Example 26 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class InstructorFeedbackQuestionCopyPageActionTest method testExecuteAndPostProcess.
@Override
@Test
public void testExecuteAndPostProcess() {
InstructorAttributes instructor1OfCourse1 = typicalBundle.instructors.get("instructor1OfCourse1");
gaeSimulation.loginAsInstructor(instructor1OfCourse1.googleId);
______TS("typical success case");
FeedbackSessionAttributes feedbackSessionAttributes = typicalBundle.feedbackSessions.get("session1InCourse1");
String[] submissionParams = new String[] { Const.ParamsNames.COURSE_ID, feedbackSessionAttributes.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, feedbackSessionAttributes.getFeedbackSessionName() };
InstructorFeedbackQuestionCopyPageAction action = getAction(submissionParams);
ShowPageResult result = getShowPageResult(action);
String expectedString = getPageResultDestination(Const.ViewURIs.INSTRUCTOR_FEEDBACK_QUESTION_COPY_MODAL, false, instructor1OfCourse1.googleId);
assertEquals(expectedString, result.getDestinationWithParams());
assertTrue(result.getStatusMessage().isEmpty());
______TS("failure: non-existent feedback session");
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, feedbackSessionAttributes.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, "Non-existent Session Name" };
action = getAction(submissionParams);
try {
result = getShowPageResult(action);
signalFailureToDetectException();
} catch (UnauthorizedAccessException uae) {
assertEquals("Trying to access system using a non-existent feedback session entity", uae.getMessage());
}
______TS("failure: unsufficient permissions");
gaeSimulation.loginAsInstructor(typicalBundle.accounts.get("helperOfCourse1").googleId);
submissionParams = new String[] { Const.ParamsNames.COURSE_ID, feedbackSessionAttributes.getCourseId(), Const.ParamsNames.FEEDBACK_SESSION_NAME, feedbackSessionAttributes.getFeedbackSessionName() };
action = getAction(submissionParams);
try {
result = getShowPageResult(action);
signalFailureToDetectException();
} catch (UnauthorizedAccessException uae) {
assertEquals("Feedback session [First feedback session] is not accessible " + "to instructor [helper@course1.tmt] for privilege [canmodifysession]", uae.getMessage());
}
}
Also used :
FeedbackSessionAttributes(teammates.common.datatransfer.attributes.FeedbackSessionAttributes)
ShowPageResult(teammates.ui.controller.ShowPageResult)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
InstructorFeedbackQuestionCopyPageAction(teammates.ui.controller.InstructorFeedbackQuestionCopyPageAction)
InstructorAttributes(teammates.common.datatransfer.attributes.InstructorAttributes)
Test(org.testng.annotations.Test)
Example 27 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class BaseActionTest method verifyRedirectToLoginOrUnauthorisedException.
private void verifyRedirectToLoginOrUnauthorisedException(String... params) {
try {
Action c = gaeSimulation.getActionObject(getActionUri(), params);
assertFalse(c.isValidUser());
} catch (UnauthorizedAccessException ue) {
ignoreExpectedException();
}
}
Also used :
Action(teammates.ui.controller.Action)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
Example 28 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class BaseActionTest method verifyCannotMasquerade.
/**
* Verifies that the {@link Action} matching the {@code params} is not
* accessible to the logged in user masquerading as another user.
*/
protected void verifyCannotMasquerade(String... params) {
try {
Action c = gaeSimulation.getActionObject(getActionUri(), params);
c.executeAndPostProcess();
signalFailureToDetectException();
} catch (UnauthorizedAccessException e) {
ignoreExpectedException();
}
}
Also used :
Action(teammates.ui.controller.Action)
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
Example 29 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class GateKeeper method verifyAccessibleForCurrentUserAsInstructorOrTeamMemberOrAdmin.
public void verifyAccessibleForCurrentUserAsInstructorOrTeamMemberOrAdmin(AccountAttributes account, String courseId, String section, String email) {
if (isAdministrator()) {
return;
}
InstructorAttributes instructor = instructorsLogic.getInstructorForGoogleId(courseId, account.googleId);
if (instructor != null) {
verifyInstructorCanViewPhoto(instructor, section);
return;
}
StudentAttributes student = studentsLogic.getStudentForCourseIdAndGoogleId(courseId, account.googleId);
if (student != null) {
verifyStudentCanViewPhoto(student, courseId, email);
return;
}
throw new UnauthorizedAccessException("User is not in the course that student belongs to");
}
Also used :
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
StudentAttributes(teammates.common.datatransfer.attributes.StudentAttributes)
InstructorAttributes(teammates.common.datatransfer.attributes.InstructorAttributes)
Example 30 with UnauthorizedAccessException
use of teammates.common.exception.UnauthorizedAccessException in project teammates by TEAMMATES.
the class InstructorEditStudentFeedbackSaveAction method checkAdditionalConstraints.
