From 5f97bc60cf18f133be6c7e382b5f28f936c59c70 Mon Sep 17 00:00:00 2001
From: Awais Jibran <awaisdar001@gmail.com>
Date: Thu, 28 Oct 2021 14:54:32 +0500
Subject: [PATCH] test: adds discussion API permissions test cases (#29135)

---
 .../xmodule/modulestore/tests/django_utils.py | 11 ++-
 .../discussions/tests/test_views.py           | 81 ++++++++++++++++++-
 2 files changed, 85 insertions(+), 7 deletions(-)

diff --git a/common/lib/xmodule/xmodule/modulestore/tests/django_utils.py b/common/lib/xmodule/xmodule/modulestore/tests/django_utils.py
index 6eb8cc8229..3b23e1b83e 100644
--- a/common/lib/xmodule/xmodule/modulestore/tests/django_utils.py
+++ b/common/lib/xmodule/xmodule/modulestore/tests/django_utils.py
@@ -20,7 +20,7 @@ from lms.djangoapps.courseware.field_overrides import OverrideFieldData
 from openedx.core.djangolib.testing.utils import CacheIsolationMixin, CacheIsolationTestCase, FilteredQueryCountMixin
 from openedx.core.lib.tempdir import mkdtemp_clean
 from common.djangoapps.student.models import CourseEnrollment
-from common.djangoapps.student.tests.factories import AdminFactory, UserFactory
+from common.djangoapps.student.tests.factories import AdminFactory, UserFactory, InstructorFactory
 from common.djangoapps.student.tests.factories import StaffFactory
 from xmodule.contentstore.django import _CONTENTSTORE
 from xmodule.modulestore import ModuleStoreEnum
@@ -35,6 +35,7 @@ class CourseUserType(Enum):
     """
     ANONYMOUS = 'anonymous'
     COURSE_STAFF = 'course_staff'
+    COURSE_INSTRUCTOR = 'course_instructor'
     ENROLLED = 'enrolled'
     GLOBAL_STAFF = 'global_staff'
     UNENROLLED = 'unenrolled'
@@ -371,18 +372,22 @@ class ModuleStoreTestUsersMixin():
             return AnonymousUser()
 
         is_enrolled = user_type is CourseUserType.ENROLLED
-        is_unenrolled_staff = user_type is CourseUserType.UNENROLLED_STAFF
 
         # Set up the test user
-        if is_unenrolled_staff:
+        if user_type is CourseUserType.UNENROLLED_STAFF:
             user = StaffFactory(course_key=course.id, password=self.TEST_PASSWORD)
         elif user_type is CourseUserType.GLOBAL_STAFF:
             user = AdminFactory(password=self.TEST_PASSWORD)
+        elif user_type is CourseUserType.COURSE_INSTRUCTOR:
+            user = InstructorFactory(course_key=course.id, password=self.TEST_PASSWORD)
         else:
             user = UserFactory(password=self.TEST_PASSWORD)
+
         self.client.login(username=user.username, password=self.TEST_PASSWORD)
+
         if is_enrolled:
             CourseEnrollment.enroll(user, course.id)
+
         return user
 
 
diff --git a/openedx/core/djangoapps/discussions/tests/test_views.py b/openedx/core/djangoapps/discussions/tests/test_views.py
index 722224aed3..cf24991a3a 100644
--- a/openedx/core/djangoapps/discussions/tests/test_views.py
+++ b/openedx/core/djangoapps/discussions/tests/test_views.py
@@ -12,10 +12,13 @@ from django.urls import reverse
 from lti_consumer.models import CourseAllowPIISharingInLTIFlag
 from rest_framework import status
 from rest_framework.test import APITestCase
-
 from xmodule.modulestore import ModuleStoreEnum
 from xmodule.modulestore.tests.django_utils import CourseUserType, ModuleStoreTestCase
 from xmodule.modulestore.tests.factories import CourseFactory
+
+from common.djangoapps.student.tests.factories import UserFactory
+from lms.djangoapps.discussion.django_comment_client.tests.factories import RoleFactory
+
 from ..models import AVAILABLE_PROVIDER_MAP, DEFAULT_CONFIG_ENABLED, DEFAULT_PROVIDER_TYPE
 
