def test_update(self):
# Test invalid params
api.update(self,
'roles',
params={'pk': self.course.pk},
user=self.teacher,
status=400)
# Test successful
role = VLE.models.Role.objects.filter(course=self.course,
name='Teacher').first()
resp = api.update(self,
'roles',
params={
'pk':
self.course.pk,
'roles': [{
'name':
role.name,
'can_edit_course_roles':
not role.can_edit_course_roles
}]
},
user=self.teacher)
assert role.can_edit_course_roles != resp['roles'][0][
'can_edit_course_roles']
# Test not can_edit_course_roles
api.update(self,
'roles',
params={'pk': self.course.pk},
user=self.teacher,
status=403)
def test_update(self):
user = factory.Student()
user2 = factory.Student()
admin = factory.Admin()
# Test update the own user
old_username = user.username
resp = api.update(self,
'users',
params={
'pk': 0,
'username': '******',
'full_name': 'abc'
},
user=user)['user']
assert resp[
'username'] == old_username, 'Username should not be updated'
assert resp['full_name'] == 'abc', 'Firstname should be updated'
# Test update user as admin
resp = api.update(self,
'users',
params={
'pk': user.pk,
'full_name': 'not_admin'
},
user=admin)['user']
assert resp['full_name'] == 'not_admin', 'Firstname should be updated'
# Test update other user as user
api.update(self,
'users',
params={
'pk': user.pk,
'full_name': 'not_admin'
},
user=user2,
status=403)
is_test_student = factory.TestUser(lti_id=None)
resp = api.update(self,
'users',
user=is_test_student,
params={
'email': '*****@*****.**',
'pk': is_test_student.pk
})['user']
is_test_student = User.objects.get(pk=is_test_student.pk)
assert is_test_student.is_test_student, 'Test student status should remain intact after updating email.'
assert not is_test_student.verified_email, 'Updating email without LTI should not validate said email.'
assert resp['email'] == '*****@*****.**', 'Email should be updated'
def test_update(self):
api.update(self,
'participations',
params=self.update_params,
user=self.student,
status=403)
api.update(self,
'participations',
params=self.update_params,
user=self.teacher)
# Check cannot update role without can_edit_course_roles permissions
Role.objects.filter(course=self.course).update(
can_edit_course_roles=False)
api.update(self,
'participations',
params=self.update_params,
user=self.teacher,
status=403)
self.update_params.pop('role', None)
api.update(self,
'participations',
params=self.update_params,
user=self.teacher)
def check_comment_update(self, comment, user, should_succeed):
update_msg = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(50))
comment_before_op = Comment.objects.get(pk=comment.pk)
if should_succeed:
old_comment_resp = api.get(self,
'comments',
params={'pk': comment.pk},
user=user)['comment']
comment_resp = api.update(self,
'comments',
params={
'pk': comment.pk,
'text': update_msg
},
user=user,
status=200 if should_succeed else 403)
comment_after_op = Comment.objects.get(pk=comment.pk)
if should_succeed:
comment_resp = comment_resp['comment']
assert comment_resp['text'] == update_msg, 'Text should be updated'
assert comment_resp['creation_date'] == old_comment_resp[
'creation_date'], 'Creation date modified'
assert comment_resp['last_edited'] != old_comment_resp[
'last_edited'], 'Last edited not updated'
assert comment_resp[
'last_edited_by'] == user.full_name, 'Last edited by incorrect'
else:
assert_comments_are_equal(comment_before_op, comment_after_op)
def test_update(self):
api.update(self,
'instance',
params={'pk': 0},
user=factory.Teacher(),
status=403)
admin = factory.Admin()
resp = api.update(self,
'instance',
params={
'pk': 0,
'name': 'B1'
},
user=admin)
assert resp['instance']['name'] == 'B1'
def test_update(self):
# Check if students cannot update journals
api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.student, status=403)
# Check if teacher can only update the published state
api.update(self, 'journals', params={'pk': self.journal.pk}, user=self.teacher, status=403)
api.update(self, 'journals', params={'pk': self.journal.pk, 'published': True}, user=self.teacher)
# Check if the admin can update the journal
api.update(self, 'journals', params={'pk': self.journal.pk, 'user': factory.Student().pk}, user=factory.Admin())
def test_password(self):
user = factory.Student()
user_factory.DEFAULT_PASSWORD
# Test with wrong password
api.update(self,
'users/password',
params={
'old_password': '******',
'new_password': '******'
},
user=user,
status=400)
# Test with invalid new password
api.update(self,
'users/password',
params={
'old_password': user_factory.DEFAULT_PASSWORD,
'new_password': '******'
},
user=user,
status=400)
# Test with valid new password
api.update(self,
'users/password',
params={
'old_password': user_factory.DEFAULT_PASSWORD,
'new_password': '******'
},
user=user)
def test_update(self):
assignment = api.create(self,
'assignments',
params=self.create_params,
user=self.teacher)['assignment']
# Try to publish the assignment
# TODO: Test cannot unpublish when there are entries inside
api.update(self,
'assignments',
params={
'pk': assignment['id'],
