def setUp(self):
"""Setup."""
self.u1 = factory.make_user("Zi", "pass", "*****@*****.**")
self.jf1 = factory.make_format()
self.jf2 = factory.make_format()
self.a1 = factory.make_assignment('tcolloq', 'description', format=self.jf1)
self.et1 = factory.make_entry_template('temp1')
self.et2 = factory.make_entry_template('temp2')
self.f1 = factory.make_field(self.et1, "test0", "1")
self.f2 = factory.make_field(self.et1, "test2", "2")
self.f3 = factory.make_field(self.et2, "test1", "1")
self.j1 = factory.make_journal(self.a1, self.u1)
self.e1 = factory.make_entry(self.et1)
self.e2 = factory.make_entry(self.et2)
self.c1 = factory.make_content(self.e1, "testcontent1", self.f1)
self.c2 = factory.make_content(self.e1, "testcontent2", self.f2)
self.c3 = factory.make_content(self.e2, "testcontent3", self.f3)
self.jf1.available_templates.add()
self.jf2.available_templates.add()
self.usr = factory.make_user('teun', '1234', email='*****@*****.**', lti_id='a')
self.crs = factory.make_course('test course please ignore', 'XXXX', startdate=datetime.date.today())
def test_is_supervisor(self):
middle = factory.make_user('Username2', 'Password', email='*****@*****.**')
student = factory.make_user('Username3', 'Password', email='*****@*****.**')
role = factory.make_role_default_no_perms("TE", self.course1,
can_view_course_users=True, can_view_all_journals=True)
factory.make_participation(self.user, self.course1, role)
role = factory.make_role_default_no_perms("MD", self.course1, can_view_course_users=True)
factory.make_participation(middle, self.course1, role)
role = factory.make_role_default_no_perms("SD", self.course1)
factory.make_participation(student, self.course1, role)
factory.make_journal(self.assignment, student)
self.assertTrue(permissions.is_user_supervisor_of(self.user, student))
self.assertTrue(permissions.is_user_supervisor_of(self.user, middle))
self.assertTrue(permissions.is_user_supervisor_of(middle, self.user))
self.assertTrue(permissions.is_user_supervisor_of(middle, student))
self.assertFalse(permissions.is_user_supervisor_of(student, self.user))
self.assertFalse(permissions.is_user_supervisor_of(student, middle))
Participation.objects.get(course=self.course1, user=student).delete()
self.assertTrue(permissions.is_user_supervisor_of(self.user, student))
self.assertFalse(permissions.is_user_supervisor_of(middle, student))
self.assertFalse(permissions.is_user_supervisor_of(student, self.user))
self.assertFalse(permissions.is_user_supervisor_of(student, middle))
def test_make_user(self):
# Create test student
test_student = creation_factory.make_user(
username='******',
password='',
full_name=settings.LTI_TEST_STUDENT_FULL_NAME,
is_test_student=True)
assert test_student.is_test_student, 'Test student should be flagged accordingly'
assert not test_student.has_usable_password(
), 'Test student should have no usable password'
with pytest.raises(ValidationError):
assert creation_factory.make_user(
username='******', password='', full_name='Not test student', is_test_student=True), \
'Test user\'s full name is expected to match Test student'
test_student.email = '*****@*****.**'
test_student.full_name = 'new full name'
test_student.save()
assert test_student.email == '*****@*****.**' and test_student.full_name == 'new full name', \
'After creation a test student should be able to update their full name and email address'
# A test student should remain a test student
with pytest.raises(ValidationError):
test_student.is_test_student = False
test_student.save()
def test_is_supervisor(self):
middle = factory.make_user('Username2', DEFAULT_PASSWORD, email='*****@*****.**', full_name='Test User')
student = factory.make_user('Username3', DEFAULT_PASSWORD, email='*****@*****.**', full_name='Test User')
role = factory.make_role_default_no_perms("TE", self.course1,
can_view_course_users=True, can_view_all_journals=True)
factory.make_participation(self.user, self.course1, role)
role = factory.make_role_default_no_perms("MD", self.course1, can_view_course_users=True)
factory.make_participation(middle, self.course1, role)
role = factory.make_role_default_no_perms("SD", self.course1)
factory.make_participation(student, self.course1, role)
factory.make_journal(self.assignment, student)
assert permissions.is_user_supervisor_of(self.user, student)
assert permissions.is_user_supervisor_of(self.user, middle)
assert permissions.is_user_supervisor_of(middle, self.user)
assert permissions.is_user_supervisor_of(middle, student)
assert not permissions.is_user_supervisor_of(student, self.user)
assert not permissions.is_user_supervisor_of(student, middle)
Participation.objects.get(course=self.course1, user=student).delete()
assert permissions.is_user_supervisor_of(self.user, student)
assert not permissions.is_user_supervisor_of(middle, student)
assert not permissions.is_user_supervisor_of(student, self.user)
assert not permissions.is_user_supervisor_of(student, middle)
def setUp(self):
"""Set up the test file."""
