Skip to content
Snippets Groups Projects
Commit 49e2b069 authored by Jan Maximilian Michal's avatar Jan Maximilian Michal
Browse files

Added some tests for access rights and frontend tests are no longer

allowed to fail
parent 103db3d5
No related branches found
No related tags found
1 merge request!16Backend tests
Pipeline #
...@@ -56,7 +56,6 @@ test_frontend: ...@@ -56,7 +56,6 @@ test_frontend:
script: script:
- yarn install - yarn install
- yarn test --single-run - yarn test --single-run
allow_failure: true
# ============================== Staging section ============================= # # ============================== Staging section ============================= #
.staging_template: &staging_definition .staging_template: &staging_definition
......
...@@ -6,6 +6,7 @@ from core.views import StudentApiView ...@@ -6,6 +6,7 @@ from core.views import StudentApiView
from util.factories import GradyUserFactory from util.factories import GradyUserFactory
class AccessRightsOfStudentAPIViewTests(APITestCase): class AccessRightsOfStudentAPIViewTests(APITestCase):
""" All tests that enshure that only students can see what students """ All tests that enshure that only students can see what students
should see belong here """ should see belong here """
......
...@@ -5,3 +5,44 @@ ...@@ -5,3 +5,44 @@
* GET /tutorlist list of all tutors with their scores * GET /tutorlist list of all tutors with their scores
""" """
from rest_framework.test import APITestCase, APIRequestFactory, force_authenticate
from rest_framework import status
from core.models import Reviewer
from django.urls import reverse
from core.views import StudentApiView
from util.factories import GradyUserFactory
class AccessRightsTests(APITestCase):
@classmethod
def setUpTestData(cls):
cls.factory = APIRequestFactory()
cls.user_factory = GradyUserFactory()
def setUp(self):
self.student = self.user_factory.make_student()
self.tutor = self.user_factory.make_tutor()
self.reviewer = self.user_factory.make_reviewer()
self.request = self.factory.get(reverse('student-page'))
self.view = StudentApiView.as_view()
def test_unauthorized_access_denied(self):
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_tutor_has_no_access(self):
force_authenticate(self.request, user=self.tutor.user)
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_reviewer_has_no_access(self):
force_authenticate(self.request, user=self.reviewer.user)
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_student_is_authorized(self):
force_authenticate(self.request, user=self.student.user)
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment