TEAMMATES
diff --git a/‎src/test/java/teammates/sqlui/webapi/RegenerateInstructorKeyActionTest.java‎
Lines changed: 2 additions & 41 deletions b/‎src/test/java/teammates/sqlui/webapi/RegenerateInstructorKeyActionTest.java‎
Lines changed: 2 additions & 41 deletions
diff --git a/‎src/test/java/teammates/sqlui/webapi/RegenerateStudentKeyActionTest.java‎
Lines changed: 2 additions & 41 deletions b/‎src/test/java/teammates/sqlui/webapi/RegenerateStudentKeyActionTest.java‎
Lines changed: 2 additions & 41 deletions
diff --git a/‎src/test/java/teammates/sqlui/webapi/ResetAccountActionTest.java‎
Lines changed: 10 additions & 45 deletions b/‎src/test/java/teammates/sqlui/webapi/ResetAccountActionTest.java‎
Lines changed: 10 additions & 45 deletions
diff --git a/‎src/test/java/teammates/sqlui/webapi/ResetAccountRequestActionTest.java‎
Lines changed: 2 additions & 24 deletions b/‎src/test/java/teammates/sqlui/webapi/ResetAccountRequestActionTest.java‎
Lines changed: 2 additions & 24 deletions
diff --git a/‎src/test/java/teammates/sqlui/webapi/RestoreFeedbackSessionActionTest.java‎
Lines changed: 7 additions & 77 deletions b/‎src/test/java/teammates/sqlui/webapi/RestoreFeedbackSessionActionTest.java‎
Lines changed: 7 additions & 77 deletions
diff --git a/‎src/test/java/teammates/sqlui/webapi/SearchAccountRequestsActionTest.java‎
Lines changed: 2 additions & 24 deletions b/‎src/test/java/teammates/sqlui/webapi/SearchAccountRequestsActionTest.java‎
Lines changed: 2 additions & 24 deletions
@@ -194,50 +194,11 @@ void testExecute_missingCourseId_throwsInvalidHttpParameterException() {
     }
 
     @Test
-    void testSpecificAccessControl_admin_canAccess() {
-        loginAsAdmin();
-
+    void testAccessControl() {
         String[] params = {
                 Const.ParamsNames.COURSE_ID, instructor.getCourseId(),
                 Const.ParamsNames.INSTRUCTOR_EMAIL, instructor.getEmail(),
         };
-
-        verifyCanAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_instructor_cannotAccess() {
-        loginAsInstructor("instructor-googleId");
-
-        String[] params = {
-                Const.ParamsNames.COURSE_ID, instructor.getCourseId(),
-                Const.ParamsNames.INSTRUCTOR_EMAIL, instructor.getEmail(),
-        };
-
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_student_cannotAccess() {
-        loginAsStudent("student-googleId");
-
-        String[] params = {
-                Const.ParamsNames.COURSE_ID, instructor.getCourseId(),
-                Const.ParamsNames.INSTRUCTOR_EMAIL, instructor.getEmail(),
-        };
-
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_loggedOut_cannotAccess() {
-        logoutUser();
-
-        String[] params = {
-                Const.ParamsNames.COURSE_ID, instructor.getCourseId(),
-                Const.ParamsNames.INSTRUCTOR_EMAIL, instructor.getEmail(),
-        };
-
-        verifyCannotAccess(params);
+        verifyOnlyAdminsCanAccess(params);
     }
 }
@@ -196,50 +196,11 @@ void testExecute_missingCourseId_throwsInvalidHttpParameterException() {
     }
 
     @Test
-    void testSpecificAccessControl_admin_canAccess() {
-        loginAsAdmin();
-
+    void testAccessControl() {
         String[] params = {
                 Const.ParamsNames.COURSE_ID, student.getCourseId(),
                 Const.ParamsNames.STUDENT_EMAIL, student.getEmail(),
         };
-
-        verifyCanAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_instructor_cannotAccess() {
-        loginAsInstructor("instructor-googleId");
-
-        String[] params = {
-                Const.ParamsNames.COURSE_ID, student.getCourseId(),
-                Const.ParamsNames.STUDENT_EMAIL, student.getEmail(),
-        };
-
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_student_cannotAccess() {
-        loginAsStudent("student-googleId");
-
-        String[] params = {
-                Const.ParamsNames.COURSE_ID, student.getCourseId(),
-                Const.ParamsNames.STUDENT_EMAIL, student.getEmail(),
-        };
-
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_loggedOut_cannotAccess() {
-        logoutUser();
-
-        String[] params = {
-                Const.ParamsNames.COURSE_ID, student.getCourseId(),
-                Const.ParamsNames.STUDENT_EMAIL, student.getEmail(),
-        };
-
-        verifyCannotAccess(params);
+        verifyOnlyAdminsCanAccess(params);
     }
 }
@@ -277,70 +277,35 @@ void testExecute_instructorResetAccountThrowsEntityDoesNotExistException_throwsE
     }
 
