diff --git a/server/vbv_lernwelt/course/permissions.py b/server/vbv_lernwelt/course/permissions.py index 67335bb8..d15fe28e 100644 --- a/server/vbv_lernwelt/course/permissions.py +++ b/server/vbv_lernwelt/course/permissions.py @@ -9,17 +9,11 @@ def has_course_access(user, course): if user.is_superuser: return True - # attached to CourseSession - course_session = CourseSessionUser.objects.filter( + if CourseSessionUser.objects.filter( course_session__course_id=course.id, user=user - ).exists() - - if course_session: + ).exists(): return True - # TODO is trainer/expert of session - - # TODO check school class access return False @@ -27,8 +21,6 @@ def course_sessions_for_user_qs(user): if user.is_superuser: return CourseSession.objects.all() - course_sessions = CourseSession.objects.filter( - course_session_user__user=user - ).select_related("coursesessionuser") + course_sessions = CourseSession.objects.filter(coursesessionuser__user=user) return course_sessions diff --git a/server/vbv_lernwelt/course/tests/test_course_session_api.py b/server/vbv_lernwelt/course/tests/test_course_session_api.py new file mode 100644 index 00000000..43a7f43b --- /dev/null +++ b/server/vbv_lernwelt/course/tests/test_course_session_api.py @@ -0,0 +1,53 @@ +import json + +from rest_framework.test import APITestCase + +from vbv_lernwelt.core.create_default_users import create_default_users +from vbv_lernwelt.core.models import User +from vbv_lernwelt.course.consts import COURSE_TEST_ID +from vbv_lernwelt.course.creators.test_course import create_test_course +from vbv_lernwelt.course.models import CourseSession, CourseSessionUser + + +class CourseCompletionApiTestCase(APITestCase): + def setUp(self) -> None: + create_default_users() + create_test_course() + + self.user = User.objects.get(username="student") + + self.course_session = CourseSession.objects.create( + course_id=COURSE_TEST_ID, + title="Test Lehrgang Session", + ) + + self.client.login(username="student", password="test") + + def test_api_noCourseSession_withoutCourseSessionUser(self): + response = self.client.get(f"/api/course/sessions/") + + self.assertEqual(response.status_code, 200) + self.assertEqual(len(response.json()), 0) + + def test_api_courseSession_withCourseSessionUser(self): + csu = CourseSessionUser.objects.create( + course_session=self.course_session, + user=self.user, + ) + response = self.client.get(f"/api/course/sessions/") + + self.assertEqual(response.status_code, 200) + self.assertEqual(len(response.json()), 1) + + print(json.dumps(response.json(), indent=4)) + self.assertEqual(response.json()[0]["id"], self.course_session.id) + + def test_api_superUser_canAccessEveryCourseSession(self): + self.client.login(username="admin", password="test") + response = self.client.get(f"/api/course/sessions/") + + self.assertEqual(response.status_code, 200) + self.assertEqual(len(response.json()), 1) + + print(json.dumps(response.json(), indent=4)) + self.assertEqual(response.json()[0]["id"], self.course_session.id) diff --git a/server/vbv_lernwelt/learnpath/tests/test_api.py b/server/vbv_lernwelt/learnpath/tests/test_api.py index 49379e84..c68c0588 100644 --- a/server/vbv_lernwelt/learnpath/tests/test_api.py +++ b/server/vbv_lernwelt/learnpath/tests/test_api.py @@ -2,7 +2,9 @@ from rest_framework.test import APITestCase from vbv_lernwelt.core.admin import User from vbv_lernwelt.core.create_default_users import create_default_users +from vbv_lernwelt.course.consts import COURSE_TEST_ID from vbv_lernwelt.course.creators.test_course import create_test_course +from vbv_lernwelt.course.models import CourseSession, CourseSessionUser from vbv_lernwelt.learnpath.models import LearningPath @@ -10,19 +12,44 @@ class TestRetrieveLearingPathContents(APITestCase): def setUp(self) -> None: create_default_users() create_test_course() + self.slug = "test-lehrgang-lp" + self.learning_path = LearningPath.objects.get(slug=self.slug) + + def test_get_learnpath_page(self): self.user = User.objects.get(username="admin") self.client.login(username="admin", password="test") - def test_get_learnpath_page(self): - slug = "test-lehrgang-lp" - learning_path = LearningPath.objects.get(slug=slug) - response = self.client.get(f"/api/course/page/{slug}/") + response = self.client.get(f"/api/course/page/{self.slug}/") self.assertEqual(response.status_code, 200) data = response.json() - self.assertEqual(learning_path.title, data["title"]) + self.assertEqual(self.learning_path.title, data["title"]) # topics and circles self.assertEqual(4, len(data["children"])) # circle "analyse" contents self.assertEqual(14, len(data["children"][3]["children"])) + + def test_normalUser_withoutCourseSession_cannotAccess(self): + self.user = User.objects.get(username="student") + self.client.login(username="student", password="test") + + response = self.client.get(f"/api/course/page/{self.slug}/") + + self.assertEqual(response.status_code, 403) + + def test_normalUser_withCourseSession_canAccess(self): + self.user = User.objects.get(username="student") + self.client.login(username="student", password="test") + + course_session = CourseSession.objects.create( + course_id=COURSE_TEST_ID, + title="Test Lehrgang Session", + ) + CourseSessionUser.objects.create( + course_session=course_session, + user=self.user, + ) + + response = self.client.get(f"/api/course/page/{self.slug}/") + self.assertEqual(response.status_code, 200)