Example 1 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class StudentCourseJoinAuthenticatedActionTest method testExecuteAndPostProcess.
@Override
@Test
public void testExecuteAndPostProcess() throws Exception {
dataBundle = loadDataBundle("/StudentCourseJoinAuthenticatedTest.json");
StudentsDb studentsDb = new StudentsDb();
AccountsDb accountsDb = new AccountsDb();
StudentAttributes student1InCourse1 = dataBundle.students.get("student1InCourse1");
student1InCourse1 = studentsDb.getStudentForGoogleId(student1InCourse1.course, student1InCourse1.googleId);
gaeSimulation.loginAsStudent(student1InCourse1.googleId);
______TS("not enough parameters");
verifyAssumptionFailure();
______TS("invalid key");
String invalidKey = StringHelper.encrypt("invalid key");
String[] submissionParams = new String[] { Const.ParamsNames.REGKEY, invalidKey, Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_HOME_PAGE };
try {
StudentCourseJoinAuthenticatedAction authenticatedAction = getAction(submissionParams);
getRedirectResult(authenticatedAction);
} catch (UnauthorizedAccessException uae) {
assertEquals("No student with given registration key:" + invalidKey, uae.getMessage());
}
______TS("already registered student");
submissionParams = new String[] { Const.ParamsNames.REGKEY, StringHelper.encrypt(student1InCourse1.key), Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_PROFILE_PAGE };
StudentCourseJoinAuthenticatedAction authenticatedAction = getAction(submissionParams);
RedirectResult redirectResult = getRedirectResult(authenticatedAction);
assertEquals(getPageResultDestination(Const.ActionURIs.STUDENT_HOME_PAGE, true, student1InCourse1.googleId), redirectResult.getDestinationWithParams());
assertTrue(redirectResult.isError);
assertEquals("You (student1InCourse1) have already joined this course", redirectResult.getStatusMessage());
/*______TS("student object belongs to another account");
StudentAttributes student2InCourse1 = dataBundle.students
.get("student2InCourse1");
student2InCourse1 = studentsDb.getStudentForGoogleId(
student2InCourse1.course, student2InCourse1.googleId);
submissionParams = new String[] {
Const.ParamsNames.REGKEY,
StringHelper.encrypt(student2InCourse1.key),
Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_HOME_PAGE
};
authenticatedAction = getAction(submissionParams);
redirectResult = getRedirectResult(authenticatedAction);
assertEquals(
Const.ActionURIs.STUDENT_HOME_PAGE
+ "?persistencecourse=" + student1InCourse1.course
+ "&error=true&user=" + student1InCourse1.googleId,
redirectResult.getDestinationWithParams());
assertTrue(redirectResult.isError);
assertEquals(
"The join link used belongs to a different user"
+ " whose Google ID is stude..ourse1 "
+ "(only part of the Google ID is shown to protect privacy)."
+ " If that Google ID is owned by you, "
+ "please logout and re-login using that Google account."
