tests: add unit tests to the LearningPathEnrollmentView and fixes related issues

Author: tecoholic

.gitignore

@@ -63,3 +63,5 @@ docs/learning_paths.*.rst
 # Private requirements
 requirements/private.in
 requirements/private.txt
+.idea
+default.db

docs/decisions/0003-learning-path-enrollment-api.rst

@@ -98,7 +98,7 @@ Implement an API exposing the LearningPathEnrollment model. This API will allow
 learners to be enrolled in the Learning Path.
 
 +---------------------+-------------------------------------------------------+
-| API Path            | /api/v1/learning-path-enrollment/<learning_path_id>   |
+| API Path            | /api/v1/learning-paths/<learning_path_id>/enrollment/  |
 +---------------------+-------------------------------------------------------+
 | Methods             | GET, POST, DELETE                                     |
 +---------------------+-------------------------------------------------------+

learning_paths/api/v1/serializers.py

@@ -90,4 +90,4 @@ class LearningPathGradeSerializer(serializers.Serializer):
 class LearningPathEnrollmentSerializer(serializers.ModelSerializer):
     class Meta:
         model = LearningPathEnrollment
-        fields = ("pk", "user", "learning_path", "is_active", "enrolled_at")
+        fields = ("id", "user", "learning_path", "is_active", "enrolled_at")

learning_paths/api/v1/tests/factories.py

@@ -1,9 +1,15 @@
 # pylint: disable=missing-module-docstring,missing-class-docstring
+from datetime import datetime, timezone
+
 import factory
 from django.contrib import auth
 from factory.fuzzy import FuzzyText
 
-from learning_paths.models import LearningPath, LearningPathGradingCriteria
+from learning_paths.models import (
+    LearningPath,
+    LearningPathEnrollment,
+    LearningPathGradingCriteria,
+)
 
 User = auth.get_user_model()
 
@@ -31,7 +37,6 @@ class Meta:
     uuid = factory.Faker("uuid4")
     display_name = FuzzyText()
     slug = FuzzyText()
-    display_name = FuzzyText()
     description = FuzzyText()
     sequential = False
 
@@ -43,3 +48,17 @@ class Meta:
     learning_path = factory.SubFactory(LearnerPathwayFactory)
     required_completion = 0.80
     required_grade = 0.75
+
+
+class LearningPathEnrollmentFactory(factory.django.DjangoModelFactory):
+    """
+    Factory for LearningPathEnrollment model.
+    """
+
+    user = factory.SubFactory(UserFactory)
+    learning_path = factory.SubFactory(LearnerPathwayFactory)
+    is_active = True
+    enrolled_at = factory.LazyFunction(lambda: datetime.now(timezone.utc))
+
+    class Meta:
+        model = LearningPathEnrollment

learning_paths/api/v1/tests/test_views.py

@@ -1,6 +1,7 @@
 # pylint: disable=missing-module-docstring,missing-class-docstring
 from unittest.mock import patch
 
