From bee8c47ea9e570ea433ee1a5a86ac9e40085f501 Mon Sep 17 00:00:00 2001 From: Dhiraputta Pathama Tengara Date: Tue, 28 Jan 2025 04:07:48 +0800 Subject: [PATCH 1/3] Add DeleteStudentsActionTest --- .../webapi/DeleteStudentsActionTest.java | 118 ++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java diff --git a/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java b/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java new file mode 100644 index 00000000000..b7fb665fdd6 --- /dev/null +++ b/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java @@ -0,0 +1,118 @@ +package teammates.sqlui.webapi; + +import static org.mockito.Mockito.when; + +import org.testng.annotations.Test; + +import teammates.common.datatransfer.InstructorPrivileges; +import teammates.common.util.Const; +import teammates.storage.sqlentity.Course; +import teammates.storage.sqlentity.Instructor; +import teammates.ui.output.MessageOutput; +import teammates.ui.webapi.DeleteStudentsAction; + +/** + * SUT: {@link DeleteStudentsAction}. + */ +public class DeleteStudentsActionTest extends BaseActionTest { + + String googleId = "user-googleId"; + int deleteLimit = 3; + + @Override + protected String getActionUri() { + return Const.ResourceURIs.STUDENTS; + } + + @Override + protected String getRequestMethod() { + return DELETE; + } + + @Test + void testExecute_deleteLimitedStudents_success() { + Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); + + when(mockLogic.getCourse(course.getId())).thenReturn(course); + + String[] params = { + Const.ParamsNames.COURSE_ID, course.getId(), + Const.ParamsNames.LIMIT, String.valueOf(deleteLimit), + }; + + DeleteStudentsAction action = getAction(params); + MessageOutput actionOutput = (MessageOutput) getJsonResult(action).getOutput(); + + assertEquals("Successful", actionOutput.getMessage()); + } + + @Test + void testExecute_randomCourse_failSilently() { + when(mockLogic.getCourse("RANDOM_ID")).thenReturn(null); + + String[] params = { + Const.ParamsNames.COURSE_ID, "RANDOM_ID", + Const.ParamsNames.LIMIT, String.valueOf(deleteLimit), + }; + + DeleteStudentsAction action = getAction(params); + MessageOutput actionOutput = (MessageOutput) getJsonResult(action).getOutput(); + + assertEquals("Successful", actionOutput.getMessage()); + } + + @Test + void testExecute_noParameters_throwsInvalidParametersException() { + verifyHttpParameterFailure(); + } + + @Test + void testSpecificAccessControl_instructorWithPermission_canAccess() { + Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); + InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); + instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, true); + Instructor instructor = new Instructor(course, "name", "instructoremail@tm.tmt", + false, "", null, instructorPrivileges); + + loginAsInstructor(googleId); + when(mockLogic.getCourse(course.getId())).thenReturn(course); + when(mockLogic.getInstructorByGoogleId(course.getId(), googleId)).thenReturn(instructor); + + String[] params = { + Const.ParamsNames.COURSE_ID, course.getId(), + }; + + verifyCanAccess(params); + } + + @Test + void testSpecificAccessControl_instructorWithInvalidPermission_cannotAccess() { + Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); + InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); + instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, false); + Instructor instructor = new Instructor(course, "name", "instructoremail@tm.tmt", + false, "", null, instructorPrivileges); + + loginAsInstructor(googleId); + when(mockLogic.getInstructorByGoogleId(course.getId(), googleId)).thenReturn(instructor); + + String[] params = { + Const.ParamsNames.COURSE_ID, course.getId(), + }; + + verifyCannotAccess(params); + } + + @Test + void testSpecificAccessControl_student_cannotAccess() { + String[] params = { + Const.ParamsNames.COURSE_ID, "course-id", + }; + + loginAsStudent(googleId); + verifyCannotAccess(params); + + logoutUser(); + verifyCannotAccess(params); + } +} From 13b4ab9be29cae12028e28eb64bf082aa0c73607 Mon Sep 17 00:00:00 2001 From: Dhiraputta Pathama Tengara Date: Thu, 30 Jan 2025 18:45:20 +0800 Subject: [PATCH 2/3] Add instructorInDifferentCourse test --- .../webapi/DeleteStudentsActionTest.java | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java b/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java index b7fb665fdd6..afce389dff1 100644 --- a/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java +++ b/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java @@ -94,6 +94,7 @@ void testSpecificAccessControl_instructorWithInvalidPermission_cannotAccess() { false, "", null, instructorPrivileges); loginAsInstructor(googleId); + when(mockLogic.getCourse(course.getId())).thenReturn(course); when(mockLogic.getInstructorByGoogleId(course.getId(), googleId)).thenReturn(instructor); String[] params = { @@ -103,6 +104,26 @@ void testSpecificAccessControl_instructorWithInvalidPermission_cannotAccess() { verifyCannotAccess(params); } + @Test + void testSpecificAccessControl_instructorInDifferentCourse_cannotAccess() { + Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); + InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); + instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, true); + Instructor instructor = new Instructor(course, "name", "instructoremail@tm.tmt", + false, "", null, instructorPrivileges); + + loginAsInstructor(googleId); + when(mockLogic.getCourse(course.getId())).thenReturn(course); + when(mockLogic.getInstructorByGoogleId(course.getId(), "instructor-googleId")).thenReturn(instructor); + + String[] params = { + Const.ParamsNames.COURSE_ID, course.getId(), + Const.ParamsNames.INSTRUCTOR_ID, "instructor-googleId", + }; + + verifyCannotAccess(params); + } + @Test void testSpecificAccessControl_student_cannotAccess() { String[] params = { From 3bd52f2e77ab673d1a3f84406ed3663a94cd8dcf Mon Sep 17 00:00:00 2001 From: Dhiraputta Pathama Tengara Date: Thu, 30 Jan 2025 19:44:01 +0800 Subject: [PATCH 3/3] Abstract the code --- .../webapi/DeleteStudentsActionTest.java | 71 ++++++++++--------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java b/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java index afce389dff1..e660e73575a 100644 --- a/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java +++ b/src/test/java/teammates/sqlui/webapi/DeleteStudentsActionTest.java @@ -2,10 +2,12 @@ import static org.mockito.Mockito.when; +import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; import teammates.common.datatransfer.InstructorPrivileges; import teammates.common.util.Const; +import teammates.storage.sqlentity.Account; import teammates.storage.sqlentity.Course; import teammates.storage.sqlentity.Instructor; import teammates.ui.output.MessageOutput; @@ -16,8 +18,9 @@ */ public class DeleteStudentsActionTest extends BaseActionTest { - String googleId = "user-googleId"; - int deleteLimit = 3; + private static final int DELETE_LIMIT = 3; + private Course course; + private Instructor instructor; @Override protected String getActionUri() { @@ -29,15 +32,35 @@ protected String getRequestMethod() { return DELETE; } - @Test - void testExecute_deleteLimitedStudents_success() { - Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); + @BeforeMethod + void setUp() { + course = new Course("course-id", "Course Name", Const.DEFAULT_TIME_ZONE, "institute"); + instructor = setupInstructor("instructor-googleId", "name", "instructoremail@tm.tmt"); + + setupMockLogic(); + } + + private Instructor setupInstructor(String googleId, String name, String email) { + Account account = new Account(googleId, name, email); + InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); + instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, true); + Instructor