def test_available_tasks_for_anon_user(self):
anonymous_user = AnonymousUser()
user = User.objects.create_user('user', password='******')
project_protected = Project(
active=True,
login_required=True,
)
project_protected.save()
self.assertEqual(len(Project.all_available_for(anonymous_user)), 0)
self.assertEqual(len(Project.all_available_for(user)), 2) # Project created by setUp
batch_protected = Batch(project=project_protected)
batch_protected.save()
Task(batch=batch_protected).save()
self.assertEqual(len(batch_protected.available_tasks_for(anonymous_user)), 0)
self.assertEqual(len(batch_protected.available_tasks_for(user)), 1)
project_unprotected = Project(
active=True,
login_required=False,
)
project_unprotected.save()
batch_unprotected = Batch(project=project_unprotected)
batch_unprotected.save()
Task(batch=batch_unprotected).save()
self.assertEqual(len(Project.all_available_for(anonymous_user)), 1)
self.assertEqual(len(Project.all_available_for(user)), 3)
self.assertEqual(len(project_unprotected.batches_available_for(anonymous_user)), 1)
self.assertEqual(len(project_unprotected.batches_available_for(user)), 1)
self.assertEqual(len(batch_unprotected.available_tasks_for(anonymous_user)), 1)
self.assertEqual(len(batch_unprotected.available_tasks_for(user)), 1)
def test_available_for_active_flag(self):
user = User.objects.create_user('testuser', password='******')
self.assertEqual(len(Project.all_available_for(user)), 0)
Project(active=False, ).save()
self.assertEqual(len(Project.all_available_for(user)), 0)
Project(active=True, ).save()
self.assertEqual(len(Project.all_available_for(user)), 1)
def test_available_for_login_required(self):
anonymous_user = AnonymousUser()
self.assertEqual(len(Project.all_available_for(anonymous_user)), 0)
Project(login_required=True, ).save()
self.assertEqual(len(Project.all_available_for(anonymous_user)), 0)
authenticated_user = User.objects.create_user('testuser',
password='******')
self.assertEqual(len(Project.all_available_for(authenticated_user)), 1)
def test_all_available_for_login_required(self):
anonymous_user = AnonymousUser()
self.assertEqual(len(Project.all_available_for(anonymous_user)), 0)
Project(
login_required=True,
).save()
self.assertEqual(len(Project.all_available_for(anonymous_user)), 0)
authenticated_user = User.objects.create_user('testuser', password='******')
self.assertEqual(len(Project.all_available_for(authenticated_user)), 1)
def test_all_available_for_active_flag(self):
user = User.objects.create_user('testuser', password='******')
self.assertEqual(len(Project.all_available_for(user)), 0)
Project(
active=False,
).save()
self.assertEqual(len(Project.all_available_for(user)), 0)
Project(
active=True,
).save()
self.assertEqual(len(Project.all_available_for(user)), 1)
def index(request):
"""
Security behavior:
- Anyone can access the page, but the page only shows the user
information they have access to.
"""
abandoned_assignments = []
if request.user.is_authenticated:
for ha in TaskAssignment.objects.filter(assigned_to=request.user).filter(completed=False):
abandoned_assignments.append({
'task': ha.task,
'task_assignment_id': ha.id
})
# Create a row for each Batch that has Tasks available for the current user
batch_rows = []
for project in Project.all_available_for(request.user):
for batch in project.batches_available_for(request.user):
total_tasks_available = batch.total_available_tasks_for(request.user)
if total_tasks_available > 0:
batch_rows.append({
'project_name': project.name,
'batch_name': batch.name,
'batch_published': batch.created_at,
'assignments_available': total_tasks_available,
'preview_next_task_url': reverse('preview_next_task',
kwargs={'batch_id': batch.id}),
'accept_next_task_url': reverse('accept_next_task',
kwargs={'batch_id': batch.id})
})
return render(request, 'index.html', {
'abandoned_assignments': abandoned_assignments,
'batch_rows': batch_rows
})
def index(request):
"""
Security behavior:
- Anyone can access the page, but the page only shows the user
information they have access to.
"""
abandoned_assignments = []
if request.user.is_authenticated:
for ha in TaskAssignment.objects.filter(assigned_to=request.user).filter(completed=False):
abandoned_assignments.append({
'task': ha.task,
'task_assignment_id': ha.id
})
# Create a row for each Batch that has Tasks available for the current user
batch_rows = []
for project in Project.all_available_for(request.user):
for batch in project.batches_available_for(request.user):
total_tasks_available = batch.total_available_tasks_for(request.user)
if total_tasks_available > 0:
batch_rows.append({
'project_name': project.name,
'batch_name': batch.name,
'batch_published': batch.created_at,
'assignments_available': total_tasks_available,
'preview_next_task_url': reverse('preview_next_task',
kwargs={'batch_id': batch.id}),
'accept_next_task_url': reverse('accept_next_task',
kwargs={'batch_id': batch.id})
})
return render(request, 'index.html', {
'abandoned_assignments': abandoned_assignments,
'batch_rows': batch_rows
})
def test_all_available_for_custom_permissions(self):
user = User.objects.create_user('testuser', password='******')
group = Group.objects.create(name='testgroup')
user.groups.add(group)
project = Project(custom_permissions=True)
project.save()
self.assertEqual(len(project.all_available_for(user)), 0)
# Verify that giving the group access also gives the group members access
self.assertFalse(user.has_perm('can_work_on', project))
assign_perm('can_work_on', group, project)
self.assertEqual(len(project.all_available_for(user)), 1)
# add superusers should have access to it
self.assertEqual(len(project.all_available_for(self.admin)), 1)