Exemplo n.º 1
0
 def test_teacher_view_asset(self, client, fake_auth, mock_asset):
     """Authorized user can view asset."""
     course = Course.find_by_id(mock_asset.course_id)
     instructors = list(filter(lambda u: is_teaching(u), course.users))
     fake_auth.login(instructors[0].id)
     asset = _api_get_asset(asset_id=mock_asset.id, client=client)
     assert asset['id'] == mock_asset.id
Exemplo n.º 2
0
 def test_delete_asset_by_teacher(self, client, fake_auth, mock_asset,
                                  mock_category):
     """Authorized user can delete asset."""
     course = Course.find_by_id(mock_asset.course_id)
     instructors = list(filter(lambda u: is_teaching(u), course.users))
     fake_auth.login(instructors[0].id)
     self._verify_delete_asset(mock_asset.id, client)
Exemplo n.º 3
0
 def test_teacher_download(self, app, client, fake_auth, mock_asset):
     """Authorized user can download asset."""
     course = Course.find_by_id(mock_asset.course_id)
     instructors = list(filter(lambda u: is_teaching(u), course.users))
     fake_auth.login(instructors[0].id)
     # TODO: Mock S3 so authorized user actually gets download. For now, 404 oddly indicates success.
     self._api_download_asset(app,
                              asset_id=mock_asset.id,
                              client=client,
                              expected_status_code=404)
 def test_teachers_cannot_update(self, client, fake_auth):
     """Denies teacher."""
     instructor = next(user for user in User.query.all()
                       if is_teaching(user))
     fake_auth.login(instructor.id)
     self._api_update_comment(
         client,
         body='Unauthorized instructor hack!',
         comment_id=1,
         expected_status_code=404,
     )
Exemplo n.º 5
0
 def test_increment_asset_view_count(self, client, fake_auth, mock_asset):
     course = Course.find_by_id(mock_asset.course_id)
     instructors = list(filter(lambda u: is_teaching(u), course.users))
     # Instructor 1 increments view count.
     fake_auth.login(instructors[0].id)
     asset = _api_get_asset(asset_id=mock_asset.id, client=client)
     assert asset['views'] == 1
     # Instructor 2 increments view count.
     fake_auth.login(instructors[1].id)
     asset = _api_get_asset(asset_id=mock_asset.id, client=client)
     assert asset['views'] == 2
     # Repeat views do not increment,
     fake_auth.login(instructors[0].id)
     asset = _api_get_asset(asset_id=mock_asset.id, client=client)
     assert asset['views'] == 2
     # Views by asset owners do not increment.
     fake_auth.login(mock_asset.users[0].id)
     asset = _api_get_asset(asset_id=mock_asset.id, client=client)
     assert asset['views'] == 2
Exemplo n.º 6
0
 def is_teaching(self):
     return is_teaching(self)
Exemplo n.º 7
0
def can_update_asset(user, asset):
    user_id = _get_user_id(user)
    user_ids = [user.id for user in asset.users]
    return user.course.id == asset.course_id and (is_teaching(user)
                                                  or user_id in user_ids)