 DATA_LEGACY_COHORTS = {
@@ -53,14 +56,18 @@ class ApiTest(ModuleStoreTestCase, APITestCase):
         super().setUp()
         store = ModuleStoreEnum.Type.split
         self.course = CourseFactory.create(default_store=store)
-        self.url = reverse(
+        if self.USER_TYPE:
+            self.user = self.create_user_for_course(self.course, user_type=self.USER_TYPE)
+
+    @property
+    def url(self):
+        """Returns the discussion API url. """
+        return reverse(
             'discussions',
             kwargs={
                 'course_key_string': str(self.course.id),
             }
         )
-        if self.USER_TYPE:
-            self.user = self.create_user_for_course(self.course, user_type=self.USER_TYPE)
 
     def _get(self):
         return self.client.get(self.url)
@@ -127,6 +134,72 @@ class CourseStaffAuthorizedTest(AuthorizedApiTest):
     USER_TYPE = CourseUserType.UNENROLLED_STAFF
 
 
+class CourseInstructorAuthorizedTest(AuthorizedApiTest):
+    """
+    Course instructor should have the same access as Global Staff.
+    """
+
+    USER_TYPE = CourseUserType.COURSE_INSTRUCTOR
+
+
+class CourseDiscussionRoleAuthorizedTests(ApiTest):
+    """Test cases for discussion api for users with discussion privileges."""
+
+    def setUp(self):
+        super().setUp()
+
+        self.course = CourseFactory.create(default_store=ModuleStoreEnum.Type.split)
+        self.student_role = RoleFactory(name='Student', course_id=self.course.id)
+        self.moderator_role = RoleFactory(name='Moderator', course_id=self.course.id)
+        self.community_ta_role = RoleFactory(name='Community TA', course_id=self.course.id)
+        self.student_user = UserFactory(password=self.TEST_PASSWORD)
+        self.moderator_user = UserFactory(password=self.TEST_PASSWORD)
+        self.community_ta_user = UserFactory(password=self.TEST_PASSWORD)
+        self.student_role.users.add(self.student_user)
+        self.moderator_role.users.add(self.moderator_user)
+        self.community_ta_role.users.add(self.community_ta_user)
+
+    def login(self, user):
+        """Login the given user."""
+        self.client.login(username=user.username, password=self.TEST_PASSWORD)
+
+    def test_student_role_access_get(self):
+        """Tests that student role does not have access to the API"""
+        self.login(self.student_user)
+        response = self._get()
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    def test_student_role_access_post(self):
+        """Tests that student role does not have access to the API"""
+        self.login(self.student_user)
+        response = self._post({})
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    def test_moderator_role_access_get(self):
+        """Tests that discussion moderator role have access to the API"""
+        self.login(self.moderator_user)
+        response = self._get()
+        assert response.status_code == status.HTTP_200_OK
+
+    def test_moderator_role_access_post(self):
+        """Tests that discussion moderator role have access to the API"""
+        self.login(self.moderator_user)
+        response = self._post({})
+        assert response.status_code == status.HTTP_200_OK
+
+    def test_community_ta_role_access_get(self):
+        """Tests that discussion community TA role have access to the API"""
+        self.login(self.community_ta_user)
+        response = self._get()
+        assert response.status_code == status.HTTP_200_OK
+
+    def test_community_ta_role_access_post(self):
+        """Tests that discussion community TA role have access to the API"""
+        self.login(self.community_ta_user)
+        response = self._post({})
+        assert response.status_code == status.HTTP_200_OK
+
+
 @ddt.ddt
 class DataTest(AuthorizedApiTest):
     """