Limit submissions to teacher of student's class
This commit is contained in:
Ramon Wenger
parent
8dc5d7dfaf
commit
5218a3a867
|
|
@ -25,4 +25,7 @@ class AssignmentNode(DjangoObjectType):
|
|||
|
||||
#todo: restrict for students
|
||||
def resolve_submissions(self, info, **kwargs):
|
||||
return self.submissions.all()
|
||||
user = info.context.user
|
||||
if user.has_perm('users.can_manage_school_class_content'):
|
||||
return self.submissions.filter(student__in=user.users_in_same_school_class())
|
||||
return []
|
||||
|
|
|
|||
|
|
@ -25,9 +25,8 @@ class AssignmentPermissionsTestCase(TestCase):
|
|||
owner=self.teacher
|
||||
)
|
||||
|
||||
request = RequestFactory().get('/')
|
||||
request.user = self.student1
|
||||
self.client = Client(schema=schema, context_value=request)
|
||||
self.assignment_id = to_global_id('AssignmentNode', self.assignment.pk)
|
||||
self.module_id = to_global_id('ModuleNode', self.assignment.module.pk)
|
||||
|
||||
"""
|
||||
to test:
|
||||
|
|
@ -41,19 +40,12 @@ class AssignmentPermissionsTestCase(TestCase):
|
|||
teacher2 should not see result
|
||||
"""
|
||||
|
||||
def test_count(self):
|
||||
self.assertEqual(Assignment.objects.count(), 1)
|
||||
|
||||
def test_submit_submission(self):
|
||||
"""
|
||||
id = graphene.ID(required=True)
|
||||
answer = graphene.String(required=True)
|
||||
document = graphene.String()
|
||||
final = graphene.Boolean()
|
||||
"""
|
||||
|
||||
id = to_global_id('Assignment', self.assignment.pk)
|
||||
def _create_client(self, user):
|
||||
request = RequestFactory().get('/')
|
||||
request.user = user
|
||||
return Client(schema=schema, context_value=request)
|
||||
|
||||
def _submit_submission(self):
|
||||
mutation = '''
|
||||
mutation UpdateAssignment($input: UpdateAssignmentInput!) {
|
||||
updateAssignment(input: $input){
|
||||
|
|
@ -73,14 +65,67 @@ class AssignmentPermissionsTestCase(TestCase):
|
|||
|
||||
'''
|
||||
|
||||
result = self.client.execute(mutation, variables={
|
||||
client = self._create_client(self.student1)
|
||||
|
||||
return client.execute(mutation, variables={
|
||||
'input': {
|
||||
"assignment": {
|
||||
"id": id,
|
||||
"id": self.assignment_id,
|
||||
"answer": 'Halo',
|
||||
"final": True
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
def test_permissions(self):
|
||||
self.assertTrue(self.teacher.has_perm('users.can_manage_school_class_content'))
|
||||
self.assertTrue(self.teacher2.has_perm('users.can_manage_school_class_content'))
|
||||
self.assertFalse(self.student1.has_perm('users.can_manage_school_class_content'))
|
||||
self.assertFalse(self.student2.has_perm('users.can_manage_school_class_content'))
|
||||
|
||||
def test_count(self):
|
||||
self.assertEqual(Assignment.objects.count(), 1)
|
||||
|
||||
def test_submit_submission(self):
|
||||
result = self._submit_submission()
|
||||
self.assertIsNone(result.get('errors'))
|
||||
self.assertEqual(StudentSubmission.objects.count(), 1)
|
||||
|
||||
def _test_visibility(self, user, count):
|
||||
self._submit_submission()
|
||||
client = self._create_client(user)
|
||||
query = '''
|
||||
query AssignmentWithSubmissions($id: ID!) {
|
||||
assignment(id: $id) {
|
||||
title
|
||||
submissions {
|
||||
id
|
||||
text
|
||||
document
|
||||
student {
|
||||
firstName
|
||||
lastName
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
'''
|
||||
result = client.execute(query, variables={
|
||||
'id': self.assignment_id
|
||||
})
|
||||
|
||||
self.assertIsNone(result.get('errors'))
|
||||
self.assertEqual(len(result.get('data').get('assignment').get('submissions')), count)
|
||||
|
||||
|
||||
def test_visible_for_teacher(self):
|
||||
self._test_visibility(self.teacher, 1)
|
||||
|
||||
def test_visible_for_teacher2(self):
|
||||
self._test_visibility(self.teacher2, 0)
|
||||
|
||||
def test_visible_for_student1(self):
|
||||
self._test_visibility(self.student1, 0)
|
||||
|
||||
def test_visible_for_student2(self):
|
||||
self._test_visibility(self.student2, 0)
|
||||
|
|
|
|||
|
|
@ -31,6 +31,9 @@ class User(AbstractUser):
|
|||
def has_perm(self, perm, obj=None):
|
||||
return super(User, self).has_perm(perm, obj) or perm in self.get_all_permissions(obj)
|
||||
|
||||
def users_in_same_school_class(self):
|
||||
return User.objects.filter(school_classes__users=self.pk)
|
||||
|
||||
|
||||
class SchoolClass(models.Model):
|
||||
name = models.CharField(max_length=100, blank=False, null=False)
|
||||
|
|
@ -43,7 +46,6 @@ class SchoolClass(models.Model):
|
|||
return 'SchoolClass {}-{}-{}'.format(self.id, self.name, self.year)
|
||||
|
||||
|
||||
|
||||
class Role(models.Model):
|
||||
key = models.CharField(_('Key'), max_length=100, blank=False, null=False, unique=True)
|
||||
name = models.CharField(_('Name'), max_length=100, blank=False, null=False)
|
||||
|
|
@ -79,7 +81,6 @@ class Role(models.Model):
|
|||
)
|
||||
|
||||
|
||||
|
||||
class UserRole(models.Model):
|
||||
user = models.ForeignKey(User, blank=False, null=False, on_delete=models.CASCADE, related_name='user_roles')
|
||||
role = models.ForeignKey(Role, blank=False, null=False, on_delete=models.CASCADE, related_name='user_roles')
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ def create_users(data=None):
|
|||
name='skillbox'
|
||||
)
|
||||
teacher2 = UserFactory(username='teacher2')
|
||||
UserRole.objects.create(user=teacher2, role=teacher_role)
|
||||
SchoolClassFactory(
|
||||
users=[teacher2],
|
||||
year='2018',
|
||||
|
|
|
|||
Loading…
Reference in New Issue