self.username, self.password, self.user = test.set_up_user_and_auth(
'test123', 'test123', '*****@*****.**')
self.rein_user, self.rein_pass, self.rein = test.set_up_user_and_auth(
"Rein", "123", '*****@*****.**')
self.no_perm_user, self.no_perm_pass, self.no_permission_user = test.set_up_user_and_auth(
"no_perm", "123", '*****@*****.**')
self.course = factory.make_course("Beeldbewerken", "BB")
self.lars = factory.make_user("Lars", "123", "*****@*****.**")
self.student1 = factory.make_user("Student1", "123", "Student1.com")
self.student2 = factory.make_user("Student2", "123", "Student2.com")
self.not_found_pk = 9999
def set_up_user_and_auth(username,
password,
email,
first_name=None,
last_name=None,
is_superuser=False,
is_teacher=False):
"""Set up a user with the possibility of global permissions.
Arguments:
username -- username for the user
password -- password for the user
first_name -- first name
last_name -- last name
Returns the user and its credentials
"""
user = factory.make_user(username,
password,
email,
is_superuser=is_superuser,
is_teacher=is_teacher,
first_name=first_name,
last_name=last_name)
return username, password, user
def test_update_user_role_course(self):
"""Test user role update in a course."""
login = test.logging_in(self, self.rein_user, self.rein_pass)
course = factory.make_course("Portfolio Academische Vaardigheden",
"PAV",
author=self.rein)
ta_role = Role.objects.get(name='TA', course=course)
student_role = factory.make_role_student(name='SD', course=course)
self.user_role = factory.make_user("test123", "test", "*****@*****.**")
factory.make_participation(self.user_role, course, ta_role)
factory.make_participation(self.user, course, student_role)
user_role = Participation.objects.get(user=self.user_role,
course=course).role.name
self.assertEquals(user_role, 'TA')
test.api_patch_call(self, '/participations/' + str(course.pk) + '/', {
'user_id': self.user_role.pk,
'role': 'SD'
}, login)
user_role = Participation.objects.get(user=self.user_role,
course=course.pk).role.name
self.assertEquals(user_role, 'SD')
def test_teacher_permissions(self):
"""Test if the teacher has the right general permissions."""
user = factory.make_user('teacher', 'password', email='some@other', is_teacher=True)
self.assertTrue(user.has_permission('can_add_course'))
self.assertFalse(user.has_permission('can_edit_institute_details'))
self.assertRaises(VLEParticipationError, user.has_permission, 'can_delete_course', self.course_independent)
self.assertRaises(VLEParticipationError, user.has_permission, 'can_have_journal', self.assignment_independent)
def test_teacher_permissions(self):
"""Test if the teacher has the right general permissions."""
user = factory.make_user(
'teacher', DEFAULT_PASSWORD, email='*****@*****.**', is_teacher=True, full_name='Test User')
assert user.has_permission('can_add_course')
assert not user.has_permission('can_edit_institute_details')
self.assertRaises(VLEParticipationError, user.has_permission, 'can_delete_course', self.course_independent)
self.assertRaises(VLEParticipationError, user.has_permission, 'can_have_journal', self.assignment_independent)
def test_admin_permissions(self):
"""Test if the admin has all permissions."""
