def test_user_can_view_course(self): """ Verify basic functionality of user_can_view_course. """ # A user with no permissions should not be able to view the course. permissions.set_user_course_permissions(self.user, []) self.assertFalse(permissions.user_can_view_course(self.user, self.course_id)) # The user should be able to view the course after the permissions have been set. permissions.set_user_course_permissions(self.user, [self.course_id]) self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
def test_superuser_can_view_course(self): """ Verify that superusers can view everything. """ user = self.user user.is_superuser = True user.save() # With no permissions set, a superuser should still be able to view a course. permissions.set_user_course_permissions(self.user, []) self.assertTrue(permissions.user_can_view_course(user, self.course_id)) # With permissions set, a superuser should be able to view a course # (although the individual permissions don't matter). permissions.set_user_course_permissions(self.user, [self.course_id]) self.assertTrue(permissions.user_can_view_course(user, self.course_id))
def test_revoke_user_permissions(self): courses = [self.course_id] permissions_key = 'course_permissions_{}'.format(self.user.pk) update_key = 'course_permissions_updated_at_{}'.format(self.user.pk) # Set permissions and verify cache is updated permissions.set_user_course_permissions(self.user, courses) self.assertListEqual(cache.get(permissions_key), courses) self.assertIsNotNone(cache.get(update_key)) self.assertTrue(permissions.user_can_view_course(self.user, self.course_id)) # Revoke permissions and verify cache cleared permissions.revoke_user_course_permissions(self.user) self.assertIsNone(cache.get(permissions_key)) self.assertIsNone(cache.get(update_key))
def test_set_user_course_permissions(self): courses = [] permissions.set_user_course_permissions(self.user, courses) permissions_key = 'course_permissions_{}'.format(self.user.pk) self.assertListEqual(cache.get(permissions_key), courses) update_key = 'course_permissions_updated_at_{}'.format(self.user.pk) last_updated = cache.get(update_key) self.assertIsNotNone(last_updated) courses = [self.course_id] permissions.set_user_course_permissions(self.user, courses) self.assertListEqual(cache.get(permissions_key), courses) self.assertGreater(cache.get(update_key), last_updated) self.assertTrue(permissions.user_can_view_course(self.user, self.course_id))
def get(self, request, *_args, **_kwargs): if not settings.ENABLE_AUTO_AUTH: raise Http404 if not settings.AUTO_AUTH_USERNAME_PREFIX: raise ValueError('AUTO_AUTH_USERNAME_PREFIX must be set!') # Create a new user username = password = settings.AUTO_AUTH_USERNAME_PREFIX + uuid.uuid4().hex[0:20] user = User.objects.create_user(username, password=password) # Grant user access to demo course permissions.set_user_course_permissions(user, ['edX/DemoX/Demo_Course']) # Login the new user user = authenticate(username=username, password=password) login(request, user) return redirect('/')
def assertViewClearsPermissions(self, view_name): self.login() user = self.user course_id = 'edX/DemoX/Demo_Course' courses = [course_id] permissions_key = 'course_permissions_{}'.format(user.pk) update_key = 'course_permissions_updated_at_{}'.format(user.pk) # Set permissions and verify cache is updated set_user_course_permissions(user, courses) self.assertListEqual(cache.get(permissions_key), courses) self.assertIsNotNone(cache.get(update_key)) self.assertTrue(user_can_view_course(user, course_id)) # Logout by GETing the URL. self.client.logout() doesn't actually call this view. response = self.client.get(reverse(view_name)) # Verify cache cleared self.assertIsNone(cache.get(permissions_key)) self.assertIsNone(cache.get(update_key)) return response
def grant_permission(self, user, *courses): set_user_course_permissions(user, courses)
def set_empty_permissions(user): set_user_course_permissions(user, []) return []