Supervisor can\'t retrieve all supervisee data'
assert 'email' not in resp, 'Supervisor can\'t retrieve all supervisee data'
# Test get user as admin
resp = api.get(self, 'users', params={'pk': student.pk},
user=admin)['user']
assert 'id' in resp, 'Admin can retrieve basic user data'
assert 'verified_email' in resp, 'Admin can retrieve all user data'
assert 'email' in resp, 'Admin can retrieve all user data'
def setUp(self):
self.teacher = factory.Teacher()
self.admin = factory.Admin()
self.course = factory.Course(author=self.teacher)
self.assignment = factory.Assignment(courses=[self.course])
self.format = factory.Format(assignment=self.assignment)
self.template = factory.Template(format=self.format)
self.update_dict = {
'assignment_details': {
'name': 'Colloq',
'description': 'description1',
'is_published': True
},
'templates':
serialize.TemplateSerializer(
self.format.template_set.filter(archived=False),
many=True).data,
'removed_presets': [],
'removed_templates': [],
'presets': []
}
def test_rest(self):
# Test the basic rest functionality as a superuser
api.test_rest(self,
'courses',
create_params=self.create_params,
update_params={'abbreviation': 'TC2'},
user=factory.Admin())
# Test the basic rest functionality as a teacher
api.test_rest(self,
'courses',
create_params=self.create_params,
update_params={'abbreviation': 'TC2'},
user=factory.Teacher())
# Test the basic rest functionality as a student
api.test_rest(self,
'courses',
create_params=self.create_params,
create_status=403,
user=factory.Student())
def test_update(self):
# TODO: Improve template testing
api.update(self,
'formats',
params={
'pk': self.assignment.pk,
'assignment_details': None,
'templates': [],
'presets': [],
'removed_presets': [],
'removed_templates': []
},
user=factory.Student(),
status=403)
api.update(self,
'formats',
params={
'pk': self.assignment.pk,
'assignment_details': None,
'templates': [],
'presets': [],
'removed_presets': [],
'removed_templates': []
},
user=self.teacher)
api.update(self,
'formats',
params={
'pk': self.assignment.pk,
'assignment_details': None,
'templates': [],
'presets': [],
'removed_presets': [],
'removed_templates': []
},
user=factory.Admin())
def test_update(self):
# Check if students cannot update journals
api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.student, status=403)
# Check if teacher can only update the published state
api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.teacher, status=403)
api.update(self, 'journals', params={'pk': self.journal.pk, 'published': True}, user=self.teacher)
# Check if the admin can update the journal
api.update(self, 'journals', params={'pk': self.journal.pk, 'user': factory.Student().pk}, user=factory.Admin())