user = factory.make_user('superuser', 'password', email='some@other', is_superuser=True)
self.assertTrue(user.has_permission('can_edit_institute_details'))
self.assertTrue(user.has_permission('can_add_course'))
self.assertTrue(user.has_permission('can_delete_course', self.course_independent))
self.assertTrue(user.has_permission('can_edit_assignment', self.assignment_independent))
self.assertFalse(user.has_permission('can_have_journal', self.assignment_independent))
def test_admin_permissions(self):
"""Test if the admin has all permissions."""
user = factory.make_user(
'superuser', DEFAULT_PASSWORD, email='*****@*****.**', is_superuser=True, full_name='Test User')
assert user.has_permission('can_edit_institute_details')
assert user.has_permission('can_add_course')
assert user.has_permission('can_delete_course', self.course_independent)
assert user.has_permission('can_edit_assignment', self.assignment_independent)
assert not user.has_permission('can_have_journal', self.assignment_independent)
def setUp(self):
self.user = factory.make_user('Username', DEFAULT_PASSWORD, email='*****@*****.**', full_name='Test User')
self.course1 = factory.make_course('Course', 'crs', startdate=datetime.date.today())
self.course2 = factory.make_course('Course2', 'crs2', startdate=datetime.date.today())
self.course_independent = factory.make_course('Independent Course', 'crs3', startdate=datetime.date.today())
self.assignment = factory.make_assignment('Assignment', 'Assignment linked to multiple courses.',
courses=[self.course1, self.course2])
self.assignment_independent = factory.make_assignment('Assignment2', 'Assignment linked to separate course.',
courses=[self.course_independent])
def setUp(self):
"""Setup."""
self.u_rick = factory.make_user("Rick",
DEFAULT_PASSWORD,
"*****@*****.**",
full_name='Test User')
self.u_lars = factory.make_user("Lars",
DEFAULT_PASSWORD,
"*****@*****.**",
full_name='Test User')
f_colloq = factory.make_default_format()
self.deadlineentry = factory.make_entrydeadline_node(
f_colloq,
due_date=datetime.datetime.now() - datetime.timedelta(days=10),
template=f_colloq.template_set.first())
self.progressnode = factory.make_progress_node(
f_colloq,
datetime.datetime.now() + datetime.timedelta(days=10), 10)
f_log = factory.make_default_format()
self.template = f_colloq.template_set.first()
course = factory.make_course("Some Course", "c")
student_role = Role.objects.get(name='Student', course=course)
factory.make_participation(self.u_rick, course, student_role)
a_colloq = factory.make_assignment("Colloq",
"In de opdracht...1",
author=self.u_rick,
format=f_colloq,
courses=[course])
a_log = factory.make_assignment("Logboek",
"In de opdracht...2",
author=self.u_rick,
format=f_log,
courses=[course])
self.j_rick_colloq = factory.make_journal(a_colloq, self.u_rick)
self.j_lars_colloq = factory.make_journal(a_colloq, self.u_lars)
self.j_rick_log = factory.make_journal(a_log, self.u_rick)
def setUp(self):
"""Setup."""
self.u_rick = factory.make_user("Rick", "pass", "*****@*****.**")
self.u_lars = factory.make_user("Lars", "pass", "*****@*****.**")
self.template = Template(name="some_template")
self.template.save()
f_colloq = factory.make_format()
self.deadlineentry = factory.make_entrydeadline_node(
f_colloq,
datetime.datetime.now() - datetime.timedelta(days=10),
self.template)
self.progressnode = factory.make_progress_node(
f_colloq,
datetime.datetime.now() + datetime.timedelta(days=10), 10)
f_log = factory.make_format()
f_colloq.available_templates.add(self.template)
course = factory.make_course("Some Course", "c")
student_role = Role.objects.get(name='Student', course=course)
factory.make_participation(self.u_rick, course, student_role)
a_colloq = factory.make_assignment("Colloq",
"In de opdracht...1",
author=self.u_rick,
format=f_colloq,
courses=[course])
a_log = factory.make_assignment("Logboek",
"In de opdracht...2",
author=self.u_rick,
format=f_log,
courses=[course])
self.j_rick_colloq = factory.make_journal(a_colloq, self.u_rick)
self.j_lars_colloq = factory.make_journal(a_colloq, self.u_lars)
self.j_rick_log = factory.make_journal(a_log, self.u_rick)
def set_up_users(name, n):
"""Set up some students.
