def test_another_user_with_certs_shared_custom(self, auth_type, scopes_enforced): """ Returns 200 with cert list for OAuth, Session, and JWT auth. Returns 200 for jwt_restricted and user:me filter unset. """ self.student.profile.year_of_birth = 1977 self.student.profile.save() UserPreferenceFactory.build( user=self.student, key='account_privacy', value='custom', ).save() UserPreferenceFactory.build( user=self.student, key='visibility.course_certificates', value='all_users', ).save() with ENFORCE_JWT_SCOPES.override(active=scopes_enforced): resp = self.get_response(auth_type, requesting_user=self.other_student) self.assertEqual(resp.status_code, status.HTTP_200_OK) self.assertEqual(len(resp.data), 1)
def test_another_user_with_certs_shared_public(self, auth_type): """ Returns 200 with cert list for OAuth, Session, and JWT auth. Returns 200 for jwt_restricted and user:me filter unset. """ self.student.profile.year_of_birth = 1977 self.student.profile.save() UserPreferenceFactory.build( user=self.student, key='account_privacy', value='all_users', ).save() resp = self.get_response(auth_type, requesting_user=self.global_staff) assert resp.status_code == status.HTTP_200_OK assert len(resp.data) == 1
def test_another_user_with_certs_shared_public(self, auth_type, scopes_enforced): """ Returns 200 with cert list for OAuth, Session, and JWT auth. Returns 200 for jwt_restricted and user:me filter unset. """ self.student.profile.year_of_birth = 1977 self.student.profile.save() UserPreferenceFactory.build( user=self.student, key='account_privacy', value='all_users', ).save() with ENFORCE_JWT_SCOPES.override(active=scopes_enforced): resp = self.get_response(auth_type, requesting_user=self.other_student) self.assertEqual(resp.status_code, status.HTTP_200_OK) self.assertEqual(len(resp.data), 1)
def test_owner_can_access_its_certs(self): """ Tests the owner of the certs can access the certificate list api """ self.student.profile.year_of_birth = 1977 self.student.profile.save() UserPreferenceFactory.build( user=self.student, key='visibility.course_certificates', value='private', ).save() resp = self.get_response(AuthType.session, requesting_user=self.student) assert resp.status_code == status.HTTP_200_OK # verifies that other than owner cert list api is not accessible resp = self.get_response(AuthType.session, requesting_user=self.other_student) assert resp.status_code == status.HTTP_403_FORBIDDEN
def test_public_profile_certs_is_accessible(self): """ Tests the public profile certs can be accessed by all users """ self.student.profile.year_of_birth = 1977 self.student.profile.save() UserPreferenceFactory.build( user=self.student, key='visibility.course_certificates', value='all_users', ).save() resp = self.get_response(AuthType.session, requesting_user=self.student) assert resp.status_code == status.HTTP_200_OK resp = self.get_response(AuthType.session, requesting_user=self.other_student) assert resp.status_code == status.HTTP_200_OK resp = self.get_response(AuthType.session, requesting_user=self.global_staff) assert resp.status_code == status.HTTP_200_OK