fix: model view set test case #60
Conversation
There was a problem hiding this comment.
Reviewed 22 of 22 files at r1, all commit messages.
Reviewable status: all files reviewed, 6 unresolved discussions (waiting on @SKairinos)
codeforlife/user/serializers/school.py line 29 at r1 (raw file):
"id": instance.id, "name": instance.name, "country": str(instance.country),
Why do you stringify this?
codeforlife/user/serializers/student.py line 27 at r1 (raw file):
"id": instance.id, "klass": instance.class_field.access_code, "school": instance.class_field.teacher.school.pk,
school isn't listed in the fields, is this OK?
codeforlife/user/serializers/user.py line 31 at r1 (raw file):
"teacher", "id", "password",
I thought the issue with __all__ was that it included fields like password yet it's still here?
codeforlife/user/tests/views/test_user.py line 266 at r1 (raw file):
) self.client.retrieve(other_user, status.HTTP_404_NOT_FOUND)
Confused as to why a student can't retrieve their own teacher?
codeforlife/user/tests/views/test_user.py line 449 at r1 (raw file):
def test_list__teacher(self): """ Teacher can list all the users in the same school.
Teacher should only be allowed to list all teachers in the same school & all students in their classes.
Only admin teachers can list all the users in the same school.
codeforlife/user/tests/views/test_user.py line 479 at r1 (raw file):
def test_list__student(self): """ Student can list only themself.
Can't student list all users in their class? ie classmates + teacher?
There was a problem hiding this comment.
Reviewable status: 20 of 22 files reviewed, 6 unresolved discussions (waiting on @faucomte97)
codeforlife/user/serializers/school.py line 29 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
Why do you stringify this?
yes. otherwise JSON cannot serialize this object.
codeforlife/user/serializers/student.py line 27 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
schoolisn't listed in thefields, is this OK?
no. it should be. fixed.
codeforlife/user/serializers/user.py line 31 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
I thought the issue with
__all__was that it included fields likepasswordyet it's still here?
password needs to be added in the fields so you can PATCH your password. however, down below in extra_kwargs I specify password is write_only=True (cannnot read)
codeforlife/user/tests/views/test_user.py line 266 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
Confused as to why a student can't retrieve their own teacher?
I think it's just because no where in the app do we allow students to see their class' teacher. We can change this later if need be but I disallowed it for now as I'm trying to follow the principal of minimal privilege/access.
codeforlife/user/tests/views/test_user.py line 449 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
Teacher should only be allowed to list all teachers in the same school & all students in their classes.
Only admin teachers can list all the users in the same school.
The test does check that. Just the test description was wrong
codeforlife/user/tests/views/test_user.py line 479 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
Can't student list all users in their class? ie classmates + teacher?
yes! fixed!
There was a problem hiding this comment.
Reviewed 2 of 2 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @SKairinos)
codeforlife/user/tests/views/test_user.py line 266 at r1 (raw file):
Previously, SKairinos (Stefan Kairinos) wrote…
I think it's just because no where in the app do we allow students to see their class' teacher. We can change this later if need be but I disallowed it for now as I'm trying to follow the principal of minimal privilege/access.
They can in rapid router because they can see custom levels created by their teacher and they can share created levels with their teacher. Can add a to-do if we don't want to allow it yet
codeforlife/user/tests/views/test_user.py line 479 at r1 (raw file):
Previously, SKairinos (Stefan Kairinos) wrote…
yes! fixed!
Adding a note that this still doesn't include the teachers (unless I'm wrong)
There was a problem hiding this comment.
Reviewable status: 20 of 23 files reviewed, 1 unresolved discussion (waiting on @faucomte97)
codeforlife/user/tests/views/test_user.py line 266 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
They can in rapid router because they can see custom levels created by their teacher and they can share created levels with their teacher. Can add a to-do if we don't want to allow it yet
if that's the case, you're right. fixed.
codeforlife/user/tests/views/test_user.py line 479 at r1 (raw file):
Previously, faucomte97 (Florian Aucomte) wrote…
Adding a note that this still doesn't include the teachers (unless I'm wrong)
Fixed.
There was a problem hiding this comment.
Reviewed 3 of 3 files at r3, all commit messages.
Reviewable status:complete! all files reviewed, all discussions resolved (waiting on @SKairinos)
There was a problem hiding this comment.
Reviewable status:
There was a problem hiding this comment.
Reviewed 3 of 3 files at r4, all commit messages.
Reviewable status:
This change is