'published': True
},
user=factory.Student(),
status=403)
api.update(self,
'assignments',
params={
'pk': assignment['id'],
'published': True
},
user=self.teacher)
api.update(self,
'assignments',
params={
'pk': assignment['id'],
'published': True
},
user=factory.Admin())
def test_copyable(self):
teacher = factory.Teacher()
course = factory.Course(author=teacher)
assignment = factory.TemplateAssignment(courses=[course])
factory.TemplateFormat(assignment=assignment)
assignment2 = factory.TemplateAssignment(courses=[course])
factory.TemplateFormat(assignment=assignment2)
journal = factory.Journal(assignment=assignment2)
[factory.Entry(node__journal=journal) for _ in range(4)]
resp = api.get(self,
'assignments/copyable',
params={'pk': assignment.pk},
user=teacher)['data']
assert len(resp[0]['assignments']) == 1
assert resp[0]['course'][
'id'] == course.id, 'copyable assignments should be displayed'
before_id = api.get(self,
'formats',
params={'pk': assignment2.pk},
user=teacher)['format']['templates'][0]['id']
before_from_id = api.get(self,
'formats',
params={'pk': assignment.pk},
user=teacher)['format']['templates'][0]['id']
resp = api.update(self,
'formats/copy',
params={
'pk': assignment2.pk,
'from_assignment_id': assignment.pk
},
user=teacher)
after_id = api.get(self,
'formats',
params={'pk': assignment2.pk},
user=teacher)['format']['templates'][0]['id']
after_from_id = api.get(self,
'formats',
params={'pk': assignment.pk},
user=teacher)['format']['templates'][0]['id']
assert before_id != after_id, 'Assignment should be changed'
assert before_from_id == after_from_id, 'From assignment templates should be unchanged'
assert len(utils.get_journal_entries(
journal)) == 4, 'Old entries should not be removed'
def test_update(self):
# Test if other then a superuser or the author self can update the course
api.update(self,
'courses',
params={
'pk': self.course1.pk,
'abbreviation': 'TC2'
},
user=self.teacher2,
status=403)
api.update(self,
'courses',
params={
'pk': self.course2.pk,
'abbreviation': 'TC2'
},
user=self.teacher2,
status=403)
update_resp = api.update(self,
'courses',
params={
'pk': self.course2.pk,
'abbreviation': 'TC2'
},
user=self.teacher1)['course']
assert update_resp[
'abbreviation'] == 'TC2', 'Teacher could not update the course'
update_resp = api.update(self,
'courses',
params={
'pk': self.course2.pk,
'abbreviation': 'TC3'
},
user=self.admin)['course']
assert update_resp[
'abbreviation'] == 'TC3', 'Superuser could not update the course'
def test_update(self):
# TODO: Improve template testing
api.update(self,
'formats',
params={
'pk': self.assignment.pk,
'assignment_details': None,
'templates': [],
'presets': [],
'removed_presets': [],
'removed_templates': []
},
user=factory.Student(),
status=403)
api.update(self,
'formats',
params={
'pk': self.assignment.pk,
'assignment_details': None,
'templates': [],
'presets': [],
'removed_presets': [],
'removed_templates': []
},
user=self.teacher)
api.update(self,
'formats',
params={
'pk': self.assignment.pk,
'assignment_details': None,
'templates': [],
'presets': [],
'removed_presets': [],
'removed_templates': []
},
user=factory.Admin())
def test_lti_update(self):
# Valid LTI coupling to pre-existing account
user = factory.Student(verified_email=False)
resp = api.update(self,
'users',
user=user,
params={
**gen_jwt_params(params={
'user_id':
'valid_id1',
'custom_user_full_name':
'new full name',
'custom_user_email':
'*****@*****.**',
'custom_user_image':
'https://new.com/img.png',
},
user=user),
'pk':
user.pk,
})['user']
user = User.objects.get(pk=user.pk)
assert user.lti_id, 'Pre-existing user should now be linked via LTI'
assert resp[
'full_name'] == 'new full name' and user.full_name == 'new full name', 'Full name should be updated'
assert user.verified_email, 'Updating email via LTI should also verify it'
assert resp[
'email'] == '*****@*****.**' and user.email == '*****@*****.**', 'Email should be updated'
assert user.profile_picture == 'https://new.com/img.png', 'Profile picture should be updated.'
# Cannot couple an account using an already known LTI id
user2 = factory.Student()
resp = api.update(self,
'users',
user=user2,
params={
**gen_jwt_params(params={'user_id': user.lti_id},
user=user2),
'pk':
user2.pk,
},
status=400)
assert 'lti id already exists' in resp['description']
# Cannot link to a user when the email address is already claimed
resp = api.update(
self,
'users',
user=user2,
params={
**gen_jwt_params(params={'custom_user_email': user.email}),
'pk':
user2.pk,
},
status=400)
assert 'is taken' in resp[
'description'], 'Cannot link to a user when the email address is already claimed'
# It is forbidden to link a test account to an existing account
lti_teacher = factory.LtiTeacher()
resp = api.update(
self,
'users',
user=lti_teacher,
params={
**gen_jwt_params(params=factory.JWTTestUserParams()),
'pk': 0,
},
status=403)
teacher = factory.Teacher()
resp = api.update(
self,
'users',
user=teacher,
params={
**gen_jwt_params(params=factory.JWTTestUserParams()),
'pk': 0,
},
status=403)