Arguments:
name -- the base for the incremental names for the users
n -- number of students to be made
Returns a list of users with incremental naming.
"""
users = []
for i in range(n):
users.append(
factory.make_user(name + str(i), 'pass', '*****@*****.**' + str(i)))
return users
def setUp(self):
"""Setup."""
self.course = factory.make_course('TestCourse', 'aaaa', lti_id='asdf')
self.user = factory.make_user('TestUser', 'Pass', '*****@*****.**')
factory.make_participation(
self.user, self.course,
Role.objects.get(name='Student', course=self.course))
self.assignment = factory.make_assignment("TestAss",
"TestDescr",
points_possible=100,
courses=[self.course])
self.journal = factory.make_journal(self.assignment, self.user)
self.journal.sourcedid = 'f6d552'
self.journal.grade_url = 'http://127.0.0.1:8000/grade_passback'
def delete_user_from_course(self):
"""Test delete_user_from_course"""
login = test.logging_in(self, self.username, self.password)
course = factory.make_course("Beeldbewerken", "BB")
rein = factory.make_user("Rein", "123", "*****@*****.**")
lars = factory.make_user("Lars", "123", "*****@*****.**")
role = factory.make_role_default_no_perms("test", course)
factory.make_participation(rein, course, role=role)
factory.make_participation(lars, course, role=role)
test.api_del_call(self, '/participations/' + str(course.pk) + '/',
{'user_id': rein.user_role.pk}, login)
participations = course.participation_set.all()
participations = [
serialize.participation_to_dict(participation)
for participation in participations
]
self.assertEquals(participations.count(), 1)
self.assertEquals(participations[0]['name'], 'Lars')
def test_delete_course_role(self):
"""Test delete course roles"""
teacher_user = '******'
teacher_pass = '******'
teacher = factory.make_user(teacher_user, teacher_pass,
"*****@*****.**")
teacher_role = factory.make_role_teacher("TE", self.course)
factory.make_participation(teacher, self.course, teacher_role)
factory.make_role_ta('TA2', self.course)
login = test.logging_in(self, teacher_user, teacher_pass)
test.api_del_call(self, '/roles/' + str(self.course.pk) + '/?name=TA2',
login)
self.assertEquals(
Role.objects.filter(
name='TA2',
course=Course.objects.get(pk=self.course.pk)).count(), 0)
def test_foreignkeys(self):
"""Test the foreign keys in the database."""
user_test = factory.make_user('lers', 'lers123', '*****@*****.**', '123456')
course_test = factory.make_course('tname', 'XXXX', datetime.date.today())
factory.make_format()
template = factory.make_entry_template("some_template")
entr_test = factory.make_entry(template)
field = factory.make_field(template, "test1", "1")
factory.make_content(entr_test, "data", field)
course_test.author = user_test
ass_test = factory.make_assignment(name='tcolloq', description='description')
ass_test.courses.add(course_test)
journ_test = factory.make_journal(user=user_test, assignment=ass_test)
self.assertEquals(entr_test.template.pk, template.pk)
self.assertEquals(journ_test.user.pk, user_test.pk)
self.assertEquals(journ_test.assignment.pk, ass_test.pk)
self.assertEquals(course_test.author.pk, user_test.pk)
def handle_test_student(user, params):
"""Creates a test user if no user is proved and the params contain a blank email adress."""
