Skip to content

Commit

Permalink
Remove soft_extended_due_date from views for non-admins
Browse files Browse the repository at this point in the history
  • Loading branch information
MattyMay committed Aug 27, 2024
1 parent 3e7870f commit fc419c6
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 11 deletions.
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import datetime
from typing import List
from typing import List, Dict
from unittest import mock

from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group
from django.core.files.uploadedfile import SimpleUploadedFile
from django.urls import reverse
from django.utils import timezone
Expand Down Expand Up @@ -66,8 +66,12 @@ def test_admin_list_groups(self):

def test_staff_list_groups(self):
staff = obj_build.make_staff_user(self.project.course)
groups = self.build_groups(self.project)
for group in groups:
group.pop('hard_extended_due_date', None)

self.do_list_objects_test(
self.client, staff, self.url, self.build_groups(self.project), check_order=True)
self.client, staff, self.url, groups, check_order=True)

def test_student_list_groups_permission_denied(self):
self.project.validate_and_update(visible_to_students=True)
Expand All @@ -77,8 +81,12 @@ def test_student_list_groups_permission_denied(self):

def test_handgrader_list_groups(self):
handgrader = obj_build.make_handgrader_user(self.course)
groups = self.build_groups(self.project)
for group in groups:
group.pop('hard_extended_due_date', None)

self.do_list_objects_test(
self.client, handgrader, self.url, self.build_groups(self.project))
self.client, handgrader, self.url, groups)

def test_guest_list_groups_permission_denied(self):
self.project.validate_and_update(visible_to_students=True, guests_can_submit=True)
Expand Down Expand Up @@ -315,32 +323,48 @@ def test_admin_or_staff_get_group(self):
admin = obj_build.make_admin_user(self.course)
staff = obj_build.make_staff_user(self.course)

def expected_data(group):
data = group.to_dict()
if user is staff:
data.pop("hard_extended_due_date", None)
return data

for user in admin, staff:
student_group = obj_build.make_group(project=self.project)
self.do_get_object_test(
self.client, user, self.group_url(student_group), student_group.to_dict())
self.client, user, self.group_url(student_group), expected_data(student_group))

guest_group = obj_build.make_group(
project=self.project, members_role=obj_build.UserRole.guest)
self.do_get_object_test(
self.client, user, self.group_url(guest_group), guest_group.to_dict())
self.client, user, self.group_url(guest_group), expected_data(guest_group))

admin_group = obj_build.make_group(
project=self.project, members_role=obj_build.UserRole.admin)
self.do_get_object_test(
self.client, user, self.group_url(admin_group), admin_group.to_dict())
self.client, user, self.group_url(admin_group), expected_data(admin_group))

def test_student_get_group(self):
self.project.validate_and_update(visible_to_students=True)
group = obj_build.make_group(project=self.project)

# students shouldn't see hard extended due date
expected_data = group.to_dict()
expected_data.pop("hard_extended_due_date", None)

self.do_get_object_test(
self.client, group.members.first(), self.group_url(group), group.to_dict())
self.client, group.members.first(), self.group_url(group), expected_data)

def test_guest_get_group(self):
self.project.validate_and_update(visible_to_students=True, guests_can_submit=True)
group = obj_build.make_group(project=self.project, members_role=obj_build.UserRole.guest)

# guests shouldn't see hard extended due date
expected_data = group.to_dict()
expected_data.pop("hard_extended_due_date", None)

self.do_get_object_test(
self.client, group.members.first(), self.group_url(group), group.to_dict())
self.client, group.members.first(), self.group_url(group), expected_data)

def test_non_member_get_group_permission_denied(self):
self.project.validate_and_update(visible_to_students=True)
Expand Down
12 changes: 10 additions & 2 deletions autograder/rest_api/views/group_views.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,19 @@
}


class SerializeGroupMixin:
def serialize_object(self, obj: ag_models.Group) -> dict:
result = super().serialize_object(obj)
if not obj.project.course.is_admin(self.request.user):
result.pop('hard_extended_due_date', None)
return result


class _ListCreateGroupSchema(AGListViewSchemaMixin, CustomViewSchema):
pass


class ListCreateGroupsView(NestedModelView):
class ListCreateGroupsView(SerializeGroupMixin, NestedModelView):
schema = _ListCreateGroupSchema([APITags.groups], api_class=ag_models.Group, data={
'POST': {
'operation_id': 'createGroup',
Expand Down Expand Up @@ -188,7 +196,7 @@ class _GroupDetailSchema(AGRetrieveViewSchemaMixin, AGPatchViewSchemaMixin, Cust
pass


class GroupDetailView(AGModelDetailView):
class GroupDetailView(SerializeGroupMixin, AGModelDetailView):
schema = _GroupDetailSchema([APITags.groups], {
'DELETE': {'operation_id': 'pseudoDeleteGroup'}
})
Expand Down

0 comments on commit fc419c6

Please sign in to comment.