def test_can_view_own_profile(self):
        """
        Users are allowed to view their own profile.
        """
        perm = CanSeeIfNotPrivate()
        request = Mock(user=self.other_user)
        view = Mock(kwargs={'user': self.other_user_id})

        assert perm.has_permission(request, view) is True
    def test_users_can_view_public_profile(self):
        """
        Users are allowed to view public profile.
        """
        perm = CanSeeIfNotPrivate()
        with mute_signals(post_save):
            ProfileFactory.create(user=self.profile_user,
                                  account_privacy=Profile.PUBLIC)

        request = Mock(user=self.other_user)
        view = Mock(kwargs={'user': self.profile_user_id})
        assert perm.has_permission(request, view) is True
    def test_cant_view_public_if_anonymous_user(self):
        """
        Anonymous are not supposed to view private profiles.
        """
        perm = CanSeeIfNotPrivate()
        with mute_signals(post_save):
            ProfileFactory.create(user=self.profile_user,
                                  account_privacy=Profile.PUBLIC)

        request = Mock(user=Mock(is_anonymous=Mock(return_value=True)))
        view = Mock(kwargs={'user': self.profile_user_id})

        assert perm.has_permission(request, view) is True
    def test_cant_view_if_privacy_weird(self):
        """
        Users can not open profiles with ambiguous account_privacy settings.
        """
        perm = CanSeeIfNotPrivate()
        with mute_signals(post_save):
            ProfileFactory.create(user=self.profile_user,
                                  account_privacy='weird_setting')

        request = Mock(user=self.other_user)
        view = Mock(kwargs={'user': self.profile_user_id})

        with self.assertRaises(Http404):
            perm.has_permission(request, view)
    def test_cant_view_if_non_verified_mm_user(self):
        """
        Non verified micromaster users are not supposed to view public_to_mm profiles.
        """
        perm = CanSeeIfNotPrivate()
        with mute_signals(post_save):
            ProfileFactory.create(user=self.profile_user,
                                  account_privacy=Profile.PUBLIC_TO_MM)

        request = Mock(user=self.other_user)
        view = Mock(kwargs={'user': self.profile_user_id})

        with self.assertRaises(Http404):
            perm.has_permission(request, view)
    def test_cant_view_if_privacy_is_private(self):
        """
        Users are not supposed to view private profiles.
        """
        perm = CanSeeIfNotPrivate()

        with mute_signals(post_save):
            ProfileFactory.create(user=self.profile_user,
                                  account_privacy=Profile.PRIVATE)

        request = Mock(user=self.other_user)
        view = Mock(kwargs={'user': self.profile_user_id})

        with self.assertRaises(Http404):
            perm.has_permission(request, view)
    def test_can_view_if_verified_mm_user(self):
        """
        Verified MM users are allowed to view public_to_mm profile.
        """
        perm = CanSeeIfNotPrivate()
        with mute_signals(post_save):
            ProfileFactory.create(user=self.profile_user,
                                  account_privacy=Profile.PUBLIC_TO_MM)

        with mute_signals(post_save):
            verified_user = UserFactory.create()
            username = "******".format(verified_user.username)
            verified_user.social_auth.create(provider=EdxOrgOAuth2.name,
                                             uid=username)
            ProfileFactory.create(user=verified_user,
                                  verified_micromaster_user=True)

        request = Mock(user=verified_user)
        view = Mock(kwargs={'user': self.profile_user_id})
        assert perm.has_permission(request, view) is True
예제 #8
0
    def get(self, request, *args, **kwargs):
        """
        Handle GET requests
        """
        user = kwargs.pop('user')
        if user is not None:
            if not CanSeeIfNotPrivate().has_permission(request, self):
                raise Http404
        elif request.user.is_anonymous():
            # /users/ redirects to logged in user's page, but user is not logged in here
            raise Http404

        return super(UsersView, self).get(request, *args, **kwargs)
    def test_instructor_can_see_profile(self):
        """
        Instructors can see private profile of user with same program
        """
        # Create a private profile for profile user
        ProfileFactory.create(
            user=self.profile_user,
            verified_micromaster_user=False,
            account_privacy=Profile.PRIVATE,
        )

