def test_access_masquerade_as_user_with_forum_role(self, role_name):
"""
Test that when masquerading as a user with a given forum role you do not lose access to graded content
"""
staff_user = StaffFactory.create(password=TEST_PASSWORD, course_key=self.course.id)
CourseEnrollmentFactory.create(
user=staff_user,
course_id=self.course.id,
mode='audit'
)
self.client.login(username=staff_user.username, password=TEST_PASSWORD)
user = UserFactory.create()
role = RoleFactory(name=role_name, course_id=self.course.id)
role.users.add(user)
CourseEnrollmentFactory.create(
user=user,
course_id=self.course.id,
mode='audit'
)
self.update_masquerade(username=user.username)
_assert_block_is_gated(
block=self.blocks_dict['problem'],
user=user,
course=self.course,
is_gated=False,
request_factory=self.factory,
)
def test_access_masquerade_as_course_team_users(self, role_factory):
"""
Test that when masquerading as members of the course team you do not lose access to graded content
"""
# There are two types of course team members: instructor and staff
# they have different privileges, but for the purpose of this test the important thing is that they should both
# have access to all graded content
staff_user = StaffFactory.create(password=TEST_PASSWORD, course_key=self.course.id)
CourseEnrollmentFactory.create(
user=staff_user,
course_id=self.course.id,
mode='audit'
)
self.client.login(username=staff_user.username, password=TEST_PASSWORD)
if role_factory == GlobalStaffFactory:
user = role_factory.create()
else:
user = role_factory.create(course_key=self.course.id)
self.update_masquerade(username=user.username)
block = self.blocks_dict['problem']
block_view_url = reverse('render_xblock', kwargs={'usage_key_string': six.text_type(block.scope_ids.usage_id)})
response = self.client.get(block_view_url)
self.assertEquals(response.status_code, 200)
def test_access_masquerade_as_course_team_users(self, role_factory):
"""
Test that when masquerading as members of the course team you do not lose access to graded content
"""
# There are two types of course team members: instructor and staff
# they have different privileges, but for the purpose of this test the important thing is that they should both
# have access to all graded content
staff_user = StaffFactory.create(password=TEST_PASSWORD, course_key=self.course.id)
CourseEnrollmentFactory.create(
user=staff_user,
course_id=self.course.id,
mode='audit'
)
self.client.login(username=staff_user.username, password=TEST_PASSWORD)
if role_factory == GlobalStaffFactory:
user = role_factory.create()
else:
user = role_factory.create(course_key=self.course.id)
CourseEnrollment.enroll(user, self.course.id)
self.update_masquerade(username=user.username)
block = self.blocks_dict['problem']
block_view_url = reverse('render_xblock', kwargs={'usage_key_string': six.text_type(block.scope_ids.usage_id)})
response = self.client.get(block_view_url)
self.assertEqual(response.status_code, 200)
def test_access_on_course_with_pre_requisites(self):
"""
Test course access when a course has pre-requisite course yet to be completed
"""
user = UserFactory.create()
pre_requisite_course = CourseFactory.create(org='test_org',
number='788',
run='test_run')
pre_requisite_courses = [six.text_type(pre_requisite_course.id)]
course = CourseFactory.create(
org='test_org',
number='786',
run='test_run',
pre_requisite_courses=pre_requisite_courses)
set_prerequisite_courses(course.id, pre_requisite_courses)
# user should not be able to load course even if enrolled
CourseEnrollmentFactory(user=user, course_id=course.id)
response = access._has_access_course(user, 'load', course)
self.assertFalse(response)
self.assertIsInstance(response, access_response.MilestoneAccessError)
# Staff can always access course
staff = StaffFactory.create(course_key=course.id)
self.assertTrue(access._has_access_course(staff, 'load', course))
