def setUpClass(cls):
# pylint: disable=no-member
super().setUpClass()
teams_config = TeamsConfig({
'team_sets': [{
'id': f'teamset_{i}',
'name': f'teamset_{i}_name',
'description': f'teamset_{i}_desc',
} for i in [1, 2, 3, 4]]
})
cls.course = CourseFactory(teams_configuration=teams_config)
cls.course_no_teamsets = CourseFactory()
team1_1 = CourseTeamFactory(course_id=cls.course.id,
name='team_1_1',
topic_id='teamset_1')
CourseTeamFactory(course_id=cls.course.id,
name='team_1_2',
topic_id='teamset_1')
team2_1 = CourseTeamFactory(course_id=cls.course.id,
name='team_2_1',
topic_id='teamset_2')
team2_2 = CourseTeamFactory(course_id=cls.course.id,
name='team_2_2',
topic_id='teamset_2')
team3_1 = CourseTeamFactory(course_id=cls.course.id,
name='team_3_1',
topic_id='teamset_3')
# protected team
team3_2 = CourseTeamFactory(course_id=cls.course.id,
name='team_3_2',
topic_id='teamset_3',
organization_protected=True)
# No teams in teamset 4
user1 = UserFactory.create(username='******')
user2 = UserFactory.create(username='******')
user3 = UserFactory.create(username='******')
user4 = UserFactory.create(username='******')
user5 = UserFactory.create(username='******')
CourseEnrollmentFactory.create(user=user1,
course_id=cls.course.id,
mode='audit')
CourseEnrollmentFactory.create(user=user2,
course_id=cls.course.id,
mode='verified')
CourseEnrollmentFactory.create(user=user3,
course_id=cls.course.id,
mode='honors')
CourseEnrollmentFactory.create(user=user4,
course_id=cls.course.id,
mode='masters')
CourseEnrollmentFactory.create(user=user5,
course_id=cls.course.id,
mode='masters')
team1_1.add_user(user1)
team2_2.add_user(user1)
team3_1.add_user(user1)
team1_1.add_user(user2)
team2_2.add_user(user2)
team3_1.add_user(user2)
team2_1.add_user(user3)
team3_1.add_user(user3)
team3_2.add_user(user4)
def setUp(self):
super(CreditRequestTest, self).setUp()
self.user = UserFactory.create()
self.retirement = UserRetirementStatus.create_retirement(self.user)
self.credit_course = CreditCourse.objects.create()
self.provider = CreditProvider.objects.create()
def setUp(self):
self.user_1 = UserFactory.create()
self.user_2 = UserFactory.create()
def setUpTestData(cls):
cls.user = UserFactory.create(password='******')
super(TestEnterpriseUtils, cls).setUpTestData()
def setUp(self):
"""
Fixtures
"""
super(TestRequireStudentIdentifier, self).setUp()
self.student = UserFactory.create()
def test_cea_enrolls_only_one_user(self):
"""
Tests that a CourseEnrollmentAllowed can be used by just one user.
If the user changes e-mail and then a second user tries to enroll with the same accepted e-mail,
the second enrollment should fail.
However, the original user can reuse the CEA many times.
"""
cea = CourseEnrollmentAllowedFactory(
email='*****@*****.**',
course_id=self.course.id,
auto_enroll=False,
)
# Still unlinked
self.assertIsNone(cea.user)
user1 = UserFactory.create(username="******",
email="*****@*****.**",
password="******")
user2 = UserFactory.create(username="******",
email="*****@*****.**",
password="******")
self.assertFalse(
CourseEnrollment.objects.filter(course_id=self.course.id,
user=user1).exists())
user1.email = '*****@*****.**'
user1.save()
CourseEnrollment.enroll(user1, self.course.id, check_access=True)
self.assertTrue(
CourseEnrollment.objects.filter(course_id=self.course.id,
user=user1).exists())
# The CEA is now linked
cea.refresh_from_db()
self.assertEqual(cea.user, user1)
# user2 wants to enroll too, (ab)using the same allowed e-mail, but cannot
user1.email = '*****@*****.**'
user1.save()
user2.email = '*****@*****.**'
user2.save()
with self.assertRaises(EnrollmentClosedError):
CourseEnrollment.enroll(user2, self.course.id, check_access=True)
# CEA still linked to user1. Also after unenrolling
cea.refresh_from_db()
self.assertEqual(cea.user, user1)
CourseEnrollment.unenroll(user1, self.course.id)
cea.refresh_from_db()
self.assertEqual(cea.user, user1)
# Enroll user1 again. Because it's the original owner of the CEA, the enrollment is allowed
CourseEnrollment.enroll(user1, self.course.id, check_access=True)