if not user \
and 'custom_user_email' in params and params['custom_user_email'] == '' \
and 'custom_user_full_name' in params and params['custom_user_full_name'] == settings.LTI_TEST_STUDENT_FULL_NAME:
lti_id, username, full_name, email, course_id = utils.required_params(
params, 'user_id', 'custom_username', 'custom_user_full_name',
'custom_user_email', 'custom_course_id')
profile_picture = '/unknown-profile.png' if 'custom_user_image' not in params else params[
'custom_user_image']
is_teacher = settings.ROLES['Teacher'] in lti.roles_to_list(params)
return factory.make_user(username,
email=email,
lti_id=lti_id,
profile_picture=profile_picture,
is_teacher=is_teacher,
full_name=full_name,
is_test_student=True)
return user
def test_update_course_with_student(self):
"""Test update_course_with_student"""
login = test.logging_in(self, self.username, self.password)
course = factory.make_course("Portfolio Academische Vaardigheden",
"PAV")
teacher_role = Role.objects.get(name='Teacher', course=course)
factory.make_participation(self.user, course, teacher_role)
student = factory.make_user("Rick", "pass", "*****@*****.**")
test.api_post_call(self, '/participations/', {
'user_id': student.pk,
'course_id': course.pk
}, login)
course = Course.objects.get(pk=course.pk)
self.assertEquals(len(course.users.all()), 2)
self.assertTrue(
User.objects.filter(participation__course=course,
username='******').exists())
def test_get_course_roles(self):
"""Test the get delete assignment function."""
teacher_user = '******'
teacher_pass = '******'
teacher = factory.make_user(teacher_user, teacher_pass,
"*****@*****.**")
factory.make_role_student("SD", self.course)
factory.make_role_default_no_perms("HE", self.course)
teacher_role = factory.make_role_teacher("TE", self.course)
factory.make_participation(teacher, self.course, teacher_role)
login = test.logging_in(self, teacher_user, teacher_pass)
result = test.api_get_call(self,
'/roles/',
login,
params={'course_id': self.course.pk})
self.assertEquals(len(result.json()['roles']), 6)
# permissions and authorization check for the api call.
login = test.logging_in(self, self.no_perm_user, self.no_perm_pass)
test.test_unauthorized_api_get_call(self,
'/roles/',
params={'course_id': 1})
test.api_get_call(self,
'/roles/',
login,
params={'course_id': self.course.pk},
status=403)
test.api_get_call(self,
'/roles/',
login,
params={'course_id': self.not_found_pk},
status=404)
test.set_up_participation(self.no_permission_user, self.course,
'Student')
test.api_get_call(self,
'/roles/',
login,
params={'course_id': self.course.pk},
status=403)
def create(self, request):
"""Create a new user.
Arguments:
request -- request data
username -- username
password -- password
full_name -- full name
email -- (optinal) email
jwt_params -- (optinal) jwt params to get the lti information from
user_id -- id of the user
user_image -- user image
roles -- role of the user
Returns:
On failure:
unauthorized -- when the user is not logged in
bad request -- when email/username/lti id already exists
bad request -- when email/password is invalid
On success:
success -- with the newly created user data
"""
lti_id, user_image, full_name, email, is_teacher = get_lti_params(
request, 'user_id', 'custom_user_image', 'custom_user_full_name',
'custom_user_email')
is_test_student = bool(lti_id) and not bool(
email) and full_name == settings.LTI_TEST_STUDENT_FULL_NAME
if lti_id is None:
# Check if instance allows standalone registration if user did not register through some LTI instance
try:
instance = Instance.objects.get(pk=1)
if not instance.allow_standalone_registration:
return response.bad_request((
'{} does not allow you to register through the website,'
+ ' please use an LTI instance.').format(
instance.name))
except Instance.DoesNotExist:
pass
full_name, email = utils.required_params(request.data, 'full_name',
'email')
username, password = utils.required_params(request.data, 'username',
'password')
if email and User.objects.filter(email=email).exists():
return response.bad_request('User with this email already exists.')
if User.objects.filter(username=username).exists():
return response.bad_request(
'User with this username already exists.')
if lti_id is not None and User.objects.filter(lti_id=lti_id).exists():
return response.bad_request(
'User with this lti id already exists.')