+ " If it doesn’t belong to you, please "
+ "<a href=\"mailto:" + Config.SUPPORT_EMAIL
+ "?body=Your name:%0AYour course:%0AYour university:\">"
+ "contact us</a> so that we can investigate.",
redirectResult.getStatusMessage());
*/
______TS("join course with no feedback sessions, profile is empty");
AccountAttributes studentWithEmptyProfile = dataBundle.accounts.get("noFSStudent");
studentWithEmptyProfile = accountsDb.getAccount(studentWithEmptyProfile.googleId, true);
assertNotNull(studentWithEmptyProfile.studentProfile);
assertEquals("", studentWithEmptyProfile.studentProfile.pictureKey);
assertEquals("", studentWithEmptyProfile.studentProfile.shortName);
assertEquals("", studentWithEmptyProfile.studentProfile.nationality);
assertEquals("", studentWithEmptyProfile.studentProfile.moreInfo);
assertEquals("", studentWithEmptyProfile.studentProfile.email);
StudentAttributes studentWithEmptyProfileAttributes = dataBundle.students.get("noFSStudentWithNoProfile");
studentWithEmptyProfileAttributes = studentsDb.getStudentForEmail(studentWithEmptyProfileAttributes.course, studentWithEmptyProfileAttributes.email);
gaeSimulation.loginUser("idOfNoFSStudent");
submissionParams = new String[] { Const.ParamsNames.REGKEY, StringHelper.encrypt(studentWithEmptyProfileAttributes.key), Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_HOME_PAGE };
authenticatedAction = getAction(submissionParams);
redirectResult = getRedirectResult(authenticatedAction);
assertEquals(getPageResultDestination(Const.ActionURIs.STUDENT_HOME_PAGE, "idOfCourseNoEvals", false, "idOfNoFSStudent"), redirectResult.getDestinationWithParams());
assertFalse(redirectResult.isError);
assertEquals(String.format(Const.StatusMessages.STUDENT_COURSE_JOIN_SUCCESSFUL, "[idOfCourseNoEvals] Typical Course 3 with 0 Evals") + "<br>" + String.format(Const.StatusMessages.HINT_FOR_NO_SESSIONS_STUDENT, "[idOfCourseNoEvals] Typical Course 3 with 0 Evals") + "<br>" + Const.StatusMessages.STUDENT_UPDATE_PROFILE, redirectResult.getStatusMessage());
______TS("join course with no feedback sessions, profile has only one missing field");
AccountAttributes studentWithoutProfilePicture = dataBundle.accounts.get("noFSStudent2");
studentWithoutProfilePicture = accountsDb.getAccount(studentWithoutProfilePicture.googleId, true);
assertNotNull(studentWithoutProfilePicture.studentProfile);
assertEquals("", studentWithoutProfilePicture.studentProfile.pictureKey);
assertFalse(studentWithoutProfilePicture.studentProfile.nationality.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.shortName.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.moreInfo.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.email.isEmpty());
StudentAttributes studentWithoutProfilePictureAttributes = dataBundle.students.get("noFSStudentWithPartialProfile");
studentWithoutProfilePictureAttributes = studentsDb.getStudentForEmail(studentWithoutProfilePictureAttributes.course, studentWithoutProfilePictureAttributes.email);
gaeSimulation.loginUser("idOfNoFSStudent2");
submissionParams = new String[] { Const.ParamsNames.REGKEY, StringHelper.encrypt(studentWithoutProfilePictureAttributes.key), Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_HOME_PAGE };
authenticatedAction = getAction(submissionParams);
redirectResult = getRedirectResult(authenticatedAction);
assertEquals(getPageResultDestination(Const.ActionURIs.STUDENT_HOME_PAGE, "idOfCourseNoEvals", false, "idOfNoFSStudent2"), redirectResult.getDestinationWithParams());
assertFalse(redirectResult.isError);
assertEquals(String.format(Const.StatusMessages.STUDENT_COURSE_JOIN_SUCCESSFUL, "[idOfCourseNoEvals] Typical Course 3 with 0 Evals") + "<br>" + String.format(Const.StatusMessages.HINT_FOR_NO_SESSIONS_STUDENT, "[idOfCourseNoEvals] Typical Course 3 with 0 Evals") + "<br>" + Const.StatusMessages.STUDENT_UPDATE_PROFILE_PICTURE, redirectResult.getStatusMessage());
