def test_another_user_with_certs_shared_custom(self, auth_type,
scopes_enforced):
"""
Returns 200 with cert list for OAuth, Session, and JWT auth.
Returns 200 for jwt_restricted and user:me filter unset.
"""
self.student.profile.year_of_birth = 1977
self.student.profile.save()
UserPreferenceFactory.build(
user=self.student,
key='account_privacy',
value='custom',
).save()
UserPreferenceFactory.build(
user=self.student,
key='visibility.course_certificates',
value='all_users',
).save()
with ENFORCE_JWT_SCOPES.override(active=scopes_enforced):
resp = self.get_response(auth_type,
requesting_user=self.other_student)
self.assertEqual(resp.status_code, status.HTTP_200_OK)
self.assertEqual(len(resp.data), 1)
def test_another_user_with_certs_shared_public(self, auth_type):
"""
Returns 200 with cert list for OAuth, Session, and JWT auth.
Returns 200 for jwt_restricted and user:me filter unset.
"""
self.student.profile.year_of_birth = 1977
self.student.profile.save()
UserPreferenceFactory.build(
user=self.student,
key='account_privacy',
value='all_users',
).save()
resp = self.get_response(auth_type, requesting_user=self.global_staff)
assert resp.status_code == status.HTTP_200_OK
assert len(resp.data) == 1
def test_another_user_with_certs_shared_public(self, auth_type, scopes_enforced):
"""
Returns 200 with cert list for OAuth, Session, and JWT auth.
Returns 200 for jwt_restricted and user:me filter unset.
"""
self.student.profile.year_of_birth = 1977
self.student.profile.save()
UserPreferenceFactory.build(
user=self.student,
key='account_privacy',
value='all_users',
).save()
with ENFORCE_JWT_SCOPES.override(active=scopes_enforced):
resp = self.get_response(auth_type, requesting_user=self.other_student)
self.assertEqual(resp.status_code, status.HTTP_200_OK)
self.assertEqual(len(resp.data), 1)
def test_owner_can_access_its_certs(self):
"""
Tests the owner of the certs can access the certificate list api
"""
self.student.profile.year_of_birth = 1977
self.student.profile.save()
UserPreferenceFactory.build(
user=self.student,
key='visibility.course_certificates',
value='private',
).save()
resp = self.get_response(AuthType.session, requesting_user=self.student)
assert resp.status_code == status.HTTP_200_OK
# verifies that other than owner cert list api is not accessible
resp = self.get_response(AuthType.session, requesting_user=self.other_student)
assert resp.status_code == status.HTTP_403_FORBIDDEN
def test_public_profile_certs_is_accessible(self):
"""
Tests the public profile certs can be accessed by all users
"""
self.student.profile.year_of_birth = 1977
self.student.profile.save()
UserPreferenceFactory.build(
user=self.student,
key='visibility.course_certificates',
value='all_users',
).save()
resp = self.get_response(AuthType.session, requesting_user=self.student)
assert resp.status_code == status.HTTP_200_OK
resp = self.get_response(AuthType.session, requesting_user=self.other_student)
assert resp.status_code == status.HTTP_200_OK
resp = self.get_response(AuthType.session, requesting_user=self.global_staff)
assert resp.status_code == status.HTTP_200_OK