@Override
protected void checkAdditionalConstraints() {
// check the instructor did not submit responses to questions that he/she should not be able
// to view during moderation
InstructorAttributes instructor = logic.getInstructorForGoogleId(courseId, account.googleId);
int numOfQuestionsToGet = data.bundle.questionResponseBundle.size();
for (int questionIndx = 1; questionIndx <= numOfQuestionsToGet; questionIndx++) {
String questionId = getRequestParamValue(Const.ParamsNames.FEEDBACK_QUESTION_ID + "-" + questionIndx);
if (questionId == null) {
// we do not throw an error if the question was not present on the page for instructors to edit
continue;
}
FeedbackQuestionAttributes questionAttributes = data.bundle.getQuestionAttributes(questionId);
if (questionAttributes == null) {
statusToUser.add(new StatusMessage("The feedback session or questions may have changed " + "while you were submitting. Please check your responses " + "to make sure they are saved correctly.", StatusMessageColor.WARNING));
isError = true;
log.warning("Question not found. (deleted or invalid id passed?) id: " + questionId + " index: " + questionIndx);
continue;
}
boolean isGiverVisibleToInstructors = questionAttributes.showGiverNameTo.contains(FeedbackParticipantType.INSTRUCTORS);
boolean isRecipientVisibleToInstructors = questionAttributes.showRecipientNameTo.contains(FeedbackParticipantType.INSTRUCTORS);
boolean isResponseVisibleToInstructors = questionAttributes.showResponsesTo.contains(FeedbackParticipantType.INSTRUCTORS);
if (!isResponseVisibleToInstructors || !isGiverVisibleToInstructors || !isRecipientVisibleToInstructors) {
isError = true;
throw new UnauthorizedAccessException("Feedback session [" + feedbackSessionName + "] question [" + questionAttributes.getId() + "] is not accessible " + "to instructor [" + instructor.email + "]");
}
}
}
Also used :
UnauthorizedAccessException(teammates.common.exception.UnauthorizedAccessException)
FeedbackQuestionAttributes(teammates.common.datatransfer.attributes.FeedbackQuestionAttributes)
InstructorAttributes(teammates.common.datatransfer.attributes.InstructorAttributes)
StatusMessage(teammates.common.util.StatusMessage)
Aggregations
UnauthorizedAccessException (teammates.common.exception.UnauthorizedAccessException)32
InstructorAttributes (teammates.common.datatransfer.attributes.InstructorAttributes)18
Test (org.testng.annotations.Test)13
FeedbackSessionAttributes (teammates.common.datatransfer.attributes.FeedbackSessionAttributes)8
ShowPageResult (teammates.ui.controller.ShowPageResult)8
FeedbackQuestionAttributes (teammates.common.datatransfer.attributes.FeedbackQuestionAttributes)6
StudentAttributes (teammates.common.datatransfer.attributes.StudentAttributes)6
AccountAttributes (teammates.common.datatransfer.attributes.AccountAttributes)5
FeedbackResponseAttributes (teammates.common.datatransfer.attributes.FeedbackResponseAttributes)4
EntityNotFoundException (teammates.common.exception.EntityNotFoundException)4
FeedbackQuestionsDb (teammates.storage.api.FeedbackQuestionsDb)4
FeedbackResponsesDb (teammates.storage.api.FeedbackResponsesDb)4
RedirectResult (teammates.ui.controller.RedirectResult)4
CourseAttributes (teammates.common.datatransfer.attributes.CourseAttributes)3
StatusMessage (teammates.common.util.StatusMessage)3
Action (teammates.ui.controller.Action)3
DeadlineExceededException (com.google.apphosting.api.DeadlineExceededException)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
UserType (teammates.common.datatransfer.UserType)2