______TS("join course with no feedback sessions, profile has no missing field");
AccountAttributes studentWithFullProfile = dataBundle.accounts.get("noFSStudent3");
studentWithFullProfile = accountsDb.getAccount(studentWithFullProfile.googleId, true);
assertNotNull(studentWithFullProfile.studentProfile);
assertFalse(studentWithFullProfile.studentProfile.pictureKey.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.nationality.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.shortName.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.moreInfo.isEmpty());
assertFalse(studentWithoutProfilePicture.studentProfile.email.isEmpty());
StudentAttributes studentWithFullProfileAttributes = dataBundle.students.get("noFSStudentWithFullProfile");
studentWithFullProfileAttributes = studentsDb.getStudentForEmail(studentWithFullProfileAttributes.course, studentWithFullProfileAttributes.email);
gaeSimulation.loginUser("idOfNoFSStudent3");
submissionParams = new String[] { Const.ParamsNames.REGKEY, StringHelper.encrypt(studentWithFullProfileAttributes.key), Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_HOME_PAGE };
authenticatedAction = getAction(submissionParams);
redirectResult = getRedirectResult(authenticatedAction);
assertEquals(getPageResultDestination(Const.ActionURIs.STUDENT_HOME_PAGE, "idOfCourseNoEvals", false, "idOfNoFSStudent3"), redirectResult.getDestinationWithParams());
assertFalse(redirectResult.isError);
assertEquals(String.format(Const.StatusMessages.STUDENT_COURSE_JOIN_SUCCESSFUL, "[idOfCourseNoEvals] Typical Course 3 with 0 Evals") + "<br>" + String.format(Const.StatusMessages.HINT_FOR_NO_SESSIONS_STUDENT, "[idOfCourseNoEvals] Typical Course 3 with 0 Evals"), redirectResult.getStatusMessage());
______TS("typical case");
AccountAttributes newStudentAccount = AccountAttributes.builder().withGoogleId("idOfNewStudent").withName("nameOfNewStudent").withEmail("newStudent@gmail.com").withInstitute("TEAMMATES Test Institute 5").withIsInstructor(false).withDefaultStudentProfileAttributes("idOfNewStudent").build();
accountsDb.createAccount(newStudentAccount);
StudentAttributes newStudentAttributes = StudentAttributes.builder(student1InCourse1.course, "nameOfNewStudent", "newStudent@course1.com").withSection(student1InCourse1.section).withTeam(student1InCourse1.team).withComments("This is a new student").build();
studentsDb.createEntity(newStudentAttributes);
newStudentAttributes = studentsDb.getStudentForEmail(newStudentAttributes.course, newStudentAttributes.email);
gaeSimulation.loginUser("idOfNewStudent");
submissionParams = new String[] { Const.ParamsNames.REGKEY, StringHelper.encrypt(newStudentAttributes.key), Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_PROFILE_PAGE };
authenticatedAction = getAction(submissionParams);
redirectResult = getRedirectResult(authenticatedAction);
assertEquals(getPageResultDestination(Const.ActionURIs.STUDENT_PROFILE_PAGE, "idOfTypicalCourse1", false, "idOfNewStudent"), redirectResult.getDestinationWithParams());
assertFalse(redirectResult.isError);
assertEquals(String.format(Const.StatusMessages.STUDENT_COURSE_JOIN_SUCCESSFUL, "[idOfTypicalCourse1] Typical Course 1 with 2 Evals"), redirectResult.getStatusMessage());
______TS("typical case: data requires sanitization");
AccountAttributes accountTestSanitization = dataBundle.accounts.get("student1InTestingSanitizationCourse");
StudentAttributes studentTestSanitization = dataBundle.students.get("student1InTestingSanitizationCourse");
CourseAttributes courseTestSanitization = dataBundle.courses.get("testingSanitizationCourse");
