ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity
skillbox/server/rooms/tests/test_room_query_permission.py

139 lines
4.3 KiB
Python
Raw Blame History

from django.test import TestCase, RequestFactory
from graphene.test import Client
from api.schema import schema
from core.factories import UserFactory
from rooms.factories import RoomFactory, RoomEntryFactory
from users.factories import SchoolClassFactory
class RoomQueryPermission(TestCase):
@staticmethod
def get_first_contents(result):
return result.get('data').get('rooms').get('edges')[0]
def setUp(self):
self.user = UserFactory(username='aschi')
self.another_user = UserFactory(username='pesche')
sc1 = SchoolClassFactory(users=[self.user])
sc2 = SchoolClassFactory(users=[self.another_user])
self.room1 = RoomFactory(school_class=sc1)
self.room2 = RoomFactory(school_class=sc2)
request = RequestFactory().get('/')
request.user = self.user
self.client = Client(schema=schema, context_value=request)
def test_student_should_only_see_rooms_of_class(self):
query = '''
query {
rooms {
edges {
node {
title
}
}
}
}
'''
result = self.client.execute(query)
self.assertIsNone(result.get('errors'))
self.assertEqual(len(result.get('data').get('rooms').get('edges')), 1)
self.assertEqual(result.get('data').get('rooms').get('edges')[0].get('node').get('title'), self.room1.title)
def test_student_should_not_be_able_to_query_rooms_of_other_classes(self):
query = '''
query RoomQuery($slug: String) {
room(slug: $slug) {
title
}
}
'''
result = self.client.execute(query, variables={
'slug': self.room2.slug
})
self.assertIsNone(result.get('errors'))
self.assertEqual(result.get('data').get('room'), None)
def test_student_should_only_user_created_rooms(self):
modlue_room = RoomFactory(school_class=self.room1.school_class, user_created=False)
query = '''
query {
rooms {
edges {
node {
title
}
}
}
}
'''
result = self.client.execute(query)
self.assertIsNone(result.get('errors'))
self.assertEqual(len(result.get('data').get('rooms').get('edges')), 1)
self.assertNotEqual(result.get('data').get('rooms').get('edges')[0].get('node').get('title'), modlue_room.title)
class RoomEntryQueryPermissions(TestCase):
@staticmethod
def get_first_contents(result):
return result.get('data').get('rooms').get('edges')[0]
def setUp(self):
self.user = UserFactory(username='aschi')
self.another_user = UserFactory(username='pesche')
sc1 = SchoolClassFactory(users=[self.user])
sc2 = SchoolClassFactory(users=[self.another_user])
room1 = RoomFactory(school_class=sc1)
room2 = RoomFactory(school_class=sc2)
self.roomEntry1 = RoomEntryFactory(room=room1, author=self.user)
self.roomEntry2 = RoomEntryFactory(room=room2, author=self.another_user)
request = RequestFactory().get('/')
request.user = self.user
self.client = Client(schema=schema, context_value=request)
def test_user_should_see_room_entries_from_own_class(self):
query = '''
query RoomEntryQuery($slug: String) {
roomEntry(slug: $slug) {
title
}
}
'''
result = self.client.execute(query, variables={
'slug': self.roomEntry1.slug
})
self.assertIsNone(result.get('errors'))
self.assertEqual(result.get('data').get('roomEntry').get('title'), self.roomEntry1.title)
def test_user_should_not_see_room_entries_from_orther_class(self):
query = '''
query RoomEntryQuery($slug: String) {
roomEntry(slug: $slug) {
title
}
}
'''
result = self.client.execute(query, variables={
'slug': self.roomEntry2.slug
})
self.assertIsNone(result.get('errors'))
self.assertEqual(result.get('data').get('roomEntry'), None)
Reference in New Issue View Git Blame Copy Permalink