From 103db3d5f129c13eb32502acf2349be27667e9e1 Mon Sep 17 00:00:00 2001
From: janmax <mail-github@jmx.io>
Date: Thu, 23 Nov 2017 18:07:19 +0100
Subject: [PATCH] Added more tests and some docstrings

---
 backend/core/tests/test_access_rights.py      | 42 +++++++++++++++++++
 .../core/tests/test_tutor_api_endpoints.py    |  7 ++++
 2 files changed, 49 insertions(+)
 create mode 100644 backend/core/tests/test_access_rights.py
 create mode 100644 backend/core/tests/test_tutor_api_endpoints.py

diff --git a/backend/core/tests/test_access_rights.py b/backend/core/tests/test_access_rights.py
new file mode 100644
index 00000000..78853afc
--- /dev/null
+++ b/backend/core/tests/test_access_rights.py
@@ -0,0 +1,42 @@
+from rest_framework.test import APITestCase, APIRequestFactory, force_authenticate
+from rest_framework import status
+from core.models import Reviewer
+from django.urls import reverse
+from core.views import StudentApiView
+
+from util.factories import GradyUserFactory
+
+class AccessRightsOfStudentAPIViewTests(APITestCase):
+    """ All tests that enshure that only students can see what students
+    should see belong here """
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.factory = APIRequestFactory()
+        cls.user_factory = GradyUserFactory()
+
+    def setUp(self):
+        self.student = self.user_factory.make_student()
+        self.tutor = self.user_factory.make_tutor()
+        self.reviewer = self.user_factory.make_reviewer()
+        self.request = self.factory.get(reverse('student-page'))
+        self.view = StudentApiView.as_view()
+
+    def test_unauthorized_access_denied(self):
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_tutor_has_no_access(self):
+        force_authenticate(self.request, user=self.tutor.user)
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_reviewer_has_no_access(self):
+        force_authenticate(self.request, user=self.reviewer.user)
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_student_is_authorized(self):
+        force_authenticate(self.request, user=self.student.user)
+        response = self.view(self.request)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
diff --git a/backend/core/tests/test_tutor_api_endpoints.py b/backend/core/tests/test_tutor_api_endpoints.py
new file mode 100644
index 00000000..698d987c
--- /dev/null
+++ b/backend/core/tests/test_tutor_api_endpoints.py
@@ -0,0 +1,7 @@
+""" Two api endpoints are currently planned
+
+    * GET /tutor/:id to retrive information about some tutor
+    * POST /tutor/:username/:email create a new tutor and email password
+    * GET /tutorlist list of all tutors with their scores
+"""
+
-- 
GitLab