Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: adds discussion API permissions test cases (#29135)

Browse Source
This commit is contained in:
Awais Jibran
2021-10-28 14:54:32 +05:00
committed by GitHub
parent d5ab616ca8
commit 5f97bc60cf
2 changed files with 85 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
common/lib/xmodule/xmodule/modulestore/tests/django_utils.py
View File

@@ -20,7 +20,7 @@ from lms.djangoapps.courseware.field_overrides import OverrideFieldData
from openedx.core.djangolib.testing.utils import CacheIsolationMixin, CacheIsolationTestCase, FilteredQueryCountMixin
from openedx.core.lib.tempdir import mkdtemp_clean
from common.djangoapps.student.models import CourseEnrollment
from common.djangoapps.student.tests.factories import AdminFactory, UserFactory
from common.djangoapps.student.tests.factories import AdminFactory, UserFactory, InstructorFactory
from common.djangoapps.student.tests.factories import StaffFactory
from xmodule.contentstore.django import _CONTENTSTORE
from xmodule.modulestore import ModuleStoreEnum
@@ -35,6 +35,7 @@ class CourseUserType(Enum):
"""
ANONYMOUS = 'anonymous'
COURSE_STAFF = 'course_staff'
COURSE_INSTRUCTOR = 'course_instructor'
ENROLLED = 'enrolled'
GLOBAL_STAFF = 'global_staff'
UNENROLLED = 'unenrolled'
@@ -371,18 +372,22 @@ class ModuleStoreTestUsersMixin():
return AnonymousUser()
is_enrolled = user_type is CourseUserType.ENROLLED
is_unenrolled_staff = user_type is CourseUserType.UNENROLLED_STAFF
# Set up the test user
if is_unenrolled_staff:
if user_type is CourseUserType.UNENROLLED_STAFF:
user = StaffFactory(course_key=course.id, password=self.TEST_PASSWORD)
elif user_type is CourseUserType.GLOBAL_STAFF:
user = AdminFactory(password=self.TEST_PASSWORD)
elif user_type is CourseUserType.COURSE_INSTRUCTOR:
user = InstructorFactory(course_key=course.id, password=self.TEST_PASSWORD)
else:
user = UserFactory(password=self.TEST_PASSWORD)
self.client.login(username=user.username, password=self.TEST_PASSWORD)
if is_enrolled:
CourseEnrollment.enroll(user, course.id)
return user

81
openedx/core/djangoapps/discussions/tests/test_views.py
View File

@@ -12,10 +12,13 @@ from django.urls import reverse
from lti_consumer.models import CourseAllowPIISharingInLTIFlag
from rest_framework import status
from rest_framework.test import APITestCase
from xmodule.modulestore import ModuleStoreEnum
from xmodule.modulestore.tests.django_utils import CourseUserType, ModuleStoreTestCase
from xmodule.modulestore.tests.factories import CourseFactory
from common.djangoapps.student.tests.factories import UserFactory
from lms.djangoapps.discussion.django_comment_client.tests.factories import RoleFactory
from ..models import AVAILABLE_PROVIDER_MAP, DEFAULT_CONFIG_ENABLED, DEFAULT_PROVIDER_TYPE
DATA_LEGACY_COHORTS = {
@@ -53,14 +56,18 @@ class ApiTest(ModuleStoreTestCase, APITestCase):
super().setUp()
store = ModuleStoreEnum.Type.split
self.course = CourseFactory.create(default_store=store)
self.url = reverse(
if self.USER_TYPE:
self.user = self.create_user_for_course(self.course, user_type=self.USER_TYPE)
@property
def url(self):
"""Returns the discussion API url. """
return reverse(
'discussions',
kwargs={
'course_key_string': str(self.course.id),
}
)
if self.USER_TYPE:
self.user = self.create_user_for_course(self.course, user_type=self.USER_TYPE)
def _get(self):
return self.client.get(self.url)
@@ -127,6 +134,72 @@ class CourseStaffAuthorizedTest(AuthorizedApiTest):
USER_TYPE = CourseUserType.UNENROLLED_STAFF
class CourseInstructorAuthorizedTest(AuthorizedApiTest):
"""
Course instructor should have the same access as Global Staff.
"""
USER_TYPE = CourseUserType.COURSE_INSTRUCTOR
class CourseDiscussionRoleAuthorizedTests(ApiTest):
"""Test cases for discussion api for users with discussion privileges."""
def setUp(self):
super().setUp()
self.course = CourseFactory.create(default_store=ModuleStoreEnum.Type.split)
self.student_role = RoleFactory(name='Student', course_id=self.course.id)
self.moderator_role = RoleFactory(name='Moderator', course_id=self.course.id)
self.community_ta_role = RoleFactory(name='Community TA', course_id=self.course.id)
self.student_user = UserFactory(password=self.TEST_PASSWORD)
self.moderator_user = UserFactory(password=self.TEST_PASSWORD)
self.community_ta_user = UserFactory(password=self.TEST_PASSWORD)
self.student_role.users.add(self.student_user)
self.moderator_role.users.add(self.moderator_user)
self.community_ta_role.users.add(self.community_ta_user)
def login(self, user):
"""Login the given user."""
self.client.login(username=user.username, password=self.TEST_PASSWORD)
def test_student_role_access_get(self):
"""Tests that student role does not have access to the API"""
self.login(self.student_user)
response = self._get()
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_student_role_access_post(self):
"""Tests that student role does not have access to the API"""
self.login(self.student_user)
response = self._post({})
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_moderator_role_access_get(self):
"""Tests that discussion moderator role have access to the API"""
self.login(self.moderator_user)
response = self._get()
assert response.status_code == status.HTTP_200_OK
def test_moderator_role_access_post(self):
"""Tests that discussion moderator role have access to the API"""
self.login(self.moderator_user)
response = self._post({})
assert response.status_code == status.HTTP_200_OK
def test_community_ta_role_access_get(self):
"""Tests that discussion community TA role have access to the API"""
self.login(self.community_ta_user)
response = self._get()
assert response.status_code == status.HTTP_200_OK
def test_community_ta_role_access_post(self):
"""Tests that discussion community TA role have access to the API"""
self.login(self.community_ta_user)
response = self._post({})
assert response.status_code == status.HTTP_200_OK
@ddt.ddt
class DataTest(AuthorizedApiTest):
"""