gaeSimulation.loginUser(accountTestSanitization.googleId);
// retrieve student from datastore to get regkey
studentTestSanitization = studentsDb.getStudentForEmail(studentTestSanitization.course, studentTestSanitization.email);
submissionParams = new String[] { Const.ParamsNames.REGKEY, StringHelper.encrypt(studentTestSanitization.key), Const.ParamsNames.NEXT_URL, Const.ActionURIs.STUDENT_PROFILE_PAGE };
authenticatedAction = getAction(submissionParams);
redirectResult = getRedirectResult(authenticatedAction);
assertEquals(Const.ActionURIs.STUDENT_PROFILE_PAGE + "?persistencecourse=" + courseTestSanitization.getId() + "&error=false&user=" + accountTestSanitization.googleId, redirectResult.getDestinationWithParams());
assertFalse(redirectResult.isError);
String courseIdentifier = "[" + courseTestSanitization.getId() + "] " + SanitizationHelper.sanitizeForHtml(courseTestSanitization.getName());
String expectedStatusMessage = String.format(Const.StatusMessages.STUDENT_COURSE_JOIN_SUCCESSFUL, courseIdentifier) + "<br>" + String.format(Const.StatusMessages.HINT_FOR_NO_SESSIONS_STUDENT, courseIdentifier) + "<br>" + accountTestSanitization.studentProfile.generateUpdateMessageForStudent();
assertEquals(expectedStatusMessage, redirectResult.getStatusMessage());
}
Also used :
AccountAttributes(teammates.common.datatransfer.attributes.AccountAttributes)
AccountsDb(teammates.storage.api.AccountsDb)
RedirectResult(teammates.ui.controller.RedirectResult)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
StudentCourseJoinAuthenticatedAction(teammates.ui.controller.StudentCourseJoinAuthenticatedAction)
StudentsDb(teammates.storage.api.StudentsDb)
StudentAttributes(teammates.common.datatransfer.attributes.StudentAttributes)
CourseAttributes(teammates.common.datatransfer.attributes.CourseAttributes)
Test(org.testng.annotations.Test)
Example 2 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class StudentProfilePictureActionTest method testActionWithEmailAndCourseUnauthorisedInstructorOrStudentMasquerade.
private void testActionWithEmailAndCourseUnauthorisedInstructorOrStudentMasquerade() {
String[] submissionParams = new String[] { Const.ParamsNames.STUDENT_EMAIL, StringHelper.encrypt(student.email), Const.ParamsNames.COURSE_ID, StringHelper.encrypt(student.course) };
______TS("Failure case: unauthorised student masqueraded as a student from same team");
AccountAttributes unauthStudent = typicalBundle.accounts.get("student1InArchivedCourse");
gaeSimulation.loginAsStudent(unauthStudent.googleId);
try {
getAction(addUserIdToParams(student.googleId, submissionParams));
signalFailureToDetectException();
} catch (UnauthorizedAccessException uae) {
assertEquals("User student1InArchivedCourse is trying to masquerade as" + " student1InCourse1 without admin permission.", uae.getMessage());
}
______TS("Failure case: unauthorised instructor masqueraded as an authorised instructor");
AccountAttributes unauthInstructor = typicalBundle.accounts.get("instructor1OfCourse2");
AccountAttributes instructor = typicalBundle.accounts.get("instructor1OfCourse1");
gaeSimulation.loginAsInstructor(unauthInstructor.googleId);
try {
getAction(addUserIdToParams(instructor.googleId, submissionParams));
signalFailureToDetectException();
} catch (UnauthorizedAccessException uae) {
assertEquals("User idOfInstructor1OfCourse2 is trying to masquerade as" + " idOfInstructor1OfCourse1 without admin permission.", uae.getMessage());
}
}
Also used :
AccountAttributes(teammates.common.datatransfer.attributes.AccountAttributes)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
Example 3 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class InstructorFeedbackSubmissionEditPageActionTest method testExecuteAndPostProcess.
@Override
@Test
public void testExecuteAndPostProcess() {
InstructorAttributes instructor = typicalBundle.instructors.get("instructor1OfCourse1");
FeedbackSessionAttributes session = typicalBundle.feedbackSessions.get("session1InCourse1");
gaeSimulation.loginAsInstructor(instructor.googleId);
______TS("not enough parameters");
String[] paramsWithoutCourseId = new String[] { Const.ParamsNames.FEEDBACK_SESSION_NAME, session.getFeedbackSessionName() };
String[] paramsWithoutFeedbackSessionName = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId() };
verifyAssumptionFailure(paramsWithoutCourseId);
verifyAssumptionFailure(paramsWithoutFeedbackSessionName);
______TS("Test null feedback session name parameter");
String[] submissionParams = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId(), Const.ParamsNames.USER_ID, instructor.googleId };
InstructorFeedbackSubmissionEditPageAction a;
ShowPageResult r;
try {
a = getAction(submissionParams);
r = getShowPageResult(a);
signalFailureToDetectException("Did not detect that parameters are null.");
} catch (NullPostParameterException e) {
assertEquals(String.format(Const.StatusCodes.NULL_POST_PARAMETER, Const.ParamsNames.FEEDBACK_SESSION_NAME), e.getMessage());
}
______TS("Test null course id parameter");
submissionParams = new String[] { Const.ParamsNames.FEEDBACK_SESSION_NAME, session.getFeedbackSessionName(), Const.ParamsNames.USER_ID, instructor.googleId };
try {
a = getAction(submissionParams);
r = getShowPageResult(a);
signalFailureToDetectException("Did not detect that parameters are null.");
} catch (NullPostParameterException e) {
assertEquals(String.format(Const.StatusCodes.NULL_POST_PARAMETER, Const.ParamsNames.COURSE_ID), e.getMessage());
}
______TS("Test insufficient authorization");
instructor = typicalBundle.instructors.get("helperOfCourse1");
gaeSimulation.loginAsInstructor(instructor.googleId);
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, session.getFeedbackSessionName(), Const.ParamsNames.USER_ID, instructor.googleId };
try {
a = getAction(submissionParams);
r = getShowPageResult(a);
signalFailureToDetectException("Did not detect insufficient authorization.");
} catch (UnauthorizedAccessException e) {
assertEquals("Feedback session [First feedback session] is not accessible to instructor " + "[helper@course1.tmt] for this purpose", e.getMessage());
}
______TS("Test feedback session that does not exist");
instructor = typicalBundle.instructors.get("instructor1OfCourse1");
gaeSimulation.loginAsInstructor(instructor.googleId);
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, "feedback session that does not exist", Const.ParamsNames.USER_ID, instructor.googleId };
a = getAction(submissionParams);
RedirectResult rr = getRedirectResult(a);
assertEquals(getPageResultDestination(Const.ActionURIs.INSTRUCTOR_HOME_PAGE, false, instructor.googleId), rr.getDestinationWithParams());
assertFalse(rr.isError);
assertEquals(Const.StatusMessages.FEEDBACK_SESSION_DELETED_NO_ACCESS, rr.getStatusMessage());
______TS("typical success case");
String[] params = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, session.getFeedbackSessionName(), Const.ParamsNames.USER_ID, instructor.googleId };
a = getAction(params);
r = getShowPageResult(a);
assertEquals(getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_SUBMISSION_EDIT, false, instructor.googleId), r.getDestinationWithParams());
assertFalse(r.isError);
assertEquals(Const.StatusMessages.FEEDBACK_SUBMISSIONS_CAN_SUBMIT_PARTIAL_ANSWER, r.getStatusMessage());
______TS("masquerade mode");
gaeSimulation.loginAsAdmin("admin.user");
a = getAction(params);
r = getShowPageResult(a);
