def challenge_set(): """ Creates a challenge with creator, 2 participants, and non participant. To use this you must mark the test with @pytest.mark.django_db """ ChallengeSet = namedtuple( 'ChallengeSet', [ 'challenge', 'creator', 'admin', 'participant', 'participant1', 'non_participant', ], ) creator = UserFactory() challenge = ChallengeFactory(creator=creator) admin = UserFactory() challenge.add_admin(admin) participant = UserFactory() challenge.add_participant(participant) participant1 = UserFactory() challenge.add_participant(participant1) non_participant = UserFactory() try: Challenge.objects.get(short_name=settings.MAIN_PROJECT_NAME) except ObjectDoesNotExist: ChallengeFactory(short_name=settings.MAIN_PROJECT_NAME) return ChallengeSet( challenge, creator, admin, participant, participant1, non_participant )
def test_permissions_mixin( rf: RequestFactory, admin_user, mocker, ChallengeSet ): # admin_user is a superuser, not a challenge admin creator = ChallengeSet.creator challenge = ChallengeSet.challenge participant = ChallengeSet.participant non_participant = ChallengeSet.non_participant # Messages need to be mocked when using request factory mock_messages = mocker.patch( "grandchallenge.core.permissions.mixins.messages" ).start() mock_messages.INFO = "INFO" assert_status(200, admin_user, AdminOnlyView, challenge, rf) assert_status(200, creator, AdminOnlyView, challenge, rf) assert_status(403, participant, AdminOnlyView, challenge, rf) assert_status(403, non_participant, AdminOnlyView, challenge, rf) assert_redirect( settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf ) assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf) assert_status( 403, non_participant, ParticipantOrAdminOnlyView, challenge, rf ) assert_redirect( settings.LOGIN_URL, AnonymousUser(), ParticipantOrAdminOnlyView, challenge, rf, ) # Make a 2nd challenge and make sure that the admins and participants # here cannot see the first creator2 = UserFactory() challenge2 = ChallengeFactory(creator=creator2) participant2 = UserFactory() challenge2.add_participant(participant2) assert_status(403, creator2, AdminOnlyView, challenge, rf) assert_status(403, participant2, AdminOnlyView, challenge, rf) assert_status(403, creator2, ParticipantOrAdminOnlyView, challenge, rf) assert_status(403, participant2, ParticipantOrAdminOnlyView, challenge, rf)
def generate_challenge_set(): creator = UserFactory() challenge = ChallengeFactory(creator=creator) admin = UserFactory() challenge.add_admin(admin) participant = UserFactory() challenge.add_participant(participant) participant1 = UserFactory() challenge.add_participant(participant1) non_participant = UserFactory() return ChallengeSet( challenge=challenge, creator=creator, admin=admin, participant=participant, participant1=participant1, non_participant=non_participant, )
def generate_challenge_set(): creator = UserFactory() challenge = ChallengeFactory(creator=creator) admin = UserFactory() challenge.add_admin(admin) participant = UserFactory() challenge.add_participant(participant) participant1 = UserFactory() challenge.add_participant(participant1) non_participant = UserFactory() try: Challenge.objects.get(short_name=settings.MAIN_PROJECT_NAME) except ObjectDoesNotExist: ChallengeFactory(short_name=settings.MAIN_PROJECT_NAME) return ChallengeSet( challenge=challenge, creator=creator, admin=admin, participant=participant, participant1=participant1, non_participant=non_participant, )
def generate_challenge_set(): creator = UserFactory() challenge = ChallengeFactory(creator=creator) admin = UserFactory() challenge.add_admin(admin) participant = UserFactory() challenge.add_participant(participant) participant1 = UserFactory() challenge.add_participant(participant1) non_participant = UserFactory() try: Challenge.objects.get(short_name=settings.MAIN_PROJECT_NAME) except ObjectDoesNotExist: ChallengeFactory(short_name=settings.MAIN_PROJECT_NAME) return ChallengeSet( challenge=challenge, creator=creator, admin=admin, participant=participant, participant1=participant1, non_participant=non_participant, )
def test_hidden_phase_visible_for_admins_but_not_participants(client): ch = ChallengeFactory() u = UserFactory() ch.add_participant(u) visible_phase = ch.phase_set.first() hidden_phase = PhaseFactory(challenge=ch, public=False) e1 = EvaluationFactory(submission__phase=visible_phase, submission__creator=u) e2 = EvaluationFactory(submission__phase=hidden_phase, submission__creator=u) for view_name, kwargs, status in [ # phase non-specific pages ("list", {}, 200), ("submission-list", {}, 200), # visible phase ("detail", { "pk": e1.pk }, 200), ("submission-create", { "slug": visible_phase.slug }, 200), ("submission-detail", { "pk": e1.submission.pk }, 200), ("leaderboard", { "slug": visible_phase.slug }, 200), # hidden phase ("detail", { "pk": e2.pk }, 403), ("submission-create", { "slug": hidden_phase.slug }, 200), ("submission-detail", { "pk": e2.submission.pk }, 403), ("leaderboard", { "slug": hidden_phase.slug }, 200), ]: # for participants only the visible phase tab is visible # and they do not have access to the detail pages of their evals and # submissions from the hidden phase, and do not see subs/evals from the hidden # phase on the respective list pages response = get_view_for_user( client=client, viewname=f"evaluation:{view_name}", reverse_kwargs={ "challenge_short_name": ch.short_name, **kwargs }, user=u, ) assert response.status_code == status if status == 200: assert f"{visible_phase.title}</a>" in response.rendered_content assert f"{hidden_phase.title}</a>" not in response.rendered_content if "list" in view_name: assert (f"<td>{visible_phase.title}</td>" in response.rendered_content) assert (f"<td>{hidden_phase.title}</td>" not in response.rendered_content) # for the admin both phases are visible and they have access to submissions # and evals from both phases response = get_view_for_user( client=client, viewname=f"evaluation:{view_name}", reverse_kwargs={ "challenge_short_name": ch.short_name, **kwargs }, user=ch.admins_group.user_set.first(), ) assert response.status_code == 200 assert f"{visible_phase.title}</a>" in response.rendered_content assert f"{hidden_phase.title}</a>" in response.rendered_content if "list" in view_name: assert (f"<td>{visible_phase.title}</td>" in response.rendered_content) assert (f"<td>{hidden_phase.title}</td>" in response.rendered_content)