def setUp(self):
super().setUp()
self.org = OrganizationFactory(name='MyOrg', key='myorg')
self.course_run = CourseRunFactory(draft=True,
title_override='MyCourse')
self.course = self.course_run.course
self.course.authoring_organizations.add(self.org)
self.partner = self.course.partner
self.group = GroupFactory()
self.pc = self.make_user(email='*****@*****.**')
self.editor = self.make_user(groups=[self.group])
self.editor2 = self.make_user(groups=[self.group])
self.non_editor = self.make_user(groups=[self.group])
self.legal = self.make_user(
groups=[Group.objects.get(name=LEGAL_TEAM_GROUP_NAME)])
CourseEditorFactory(user=self.editor, course=self.course)
CourseEditorFactory(user=self.editor2, course=self.course)
OrganizationExtensionFactory(group=self.group, organization=self.org)
OrganizationUserRoleFactory(user=self.pc,
organization=self.org,
role=InternalUserRole.ProjectCoordinator)
self.publisher_url = '{}courses/{}'.format(self.partner.publisher_url,
self.course_run.course.uuid)
self.studio_url = '{}course/{}'.format(self.partner.studio_url,
self.course_run.key)
self.admin_url = 'https://{}/admin/course_metadata/courserun/{}/change/'.format(
self.partner.site.domain, self.course_run.id)
self.run_num = CourseKey.from_string(self.course_run.key).run
def test_course_without_editors(self):
""" Verify we can modify a course with no editors if we're in its authoring org. """
url = reverse('api:v1:course-detail', kwargs={'key': self.course.uuid})
self.user.is_staff = False
self.user.save()
self.course.draft = True
self.course.save()
# Try without being in the organization nor an editor
self.assertEqual(self.client.patch(url).status_code, 404)
# Add to authoring org, and we should be let in
org_ext = OrganizationExtensionFactory(organization=self.org)
self.user.groups.add(org_ext.group)
self.assertNotEqual(self.client.patch(url).status_code, 404)
# Now add a random other user as an editor to the course, so that we will no longer be granted access.
editor = UserFactory()
CourseEditorFactory(user=editor, course=self.course)
editor.groups.add(org_ext.group)
self.assertEqual(self.client.patch(url).status_code, 404)
# But if the editor is no longer valid (even though they exist), we're back to having access.
editor.groups.remove(org_ext.group)
self.assertNotEqual(self.client.patch(url).status_code, 404)
# And finally, for a sanity check, confirm we have access when we become an editor also
CourseEditorFactory(user=self.user, course=self.course)
self.assertNotEqual(self.client.patch(url).status_code, 404)
def test_editor_access_detail_endpoint(self, method, is_staff, in_org,
is_editor, allowed):
""" Verify we check editor access correctly when hitting the course object endpoint. """
self.user.is_staff = is_staff
self.user.save()
# Add another editor, because we have some logic that allows access anyway if a course has no valid editors.
# That code path is checked in test_course_without_editors below.
org_ext = OrganizationExtensionFactory(organization=self.org)
user2 = UserFactory()
user2.groups.add(org_ext.group)
CourseEditorFactory(user=user2, course=self.course)
if in_org:
# Editors must be in the org to get editor access
self.user.groups.add(org_ext.group)
if is_editor:
CourseEditorFactory(user=self.user, course=self.course)
response = getattr(self.client,
method)(reverse('api:v1:course-detail',
kwargs={'key': self.course.uuid}))
if not allowed:
self.assertEqual(response.status_code, 404)
else:
# We'll probably fail because we didn't include the right data - but at least we'll have gotten in
self.assertNotEqual(response.status_code, 404)
def test_course_query_param(self):
"""Verify GET endpoint with course query param returns editors relative to that course"""
CourseEditorFactory(course=self.course)
CourseEditorFactory()
response = self.client.get(self.list_path)
assert len(response.data['results']) == 2
response = self.client.get(self.list_path, {'course': self.course.uuid})
assert len(response.data['results']) == 1
assert response.data['results'][0]['course'] == self.course.uuid
def test_generate_data_for_studio_api(self):
run = CourseRunFactory()
editor = CourseEditorFactory(course=run.course)
team = [
{
'user': editor.user.username,
'role': 'instructor',
},
]
assert StudioAPI.generate_data_for_studio_api(run, True) == self.make_studio_data(run, team=team)
def test_list(self):
"""Verify GET endpoint returns list of editors"""
CourseEditorFactory()
response = self.client.get(self.list_path)
assert len(response.data['results']) == 1
# Test for non staff user
self.client.login(username=self.user.username, password=USER_PASSWORD)
response = self.client.get(self.list_path)
self.assertFalse(response.data['results'])
def test_update_if_editor(self):
""" Verify the endpoint supports updating a course_run with editor permissions. """
self.mock_patch_to_studio(self.course_run.key)
url = reverse('api:v1:course_run-detail',
kwargs={'key': self.course_run.key})
self.user.is_staff = False
self.user.save()
# Not an editor, not allowed to patch
response = self.client.patch(url, {}, format='json')
self.assertEqual(response.status_code, 403)
# Add as editor
org_ext = OrganizationExtensionFactory(
organization=self.course_run.course.authoring_organizations.first(
))
self.user.groups.add(org_ext.group)
CourseEditorFactory(user=self.user, course=self.course_run.course)
# now allowed to patch
response = self.client.patch(url, {}, format='json')
self.assertEqual(response.status_code, 200)