extra testing

SELab-2 · Mar 14, 2024 · 09aa53c · 09aa53c
1 parent bdb9e17
commit 09aa53c
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 32 deletions.
diff --git a/backend/project/utils/authentication.py b/backend/project/utils/authentication.py
@@ -104,7 +104,7 @@ def is_teacher_of_course(auth_user_id, course_id):
                     "url": f"{API_URL}/users"}, 500
 
     if not course:
-        abort(404)
+        abort_with_message(404, f"Could not find course with id: {course_id}")
 
     if auth_user_id == course.teacher:
         return True
@@ -151,7 +151,7 @@ def get_course_of_project(project_id):
                     "url": f"{API_URL}/users"}, 500
 
     if not project:
-        abort(404)
+        abort_with_message(404, f"Could not find project with id: {project_id}")
 
     return project.course_id
 
@@ -176,7 +176,7 @@ def get_course_of_submission(submission_id):
         db.session.rollback()
         abort_with_message(500, "An error occurred while fetching the submission")
     if not submission:
-        abort_with_message(404, "Submission with given id not found")
+        abort_with_message(404, f"Submission with id: {submission_id} not found")
     return get_course_of_project(submission.project_id)
 
 
@@ -345,14 +345,15 @@ def authorize_submission_author(f):
     @wraps(f)
     def wrap(*args, **kwargs):
         auth_user_id = return_authenticated_user_id()
+        submission_id = kwargs["submission_id"]
         try:
-            submission = db.session.get(Submission, kwargs["submission_id"])
+            submission = db.session.get(Submission, submission_id)
         except SQLAlchemyError:
             # every exception should result in a rollback
             db.session.rollback()
             abort_with_message(500, "An error occurred while fetching the submission")
         if not submission:
-            abort_with_message(404, "Submission with given id not found")
+            abort_with_message(404, f"Submission with id: {submission_id} not found")
         if submission.uid == auth_user_id:
             return f(*args, **kwargs)
         abort_with_message(403, "")
@@ -375,14 +376,15 @@ def authorize_submission_request(f):
     def wrap(*args, **kwargs):
         # submission_author / grader mag hier aan
         auth_user_id = return_authenticated_user_id()
+        submission_id = kwargs["submission_id"]
         try:
-            submission = db.session.get(Submission, kwargs["submission_id"])
+            submission = db.session.get(Submission, submission_id)
         except SQLAlchemyError:
             # every exception should result in a rollback
             db.session.rollback()
             abort_with_message(500, "An error occurred while fetching the submission")
         if not submission:
-            abort_with_message(404, "Submission with given id not found")
+            abort_with_message(404, f"Submission with id: {submission_id} not found")
         if submission.uid == auth_user_id:
             return f(*args, **kwargs)
         course_id = get_course_of_project(submission.project_id)

diff --git a/backend/test_auth_server/__main__.py b/backend/test_auth_server/__main__.py
@@ -23,8 +23,8 @@
         "id":"w_student",
         "jobTitle":None
     },
-    "student2":{
-        "id":"student02",
+    "student01":{
+        "id":"student01",
         "jobTitle":None
     },
     "course_admin1":{
@@ -34,7 +34,15 @@
     "del_user":{
         "id":"del",
         "jobTitle":None
-    }
+    },
+    "ad3_teacher":{
+        "id":"brinkmann",
+        "jobTitle0":"teacher"
+    },
+    "student02":{
+        "id":"student02",
+        "jobTitle":None
+    },
 }
 
 class Index(Resource):

diff --git a/backend/tests/endpoints/course/courses_test.py b/backend/tests/endpoints/course/courses_test.py
@@ -8,14 +8,14 @@ def test_post_courses(self, client, valid_course):
         Test posting a course to the /courses endpoint
         """
 
-        response = client.post("/courses", json=valid_course)
+        response = client.post("/courses", json=valid_course, headers={"Authorization":"teacher2"})
         assert response.status_code == 201
         data = response.json
         assert data["data"]["name"] == "Sel"
         assert data["data"]["teacher"] == valid_course["teacher"]
 
         # Is reachable using the API
-        get_response = client.get(f"/courses/{data['data']['course_id']}")
+        get_response = client.get(f"/courses/{data['data']['course_id']}", headers={"Authorization":"teacher1"})
         assert get_response.status_code == 200
 
 

diff --git a/backend/tests/endpoints/submissions_test.py b/backend/tests/endpoints/submissions_test.py
@@ -14,40 +14,40 @@ class TestSubmissionsEndpoint:
     ### GET SUBMISSIONS ###
     def test_get_submissions_wrong_user(self, client: FlaskClient):
         """Test getting submissions for a non-existing user"""
-        response = client.get("/submissions?uid=-20")
+        response = client.get("/submissions?uid=-20", headers={"Authorization":"teacher1"})
         assert response.status_code == 400
 
     def test_get_submissions_wrong_project(self, client: FlaskClient):
         """Test getting submissions for a non-existing project"""
-        response = client.get("/submissions?project_id=-1")
-        assert response.status_code == 400
+        response = client.get("/submissions?project_id=-1", headers={"Authorization":"teacher1"})
+        assert response.status_code == 404 # can't find course of project in authorization
         assert "message" in response.json
 
     def test_get_submissions_wrong_project_type(self, client: FlaskClient):
         """Test getting submissions for a non-existing project of the wrong type"""
-        response = client.get("/submissions?project_id=zero")
+        response = client.get("/submissions?project_id=zero", headers={"Authorization":"teacher1"})
         assert response.status_code == 400
         assert "message" in response.json
 
     def test_get_submissions_all(self, client: FlaskClient):
         """Test getting the submissions"""
-        response = client.get("/submissions")
+        response = client.get("/submissions", headers={"Authorization":"teacher1"})
         data = response.json
         assert response.status_code == 200
         assert "message" in data
         assert isinstance(data["data"], list)
 
     def test_get_submissions_user(self, client: FlaskClient, valid_submission_entry):
         """Test getting the submissions given a specific user"""
-        response = client.get(f"/submissions?uid={valid_submission_entry.uid}")
+        response = client.get(f"/submissions?uid={valid_submission_entry.uid}", headers={"Authorization":"teacher1"})
         data = response.json
         assert response.status_code == 200
         assert "message" in data
 
 
     def test_get_submissions_project(self, client: FlaskClient, valid_submission_entry):
         """Test getting the submissions given a specific project"""
-        response = client.get(f"/submissions?project_id={valid_submission_entry.project_id}")
+        response = client.get(f"/submissions?project_id={valid_submission_entry.project_id}", headers={"Authorization":"teacher1"})
         data = response.json
         assert response.status_code == 200
         assert "message" in data
@@ -179,7 +179,7 @@ def test_post_submissions_correct(
             "uid": "student02",
             "project_id": project.project_id,
             "files": files
-        })
+        }, headers={"Authorization":"student02"})
         data = response.json
         assert response.status_code == 201
         assert data["message"] == "Successfully fetched the submissions"
@@ -190,18 +190,18 @@ def test_post_submissions_correct(
     ### GET SUBMISSION ###
     def test_get_submission_wrong_id(self, client: FlaskClient, session: Session):
         """Test getting a submission for a non-existing submission id"""
-        response = client.get("/submissions/0")
+        response = client.get("/submissions/0", headers={"Authorization":"ad3_teacher"})
         data = response.json
         assert response.status_code == 404
-        assert data["message"] == "Submission (submission_id=0) not found"
+        assert data["message"] == "Submission with id: 0 not found"
 