user = factory.make_user(username=username,
email=email,
lti_id=lti_id,
full_name=full_name,
is_teacher=is_teacher,
verified_email=bool(lti_id) and bool(email),
password=password,
profile_picture=user_image
if user_image else '/unknown-profile.png',
is_test_student=is_test_student)
if lti_id is None:
send_email_verification_link.delay(user.pk)
return response.created({'user': UserSerializer(user).data})
def gen_users(self):
"""Generate users with password 'pass'."""
users_examples = [
{
"username": "******",
"first_name": "Lars",
"last_name": "van Hijfte",
"verified_email": False,
"pass": "******",
"is_superuser": False,
"is_teacher": False
}, {
"username": "******",
"first_name": "Rick",
"last_name": "Watertor",
"pass": "******",
"is_superuser": False,
"is_teacher": False
}, {
"username": "******",
"first_name": "Dennis",
"last_name": "Wind",
"pass": "******",
"is_superuser": False,
"is_teacher": False
}, {
"username": "******",
"first_name": "Maarten",
"last_name": "Keulen",
"pass": "******",
"is_superuser": False,
"is_teacher": False
}, {
"username": "******",
"first_name": "Zi Long",
"last_name": "Zhu",
"pass": "******",
"is_superuser": False,
"is_teacher": False
}, {
"username": "******",
"first_name": "Xavier",
"last_name": "van Dommelen",
"pass": "******",
"is_superuser": False,
"is_teacher": True
}, {
"username": "******",
"first_name": "Super",
"last_name": "User",
"pass": "******",
"is_superuser": True,
"is_teacher": True
}
]
self.users = []
for u in users_examples:
self.users.append(factory.make_user(
u['username'],
u['pass'],
u['email'] if 'email' in u else u['first_name'] + '@eJourn.al',
is_superuser=u['is_superuser'], is_teacher=u['is_teacher'],
first_name=u['first_name'], last_name=u['last_name'],
verified_email=u['verified_email'] if 'verified_email' in u else False)
)
def create(self, request):
"""Create a new user.
Arguments:
request -- request data
username -- username
password -- password
first_name -- (optinal) first name
last_name -- (optinal) last name
email -- (optinal) email
jwt_params -- (optinal) jwt params to get the lti information from
user_id -- id of the user
user_image -- user image
roles -- role of the user
Returns:
On failure:
unauthorized -- when the user is not logged in
bad request -- when email/username/lti id already exists
bad request -- when email/password is invalid
On succes:
success -- with the newly created user data
"""
lti_id, user_image, full_name, email, is_teacher = get_lti_params(
request, 'user_id', 'custom_user_image', 'custom_user_full_name', 'custom_user_email')
if full_name:
first_name, last_name = lti.split_fullname(full_name)
if lti_id is None:
# Check if instance allows standalone registration if user did not register through some LTI instance
try:
instance = Instance.objects.get(pk=1)
if not instance.allow_standalone_registration:
return response.bad_request(('{} does not allow you to register through the website,' +
' please use an LTI instance.').format(instance.name))
except Instance.DoesNotExist:
pass
first_name, last_name, email = utils.optional_params(request.data, 'first_name', 'last_name', 'email')
username, password = utils.required_params(request.data, 'username', 'password')
if email and User.objects.filter(email=email).exists():
return response.bad_request('User with this email already exists.')
validate_email(email)
if User.objects.filter(username=username).exists():
return response.bad_request('User with this username already exists.')
if lti_id is not None and User.objects.filter(lti_id=lti_id).exists():
return response.bad_request('User with this lti id already exists.')
validators.validate_password(password)
user = factory.make_user(username, password, email=email, lti_id=lti_id, is_teacher=is_teacher,
first_name=first_name, last_name=last_name, profile_picture=user_image,
verified_email=True if lti_id else False)
if lti_id is None:
try:
email_handling.send_email_verification_link(user)
except SMTPAuthenticationError as err:
user.delete()
raise err
return response.created({'user': UserSerializer(user).data})