167 lines
5.9 KiB
Python
167 lines
5.9 KiB
Python
from graphql_relay import to_global_id
|
|
|
|
from core.tests.base_test import SkillboxTestCase
|
|
from portfolio.factories import ProjectFactory
|
|
from portfolio.models import Project
|
|
from users.factories import SchoolClassFactory
|
|
from users.models import User
|
|
|
|
project_query = """
|
|
query ProjectQuery($id: ID!) {
|
|
project(id: $id) {
|
|
id
|
|
}
|
|
}
|
|
"""
|
|
|
|
|
|
class ProjectQueryTestCase(SkillboxTestCase):
|
|
def _test_direct_project_access(self, user: User, should_have_access: bool):
|
|
result = self.get_client(user).execute(project_query, variables={
|
|
'id': self.project1.graphql_id
|
|
})
|
|
self.assertIsNone(result.errors)
|
|
if should_have_access:
|
|
self.assertEqual(result.data.get('project').get('id'), self.project1.graphql_id)
|
|
else:
|
|
self.assertIsNone(result.data.get('project'))
|
|
|
|
def setUp(self):
|
|
self.createDefault()
|
|
school_class1 = SchoolClassFactory(users=[self.teacher, self.student1])
|
|
school_class2 = SchoolClassFactory(users=[self.teacher2, self.student2])
|
|
|
|
self.project1 = ProjectFactory(student=self.student1)
|
|
self.project1_id = to_global_id('ProjectNode', self.project1.id)
|
|
self.query = '''
|
|
query ProjectsQuery {
|
|
projects {
|
|
...ProjectParts
|
|
}
|
|
}
|
|
|
|
fragment ProjectParts on ProjectNode {
|
|
id
|
|
title
|
|
appearance
|
|
description
|
|
slug
|
|
objectives
|
|
__typename
|
|
}
|
|
|
|
'''
|
|
|
|
def test_should_see_own_projects(self):
|
|
self.assertEqual(Project.objects.count(), 1)
|
|
|
|
result = self.get_client(self.student1).execute(self.query)
|
|
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(result.data.get('projects')[0].get('title'), self.project1.title)
|
|
|
|
def test_should_not_see_other_projects(self):
|
|
self.assertEqual(Project.objects.count(), 1)
|
|
|
|
result = self.get_client(self.student2).execute(self.query)
|
|
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(len(result.data.get('projects')), 0)
|
|
|
|
def test_teacher_should_not_see_unfinished_projects(self):
|
|
result = self.get_client().execute(self.query)
|
|
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(len(result.data.get('projects')), 0)
|
|
|
|
def test_teacher_should_only_see_finished_projects(self):
|
|
self.project1.final = True
|
|
self.project1.save()
|
|
self.assertEqual(Project.objects.count(), 1)
|
|
|
|
result = self.get_client().execute(self.query)
|
|
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(result.data.get('projects')[0].get('title'),
|
|
self.project1.title)
|
|
|
|
def test_other_teacher_should_not_see_projects(self):
|
|
self.project1.final = True
|
|
self.project1.save()
|
|
self.assertEqual(Project.objects.count(), 1)
|
|
|
|
result = self.get_client(self.teacher2).execute(self.query)
|
|
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(len(result.data.get('projects')), 0)
|
|
|
|
def test_class_with_two_teachers_both_can_see_project(self):
|
|
# create class with two teachers
|
|
school_class3 = SchoolClassFactory(users=[self.teacher, self.teacher2, self.student1])
|
|
|
|
self.project1.final = True
|
|
self.project1.save()
|
|
self.assertEqual(Project.objects.count(), 1)
|
|
# teacher can see project
|
|
result = self.get_client(self.teacher).execute(self.query)
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(len(result.data.get('projects')), 1)
|
|
|
|
# teacher2 can see project
|
|
result = self.get_client(self.teacher2).execute(self.query)
|
|
self.assertIsNone(result.errors)
|
|
self.assertEqual(len(result.data.get('projects')), 1)
|
|
|
|
def test_class_with_two_teachers_direct_final_project_access(self):
|
|
# create class with two teachers
|
|
school_class3 = SchoolClassFactory(users=[self.teacher, self.teacher2, self.student1])
|
|
|
|
self.project1.final = True
|
|
self.project1.save()
|
|
# student can access own project directly
|
|
self._test_direct_project_access(self.student1, True)
|
|
# teacher of student can access project, as it's final
|
|
self._test_direct_project_access(self.teacher, True)
|
|
# other teacher can't access project, as it's not final
|
|
self._test_direct_project_access(self.teacher2, True)
|
|
# non-owner can't access project
|
|
self._test_direct_project_access(self.student2, False)
|
|
|
|
def test_direct_project_access(self):
|
|
# student can access own project directly
|
|
self._test_direct_project_access(self.student1, True)
|
|
# teacher can't access project, as it's not final
|
|
self._test_direct_project_access(self.teacher, False)
|
|
self._test_direct_project_access(self.teacher2, False)
|
|
# non-owner can't access project
|
|
self._test_direct_project_access(self.student2, False)
|
|
|
|
|
|
def test_direct_final_project_access(self):
|
|
self.project1.final = True
|
|
self.project1.save()
|
|
# student can access own project directly
|
|
self._test_direct_project_access(self.student1, True)
|
|
# teacher of student can access project, as it's final
|
|
self._test_direct_project_access(self.teacher, True)
|
|
# other teacher can't access project, as it's not final
|
|
self._test_direct_project_access(self.teacher2, False)
|
|
# non-owner can't access project
|
|
self._test_direct_project_access(self.student2, False)
|
|
|
|
def test_project_owner_can_view(self):
|
|
query = """
|
|
query ProjectQuery($id: ID!) {
|
|
project(id: $id) {
|
|
id
|
|
student {
|
|
email
|
|
}
|
|
}
|
|
}
|
|
"""
|
|
result = self.get_client(self.student1).execute(query, variables={
|
|
'id': self.project1.graphql_id
|
|
})
|
|
self.assertEqual(result.data['project']['student']['email'], self.student1.email)
|