instructor = new Instructor(course, name, email, + false, "", null, instructorPrivileges); + instructor.setAccount(account); + return instructor; + } + + private void setupMockLogic() { when(mockLogic.getCourse(course.getId())).thenReturn(course); + when(mockLogic.getInstructorByGoogleId(course.getId(), instructor.getGoogleId())).thenReturn(instructor); + } + @Test + void testExecute_deleteLimitedStudents_success() { String[] params = { Const.ParamsNames.COURSE_ID, course.getId(), - Const.ParamsNames.LIMIT, String.valueOf(deleteLimit), + Const.ParamsNames.LIMIT, String.valueOf(DELETE_LIMIT), }; DeleteStudentsAction action = getAction(params); @@ -52,7 +75,7 @@ void testExecute_randomCourse_failSilently() { String[] params = { Const.ParamsNames.COURSE_ID, "RANDOM_ID", - Const.ParamsNames.LIMIT, String.valueOf(deleteLimit), + Const.ParamsNames.LIMIT, String.valueOf(DELETE_LIMIT), }; DeleteStudentsAction action = getAction(params); @@ -68,15 +91,7 @@ void testExecute_noParameters_throwsInvalidParametersException() { @Test void testSpecificAccessControl_instructorWithPermission_canAccess() { - Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); - InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); - instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, true); - Instructor instructor = new Instructor(course, "name", "instructoremail@tm.tmt", - false, "", null, instructorPrivileges); - - loginAsInstructor(googleId); - when(mockLogic.getCourse(course.getId())).thenReturn(course); - when(mockLogic.getInstructorByGoogleId(course.getId(), googleId)).thenReturn(instructor); + loginAsInstructor(instructor.getGoogleId()); String[] params = { Const.ParamsNames.COURSE_ID, course.getId(), @@ -87,15 +102,11 @@ void testSpecificAccessControl_instructorWithPermission_canAccess() { @Test void testSpecificAccessControl_instructorWithInvalidPermission_cannotAccess() { - Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, false); - Instructor instructor = new Instructor(course, "name", "instructoremail@tm.tmt", - false, "", null, instructorPrivileges); + instructor.setPrivileges(instructorPrivileges); - loginAsInstructor(googleId); - when(mockLogic.getCourse(course.getId())).thenReturn(course); - when(mockLogic.getInstructorByGoogleId(course.getId(), googleId)).thenReturn(instructor); + loginAsInstructor(instructor.getGoogleId()); String[] params = { Const.ParamsNames.COURSE_ID, course.getId(), @@ -106,19 +117,11 @@ void testSpecificAccessControl_instructorWithInvalidPermission_cannotAccess() { @Test void testSpecificAccessControl_instructorInDifferentCourse_cannotAccess() { - Course course = new Course("course-id", "name", Const.DEFAULT_TIME_ZONE, "institute"); - InstructorPrivileges instructorPrivileges = new InstructorPrivileges(); - instructorPrivileges.updatePrivilege(Const.InstructorPermissions.CAN_MODIFY_STUDENT, true); - Instructor instructor = new Instructor(course, "name", "instructoremail@tm.tmt", - false, "", null, instructorPrivileges); - - loginAsInstructor(googleId); - when(mockLogic.getCourse(course.getId())).thenReturn(course); - when(mockLogic.getInstructorByGoogleId(course.getId(), "instructor-googleId")).thenReturn(instructor); + loginAsInstructor("instructor2-googleId"); String[] params = { Const.ParamsNames.COURSE_ID, course.getId(), - Const.ParamsNames.INSTRUCTOR_ID, "instructor-googleId", + Const.ParamsNames.INSTRUCTOR_ID, instructor.getGoogleId(), }; verifyCannotAccess(params); @@ -127,10 +130,10 @@ void testSpecificAccessControl_instructorInDifferentCourse_cannotAccess() { @Test void testSpecificAccessControl_student_cannotAccess() { String[] params = { - Const.ParamsNames.COURSE_ID, "course-id", + Const.ParamsNames.COURSE_ID, course.getId(), }; - loginAsStudent(googleId); + loginAsStudent("student-googleId"); verifyCannotAccess(params); logoutUser();