from django.test import TestCase, RequestFactory from graphene.test import Client from api.schema import schema from core.factories import UserFactory from rooms.factories import RoomFactory, RoomEntryFactory from users.factories import SchoolClassFactory class RoomQueryPermission(TestCase): @staticmethod def get_first_contents(result): return result.get('data').get('rooms').get('edges')[0] def setUp(self): self.user = UserFactory(username='aschi') self.another_user = UserFactory(username='pesche') sc1 = SchoolClassFactory(users=[self.user]) sc2 = SchoolClassFactory(users=[self.another_user]) self.room1 = RoomFactory(school_class=sc1) self.room2 = RoomFactory(school_class=sc2) request = RequestFactory().get('/') request.user = self.user self.client = Client(schema=schema, context_value=request) def test_student_should_only_see_rooms_of_class(self): query = ''' query { rooms { title } } ''' result = self.client.execute(query) self.assertIsNone(result.get('errors')) self.assertEqual(len(result.get('data').get('rooms')), 1) self.assertEqual(result.get('data').get('rooms')[0].get('title'), self.room1.title) def test_student_should_not_be_able_to_query_rooms_of_other_classes(self): query = ''' query RoomQuery($slug: String) { room(slug: $slug) { title } } ''' result = self.client.execute(query, variables={ 'slug': self.room2.slug }) self.assertIsNone(result.get('errors')) self.assertEqual(result.get('data').get('room'), None) def test_student_should_only_user_created_rooms(self): modlue_room = RoomFactory(school_class=self.room1.school_class, user_created=False) query = ''' query { rooms { title } } ''' result = self.client.execute(query) self.assertIsNone(result.get('errors')) self.assertEqual(len(result.get('data').get('rooms')), 1) self.assertNotEqual(result.get('data').get('rooms')[0].get('title'), modlue_room.title) class RoomEntryQueryPermissions(TestCase): @staticmethod def get_first_contents(result): return result.get('data').get('rooms').get('edges')[0] def setUp(self): self.user = UserFactory(username='aschi') self.another_user = UserFactory(username='pesche') sc1 = SchoolClassFactory(users=[self.user]) sc2 = SchoolClassFactory(users=[self.another_user]) room1 = RoomFactory(school_class=sc1) room2 = RoomFactory(school_class=sc2) self.roomEntry1 = RoomEntryFactory(room=room1, author=self.user) self.roomEntry2 = RoomEntryFactory(room=room2, author=self.another_user) request = RequestFactory().get('/') request.user = self.user self.client = Client(schema=schema, context_value=request) def test_user_should_see_room_entries_from_own_class(self): query = ''' query RoomEntryQuery($slug: String) { roomEntry(slug: $slug) { title } } ''' result = self.client.execute(query, variables={ 'slug': self.roomEntry1.slug }) self.assertIsNone(result.get('errors')) self.assertEqual(result.get('data').get('roomEntry').get('title'), self.roomEntry1.title) def test_user_should_not_see_room_entries_from_orther_class(self): query = ''' query RoomEntryQuery($slug: String) { roomEntry(slug: $slug) { title } } ''' result = self.client.execute(query, variables={ 'slug': self.roomEntry2.slug }) self.assertIsNone(result.get('errors')) self.assertEqual(result.get('data').get('roomEntry'), None)