assertEquals(getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_SUBMISSION_EDIT, false, instructor.googleId), r.getDestinationWithParams());
assertFalse(r.isError);
assertEquals(Const.StatusMessages.FEEDBACK_SUBMISSIONS_CAN_SUBMIT_PARTIAL_ANSWER, r.getStatusMessage());
______TS("closed session case");
gaeSimulation.loginAsInstructor(instructor.googleId);
session = typicalBundle.feedbackSessions.get("closedSession");
params = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, session.getFeedbackSessionName(), Const.ParamsNames.USER_ID, instructor.googleId };
a = getAction(params);
r = getShowPageResult(a);
assertEquals(getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_SUBMISSION_EDIT, false, instructor.googleId), r.getDestinationWithParams());
assertFalse(r.isError);
assertEquals(Const.StatusMessages.FEEDBACK_SUBMISSIONS_NOT_OPEN, r.getStatusMessage());
______TS("private session case");
instructor = typicalBundle.instructors.get("instructor1OfCourse2");
session = typicalBundle.feedbackSessions.get("session1InCourse2");
gaeSimulation.loginAsInstructor(instructor.googleId);
params = new String[] { Const.ParamsNames.COURSE_ID, session.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, session.getFeedbackSessionName(), Const.ParamsNames.USER_ID, instructor.googleId };
a = getAction(params);
r = getShowPageResult(a);
assertEquals(getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_SUBMISSION_EDIT, false, instructor.googleId), r.getDestinationWithParams());
assertFalse(r.isError);
assertEquals(Const.StatusMessages.FEEDBACK_SUBMISSIONS_CAN_SUBMIT_PARTIAL_ANSWER, r.getStatusMessage());
}
Also used :
FeedbackSessionAttributes(teammates.common.datatransfer.attributes.FeedbackSessionAttributes)
ShowPageResult(teammates.ui.controller.ShowPageResult)
NullPostParameterException(teammates.common.exception.NullPostParameterException)
RedirectResult(teammates.ui.controller.RedirectResult)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
InstructorAttributes(teammates.common.datatransfer.attributes.InstructorAttributes)
InstructorFeedbackSubmissionEditPageAction(teammates.ui.controller.InstructorFeedbackSubmissionEditPageAction)
Test(org.testng.annotations.Test)
Example 4 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class InstructorFeedbackEditCopyActionTest method testAccessControl.
@Override
@Test
protected void testAccessControl() throws Exception {
String[] params = new String[] { Const.ParamsNames.FEEDBACK_SESSION_NAME, "First feedback session", Const.ParamsNames.COURSE_ID, "idOfTypicalCourse1", Const.ParamsNames.COPIED_FEEDBACK_SESSION_NAME, "Session with valid name", Const.ParamsNames.COPIED_COURSES_ID, "idOfTypicalCourse2", Const.ParamsNames.COPIED_COURSES_ID, "idOfSampleCourse-demo" };
verifyUnaccessibleWithoutViewSessionInSectionsPrivilege(params);
FeedbackSessionAttributes fs = dataBundle.feedbackSessions.get("openSession");
CourseAttributes course = dataBundle.courses.get("course");
______TS("Failure case: copying from course with insufficient permission");
InstructorAttributes instructor = dataBundle.instructors.get("teammates.test.instructor3");
String instructorId = instructor.googleId;
gaeSimulation.loginAsInstructor(instructorId);
params = new String[] { Const.ParamsNames.FEEDBACK_SESSION_NAME, fs.getFeedbackSessionName(), Const.ParamsNames.COURSE_ID, fs.getCourseId(), Const.ParamsNames.COPIED_FEEDBACK_SESSION_NAME, "valid name", Const.ParamsNames.COPIED_COURSES_ID, course.getId() };
InstructorFeedbackEditCopyAction a = getAction(params);
try {
a.executeAndPostProcess();
signalFailureToDetectException();
} catch (UnauthorizedAccessException uae) {
String expectedString = "Course [FeedbackEditCopy.CS2104] is not accessible to instructor " + "[tmms.instr.cust@course.tmt] for privilege [canviewsessioninsection]";
