def test_staff_get_project(self):
self.assertFalse(self.project.visible_to_students)
staff = obj_build.make_staff_user(self.course)
# closing_time is only shown to admins.
self.do_get_object_test(
self.client, staff, self.url,
exclude_dict(self.project.to_dict(), ['closing_time']))
def test_staff_get_results_past_deadline_ultimate_scores_shown_ultimate_policy_best(
self):
self.project.validate_and_update(
ultimate_submission_policy=ag_models.UltimateSubmissionPolicy.best,
hide_ultimate_submission_fdbk=False)
student_group, student_best = self._make_group_with_submissions(
1, num_submissions=2)
staff_group, staff_best = self._make_group_with_submissions(
1, members_role=obj_build.UserRole.staff)
expected = [
self._make_result_content_for_user(student_group.member_names[0],
student_group,
student_best,
points_only=True),
self._make_result_content_for_user(staff_group.member_names[0],
staff_group,
staff_best,
points_only=True)
]
staff = obj_build.make_staff_user(self.course)
self.client.force_authenticate(staff)
past_closing_time = timezone.now() - datetime.timedelta(hours=1)
for closing_time in past_closing_time, None:
self.project.validate_and_update(closing_time=closing_time)
response = self.client.get(self.base_url)
self.assertEqual(status.HTTP_200_OK, response.status_code)
self.assertSequenceEqual(expected, response.data['results'])
def test_staff_view_late_day_count_for_other_course_permission_denied(
self):
staff = obj_build.make_staff_user(self.course)
# Student for other course
other_course = obj_build.make_course()
other_course_student = obj_build.make_student_user(other_course)
self.assertFalse(other_course.is_staff(staff))
self.client.force_authenticate(staff)
response = self.client.get(
self.get_pk_url(other_course_student, other_course))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
response = self.client.get(
self.get_username_url(other_course_student, other_course))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
# Guest for other course
other_guest = obj_build.make_user()
response = self.client.get(self.get_pk_url(other_guest, other_course))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
response = self.client.get(
self.get_username_url(other_guest, other_course))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_staff_get_results_ultimate_scores_hidden_permission_denied(self):
self.project.validate_and_update(closing_time=None,
hide_ultimate_submission_fdbk=True)
staff = obj_build.make_staff_user(self.course)
self.client.force_authenticate(staff)
response = self.client.get(self.base_url)
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_staff_get_results_deadline_not_past_permission_denied(self):
self.assertLess(timezone.now(), self.project.closing_time)
self.project.validate_and_update(hide_ultimate_submission_fdbk=False)
staff = obj_build.make_staff_user(self.course)
self.client.force_authenticate(staff)
response = self.client.get(self.base_url)
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_non_admin_permission_denied(self):
staff = obj_build.make_staff_user(course=self.project.course)
self.client.force_authenticate(staff)
response = self.client.patch(self.url, {'add': 42})
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
response = self.client.patch(self.url, {'subtract': 42})
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
self._check_bonus_submissions(self.initial_num_bonus_submissions)
def test_other_add_project_permission_denied(self):
staff = obj_build.make_staff_user(self.course)
student = obj_build.make_student_user(self.course)
handgrader = obj_build.make_handgrader_user(self.course)
guest = obj_build.make_user()
project_name = 'project123'
for user in staff, student, handgrader, guest:
self.client.force_authenticate(user)
response = self.client.post(self.url, {'name': project_name})
self.assertEqual(403, response.status_code)
with self.assertRaises(exceptions.ObjectDoesNotExist):
ag_models.Project.objects.get(name=project_name)
def test_staff_list_projects(self):
staff = obj_build.make_staff_user(self.course)
self.do_valid_list_projects_test(staff,
self.all_projects,
show_instructor_files=True)
def test_non_admin_edit_project_permission_denied(self):
staff = obj_build.make_staff_user(self.course)
self.do_patch_object_permission_denied_test(self.project, self.client,
staff, self.url,
{'name': 'waaaaaaaaluigi'})
def test_non_admin_copy_project_permission_denied(self):
staff = obj_build.make_staff_user(self.project.course)
self.client.force_authenticate(staff)
response = self.client.post(
self.get_url(self.project, self.project.course, 'New project'))
self.assertEqual(status.HTTP_403_FORBIDDEN, response.status_code)
def test_staff_view_other_late_day_count(self):
staff = obj_build.make_staff_user(self.course)
student = obj_build.make_student_user(self.course)
self.do_get_late_days_test(staff, student, self.course,
self.initial_num_late_days)