     @Test
-    void testSpecificAccessControl_admin_canAccess() {
-        loginAsAdmin();
-
-        String[] params1 = {
+    void testAccessControl() {
+        String[] params1 = {};
+        String[] params2 = {
                 Const.ParamsNames.STUDENT_EMAIL, stubStudent.getEmail(),
                 Const.ParamsNames.COURSE_ID, stubStudent.getCourseId(),
         };
-        verifyCanAccess(params1);
-
-        String[] params2 = {};
-        verifyCanAccess(params2);
-
         String[] params3 = {
                 Const.ParamsNames.INSTRUCTOR_EMAIL, stubInstructor.getEmail(),
         };
-        verifyCanAccess(params3);
-
         String[] params4 = {
                 Const.ParamsNames.STUDENT_EMAIL, stubStudent.getEmail(),
         };
-        verifyCanAccess(params4);
-
         String[] params5 = {
                 Const.ParamsNames.INSTRUCTOR_EMAIL, stubInstructor.getEmail(),
                 Const.ParamsNames.STUDENT_EMAIL, stubStudent.getEmail(),
         };
-        verifyCanAccess(params5);
-
         String[] params6 = {
                 Const.ParamsNames.COURSE_ID, stubInstructor.getCourseId(),
         };
-        verifyCanAccess(params6);
-
         String[] params7 = {
                 "random-params", "random-value",
         };
-        verifyCanAccess(params7);
-    }
-
-    @Test
-    void testSpecificAccessControl_notAdmin_cannotAccess() {
-        String[] params = {
-                Const.ParamsNames.STUDENT_EMAIL, stubStudent.getEmail(),
-                Const.ParamsNames.COURSE_ID, stubStudent.getCourseId(),
-        };
-        verifyCannotAccess(params);
-
-        loginAsInstructor(stubInstructor.getGoogleId());
-        verifyCannotAccess(params);
 
-        logoutUser();
-        loginAsStudent(stubStudent.getGoogleId());
-        verifyCannotAccess(params);
-
-        logoutUser();
-        loginAsMaintainer();
-        verifyCannotAccess(params);
-
-        logoutUser();
-        loginAsStudentInstructor(stubStudent.getGoogleId());
-        verifyCannotAccess(params);
-
-        logoutUser();
-        loginAsUnregistered(stubInstructor.getGoogleId());
-        verifyCannotAccess(params);
+        verifyOnlyAdminsCanAccess(params1);
+        verifyOnlyAdminsCanAccess(params2);
+        verifyOnlyAdminsCanAccess(params3);
+        verifyOnlyAdminsCanAccess(params4);
+        verifyOnlyAdminsCanAccess(params5);
+        verifyOnlyAdminsCanAccess(params6);
+        verifyOnlyAdminsCanAccess(params7);
     }
 }
@@ -119,32 +119,10 @@ void testExecute_missingAccountRequestId_throwsInvalidHttpParameterException()
     }
 
     @Test
-    void testSpecificAccessControl_admin_canAccess() {
-        loginAsAdmin();
-
-        String[] params = {
-                Const.ParamsNames.ACCOUNT_REQUEST_ID, accountRequest.getId().toString(),
-        };
-
-        verifyCanAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_notAdmin_cannotAccess() {
+    void testAccessControl() {
         String[] params = {
                 Const.ParamsNames.ACCOUNT_REQUEST_ID, accountRequest.getId().toString(),
         };
-
-        loginAsUnregistered("unregistered");
-        verifyCannotAccess(params);
-
-        loginAsStudent("student");
-        verifyCannotAccess(params);
-
-        loginAsInstructor("instructor");
-        verifyCannotAccess(params);
-
-        logoutUser();
-        verifyCannotAccess(params);
+        verifyOnlyAdminsCanAccess(params);
     }
 }
@@ -10,7 +10,6 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
-import teammates.common.datatransfer.InstructorPrivileges;
 import teammates.common.exception.EntityDoesNotExistException;
 import teammates.common.util.Const;
 import teammates.storage.sqlentity.Course;
@@ -151,89 +150,20 @@ void testExecute_restoreFeedbackSessionThrowsEntityDoesNotExist_throwsEntityNotF
     }
 