# User should be able access after completing required course
fulfill_course_milestone(pre_requisite_course.id, user)
self.assertTrue(access._has_access_course(user, 'load', course))
def test_access_masquerade_as_user_with_forum_role(self, role_name):
"""
Test that when masquerading as a user with a given forum role you do not lose access to graded content
"""
staff_user = StaffFactory.create(password=TEST_PASSWORD, course_key=self.course.id)
CourseEnrollmentFactory.create(
user=staff_user,
course_id=self.course.id,
mode='audit'
)
self.client.login(username=staff_user.username, password=TEST_PASSWORD)
user = UserFactory.create()
role = RoleFactory(name=role_name, course_id=self.course.id)
role.users.add(user)
CourseEnrollmentFactory.create(
user=user,
course_id=self.course.id,
mode='audit'
)
self.update_masquerade(username=user.username)
_assert_block_is_gated(
block=self.blocks_dict['problem'],
user=user,
course=self.course,
is_gated=False,
request_factory=self.factory,
)
def test__catalog_visibility(self):
"""
Tests the catalog visibility tri-states
"""
user = UserFactory.create()
course_id = CourseLocator('edX', 'test', '2012_Fall')
staff = StaffFactory.create(course_key=course_id)
course = Mock(id=course_id,
catalog_visibility=CATALOG_VISIBILITY_CATALOG_AND_ABOUT)
assert access._has_access_course(user, 'see_in_catalog', course)
assert access._has_access_course(user, 'see_about_page', course)
assert access._has_access_course(staff, 'see_in_catalog', course)
assert access._has_access_course(staff, 'see_about_page', course)
# Now set visibility to just about page
course = Mock(id=CourseLocator('edX', 'test', '2012_Fall'),
catalog_visibility=CATALOG_VISIBILITY_ABOUT)
assert not access._has_access_course(user, 'see_in_catalog', course)
assert access._has_access_course(user, 'see_about_page', course)
assert access._has_access_course(staff, 'see_in_catalog', course)
assert access._has_access_course(staff, 'see_about_page', course)
# Now set visibility to none, which means neither in catalog nor about pages
course = Mock(id=CourseLocator('edX', 'test', '2012_Fall'),
catalog_visibility=CATALOG_VISIBILITY_NONE)
assert not access._has_access_course(user, 'see_in_catalog', course)
assert not access._has_access_course(user, 'see_about_page', course)
assert access._has_access_course(staff, 'see_in_catalog', course)
assert access._has_access_course(staff, 'see_about_page', course)
def test_courseware_page_access_with_staff_user_after_passing_entrance_exam(self):
"""
Test courseware access page after passing entrance exam but with staff user
"""
self.logout()
staff_user = StaffFactory.create(course_key=self.course.id)
self.login(staff_user.email, 'test')
CourseEnrollmentFactory(user=staff_user, course_id=self.course.id)
self._assert_chapter_loaded(self.course, self.chapter)
def setUp(self):
super().setUp()
self.track_function = make_track_function(HttpRequest())
self.student_data = Mock()
self.course = self.import_test_course()
self.descriptor = ItemFactory(category="pure", parent=self.course)
self.course_id = self.course.id
self.instructor = StaffFactory.create(course_key=self.course_id)
self.runtime = self.make_runtime()
self.runtime.error_tracker = None
self.staff = AdminFactory.create()
self.course.bind_for_student(self.runtime, self.instructor)
def setUp(self):
"""
Creates a test course ID, mocks the runtime, and creates a fake storage
engine for use in all tests
"""
super(StaffGradedAssignmentXblockTests, self).setUp()
self.course = CourseFactory.create(org='foo',
number='bar',
display_name='baz')
self.descriptor = ItemFactory(category="pure", parent=self.course)
self.course_id = self.course.id
self.instructor = StaffFactory.create(course_key=self.course_id)
self.student_data = mock.Mock()
self.staff = AdminFactory.create(password="******")
self.runtime = self.make_runtime()
self.scope_ids = self.make_scope_ids(self.runtime)
def test_runtime_user_is_staff(self, is_staff):
course = CourseFactory.create(org='org',