     def test_get_submission_correct(self, client: FlaskClient, session: Session):
         """Test getting a submission"""
         project = session.query(Project).filter_by(title="B+ Trees").first()
         submission = session.query(Submission).filter_by(
             uid="student01", project_id=project.project_id
         ).first()
-        response = client.get(f"/submissions/{submission.submission_id}")
+        response = client.get(f"/submissions/{submission.submission_id}", headers={"Authorization":"ad3_teacher"})
         data = response.json
         assert response.status_code == 200
         assert data["message"] == "Successfully fetched the submission"
@@ -218,18 +218,18 @@ def test_get_submission_correct(self, client: FlaskClient, session: Session):
     ### PATCH SUBMISSION ###
     def test_patch_submission_wrong_id(self, client: FlaskClient, session: Session):
         """Test patching a submission for a non-existing submission id"""
-        response = client.patch("/submissions/0", data={"grading": 20})
+        response = client.patch("/submissions/0", data={"grading": 20}, headers={"Authorization":"ad3_teacher"})
         data = response.json
         assert response.status_code == 404
-        assert data["message"] == "Submission (submission_id=0) not found"
+        assert data["message"] == "Submission with id: 0 not found"
 
     def test_patch_submission_wrong_grading(self, client: FlaskClient, session: Session):
         """Test patching a submission with a wrong grading"""
         project = session.query(Project).filter_by(title="B+ Trees").first()
         submission = session.query(Submission).filter_by(
             uid="student02", project_id=project.project_id
         ).first()
-        response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 100})
+        response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 100}, headers={"Authorization":"ad3_teacher"})
         data = response.json
         assert response.status_code == 400
         assert data["message"] == "Invalid grading (grading=0-20)"
@@ -240,18 +240,18 @@ def test_patch_submission_wrong_grading_type(self, client: FlaskClient, session:
         submission = session.query(Submission).filter_by(
             uid="student02", project_id=project.project_id
         ).first()
-        response = client.patch(f"/submissions/{submission.submission_id}",data={"grading": "zero"})
+        response = client.patch(f"/submissions/{submission.submission_id}",data={"grading": "zero"}, headers={"Authorization":"ad3_teacher"})
         data = response.json
         assert response.status_code == 400
         assert data["message"] == "Invalid grading (grading=0-20)"
 
-    def test_patch_submission_correct(self, client: FlaskClient, session: Session):
+    def test_patch_submission_correct_teacher(self, client: FlaskClient, session: Session):
         """Test patching a submission"""
         project = session.query(Project).filter_by(title="B+ Trees").first()
         submission = session.query(Submission).filter_by(
             uid="student02", project_id=project.project_id
         ).first()
-        response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 20})
+        response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 20}, headers={"Authorization":"ad3_teacher"})
         data = response.json
         assert response.status_code == 200
         assert data["message"] == f"Submission (submission_id={submission.submission_id}) patched"
@@ -265,22 +265,24 @@ def test_patch_submission_correct(self, client: FlaskClient, session: Session):
             "path": "/submissions/2",
             "status": False
         }
+
+    # TODO test course admin (allowed) and student (not allowed) patch 
 
     ### DELETE SUBMISSION ###
     def test_delete_submission_wrong_id(self, client: FlaskClient, session: Session):
         """Test deleting a submission for a non-existing submission id"""
-        response = client.delete("submissions/0")
+        response = client.delete("submissions/0", headers={"Authorization":"student01"})
         data = response.json
         assert response.status_code == 404
-        assert data["message"] == "Submission (submission_id=0) not found"
+        assert data["message"] == "Submission with id: 0 not found"
 
     def test_delete_submission_correct(self, client: FlaskClient, session: Session):
         """Test deleting a submission"""
         project = session.query(Project).filter_by(title="B+ Trees").first()
         submission = session.query(Submission).filter_by(
             uid="student01", project_id=project.project_id
         ).first()
-        response = client.delete(f"submissions/{submission.submission_id}")
+        response = client.delete(f"submissions/{submission.submission_id}", headers={"Authorization":"student01"})
         data = response.json
         assert response.status_code == 200
         assert data["message"] == f"Submission (submission_id={submission.submission_id}) deleted"