# Still same
cea.refresh_from_db()
self.assertEqual(cea.user, user1)
def setUp(self):
super().setUp()
self.student = UserFactory.create()
def test_query_counts(self):
# Test student with no certificates
student_no_cert = UserFactory.create(password=self.user_password)
with self.assertNumQueries(18):
resp = self.get_response(
AuthType.jwt,
requesting_user=self.global_staff,
requested_user=student_no_cert,
)
assert resp.status_code == status.HTTP_200_OK
assert len(resp.data) == 0
# Test student with 1 certificate
with self.assertNumQueries(12):
resp = self.get_response(
AuthType.jwt,
requesting_user=self.global_staff,
requested_user=self.student,
)
assert resp.status_code == status.HTTP_200_OK
assert len(resp.data) == 1
# Test student with 2 certificates
student_2_certs = UserFactory.create(password=self.user_password)
course = CourseFactory.create(
org='edx',
number='test',
display_name='Test Course',
self_paced=True,
)
CourseOverviewFactory.create(
id=course.id,
display_org_with_default='edx',
display_name='Test Course',
cert_html_view_enabled=True,
self_paced=True,
)
GeneratedCertificateFactory.create(
user=student_2_certs,
course_id=self.course.id,
status=CertificateStatuses.downloadable,
mode='verified',
download_url='www.google.com',
grade="0.88",
)
GeneratedCertificateFactory.create(
user=student_2_certs,
course_id=course.id,
status=CertificateStatuses.downloadable,
mode='verified',
download_url='www.google.com',
grade="0.88",
)
with self.assertNumQueries(12):
resp = self.get_response(
AuthType.jwt,
requesting_user=self.global_staff,
requested_user=student_2_certs,
)
assert resp.status_code == status.HTTP_200_OK
assert len(resp.data) == 2
def setUp(self):
super().setUp()
self.user = UserFactory.create()
CourseEnrollmentFactory.create(user=self.user,
course_id=self.course.id)
def test_library_permissions(self): # pylint: disable=too-many-statements
"""
Test that permissions are enforced for content libraries, and that
permissions can be read and manipulated using the REST API (which in
turn tests the python API).
This is a single giant test case, because that optimizes for the fastest
test run time, even though it can make debugging failures harder.
"""
# Create a few users to use for all of these tests:
admin = UserFactory.create(username="******", email="*****@*****.**")
author = UserFactory.create(username="******",
email="*****@*****.**")
reader = UserFactory.create(username="******",
email="*****@*****.**")
group = Group.objects.create(name="group1")
author_group_member = UserFactory.create(
username="******", email="*****@*****.**")
author_group_member.groups.add(group)
random_user = UserFactory.create(username="******",
email="*****@*****.**")
never_added = UserFactory.create(username="******",
email="*****@*****.**")
# Library CRUD #########################################################
# Create a library, owned by "Admin"
with self.as_user(admin):
lib = self._create_library(slug="permtest",
title="Permission Test Library",
description="Testing")
lib_id = lib["id"]
# By default, "public learning" and public read access are disallowed.
self.assertEqual(lib["allow_public_learning"], False)
self.assertEqual(lib["allow_public_read"], False)
# By default, the creator of a new library is the only admin
data = self._get_library_team(lib_id)
self.assertEqual(len(data), 1)
self.assertDictContainsEntries(
data[0], {
"username": admin.username,
"group_name": None,
"access_level": "admin",
})
# Add the other users to the content library:
self._set_user_access_level(lib_id,
author.username,
access_level="author")
# Delete it, add it again.
self._remove_user_access(lib_id, author.username)
self._set_user_access_level(lib_id,
author.username,
access_level="author")
# Add one of them via the email-based creation endpoint.
self._add_user_by_email(lib_id, reader.email, access_level="read")
self._set_group_access_level(lib_id,
group.name,
access_level="author")
team_response = self._get_library_team(lib_id)
self.assertEqual(len(team_response), 4)