number='bar',
display_name='baz')
descriptor = ItemFactory(category="pure", parent=course)
staff = StaffFactory.create(course_key=course.id)
self.runtime, _ = render.get_module_system_for_user(
staff if is_staff else User.objects.create(),
self.student_data,
descriptor,
course.id,
mock.Mock(),
mock.Mock(),
mock.Mock(),
course=course)
block = self.make_one()
assert block.runtime_user_is_staff() is is_staff
def test__has_access_course_can_enroll(self):
yesterday = datetime.datetime.now(
pytz.utc) - datetime.timedelta(days=1)
tomorrow = datetime.datetime.now(pytz.utc) + datetime.timedelta(days=1)
# Non-staff can enroll if authenticated and specifically allowed for that course
# even outside the open enrollment period
user = UserFactory.create()
course = Mock(enrollment_start=tomorrow,
enrollment_end=tomorrow,
id=CourseLocator('edX', 'test', '2012_Fall'),
enrollment_domain='')
CourseEnrollmentAllowedFactory(email=user.email, course_id=course.id)
self.assertTrue(access._has_access_course(user, 'enroll', course))
# Staff can always enroll even outside the open enrollment period
user = StaffFactory.create(course_key=course.id)
self.assertTrue(access._has_access_course(user, 'enroll', course))
# Non-staff cannot enroll if it is between the start and end dates and invitation only
# and not specifically allowed
course = Mock(enrollment_start=yesterday,
enrollment_end=tomorrow,
id=CourseLocator('edX', 'test', '2012_Fall'),
enrollment_domain='',
invitation_only=True)
user = UserFactory.create()
self.assertFalse(access._has_access_course(user, 'enroll', course))
# Non-staff can enroll if it is between the start and end dates and not invitation only
course = Mock(enrollment_start=yesterday,
enrollment_end=tomorrow,
id=CourseLocator('edX', 'test', '2012_Fall'),
enrollment_domain='',
invitation_only=False)
self.assertTrue(access._has_access_course(user, 'enroll', course))
# Non-staff cannot enroll outside the open enrollment period if not specifically allowed
course = Mock(enrollment_start=tomorrow,
enrollment_end=tomorrow,
id=CourseLocator('edX', 'test', '2012_Fall'),
enrollment_domain='',
invitation_only=False)
self.assertFalse(access._has_access_course(user, 'enroll', course))
def test_no_banner_when_masquerading_as_staff(self, role_factory,
mock_get_course_run_details):
"""
When masquerading as a specific expired user, if that user has a staff role
the expired course banner will not show up.
"""
mock_get_course_run_details.return_value = {'weeks_to_complete': 1}
if role_factory == GlobalStaffFactory:
expired_staff = role_factory.create(password=TEST_PASSWORD)
else:
expired_staff = role_factory.create(password=TEST_PASSWORD,
course_key=self.course.id)
CourseEnrollmentFactory.create(
mode=CourseMode.AUDIT,
course_id=self.course.id,
user=expired_staff,
)
Schedule.objects.update(start_date=self.THREE_YEARS_AGO)
CourseDurationLimitConfig.objects.create(
enabled=True,
course=CourseOverview.get_from_id(self.course.id),
enabled_as_of=self.course.start,
)
staff_user = StaffFactory.create(password=TEST_PASSWORD,
course_key=self.course.id)
CourseEnrollmentFactory.create(user=staff_user,
course_id=self.course.id,
mode='audit')
self.client.login(username=staff_user.username, password='******')
self.update_masquerade(username=expired_staff.username)
course_home_url = reverse('openedx.course_experience.course_home',
args=[six.text_type(self.course.id)])
response = self.client.get(course_home_url, follow=True)
assert response.status_code == 200
six.assertCountEqual(self, response.redirect_chain, [])
banner_text = 'This learner does not have access to this course. Their access expired on'
self.assertNotContains(response, banner_text)
def test_no_banner_when_masquerading_as_forum_staff(self, role_name, mock_get_course_run_details):
"""
When masquerading as a specific expired user, if that user has a forum staff role
the expired course banner will not show up.