assertEquals(expectedString, uae.getMessage());
}
gaeSimulation.logoutUser();
______TS("Failure case: copying to course with insufficient permission");
instructor = dataBundle.instructors.get("teammates.test.instructor2");
instructorId = instructor.googleId;
gaeSimulation.loginAsInstructor(instructorId);
params = new String[] { Const.ParamsNames.FEEDBACK_SESSION_NAME, fs.getFeedbackSessionName(), Const.ParamsNames.COURSE_ID, fs.getCourseId(), Const.ParamsNames.COPIED_FEEDBACK_SESSION_NAME, "valid name", Const.ParamsNames.COPIED_COURSES_ID, "FeedbackEditCopy.CS2107" };
a = getAction(params);
try {
a.executeAndPostProcess();
signalFailureToDetectException();
} catch (UnauthorizedAccessException uae) {
String expectedString = "Course [FeedbackEditCopy.CS2107] is not accessible to instructor " + "[tmms.instr@course.tmt] for privilege [canmodifysession]";
assertEquals(expectedString, uae.getMessage());
}
}
Also used :
FeedbackSessionAttributes(teammates.common.datatransfer.attributes.FeedbackSessionAttributes)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
CourseAttributes(teammates.common.datatransfer.attributes.CourseAttributes)
InstructorAttributes(teammates.common.datatransfer.attributes.InstructorAttributes)
InstructorFeedbackEditCopyAction(teammates.ui.controller.InstructorFeedbackEditCopyAction)
Test(org.testng.annotations.Test)
Example 5 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class InstructorFeedbackPreviewAsInstructorActionTest method testExecuteAndPostProcess.
@Override
@Test
public void testExecuteAndPostProcess() {
InstructorAttributes instructor1 = typicalBundle.instructors.get("instructor1OfCourse1");
InstructorAttributes instructor2 = typicalBundle.instructors.get("instructor2OfCourse1");
InstructorAttributes instructorHelper = typicalBundle.instructors.get("helperOfCourse1");
String idOfInstructor1 = instructor1.googleId;
String idOfInstructor2 = instructor2.googleId;
String idOfInstructorHelper = instructorHelper.googleId;
gaeSimulation.loginAsInstructor(idOfInstructor1);
______TS("typical success case");
String feedbackSessionName = "First feedback session";
String courseId = "idOfTypicalCourse1";
String previewAsEmail = instructor2.email;
String[] submissionParams = new String[] { Const.ParamsNames.COURSE_ID, courseId, Const.ParamsNames.FEEDBACK_SESSION_NAME, feedbackSessionName, Const.ParamsNames.PREVIEWAS, previewAsEmail };
InstructorFeedbackPreviewAsInstructorAction paia = getAction(submissionParams);
ShowPageResult showPageResult = getShowPageResult(paia);
assertEquals(getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_SUBMISSION_EDIT, false, idOfInstructor1), showPageResult.getDestinationWithParams());
assertEquals("", showPageResult.getStatusMessage());
AssertHelper.assertLogMessageEquals("TEAMMATESLOG|||instructorFeedbackPreviewAsInstructor|||instructorFeedbackPreviewAsInstructor" + "|||true|||Instructor|||Instructor 1 of Course 1" + "|||" + idOfInstructor1 + "|||instr1@course1.tmt|||" + "Preview feedback session as instructor (" + instructor2.email + ")<br>" + "Session Name: First feedback session<br>Course ID: " + instructor1.courseId + "|||/page/instructorFeedbackPreviewAsInstructor", paia.getLogMessage());
gaeSimulation.loginAsInstructor(idOfInstructor2);
______TS("typical success case");
feedbackSessionName = "First feedback session";
courseId = "idOfTypicalCourse1";
previewAsEmail = instructor1.email;
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, courseId, Const.ParamsNames.FEEDBACK_SESSION_NAME, feedbackSessionName, Const.ParamsNames.PREVIEWAS, previewAsEmail };
paia = getAction(submissionParams);
showPageResult = getShowPageResult(paia);