# We'll use this one later.
reader_grant = {
"username": reader.username,
"group_name": None,
"access_level": "read"
}
# The response should also always be sorted in a specific order (by username and group name):
expected_response = [
{
"username": None,
"group_name": "group1",
"access_level": "author"
},
{
"username": admin.username,
"group_name": None,
"access_level": "admin"
},
{
"username": author.username,
"group_name": None,
"access_level": "author"
},
reader_grant,
]
for entry, expected in zip(team_response, expected_response):
self.assertDictContainsEntries(entry, expected)
# A random user cannot get the library nor its team:
with self.as_user(random_user):
self._get_library(lib_id, expect_response=403)
self._get_library_team(lib_id, expect_response=403)
self._add_user_by_email(lib_id,
never_added.email,
access_level="read",
expect_response=403)
# But every authorized user can:
for user in [admin, author, author_group_member]:
with self.as_user(user):
self._get_library(lib_id)
data = self._get_library_team(lib_id)
self.assertEqual(data, team_response)
data = self._get_user_access_level(lib_id, reader.username)
self.assertEqual(
data, {
**reader_grant, 'username': '******',
'email': '*****@*****.**'
})
# A user with only read permission can get data about the library but not the team:
with self.as_user(reader):
self._get_library(lib_id)
self._get_library_team(lib_id, expect_response=403)
self._get_user_access_level(lib_id,
author.username,
expect_response=403)
self._add_user_by_email(lib_id,
never_added.email,
access_level="read",
expect_response=403)
# Users without admin access cannot delete the library nor change its team:
for user in [author, reader, author_group_member, random_user]:
with self.as_user(user):
self._delete_library(lib_id, expect_response=403)
self._set_user_access_level(lib_id,
author.username,
access_level="admin",
expect_response=403)
self._set_user_access_level(lib_id,
admin.username,
access_level=None,
expect_response=403)
self._set_user_access_level(lib_id,
random_user.username,
access_level="read",
expect_response=403)
self._remove_user_access(lib_id,
admin.username,
expect_response=403)
self._add_user_by_email(lib_id,
never_added.email,
access_level="read",
expect_response=403)
# Users with author access (or higher) can edit the library's properties:
with self.as_user(author):
self._update_library(lib_id, description="Revised description")
with self.as_user(author_group_member):
self._update_library(lib_id, title="New Library Title")
# But other users cannot:
with self.as_user(reader):
self._update_library(lib_id,
description="Prohibited description",
expect_response=403)
with self.as_user(random_user):
self._update_library(lib_id,
title="I can't set this title",
expect_response=403)
# Verify the permitted changes were made:
with self.as_user(admin):
data = self._get_library(lib_id)
self.assertEqual(data["description"], "Revised description")
self.assertEqual(data["title"], "New Library Title")
# Library XBlock editing ###############################################
# users with read permission or less cannot add blocks:
for user in [reader, random_user]:
with self.as_user(user):
self._add_block_to_library(lib_id,
"problem",
"problem1",
expect_response=403)
# But authors and admins can:
with self.as_user(admin):
self._add_block_to_library(lib_id, "problem", "problem1")
with self.as_user(author):
self._add_block_to_library(lib_id, "problem", "problem2")
with self.as_user(author_group_member):
block3_data = self._add_block_to_library(lib_id, "problem",
"problem3")
block3_key = block3_data["id"]
# At this point, the library contains 3 draft problem XBlocks.
# A random user cannot read OLX nor assets (this library has allow_public_read False):
with self.as_user(random_user):
self._get_library_block_olx(block3_key, expect_response=403)
self._get_library_block_assets(block3_key, expect_response=403)
self._get_library_block_asset(block3_key,
file_name="whatever.png",
expect_response=403)
# But if we grant allow_public_read, then they can:
with self.as_user(admin):
self._update_library(lib_id, allow_public_read=True)
self._set_library_block_asset(block3_key, "whatever.png", b"data")
with self.as_user(random_user):
self._get_library_block_olx(block3_key)
self._get_library_block_assets(block3_key)
self._get_library_block_asset(block3_key, file_name="whatever.png")
# Users without authoring permission cannot edit nor delete XBlocks (this library has allow_public_read False):
for user in [reader, random_user]:
with self.as_user(user):
self._set_library_block_olx(block3_key,
"<problem/>",
expect_response=403)
self._set_library_block_asset(block3_key,
"test.txt",
b"data",
expect_response=403)
self._delete_library_block(block3_key, expect_response=403)
self._commit_library_changes(lib_id, expect_response=403)
self._revert_library_changes(lib_id, expect_response=403)
# But users with author permission can:
with self.as_user(author_group_member):
olx = self._get_library_block_olx(block3_key)
self._set_library_block_olx(block3_key, olx)
self._get_library_block_assets(block3_key)
self._set_library_block_asset(block3_key, "test.txt", b"data")
self._get_library_block_asset(block3_key, file_name="test.txt")
self._delete_library_block(block3_key)
self._commit_library_changes(lib_id)
self._revert_library_changes(
lib_id
) # This is a no-op after the commit, but should still have 200 response
def setUpTestData(cls):
cls.user = UserFactory.create(password='******')
super().setUpTestData()
def test_active_at_datetime(self):
user = UserFactory.create()
verification = ManualVerification.objects.create(user=user)
self.verification_active_at_datetime(verification)
def test_active_at_datetime(self):
user = UserFactory.create()
attempt = SSOVerification.objects.create(user=user)
self.verification_active_at_datetime(attempt)
def test_parse_error_msg_failure(self, msg):
user = UserFactory.create()
attempt = SoftwareSecurePhotoVerification.objects.create(
user=user, status='denied', error_msg=msg)
self.assertEqual(attempt.parsed_error_msg(), [])
