Skip to content

Commit

Permalink
Update and add tests for course config routes
Browse files Browse the repository at this point in the history 
Updates positive test auth from staff to admin, adds negative tests to
ensure that non-admin staff are unable to read, update, create, or
delete course configs.
  • Loading branch information
@josh1248
josh1248 committed Oct 13, 2024
1 parent 93f8ed8 commit b0a6843
Showing 1 changed file with 61 additions and 14 deletions.
75 changes: 61 additions & 14 deletions test/cadet_web/admin_controllers/admin_courses_controller_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
end

@tag authenticate: :student
test "rejects forbidden request for non-staff users", %{conn: conn} do
test "rejects forbidden request for students", %{conn: conn} do
course_id = conn.assigns[:course_id]
old_course = Repo.get(Course, course_id)

Expand All @@ -98,6 +98,23 @@ defmodule CadetWeb.AdminCoursesControllerTest do
end

@tag authenticate: :staff
test "rejects forbidden request for non-admin staff", %{conn: conn} do
course_id = conn.assigns[:course_id]
old_course = Repo.get(Course, course_id)

conn =
put(conn, build_url_course_config(course_id), %{
"sourceChapter" => 3,
"sourceVariant" => "concurrent"
})

same_course = Repo.get(Course, course_id)

assert response(conn, 403) == "Forbidden"
assert old_course == same_course
end

@tag authenticate: :admin
test "rejects requests if user does not belong to the specified course", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -110,7 +127,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects requests with invalid params", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -123,7 +140,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 400) == "Invalid parameter(s)"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects requests with missing params", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -145,7 +162,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do

describe "GET /v2/courses/{course_id}/admin/configs/assessment_configs" do
@tag authenticate: :admin
test "succeeds", %{conn: conn} do
test "succeeds for admins", %{conn: conn} do
course_id = conn.assigns[:course_id]
course = Repo.get(Course, course_id)
config1 = insert(:assessment_config, %{order: 1, type: "Mission1", course: course})
Expand Down Expand Up @@ -206,8 +223,17 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert expected == resp
end

@tag authenticate: :staff
test "rejects forbidden request for non-admin staff", %{conn: conn} do
course_id = conn.assigns[:course_id]

resp = get(conn, build_url_assessment_configs(course_id))

assert response(resp, 403) == "Forbidden"
end

@tag authenticate: :student
test "rejects forbidden request for non-staff users", %{conn: conn} do
test "rejects forbidden request for students", %{conn: conn} do
course_id = conn.assigns[:course_id]

resp = get(conn, build_url_assessment_configs(course_id))
Expand Down Expand Up @@ -257,8 +283,20 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert new_configs == ["Missions", "Paths"]
end

@tag authenticate: :staff
test "rejects forbidden request for non-admin staff", %{conn: conn} do
course_id = conn.assigns[:course_id]

conn =
put(conn, build_url_assessment_configs(course_id), %{
"assessmentConfigs" => []
})

assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :student
test "rejects forbidden request for non-staff users", %{conn: conn} do
test "rejects forbidden request for students", %{conn: conn} do
course_id = conn.assigns[:course_id]

conn =
Expand All @@ -269,7 +307,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects request if user is not in specified course", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -281,7 +319,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects requests with invalid params 1", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -293,7 +331,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 400) == "missing assessmentConfig"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects requests with invalid params 2", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -306,7 +344,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
"assessmentConfigs should be a list of assessment configuration objects"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects requests with invalid params: more than 8", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -318,7 +356,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 400) == "Invalid parameter(s)"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects requests with missing params", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand Down Expand Up @@ -350,16 +388,25 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert new_configs == ["Paths"]
end

@tag authenticate: :staff
test "rejects forbidden request for non-admin staff", %{conn: conn} do
course_id = conn.assigns[:course_id]

conn = delete(conn, build_url_assessment_config(course_id, 1))

assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :student
test "rejects forbidden request for non-staff users", %{conn: conn} do
test "rejects forbidden request for students", %{conn: conn} do
course_id = conn.assigns[:course_id]

conn = delete(conn, build_url_assessment_config(course_id, 1))

assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "rejects request if user is not in specified course", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand All @@ -368,7 +415,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
assert response(conn, 403) == "Forbidden"
end

@tag authenticate: :staff
@tag authenticate: :admin
test "fails if config does not exist", %{conn: conn} do
course_id = conn.assigns[:course_id]

Expand Down

0 comments on commit b0a6843

Please sign in to comment.