assertEquals(getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_SUBMISSION_EDIT, false, idOfInstructor2), showPageResult.getDestinationWithParams());
assertEquals("", showPageResult.getStatusMessage());
AssertHelper.assertLogMessageEquals("TEAMMATESLOG|||instructorFeedbackPreviewAsInstructor|||instructorFeedbackPreviewAsInstructor" + "|||true|||Instructor|||Instructor 2 of Course 1" + "|||" + idOfInstructor2 + "|||instr2@course1.tmt|||" + "Preview feedback session as instructor (" + instructor1.email + ")<br>" + "Session Name: First feedback session<br>Course ID: " + instructor1.courseId + "|||/page/instructorFeedbackPreviewAsInstructor", paia.getLogMessage());
gaeSimulation.loginAsInstructor(idOfInstructorHelper);
______TS("failure: not enough privilege");
feedbackSessionName = "First feedback session";
courseId = "idOfTypicalCourse1";
previewAsEmail = instructor2.email;
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, courseId, Const.ParamsNames.FEEDBACK_SESSION_NAME, feedbackSessionName, Const.ParamsNames.PREVIEWAS, previewAsEmail };
try {
paia = getAction(submissionParams);
showPageResult = getShowPageResult(paia);
} catch (UnauthorizedAccessException e) {
assertEquals("Feedback session [First feedback session] is not accessible to instructor [" + instructorHelper.email + "] for privilege [canmodifysession]", e.getMessage());
}
gaeSimulation.loginAsInstructor(idOfInstructor1);
______TS("failure: non-existent previewas email");
previewAsEmail = "non-existentEmail@course13212.tmt";
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, courseId, Const.ParamsNames.FEEDBACK_SESSION_NAME, feedbackSessionName, Const.ParamsNames.PREVIEWAS, previewAsEmail };
try {
paia = getAction(submissionParams);
showPageResult = getShowPageResult(paia);
signalFailureToDetectException();
} catch (EntityNotFoundException enfe) {
assertEquals("Instructor Email " + previewAsEmail + " does not exist in " + courseId + ".", enfe.getMessage());
}
}
Also used :
InstructorFeedbackPreviewAsInstructorAction(teammates.ui.controller.InstructorFeedbackPreviewAsInstructorAction)
ShowPageResult(teammates.ui.controller.ShowPageResult)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
EntityNotFoundException(teammates.common.exception.EntityNotFoundException)
InstructorAttributes(teammates.common.datatransfer.attributes.InstructorAttributes)
Test(org.testng.annotations.Test)
Aggregations
UnauthorizedAccessException (teammates.common.exception.UnauthorizedAccessException)32
InstructorAttributes (teammates.common.datatransfer.attributes.InstructorAttributes)18
Test (org.testng.annotations.Test)13
FeedbackSessionAttributes (teammates.common.datatransfer.attributes.FeedbackSessionAttributes)8
ShowPageResult (teammates.ui.controller.ShowPageResult)8
FeedbackQuestionAttributes (teammates.common.datatransfer.attributes.FeedbackQuestionAttributes)6
StudentAttributes (teammates.common.datatransfer.attributes.StudentAttributes)6
AccountAttributes (teammates.common.datatransfer.attributes.AccountAttributes)5
FeedbackResponseAttributes (teammates.common.datatransfer.attributes.FeedbackResponseAttributes)4
EntityNotFoundException (teammates.common.exception.EntityNotFoundException)4
FeedbackQuestionsDb (teammates.storage.api.FeedbackQuestionsDb)4
FeedbackResponsesDb (teammates.storage.api.FeedbackResponsesDb)4
RedirectResult (teammates.ui.controller.RedirectResult)4
CourseAttributes (teammates.common.datatransfer.attributes.CourseAttributes)3
StatusMessage (teammates.common.util.StatusMessage)3
Action (teammates.ui.controller.Action)3
DeadlineExceededException (com.google.apphosting.api.DeadlineExceededException)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
UserType (teammates.common.datatransfer.UserType)2