+from django.test import override_settings
 from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APIRequestFactory, APITestCase, force_authenticate
@@ -12,6 +13,7 @@
 from learning_paths.api.v1.tests.factories import (
     LearnerPathGradingCriteriaFactory,
     LearnerPathwayFactory,
+    LearningPathEnrollmentFactory,
     UserFactory,
 )
 from learning_paths.api.v1.views import (
@@ -123,3 +125,310 @@ def test_learning_path_grade_success(
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data["grade"], 0.85)
         self.assertTrue(response.data["required_grade"], 0.75)
+
+
+class LearningPathEnrollmentTests(APITestCase):
+    def setUp(self) -> None:
+        super().setUp()
+        self.admin = UserFactory(is_staff=True, is_superuser=True)
+        self.staff_user = UserFactory(is_staff=True)
+        self.learner = UserFactory()
+        self.another_learner = UserFactory()
+        self.learning_path = LearnerPathwayFactory.create()
+        self.url = f"/api/v1/learning-paths/{self.learning_path.uuid}/enrollments/"
+
+    def test_get_with_username_for_staff_or_admin(self):
+        """
+        GIVEN `username` query parameter is present
+        WHEN the request is made by staff or admin
+        THEN return existing active enrollments for `username`.
+        """
+        active_enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+
+        # Test for admin
+        self.client.force_authenticate(user=self.admin)
+        response = self.client.get(
+            self.url, query_params={"username": self.learner.username}
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn(
+            active_enrollment.id, [enrollment["id"] for enrollment in response.data]
+        )
+
+        # Test for staff
+        self.client.force_authenticate(user=self.staff_user)
+        response = self.client.get(
+            self.url, query_params={"username": self.learner.username}
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn(
+            active_enrollment.id, [enrollment["id"] for enrollment in response.data]
+        )
+
+    def test_get_with_username_for_non_staff(self):
+        """
+        GIVEN `username` query parameter is present
+        WHEN the request is made by non-staff
+        THEN return active enrollment if username matches the current user,
+            403 otherwise.
+        """
+        active_enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+
+        # Test for matching username
+        self.client.force_authenticate(user=self.learner)
+        response = self.client.get(
+            self.url, query_params={"username": self.learner.username}
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn(
+            active_enrollment.id, [enrollment["id"] for enrollment in response.data]
+        )
+
+        # Test for non-matching username
+        other_user = UserFactory()
+        response = self.client.get(self.url, {"username": other_user.username})
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_get_without_username_for_staff_or_admin(self):
+        """
+        GIVEN `username` query parameter is missing or empty
+        WHEN the request is made by staff or admin
+        THEN return all the active enrollments for the learning path.
+        """
+        enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+
+        # Test when enrollment is active for admin
+        self.client.force_authenticate(user=self.admin)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn(enrollment.id, [enrollment["id"] for enrollment in response.data])
+
+        # Test when enrollment is inactive for admin
+        enrollment.is_active = False  # Mark the same enrollment as inactive
+        enrollment.save()
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertNotIn(
+            enrollment.id, [enrollment["id"] for enrollment in response.data]
+        )
+
+        # Test when enrollment is inactive for staff
+        self.client.force_authenticate(user=self.staff_user)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertNotIn(
+            enrollment.id, [enrollment["id"] for enrollment in response.data]
+        )
+
+        # Test when enrollment is active again for staff
+        enrollment.is_active = True  # Mark it active again
+        enrollment.save()
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn(enrollment.id, [enrollment["id"] for enrollment in response.data])
+
+    def test_get_without_username_for_non_staff(self):
+        """
+        GIVEN `username` query parameter is absent
+        WHEN the request is made by non-staff
+        THEN return active enrollment or empty list
+        """
+        # No enrollment
+        self.client.force_authenticate(user=self.learner)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, [])
+
+        # Active enrollment
+        enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn(enrollment.id, [enrollment["id"] for enrollment in response.data])
+
+        # Inactive enrollment
+        enrollment.is_active = False
+        enrollment.save()
+
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, [])
+
+    def test_enroll_current_user_when_username_absent(self):
+        """
+        GIVEN `username` query parameter is absent
+        WHEN the request is made
+        THEN enroll the `currentUser` in the given Learning Path successfully.
+        """
+        self.client.force_authenticate(user=self.learner)
+        response = self.client.post(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertTrue(
+            LearningPathEnrollmentFactory._meta.model.objects.filter(
+                user=self.learner, learning_path=self.learning_path, is_active=True
+            ).exists()
+        )
+
+    def test_enroll_different_user_when_current_user_is_staff_or_admin(self):
+        """
+        GIVEN `username` query parameter is provided and different from the `currentUser`
