ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Limit submissions to teacher of student's class

This commit is contained in:
Ramon Wenger 2018-10-16 13:36:32 +02:00
parent 8dc5d7dfaf
commit 5218a3a867
4 changed files with 70 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/assignments/schema/types.py
View File

@ -25,4 +25,7 @@ class AssignmentNode(DjangoObjectType):
#todo: restrict for students #todo: restrict for students
def resolve_submissions(self, info, **kwargs): def resolve_submissions(self, info, **kwargs):
return self.submissions.all() user = info.context.user
if user.has_perm('users.can_manage_school_class_content'):
return self.submissions.filter(student__in=user.users_in_same_school_class())
return []

79
server/assignments/tests/test_assignment_permissions.py
View File

@ -25,9 +25,8 @@ class AssignmentPermissionsTestCase(TestCase):
owner=self.teacher owner=self.teacher
) )
request = RequestFactory().get('/') self.assignment_id = to_global_id('AssignmentNode', self.assignment.pk)
request.user = self.student1 self.module_id = to_global_id('ModuleNode', self.assignment.module.pk)
self.client = Client(schema=schema, context_value=request)
""" """
to test: to test:
@ -41,19 +40,12 @@ class AssignmentPermissionsTestCase(TestCase):
teacher2 should not see result teacher2 should not see result
""" """
def test_count(self): def _create_client(self, user):
self.assertEqual(Assignment.objects.count(), 1) request = RequestFactory().get('/')
request.user = user
def test_submit_submission(self): return Client(schema=schema, context_value=request)
"""
id = graphene.ID(required=True)
answer = graphene.String(required=True)
document = graphene.String()
final = graphene.Boolean()
"""
id = to_global_id('Assignment', self.assignment.pk)
def _submit_submission(self):
mutation = ''' mutation = '''
mutation UpdateAssignment($input: UpdateAssignmentInput!) { mutation UpdateAssignment($input: UpdateAssignmentInput!) {
updateAssignment(input: $input){ updateAssignment(input: $input){
@ -73,14 +65,67 @@ class AssignmentPermissionsTestCase(TestCase):
''' '''
result = self.client.execute(mutation, variables={ client = self._create_client(self.student1)
return client.execute(mutation, variables={
'input': { 'input': {
"assignment": { "assignment": {
"id": id, "id": self.assignment_id,
"answer": 'Halo', "answer": 'Halo',
"final": True "final": True
} }
} }
}) })
def test_permissions(self):
self.assertTrue(self.teacher.has_perm('users.can_manage_school_class_content'))
self.assertTrue(self.teacher2.has_perm('users.can_manage_school_class_content'))
self.assertFalse(self.student1.has_perm('users.can_manage_school_class_content'))
self.assertFalse(self.student2.has_perm('users.can_manage_school_class_content'))
def test_count(self):
self.assertEqual(Assignment.objects.count(), 1)
def test_submit_submission(self):
result = self._submit_submission()
self.assertIsNone(result.get('errors')) self.assertIsNone(result.get('errors'))
self.assertEqual(StudentSubmission.objects.count(), 1) self.assertEqual(StudentSubmission.objects.count(), 1)
def _test_visibility(self, user, count):
self._submit_submission()
client = self._create_client(user)
query = '''
query AssignmentWithSubmissions($id: ID!) {
assignment(id: $id) {
title
submissions {
id
text
document
student {
firstName
lastName
}
}
}
}
'''
result = client.execute(query, variables={
'id': self.assignment_id
})
self.assertIsNone(result.get('errors'))
self.assertEqual(len(result.get('data').get('assignment').get('submissions')), count)
def test_visible_for_teacher(self):
self._test_visibility(self.teacher, 1)
def test_visible_for_teacher2(self):
self._test_visibility(self.teacher2, 0)
def test_visible_for_student1(self):
self._test_visibility(self.student1, 0)
def test_visible_for_student2(self):
self._test_visibility(self.student2, 0)

5
server/users/models.py
View File

@ -31,6 +31,9 @@ class User(AbstractUser):
def has_perm(self, perm, obj=None): def has_perm(self, perm, obj=None):
return super(User, self).has_perm(perm, obj) or perm in self.get_all_permissions(obj) return super(User, self).has_perm(perm, obj) or perm in self.get_all_permissions(obj)
def users_in_same_school_class(self):
return User.objects.filter(school_classes__users=self.pk)
class SchoolClass(models.Model): class SchoolClass(models.Model):
name = models.CharField(max_length=100, blank=False, null=False) name = models.CharField(max_length=100, blank=False, null=False)
@ -43,7 +46,6 @@ class SchoolClass(models.Model):
return 'SchoolClass {}-{}-{}'.format(self.id, self.name, self.year) return 'SchoolClass {}-{}-{}'.format(self.id, self.name, self.year)
class Role(models.Model): class Role(models.Model):
key = models.CharField(_('Key'), max_length=100, blank=False, null=False, unique=True) key = models.CharField(_('Key'), max_length=100, blank=False, null=False, unique=True)
name = models.CharField(_('Name'), max_length=100, blank=False, null=False) name = models.CharField(_('Name'), max_length=100, blank=False, null=False)
@ -79,7 +81,6 @@ class Role(models.Model):
) )
class UserRole(models.Model): class UserRole(models.Model):
user = models.ForeignKey(User, blank=False, null=False, on_delete=models.CASCADE, related_name='user_roles') user = models.ForeignKey(User, blank=False, null=False, on_delete=models.CASCADE, related_name='user_roles')
role = models.ForeignKey(Role, blank=False, null=False, on_delete=models.CASCADE, related_name='user_roles') role = models.ForeignKey(Role, blank=False, null=False, on_delete=models.CASCADE, related_name='user_roles')

1
server/users/services.py
View File

@ -25,6 +25,7 @@ def create_users(data=None):
name='skillbox' name='skillbox'
) )
teacher2 = UserFactory(username='teacher2') teacher2 = UserFactory(username='teacher2')
UserRole.objects.create(user=teacher2, role=teacher_role)
SchoolClassFactory( SchoolClassFactory(
users=[teacher2], users=[teacher2],
year='2018', year='2018',