Skip to content
Snippets Groups Projects
Commit 49e2b069 authored by Jan Maximilian Michal's avatar Jan Maximilian Michal
Browse files

Added some tests for access rights and frontend tests are no longer 

allowed to fail
parent 103db3d5
No related branches found
No related tags found
1 merge request!16Backend tests
Pipeline #
This commit is part of merge request !16. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 0
1
View file @ 49e2b069
......@@ -56,7 +56,6 @@ test_frontend:
script:
- yarn install
- yarn test --single-run
allow_failure: true
# ============================== Staging section ============================= #
.staging_template: &staging_definition
......
backend/core/tests/test_access_rights.py
+ 1
0
View file @ 49e2b069
......@@ -6,6 +6,7 @@ from core.views import StudentApiView
from util.factories import GradyUserFactory
class AccessRightsOfStudentAPIViewTests(APITestCase):
""" All tests that enshure that only students can see what students
should see belong here """
......
backend/core/tests/test_tutor_api_endpoints.py
+ 41
0
View file @ 49e2b069
......@@ -5,3 +5,44 @@
* GET /tutorlist list of all tutors with their scores
"""
from rest_framework.test import APITestCase, APIRequestFactory, force_authenticate
from rest_framework import status
from core.models import Reviewer
from django.urls import reverse
from core.views import StudentApiView
from util.factories import GradyUserFactory
class AccessRightsTests(APITestCase):
@classmethod
def setUpTestData(cls):
cls.factory = APIRequestFactory()
cls.user_factory = GradyUserFactory()
def setUp(self):
self.student = self.user_factory.make_student()
self.tutor = self.user_factory.make_tutor()
self.reviewer = self.user_factory.make_reviewer()
self.request = self.factory.get(reverse('student-page'))
self.view = StudentApiView.as_view()
def test_unauthorized_access_denied(self):
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_tutor_has_no_access(self):
force_authenticate(self.request, user=self.tutor.user)
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_reviewer_has_no_access(self):
force_authenticate(self.request, user=self.reviewer.user)
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_student_is_authorized(self):
force_authenticate(self.request, user=self.student.user)
response = self.view(self.request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment