diff --git a/backend/project/utils/authentication.py b/backend/project/utils/authentication.py index 4e83c998..2e78bd55 100644 --- a/backend/project/utils/authentication.py +++ b/backend/project/utils/authentication.py @@ -104,7 +104,7 @@ def is_teacher_of_course(auth_user_id, course_id): "url": f"{API_URL}/users"}, 500 if not course: - abort(404) + abort_with_message(404, f"Could not find course with id: {course_id}") if auth_user_id == course.teacher: return True @@ -151,7 +151,7 @@ def get_course_of_project(project_id): "url": f"{API_URL}/users"}, 500 if not project: - abort(404) + abort_with_message(404, f"Could not find project with id: {project_id}") return project.course_id @@ -176,7 +176,7 @@ def get_course_of_submission(submission_id): db.session.rollback() abort_with_message(500, "An error occurred while fetching the submission") if not submission: - abort_with_message(404, "Submission with given id not found") + abort_with_message(404, f"Submission with id: {submission_id} not found") return get_course_of_project(submission.project_id) @@ -345,14 +345,15 @@ def authorize_submission_author(f): @wraps(f) def wrap(*args, **kwargs): auth_user_id = return_authenticated_user_id() + submission_id = kwargs["submission_id"] try: - submission = db.session.get(Submission, kwargs["submission_id"]) + submission = db.session.get(Submission, submission_id) except SQLAlchemyError: # every exception should result in a rollback db.session.rollback() abort_with_message(500, "An error occurred while fetching the submission") if not submission: - abort_with_message(404, "Submission with given id not found") + abort_with_message(404, f"Submission with id: {submission_id} not found") if submission.uid == auth_user_id: return f(*args, **kwargs) abort_with_message(403, "") @@ -375,14 +376,15 @@ def authorize_submission_request(f): def wrap(*args, **kwargs): # submission_author / grader mag hier aan auth_user_id = return_authenticated_user_id() + submission_id = kwargs["submission_id"] try: - submission = db.session.get(Submission, kwargs["submission_id"]) + submission = db.session.get(Submission, submission_id) except SQLAlchemyError: # every exception should result in a rollback db.session.rollback() abort_with_message(500, "An error occurred while fetching the submission") if not submission: - abort_with_message(404, "Submission with given id not found") + abort_with_message(404, f"Submission with id: {submission_id} not found") if submission.uid == auth_user_id: return f(*args, **kwargs) course_id = get_course_of_project(submission.project_id) diff --git a/backend/test_auth_server/__main__.py b/backend/test_auth_server/__main__.py index 3a09eeff..2544968d 100644 --- a/backend/test_auth_server/__main__.py +++ b/backend/test_auth_server/__main__.py @@ -23,8 +23,8 @@ "id":"w_student", "jobTitle":None }, - "student2":{ - "id":"student02", + "student01":{ + "id":"student01", "jobTitle":None }, "course_admin1":{ @@ -34,7 +34,15 @@ "del_user":{ "id":"del", "jobTitle":None - } + }, + "ad3_teacher":{ + "id":"brinkmann", + "jobTitle0":"teacher" + }, + "student02":{ + "id":"student02", + "jobTitle":None + }, } class Index(Resource): diff --git a/backend/tests/endpoints/course/courses_test.py b/backend/tests/endpoints/course/courses_test.py index c9b64e15..f44b6402 100644 --- a/backend/tests/endpoints/course/courses_test.py +++ b/backend/tests/endpoints/course/courses_test.py @@ -8,14 +8,14 @@ def test_post_courses(self, client, valid_course): Test posting a course to the /courses endpoint """ - response = client.post("/courses", json=valid_course) + response = client.post("/courses", json=valid_course, headers={"Authorization":"teacher2"}) assert response.status_code == 201 data = response.json assert data["data"]["name"] == "Sel" assert data["data"]["teacher"] == valid_course["teacher"] # Is reachable using the API - get_response = client.get(f"/courses/{data['data']['course_id']}") + get_response = client.get(f"/courses/{data['data']['course_id']}", headers={"Authorization":"teacher1"}) assert get_response.status_code == 200 diff --git a/backend/tests/endpoints/submissions_test.py b/backend/tests/endpoints/submissions_test.py index be36592f..80bdb4b8 100644 --- a/backend/tests/endpoints/submissions_test.py +++ b/backend/tests/endpoints/submissions_test.py @@ -14,24 +14,24 @@ class TestSubmissionsEndpoint: ### GET SUBMISSIONS ### def test_get_submissions_wrong_user(self, client: FlaskClient): """Test getting submissions for a non-existing user""" - response = client.get("/submissions?uid=-20") + response = client.get("/submissions?uid=-20", headers={"Authorization":"teacher1"}) assert response.status_code == 400 def test_get_submissions_wrong_project(self, client: FlaskClient): """Test getting submissions for a non-existing project""" - response = client.get("/submissions?project_id=-1") - assert response.status_code == 400 + response = client.get("/submissions?project_id=-1", headers={"Authorization":"teacher1"}) + assert response.status_code == 404 # can't find course of project in authorization assert "message" in response.json def test_get_submissions_wrong_project_type(self, client: FlaskClient): """Test getting submissions for a non-existing project of the wrong type""" - response = client.get("/submissions?project_id=zero") + response = client.get("/submissions?project_id=zero", headers={"Authorization":"teacher1"}) assert response.status_code == 400 assert "message" in response.json def test_get_submissions_all(self, client: FlaskClient): """Test getting the submissions""" - response = client.get("/submissions") + response = client.get("/submissions", headers={"Authorization":"teacher1"}) data = response.json assert response.status_code == 200 assert "message" in data @@ -39,7 +39,7 @@ def test_get_submissions_all(self, client: FlaskClient): def test_get_submissions_user(self, client: FlaskClient, valid_submission_entry): """Test getting the submissions given a specific user""" - response = client.get(f"/submissions?uid={valid_submission_entry.uid}") + response = client.get(f"/submissions?uid={valid_submission_entry.uid}", headers={"Authorization":"teacher1"}) data = response.json assert response.status_code == 200 assert "message" in data @@ -47,7 +47,7 @@ def test_get_submissions_user(self, client: FlaskClient, valid_submission_entry) def test_get_submissions_project(self, client: FlaskClient, valid_submission_entry): """Test getting the submissions given a specific project""" - response = client.get(f"/submissions?project_id={valid_submission_entry.project_id}") + response = client.get(f"/submissions?project_id={valid_submission_entry.project_id}", headers={"Authorization":"teacher1"}) data = response.json assert response.status_code == 200 assert "message" in data @@ -179,7 +179,7 @@ def test_post_submissions_correct( "uid": "student02", "project_id": project.project_id, "files": files - }) + }, headers={"Authorization":"student02"}) data = response.json assert response.status_code == 201 assert data["message"] == "Successfully fetched the submissions" @@ -190,10 +190,10 @@ def test_post_submissions_correct( ### GET SUBMISSION ### def test_get_submission_wrong_id(self, client: FlaskClient, session: Session): """Test getting a submission for a non-existing submission id""" - response = client.get("/submissions/0") + response = client.get("/submissions/0", headers={"Authorization":"ad3_teacher"}) data = response.json assert response.status_code == 404 - assert data["message"] == "Submission (submission_id=0) not found" + assert data["message"] == "Submission with id: 0 not found" def test_get_submission_correct(self, client: FlaskClient, session: Session): """Test getting a submission""" @@ -201,7 +201,7 @@ def test_get_submission_correct(self, client: FlaskClient, session: Session): submission = session.query(Submission).filter_by( uid="student01", project_id=project.project_id ).first() - response = client.get(f"/submissions/{submission.submission_id}") + response = client.get(f"/submissions/{submission.submission_id}", headers={"Authorization":"ad3_teacher"}) data = response.json assert response.status_code == 200 assert data["message"] == "Successfully fetched the submission" @@ -218,10 +218,10 @@ def test_get_submission_correct(self, client: FlaskClient, session: Session): ### PATCH SUBMISSION ### def test_patch_submission_wrong_id(self, client: FlaskClient, session: Session): """Test patching a submission for a non-existing submission id""" - response = client.patch("/submissions/0", data={"grading": 20}) + response = client.patch("/submissions/0", data={"grading": 20}, headers={"Authorization":"ad3_teacher"}) data = response.json assert response.status_code == 404 - assert data["message"] == "Submission (submission_id=0) not found" + assert data["message"] == "Submission with id: 0 not found" def test_patch_submission_wrong_grading(self, client: FlaskClient, session: Session): """Test patching a submission with a wrong grading""" @@ -229,7 +229,7 @@ def test_patch_submission_wrong_grading(self, client: FlaskClient, session: Sess submission = session.query(Submission).filter_by( uid="student02", project_id=project.project_id ).first() - response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 100}) + response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 100}, headers={"Authorization":"ad3_teacher"}) data = response.json assert response.status_code == 400 assert data["message"] == "Invalid grading (grading=0-20)" @@ -240,18 +240,18 @@ def test_patch_submission_wrong_grading_type(self, client: FlaskClient, session: submission = session.query(Submission).filter_by( uid="student02", project_id=project.project_id ).first() - response = client.patch(f"/submissions/{submission.submission_id}",data={"grading": "zero"}) + response = client.patch(f"/submissions/{submission.submission_id}",data={"grading": "zero"}, headers={"Authorization":"ad3_teacher"}) data = response.json assert response.status_code == 400 assert data["message"] == "Invalid grading (grading=0-20)" - def test_patch_submission_correct(self, client: FlaskClient, session: Session): + def test_patch_submission_correct_teacher(self, client: FlaskClient, session: Session): """Test patching a submission""" project = session.query(Project).filter_by(title="B+ Trees").first() submission = session.query(Submission).filter_by( uid="student02", project_id=project.project_id ).first() - response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 20}) + response = client.patch(f"/submissions/{submission.submission_id}", data={"grading": 20}, headers={"Authorization":"ad3_teacher"}) data = response.json assert response.status_code == 200 assert data["message"] == f"Submission (submission_id={submission.submission_id}) patched" @@ -265,14 +265,16 @@ def test_patch_submission_correct(self, client: FlaskClient, session: Session): "path": "/submissions/2", "status": False } + + # TODO test course admin (allowed) and student (not allowed) patch ### DELETE SUBMISSION ### def test_delete_submission_wrong_id(self, client: FlaskClient, session: Session): """Test deleting a submission for a non-existing submission id""" - response = client.delete("submissions/0") + response = client.delete("submissions/0", headers={"Authorization":"student01"}) data = response.json assert response.status_code == 404 - assert data["message"] == "Submission (submission_id=0) not found" + assert data["message"] == "Submission with id: 0 not found" def test_delete_submission_correct(self, client: FlaskClient, session: Session): """Test deleting a submission""" @@ -280,7 +282,7 @@ def test_delete_submission_correct(self, client: FlaskClient, session: Session): submission = session.query(Submission).filter_by( uid="student01", project_id=project.project_id ).first() - response = client.delete(f"submissions/{submission.submission_id}") + response = client.delete(f"submissions/{submission.submission_id}", headers={"Authorization":"student01"}) data = response.json assert response.status_code == 200 assert data["message"] == f"Submission (submission_id={submission.submission_id}) deleted"