        # Assign profile user to a program
        program = ProgramFactory.create()
        ProgramEnrollment.objects.create(
            program=program,
            user=self.profile_user,
        )

        # Make self.other_user an instructor of that program
        role = Role.objects.create(
            user=self.other_user,
            program=program,
            role=Instructor.ROLE_ID,
        )

        perm = CanSeeIfNotPrivate()
        request = Mock(user=self.other_user)
        view = Mock(kwargs={'user': self.profile_user_id})

        assert perm.has_permission(request, view) is True

        # Change role.program and assert that user no longer has permission to see private profile
        role.program = ProgramFactory.create()
        role.save()
        with self.assertRaises(Http404):
            perm.has_permission(request, view)
예제 #10
0
 def setUp(self):
     super().setUp()
     self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
     self.perm = CanSeeIfNotPrivate()
예제 #11
0
class CanSeeIfNotPrivateTests(MockedESTestCase):
    """
    Tests for CanSeeIfNotPrivate permissions
    """

    def setUp(self):
        super().setUp()
        self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
        self.perm = CanSeeIfNotPrivate()

    def get_social_auth_uid(self, user):
        """Helper method to get social_auth uid for a user"""
        return get_social_auth(user).uid

    def test_cant_view_if_privacy_is_private(self):
        """
        Users are not supposed to view private profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PRIVATE)

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    @ddt.data(Profile.PUBLIC_TO_MM, Profile.PRIVATE)
    def test_cant_view_if_anonymous_user(self, account_privacy_setting):
        """
        Anonymous are not supposed to view public_to_mm or private profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=account_privacy_setting)

        request = Mock(user=Mock(is_anonymous=True))
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    def test_can_view_public_if_anonymous_user(self):
        """
        Anonymous can view public profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)

        request = Mock(user=Mock(is_anonymous=True))
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        assert self.perm.has_permission(request, view) is True

    def test_cant_view_if_non_verified_mm_user(self):
        """
        Non verified micromaster users are not supposed to view public_to_mm profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM)

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    def test_cant_view_if_privacy_weird(self):
        """
        Users can not open profiles with ambiguous account_privacy settings.
        """
        new_profile = SocialProfileFactory.create(account_privacy='weird_setting')

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    def test_can_view_own_profile(self):
        """
        Users are allowed to view their own profile.
        """
        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(self.user)})

        assert self.perm.has_permission(request, view) is True

    def test_users_can_view_public_profile(self):
        """
        Users are allowed to view public profile.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
        assert self.perm.has_permission(request, view) is True

    def test_can_view_if_verified_mm_user(self):
        """
        Verified MM users are allowed to view public_to_mm profile.
        """
        new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
        verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user
        program = ProgramFactory.create()
        for user in [new_user, verified_user]:
            ProgramEnrollment.objects.create(
                program=program,
                user=user,
            )

        request = Mock(user=verified_user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
        assert self.perm.has_permission(request, view) is True

    def test_view_public_to_mm_when_no_common_programs(self):
        """
        Users are not allowed to view public_to_mm profile if there are no common programs.
        """
        new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
        verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user

        request = Mock(user=verified_user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    @ddt.data(Staff.ROLE_ID, Instructor.ROLE_ID)
    def test_roles_can_see_profile(self, role_to_set):
        """
        Staff and Instructors can see private profile of user with same program
        """
        # Create a private profile
        new_user = SocialProfileFactory.create(
            verified_micromaster_user=False,
            account_privacy=Profile.PRIVATE,
        ).user
        program = ProgramFactory.create()
        ProgramEnrollment.objects.create(
            program=program,
            user=new_user,
        )

        # Make self.unverified_user a staff of that program
        role = Role.objects.create(
            user=self.user,
            program=program,
            role=role_to_set,
        )
        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})

        assert self.perm.has_permission(request, view) is True

        # Change role.program and assert that user no longer has permission to see private profile
        role.program = ProgramFactory.create()
        role.save()
        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)
예제 #12
0
 def setUp(self):
     super(CanSeeIfNotPrivateTests, self).setUp()
     self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
     self.perm = CanSeeIfNotPrivate()
예제 #13
0
class CanSeeIfNotPrivateTests(MockedESTestCase):
    """
    Tests for CanSeeIfNotPrivate permissions
    """

    def setUp(self):
        super(CanSeeIfNotPrivateTests, self).setUp()
        self.user = SocialProfileFactory.create(verified_micromaster_user=False).user
        self.perm = CanSeeIfNotPrivate()

    def get_social_auth_uid(self, user):
        """Helper method to get social_auth uid for a user"""
        return get_social_auth(user).uid

    def test_cant_view_if_privacy_is_private(self):
        """
        Users are not supposed to view private profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PRIVATE)

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    @ddt.data(Profile.PUBLIC_TO_MM, Profile.PRIVATE)
    def test_cant_view_if_anonymous_user(self, account_privacy_setting):
        """
        Anonymous are not supposed to view public_to_mm or private profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=account_privacy_setting)

        request = Mock(user=Mock(is_anonymous=True))
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    def test_can_view_public_if_anonymous_user(self):
        """
        Anonymous can view public profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)

        request = Mock(user=Mock(is_anonymous=True))
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        assert self.perm.has_permission(request, view) is True

    def test_cant_view_if_non_verified_mm_user(self):
        """
        Non verified micromaster users are not supposed to view public_to_mm profiles.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM)

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    def test_cant_view_if_privacy_weird(self):
        """
        Users can not open profiles with ambiguous account_privacy settings.
        """
        new_profile = SocialProfileFactory.create(account_privacy='weird_setting')

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})

        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    def test_can_view_own_profile(self):
        """
        Users are allowed to view their own profile.
        """
        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(self.user)})

        assert self.perm.has_permission(request, view) is True

    def test_users_can_view_public_profile(self):
        """
        Users are allowed to view public profile.
        """
        new_profile = SocialProfileFactory.create(account_privacy=Profile.PUBLIC)

        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_profile.user)})
        assert self.perm.has_permission(request, view) is True

    def test_can_view_if_verified_mm_user(self):
        """
        Verified MM users are allowed to view public_to_mm profile.
        """
        new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
        verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user
        program = ProgramFactory.create()
        for user in [new_user, verified_user]:
            ProgramEnrollment.objects.create(
                program=program,
                user=user,
            )

        request = Mock(user=verified_user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
        assert self.perm.has_permission(request, view) is True

    def test_view_public_to_mm_when_no_common_programs(self):
        """
        Users are not allowed to view public_to_mm profile if there are no common programs.
        """
        new_user = SocialProfileFactory.create(account_privacy=Profile.PUBLIC_TO_MM).user
        verified_user = SocialProfileFactory.create(verified_micromaster_user=True).user

        request = Mock(user=verified_user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})
        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)

    @ddt.data(Staff.ROLE_ID, Instructor.ROLE_ID)
    def test_roles_can_see_profile(self, role_to_set):
        """
        Staff and Instructors can see private profile of user with same program
        """
        # Create a private profile
        new_user = SocialProfileFactory.create(
            verified_micromaster_user=False,
            account_privacy=Profile.PRIVATE,
        ).user
        program = ProgramFactory.create()
        ProgramEnrollment.objects.create(
            program=program,
            user=new_user,
        )

        # Make self.unverified_user a staff of that program
        role = Role.objects.create(
            user=self.user,
            program=program,
            role=role_to_set,
        )
        request = Mock(user=self.user)
        view = Mock(kwargs={'user': self.get_social_auth_uid(new_user)})

        assert self.perm.has_permission(request, view) is True

        # Change role.program and assert that user no longer has permission to see private profile
        role.program = ProgramFactory.create()
        role.save()
        with self.assertRaises(Http404):
            self.perm.has_permission(request, view)