"""
mock_get_course_run_details.return_value = {'weeks_to_complete': 1}
expired_staff = UserFactory.create()
role = RoleFactory(name=role_name, course_id=self.course.id)
role.users.add(expired_staff)
ScheduleFactory(
start=self.THREE_YEARS_AGO,
enrollment__mode=CourseMode.AUDIT,
enrollment__course_id=self.course.id,
enrollment__user=expired_staff
)
CourseDurationLimitConfig.objects.create(
enabled=True,
course=CourseOverview.get_from_id(self.course.id),
enabled_as_of=self.course.start,
)
staff_user = StaffFactory.create(password=TEST_PASSWORD, course_key=self.course.id)
CourseEnrollmentFactory.create(
user=staff_user,
course_id=self.course.id,
mode='audit'
)
self.client.login(username=staff_user.username, password='******')
self.update_masquerade(username=expired_staff.username)
course_home_url = reverse('openedx.course_experience.course_home', args=[six.text_type(self.course.id)])
response = self.client.get(course_home_url, follow=True)
self.assertEqual(response.status_code, 200)
self.assertItemsEqual(response.redirect_chain, [])
banner_text = 'This learner does not have access to this course. Their access expired on'
self.assertNotIn(banner_text, response.content)
def setUp(self):
super(GroupAccessTestCase, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments
UserPartition.scheme_extensions = ExtensionManager.make_test_instance(
[
Extension("memory", USER_PARTITION_SCHEME_NAMESPACE,
MemoryUserPartitionScheme(), None),
Extension("random", USER_PARTITION_SCHEME_NAMESPACE,
MemoryUserPartitionScheme(), None)
],
namespace=USER_PARTITION_SCHEME_NAMESPACE)
self.cat_group = Group(10, 'cats')
self.dog_group = Group(20, 'dogs')
self.worm_group = Group(30, 'worms')
self.animal_partition = UserPartition(
0,
'Pet Partition',
'which animal are you?',
[self.cat_group, self.dog_group, self.worm_group],
scheme=UserPartition.get_scheme("memory"),
)
self.red_group = Group(1000, 'red')
self.blue_group = Group(2000, 'blue')
self.gray_group = Group(3000, 'gray')
self.color_partition = UserPartition(
100,
'Color Partition',
'what color are you?',
[self.red_group, self.blue_group, self.gray_group],
scheme=UserPartition.get_scheme("memory"),
)
self.course = CourseFactory.create(
user_partitions=[self.animal_partition, self.color_partition], )
with self.store.bulk_operations(self.course.id, emit_signals=False):
chapter = ItemFactory.create(category='chapter',
parent=self.course)
section = ItemFactory.create(category='sequential', parent=chapter)
vertical = ItemFactory.create(category='vertical', parent=section)
component = ItemFactory.create(category='problem', parent=vertical)
self.chapter_location = chapter.location
self.section_location = section.location
self.vertical_location = vertical.location
self.component_location = component.location
self.red_cat = UserFactory() # student in red and cat groups
self.set_user_group(self.red_cat, self.animal_partition,
self.cat_group)
self.set_user_group(self.red_cat, self.color_partition, self.red_group)
self.blue_dog = UserFactory() # student in blue and dog groups
self.set_user_group(self.blue_dog, self.animal_partition,
self.dog_group)
self.set_user_group(self.blue_dog, self.color_partition,
self.blue_group)
self.white_mouse = UserFactory() # student in no group
self.gray_worm = UserFactory() # student in deleted group
self.set_user_group(self.gray_worm, self.animal_partition,
self.worm_group)
self.set_user_group(self.gray_worm, self.color_partition,
self.gray_group)
# delete the gray/worm groups from the partitions now so we can test scenarios
# for user whose group is missing.
self.animal_partition.groups.pop()
self.color_partition.groups.pop()
# add a staff user, whose access will be unconditional in spite of group access.
self.staff = StaffFactory.create(course_key=self.course.id)