Skip to content

Commit b0a6843

Browse files
josh1248josh1248
committed
Update and add tests for course config routes
Updates positive test auth from staff to admin, adds negative tests to ensure that non-admin staff are unable to read, update, create, or delete course configs.
1 parent 93f8ed8 commit b0a6843

File tree

1 file changed

+61
-14
lines changed

1 file changed

+61
-14
lines changed

test/cadet_web/admin_controllers/admin_courses_controller_test.exs

Lines changed: 61 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
8181
end
8282

8383
@tag authenticate: :student
84-
test "rejects forbidden request for non-staff users", %{conn: conn} do
84+
test "rejects forbidden request for students", %{conn: conn} do
8585
course_id = conn.assigns[:course_id]
8686
old_course = Repo.get(Course, course_id)
8787

@@ -98,6 +98,23 @@ defmodule CadetWeb.AdminCoursesControllerTest do
9898
end
9999

100100
@tag authenticate: :staff
101+
test "rejects forbidden request for non-admin staff", %{conn: conn} do
102+
course_id = conn.assigns[:course_id]
103+
old_course = Repo.get(Course, course_id)
104+
105+
conn =
106+
put(conn, build_url_course_config(course_id), %{
107+
"sourceChapter" => 3,
108+
"sourceVariant" => "concurrent"
109+
})
110+
111+
same_course = Repo.get(Course, course_id)
112+
113+
assert response(conn, 403) == "Forbidden"
114+
assert old_course == same_course
115+
end
116+
117+
@tag authenticate: :admin
101118
test "rejects requests if user does not belong to the specified course", %{conn: conn} do
102119
course_id = conn.assigns[:course_id]
103120

@@ -110,7 +127,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
110127
assert response(conn, 403) == "Forbidden"
111128
end
112129

113-
@tag authenticate: :staff
130+
@tag authenticate: :admin
114131
test "rejects requests with invalid params", %{conn: conn} do
115132
course_id = conn.assigns[:course_id]
116133

@@ -123,7 +140,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
123140
assert response(conn, 400) == "Invalid parameter(s)"
124141
end
125142

126-
@tag authenticate: :staff
143+
@tag authenticate: :admin
127144
test "rejects requests with missing params", %{conn: conn} do
128145
course_id = conn.assigns[:course_id]
129146

@@ -145,7 +162,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
145162

146163
describe "GET /v2/courses/{course_id}/admin/configs/assessment_configs" do
147164
@tag authenticate: :admin
148-
test "succeeds", %{conn: conn} do
165+
test "succeeds for admins", %{conn: conn} do
149166
course_id = conn.assigns[:course_id]
150167
course = Repo.get(Course, course_id)
151168
config1 = insert(:assessment_config, %{order: 1, type: "Mission1", course: course})
@@ -206,8 +223,17 @@ defmodule CadetWeb.AdminCoursesControllerTest do
206223
assert expected == resp
207224
end
208225

226+
@tag authenticate: :staff
227+
test "rejects forbidden request for non-admin staff", %{conn: conn} do
228+
course_id = conn.assigns[:course_id]
229+
230+
resp = get(conn, build_url_assessment_configs(course_id))
231+
232+
assert response(resp, 403) == "Forbidden"
233+
end
234+
209235
@tag authenticate: :student
210-
test "rejects forbidden request for non-staff users", %{conn: conn} do
236+
test "rejects forbidden request for students", %{conn: conn} do
211237
course_id = conn.assigns[:course_id]
212238

213239
resp = get(conn, build_url_assessment_configs(course_id))
@@ -257,8 +283,20 @@ defmodule CadetWeb.AdminCoursesControllerTest do
257283
assert new_configs == ["Missions", "Paths"]
258284
end
259285

286+
@tag authenticate: :staff
287+
test "rejects forbidden request for non-admin staff", %{conn: conn} do
288+
course_id = conn.assigns[:course_id]
289+
290+
conn =
291+
put(conn, build_url_assessment_configs(course_id), %{
292+
"assessmentConfigs" => []
293+
})
294+
295+
assert response(conn, 403) == "Forbidden"
296+
end
297+
260298
@tag authenticate: :student
261-
test "rejects forbidden request for non-staff users", %{conn: conn} do
299+
test "rejects forbidden request for students", %{conn: conn} do
262300
course_id = conn.assigns[:course_id]
263301

264302
conn =
@@ -269,7 +307,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
269307
assert response(conn, 403) == "Forbidden"
270308
end
271309

272-
@tag authenticate: :staff
310+
@tag authenticate: :admin
273311
test "rejects request if user is not in specified course", %{conn: conn} do
274312
course_id = conn.assigns[:course_id]
275313

@@ -281,7 +319,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
281319
assert response(conn, 403) == "Forbidden"
282320
end
283321

284-
@tag authenticate: :staff
322+
@tag authenticate: :admin
285323
test "rejects requests with invalid params 1", %{conn: conn} do
286324
course_id = conn.assigns[:course_id]
287325

@@ -293,7 +331,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
293331
assert response(conn, 400) == "missing assessmentConfig"
294332
end
295333

296-
@tag authenticate: :staff
334+
@tag authenticate: :admin
297335
test "rejects requests with invalid params 2", %{conn: conn} do
298336
course_id = conn.assigns[:course_id]
299337

@@ -306,7 +344,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
306344
"assessmentConfigs should be a list of assessment configuration objects"
307345
end
308346

309-
@tag authenticate: :staff
347+
@tag authenticate: :admin
310348
test "rejects requests with invalid params: more than 8", %{conn: conn} do
311349
course_id = conn.assigns[:course_id]
312350

@@ -318,7 +356,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
318356
assert response(conn, 400) == "Invalid parameter(s)"
319357
end
320358

321-
@tag authenticate: :staff
359+
@tag authenticate: :admin
322360
test "rejects requests with missing params", %{conn: conn} do
323361
course_id = conn.assigns[:course_id]
324362

@@ -350,16 +388,25 @@ defmodule CadetWeb.AdminCoursesControllerTest do
350388
assert new_configs == ["Paths"]
351389
end
352390

391+
@tag authenticate: :staff
392+
test "rejects forbidden request for non-admin staff", %{conn: conn} do
393+
course_id = conn.assigns[:course_id]
394+
395+
conn = delete(conn, build_url_assessment_config(course_id, 1))
396+
397+
assert response(conn, 403) == "Forbidden"
398+
end
399+
353400
@tag authenticate: :student
354-
test "rejects forbidden request for non-staff users", %{conn: conn} do
401+
test "rejects forbidden request for students", %{conn: conn} do
355402
course_id = conn.assigns[:course_id]
356403

357404
conn = delete(conn, build_url_assessment_config(course_id, 1))
358405

359406
assert response(conn, 403) == "Forbidden"
360407
end
361408

362-
@tag authenticate: :staff
409+
@tag authenticate: :admin
363410
test "rejects request if user is not in specified course", %{conn: conn} do
364411
course_id = conn.assigns[:course_id]
365412

@@ -368,7 +415,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do
368415
assert response(conn, 403) == "Forbidden"
369416
end
370417

371-
@tag authenticate: :staff
418+
@tag authenticate: :admin
372419
test "fails if config does not exist", %{conn: conn} do
373420
course_id = conn.assigns[:course_id]
374421

0 commit comments

Comments
 (0)