def test_delete_group(self, client, fake_auth, mock_category):
"""Teacher can delete category."""
teacher = User.find_by_canvas_user_id(9876543)
fake_auth.login(teacher.id)
assert client.delete(
f'/api/category/{mock_category.id}/delete').status_code == 200
assert client.get(
f'/api/category/{mock_category.id}').status_code == 404
def test_unauthorized(self, client, fake_auth, mock_category):
"""Denies unauthorized user."""
student = User.find_by_canvas_user_id(8765432)
fake_auth.login(student.id)
self._api_update_category(
client,
category_id=mock_category.id,
expected_status_code=401,
title='I don\'t do too much talking',
)
def _verify_update_category(self, client, fake_auth, mock_category):
teacher = User.find_by_canvas_user_id(9876543)
fake_auth.login(teacher.id)
title = "I've stopped my rambling, I don't do too much gambling these days"
visible = not mock_category.visible
api_json = self._api_update_category(client,
category_id=mock_category.id,
title=title,
visible=visible)
assert api_json['id'] == mock_category.id
assert api_json['title'] == mock_category.title
assert api_json['visible'] is visible
def test_unauthorized(self, client):
"""No cookie auth for unauthorized user."""
canvas_course_id = 1502871
unauthorized_user = User.find_by_canvas_user_id(canvas_user_id=654321)
assert unauthorized_user
assert unauthorized_user.course.canvas_course_id != canvas_course_id
canvas_api_domain = unauthorized_user.course.canvas_api_domain
client.set_cookie('localhost',
f'{canvas_api_domain}|{canvas_course_id}',
str(unauthorized_user.id))
self._api_assets_with_cookie_auth(
canvas_api_domain=canvas_api_domain,
canvas_course_id=canvas_course_id,
client=client,
expected_status_code=401,
)
def test_authorized(self, client):
"""Cookie auth for authorized user."""
canvas_course_id = 1502870
authorized_user = User.find_by_canvas_user_id(canvas_user_id=654321)
assert authorized_user
assert authorized_user.course.canvas_course_id == canvas_course_id
canvas_api_domain = authorized_user.course.canvas_api_domain
client.set_cookie('localhost',
f'{canvas_api_domain}|{canvas_course_id}',
str(authorized_user.id))
self._api_assets_with_cookie_auth(
canvas_api_domain=canvas_api_domain,
canvas_course_id=canvas_course_id,
client=client,
)
# Finally, log out and verify that cookie has been removed.
assert client.post('/api/auth/logout').status_code == 200
self._api_assets_with_cookie_auth(
canvas_api_domain=canvas_api_domain,
canvas_course_id=canvas_course_id,
client=client,
expected_status_code=401,
)
def _create_user_at_lti_launch():
_response = self._api_auth_lti_launch(
client=client,
custom_canvas_api_domain=canvas.canvas_api_domain,
custom_canvas_course_id=canvas_course_id,
custom_canvas_user_id=canvas_user_id,
custom_external_tool_url=external_tool_url,
lis_person_name_full=full_name,
oauth_consumer_key=canvas.lti_key,
roles='Student',
tool_id=TOOL_ID_ASSET_LIBRARY,
)
std_commit(allow_test_environment=True)
user = User.find_by_canvas_user_id(canvas_user_id)
assert user
assert user.canvas_full_name == full_name
assert user.canvas_user_id == canvas_user_id
course = user.course
assert course.canvas_course_id == canvas_course_id
assert course.engagement_index_url is None
assert course.asset_library_url == external_tool_url
return _response
def test_unauthorized(self, client, fake_auth, mock_category):
"""Denies unauthorized user."""
student = User.find_by_canvas_user_id(8765432)
fake_auth.login(student.id)
assert client.delete(
f'/api/category/{mock_category.id}/delete').status_code == 401
def test_unauthorized(self, client, fake_auth):
"""Denies unauthorized user."""
student = User.find_by_canvas_user_id(8765432)
fake_auth.login(student.id)
self._api_create_category(client, expected_status_code=401)