     @Test
-    void testAccessControl_notLoggedIn_cannotAccess() {
-        String[] params = new String[] {
-                Const.ParamsNames.COURSE_ID, COURSE_ID,
-                Const.ParamsNames.FEEDBACK_SESSION_NAME, FEEDBACK_SESSION_NAME,
-        };
-
-        logoutUser();
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testAccessControl_unregisteredUser_cannotAccess() {
-        String[] params = new String[] {
-                Const.ParamsNames.COURSE_ID, COURSE_ID,
-                Const.ParamsNames.FEEDBACK_SESSION_NAME, FEEDBACK_SESSION_NAME,
-        };
-
-        loginAsUnregistered(GOOGLE_ID);
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testAccessControl_student_cannotAccess() {
-        String[] params = new String[] {
-                Const.ParamsNames.COURSE_ID, COURSE_ID,
-                Const.ParamsNames.FEEDBACK_SESSION_NAME, FEEDBACK_SESSION_NAME,
-        };
-
-        loginAsStudent(GOOGLE_ID);
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testAccessControl_instructorOfOtherCourses_cannotAccess() {
-        when(mockLogic.getFeedbackSessionFromRecycleBin(FEEDBACK_SESSION_NAME, COURSE_ID))
-                .thenReturn(stubFeedbackSession);
-        Course otherCourse = getTypicalCourse();
-        otherCourse.setId("other-course-id");
-        stubInstructor.setCourse(otherCourse);
-        when(mockLogic.getInstructorByGoogleId(COURSE_ID, GOOGLE_ID)).thenReturn(stubInstructor);
-
-        String[] params = new String[] {
-                Const.ParamsNames.COURSE_ID, COURSE_ID,
-                Const.ParamsNames.FEEDBACK_SESSION_NAME, FEEDBACK_SESSION_NAME,
-        };
-
-        loginAsInstructor(GOOGLE_ID);
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testAccessControl_instructorOfSameCourseWithoutCorrectCoursePrivilege_cannotAccess() {
-        when(mockLogic.getFeedbackSessionFromRecycleBin(FEEDBACK_SESSION_NAME, COURSE_ID))
-                .thenReturn(stubFeedbackSession);
-        InstructorPrivileges privileges = new InstructorPrivileges();
-        privileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_SESSION, false);
-        stubInstructor.setPrivileges(privileges);
-        when(mockLogic.getInstructorByGoogleId(COURSE_ID, GOOGLE_ID)).thenReturn(stubInstructor);
-
-        String[] params = new String[] {
-                Const.ParamsNames.COURSE_ID, COURSE_ID,
-                Const.ParamsNames.FEEDBACK_SESSION_NAME, FEEDBACK_SESSION_NAME,
-        };
-
-        loginAsInstructor(GOOGLE_ID);
-        verifyCannotAccess(params);
-    }
-
-    @Test
-    void testAccessControl_instructorOfSameCourseWithCorrectCoursePrivilege_canAccess() {
+    void testAccessControl() {
         when(mockLogic.getFeedbackSessionFromRecycleBin(FEEDBACK_SESSION_NAME, COURSE_ID))
                 .thenReturn(stubFeedbackSession);
-        InstructorPrivileges privileges = new InstructorPrivileges();
-        privileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_SESSION, true);
-        stubInstructor.setPrivileges(privileges);
-        when(mockLogic.getInstructorByGoogleId(COURSE_ID, GOOGLE_ID)).thenReturn(stubInstructor);
 
         String[] params = new String[] {
                 Const.ParamsNames.COURSE_ID, COURSE_ID,
                 Const.ParamsNames.FEEDBACK_SESSION_NAME, FEEDBACK_SESSION_NAME,
         };
 
-        loginAsInstructor(GOOGLE_ID);
-        verifyCanAccess(params);
+        verifyOnlyInstructorsOfTheSameCourseWithCorrectCoursePrivilegeCanAccess(
+                stubFeedbackSession.getCourse(),
+                Const.InstructorPermissions.CAN_MODIFY_SESSION,
+                params
+        );
+        verifyInstructorsOfOtherCoursesCannotAccess(params);
     }
 }
@@ -139,32 +139,10 @@ void testExecute_nullSearchKey_throwsInvalidHttpParameterException() {
     }
 
     @Test
-    void testSpecificAccessControl_admin_canAccess() {
-        loginAsAdmin();
-
-        String[] params = {
-                Const.ParamsNames.SEARCH_KEY, searchKey,
-        };
-
-        verifyCanAccess(params);
-    }
-
-    @Test
-    void testSpecificAccessControl_notAdmin_cannotAccess() {
+    void testAccessControl() {
         String[] params = {
                 Const.ParamsNames.SEARCH_KEY, searchKey,
         };
-
-        loginAsUnregistered("unregistered");
-        verifyCannotAccess(params);
-
-        loginAsStudent("student");
-        verifyCannotAccess(params);
-
-        loginAsInstructor("instructor");
-        verifyCannotAccess(params);
-
-        logoutUser();
-        verifyCannotAccess(params);
+        verifyOnlyAdminsCanAccess(params);
     }
 }