Support filtering team membership

Adds tests and functionality to support filtering the results returned from team_membership endpoint with optional course_id parameter. Will return 400 Bad Request in the event that the given course_id does not match up with the provided team_id (team.course_id does not match), or if the user is not enrolled in the course given. Documentation has been added to the relevant API page on the wiki: https://openedx.atlassian.net/wiki/display/TNL/Team+API

Support filtering team membership
Adds tests and functionality to support filtering the results returned from team_membership endpoint with optional course_id parameter. Will return 400 Bad Request in the event that the given course_id does not match up with the provided team_id (team.course_id does not match), or if the user is not enrolled in the course given. Documentation has been added to the relevant API page on the wiki: https://openedx.atlassian.net/wiki/display/TNL/Team+API
57d49b0a · Eric Fischer · f785ae46 · 57d49b0a · 57d49b0a · 57d49b0a
Commit 57d49b0a authored Aug 12, 2015 by Eric Fischer
Hide whitespace changes
Inline Side-by-side

Showing with 65 additions and 7 deletions

AUTHORS
+1 -0

lms/djangoapps/teams/tests/test_views.py
+42 -0

lms/djangoapps/teams/views.py
+22 -7

No files found.
--- a/AUTHORS
+++ b/AUTHORS
@@ -231,3 +231,4 @@ Vedran Karačić <vedran@edx.org>
 William Ono <william.ono@ubc.ca>
 Dongwook Yoon <dy252@cornell.edu>
 Awais Qureshi <awais.qureshi@arbisoft.com>
+Eric Fischer <efischer@edx.org>
--- a/lms/djangoapps/teams/tests/test_views.py
+++ b/lms/djangoapps/teams/tests/test_views.py
@@ -198,6 +198,14 @@ class TeamAPITestCase(APITestCase, SharedModuleStoreTestCase):
            topic_id='topic_6'
        )

+        self.test_team_name_id_map = {team.name: team for team in (
+            self.test_team_1,
+            self.test_team_2,
+            self.test_team_3,
+            self.test_team_4,
+            self.test_team_5,
+        )}
+
        for user, course in [('staff', self.test_course_1), ('course_staff', self.test_course_1)]:
            CourseEnrollment.enroll(
                self.users[user], course.id, check_access=True
@@ -777,6 +785,40 @@ class TestListMembershipAPI(TeamAPITestCase):
            else:
                self.assertEqual(membership['count'], 0)

+    @ddt.data(
+        ('student_enrolled_both_courses_other_team', 'TestX/TS101/Test_Course', 200, 'Nuclear Team'),
+        ('student_enrolled_both_courses_other_team', 'MIT/6.002x/Circuits', 200, 'Another Team'),
+        ('student_enrolled', 'TestX/TS101/Test_Course', 200, u'sólar team'),
+        ('student_enrolled', 'MIT/6.002x/Circuits', 400, ''),
+    )
+    @ddt.unpack
+    def test_course_filter_with_username(self, user, course_id, status, team_name):
+        membership = self.get_membership_list(
+            status,
+            {
+                'username': self.users[user],
+                'course_id': course_id
+            },
+            user=user
+        )
+        if status == 200:
+            self.assertEqual(membership['count'], 1)
+            self.assertEqual(membership['results'][0]['team']['team_id'], self.test_team_name_id_map[team_name].team_id)
+
+    @ddt.data(
+        ('TestX/TS101/Test_Course', 200),
+        ('MIT/6.002x/Circuits', 400),
+    )
+    @ddt.unpack
+    def test_course_filter_with_team_id(self, course_id, status):
+        membership = self.get_membership_list(status, {'team_id': self.test_team_1.team_id, 'course_id': course_id})
+        if status == 200:
+            self.assertEqual(membership['count'], 1)
+            self.assertEqual(membership['results'][0]['team']['team_id'], self.test_team_1.team_id)
+
+    def test_bad_course_id(self):
+        self.get_membership_list(404, {'course_id': 'no_such_course'})
+
    def test_no_username_or_team_id(self):
        self.get_membership_list(400, {})


--- a/lms/djangoapps/teams/views.py
+++ b/lms/djangoapps/teams/views.py
@@ -793,8 +793,17 @@ class MembershipListView(ExpandableFieldViewMixin, GenericAPIView):
        """GET /api/team/v0/team_membership"""
        specified_username_or_team = False
        username = None
-        valid_courses = None
        team_id = None
+        requested_course_id = None
+        requested_course_key = None
+        accessible_course_ids = None
+
+        if 'course_id' in request.QUERY_PARAMS:
+            requested_course_id = request.QUERY_PARAMS['course_id']
+            try:
+                requested_course_key = CourseKey.from_string(requested_course_id)
+            except InvalidKeyError:
+                return Response(status=status.HTTP_404_NOT_FOUND)

        if 'team_id' in request.QUERY_PARAMS:
            specified_username_or_team = True
@@ -803,6 +812,8 @@ class MembershipListView(ExpandableFieldViewMixin, GenericAPIView):
                team = CourseTeam.objects.get(team_id=team_id)
            except CourseTeam.DoesNotExist:
                return Response(status=status.HTTP_404_NOT_FOUND)
+            if requested_course_key is not None and requested_course_key != team.course_id:
+                return Response(status=status.HTTP_400_BAD_REQUEST)
            if not has_team_api_access(request.user, team.course_id):
                return Response(status=status.HTTP_404_NOT_FOUND)

@@ -816,11 +827,9 @@ class MembershipListView(ExpandableFieldViewMixin, GenericAPIView):
                staff_courses = (
                    CourseAccessRole.objects.filter(user=request.user, role='staff').values_list('course_id', flat=True)
                )
-                valid_courses = [
-                    CourseKey.from_string(course_key_string)
-                    for course_list in [enrolled_courses, staff_courses]
-                    for course_key_string in course_list
-                ]
+                accessible_course_ids = [item for sublist in (enrolled_courses, staff_courses) for item in sublist]
+                if requested_course_id is not None and requested_course_id not in accessible_course_ids:
+                    return Response(status=status.HTTP_400_BAD_REQUEST)

        if not specified_username_or_team:
            return Response(
@@ -828,7 +837,13 @@ class MembershipListView(ExpandableFieldViewMixin, GenericAPIView):
                status=status.HTTP_400_BAD_REQUEST
            )

-        queryset = CourseTeamMembership.get_memberships(username, valid_courses, team_id)
+        course_keys = None
+        if requested_course_key is not None:
+            course_keys = [requested_course_key]
+        elif accessible_course_ids is not None:
+            course_keys = [CourseKey.from_string(course_string) for course_string in accessible_course_ids]
+
+        queryset = CourseTeamMembership.get_memberships(username, course_keys, team_id)
        page = self.paginate_queryset(queryset)
        serializer = self.get_pagination_serializer(page)
        return Response(serializer.data)  # pylint: disable=maybe-no-member