+        WHEN the `currentUser` is staff or admin
+        THEN enroll the `username` in the Learning Path.
+        """
+        self.client.force_authenticate(user=self.staff_user)
+        response = self.client.post(
+            f"{self.url}?username={self.another_learner.username}"
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertTrue(
+            LearningPathEnrollmentFactory._meta.model.objects.filter(
+                user=self.another_learner,
+                learning_path=self.learning_path,
+                is_active=True,
+            ).exists()
+        )
+
+    def test_non_staff_user_enrolling_different_user_returns_403(self):
+        """
+        GIVEN `username` query parameter is provided and different from the `currentUser`
+        WHEN the `currentUser` is not staff or admin
+        THEN return HTTP 403 Forbidden.
+        """
+        self.client.force_authenticate(user=self.learner)
+
+        response = self.client.post(
+            f"{self.url}?username={self.another_learner.username}"
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_enrollment_returns_404_for_invalid_user_or_learning_path(self):
+        """
+        GIVEN invalid `username` or `learning_path_id`
+        WHEN a POST request is made
+        THEN return HTTP 404 Not Found.
+        """
+        self.client.force_authenticate(user=self.admin)
+
+        # Test invalid username
+        response = self.client.post(f"{self.url}?username=nonexistentuser")
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+        # Test invalid learning_path_id
+        response = self.client.post(
+            "/api/learning-paths/2ac8a3cc-e492-4ce9-88a3-cce4922ce9df/enrollments/"
+        )  # Invalid Learning Path ID
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_enrollment_returns_409_if_already_enrolled(self):
+        """
+        GIVEN an active enrollment exists for the user and Learning Path
+        WHEN a POST request is made
+        THEN return HTTP 409 Conflict.
+        """
+        LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+        self.client.force_authenticate(user=self.learner)
+
+        response = self.client.post(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_409_CONFLICT)
+
+    @override_settings(LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=True)
+    def test_self_unenrollment_marks_enrollment_inactive(self):
+        """
+        GIVEN an active enrollment exists for the current user
+        WHEN a DELETE request is made with `LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=True`
+        THEN the enrollment is marked inactive (`is_active=False`).
+        """
+        enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+        self.client.force_authenticate(user=self.learner)
+
+        response = self.client.delete(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+        enrollment.refresh_from_db()
+        self.assertFalse(enrollment.is_active)  # Check is_active field is now False
+
+    @override_settings(LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=False)
+    def test_self_unenrollment_denied_when_setting_disabled(self):
+        """
+        GIVEN an active enrollment exists for the current user
+        WHEN a DELETE request is made and `LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=False`
+        THEN the request is denied with HTTP 403.
+        """
+        LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+        self.client.force_authenticate(user=self.learner)
+
+        response = self.client.delete(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    @override_settings(LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=False)
+    def test_staff_unenrollment_succeeds_when_setting_disabled(self):
+        """
+        GIVEN an active enrollment exists for a learner
+        WHEN a DELETE request is made by a staff user and `LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=False`
+        THEN the enrollment is marked inactive (`is_active=False`) successfully.
+
+        This is necessary to verify that the setting doesn't affect staff users.
+        """
+        enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+        self.client.force_authenticate(user=self.staff_user)
+
+        response = self.client.delete(f"{self.url}?username={self.learner.username}")
+
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+        enrollment.refresh_from_db()
+        self.assertFalse(enrollment.is_active)  # Check is_active field is now False
+
+    @override_settings(LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=True)
+    def test_non_staff_users_cannot_unenroll_other_learners(self):
+        """
+        GIVEN an active enrollment exists for the current user
+        WHEN a DELETE request is made with `LEARNING_PATHS_ALLOW_SELF_UNENROLLMENT=True`
+        THEN the enrollment is marked inactive (`is_active=False`).
+        """
+        enrollment = LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=True
+        )
+        self.client.force_authenticate(user=self.another_learner)
+
+        response = self.client.delete(self.url + "?username=" + self.learner.username)
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        enrollment.refresh_from_db()
+        self.assertTrue(enrollment.is_active)
+
+    def test_return_404_when_no_active_enrollments_exist(self):
+        """
+        GIVEN no active enrollment exists for the user in the learning path
+        WHEN a DELETE request is made
+        THEN HTTP 404 Not Found is returned.
+        """
+        # Create an inactive enrollment
+        LearningPathEnrollmentFactory(
+            user=self.learner, learning_path=self.learning_path, is_active=False
+        )
+        self.client.force_authenticate(user=self.learner)
+
+        response = self.client.delete(self.url)
+
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)