Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
edx-proctoring
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
edx-proctoring
Commits
7d3e29a6
Commit
7d3e29a6
authored
Aug 14, 2015
by
Chris Dodge
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
enforce staff only access on attempt collection endpoint
parent
b956a555
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
38 additions
and
0 deletions
+38
-0
edx_proctoring/tests/test_views.py
+29
-0
edx_proctoring/views.py
+9
-0
No files found.
edx_proctoring/tests/test_views.py
View file @
7d3e29a6
...
@@ -814,6 +814,35 @@ class TestStudentProctoredExamAttempt(LoggedInTestCase):
...
@@ -814,6 +814,35 @@ class TestStudentProctoredExamAttempt(LoggedInTestCase):
response_data
=
json
.
loads
(
response
.
content
)
response_data
=
json
.
loads
(
response
.
content
)
self
.
assertEqual
(
len
(
response_data
[
'proctored_exam_attempts'
]),
1
)
self
.
assertEqual
(
len
(
response_data
[
'proctored_exam_attempts'
]),
1
)
def
test_exam_attempts_not_staff
(
self
):
"""
Test to get the exam attempts in a course.
"""
# Create an exam.
proctored_exam
=
ProctoredExam
.
objects
.
create
(
course_id
=
'a/b/c'
,
content_id
=
'test_content'
,
exam_name
=
'Test Exam'
,
external_id
=
'123aXqe3'
,
time_limit_mins
=
90
)
attempt_data
=
{
'exam_id'
:
proctored_exam
.
id
,
'user_id'
:
self
.
student_taking_exam
.
id
,
'external_id'
:
proctored_exam
.
external_id
}
response
=
self
.
client
.
post
(
reverse
(
'edx_proctoring.proctored_exam.attempt.collection'
),
attempt_data
)
url
=
reverse
(
'edx_proctoring.proctored_exam.attempt'
,
kwargs
=
{
'course_id'
:
proctored_exam
.
course_id
})
self
.
user
.
is_staff
=
False
self
.
user
.
save
()
response
=
self
.
client
.
get
(
url
)
self
.
assertEqual
(
response
.
status_code
,
403
)
def
test_get_filtered_exam_attempts
(
self
):
def
test_get_filtered_exam_attempts
(
self
):
"""
"""
Test to get the exam attempts in a course.
Test to get the exam attempts in a course.
...
...
edx_proctoring/views.py
View file @
7d3e29a6
...
@@ -443,6 +443,15 @@ class StudentProctoredExamAttemptCollection(AuthenticatedAPIView):
...
@@ -443,6 +443,15 @@ class StudentProctoredExamAttemptCollection(AuthenticatedAPIView):
HTTP GET Handler. Returns the status of the exam attempt.
HTTP GET Handler. Returns the status of the exam attempt.
"""
"""
if
course_id
is
not
None
:
if
course_id
is
not
None
:
#
# This code path is only for authenticated global staff users
#
if
not
request
.
user
.
is_staff
:
return
Response
(
status
=
status
.
HTTP_403_FORBIDDEN
,
data
=
{
"detail"
:
"Must be a Staff User to Perform this request."
}
)
if
search_by
is
not
None
:
if
search_by
is
not
None
:
exam_attempts
=
get_filtered_exam_attempts
(
course_id
,
search_by
)
exam_attempts
=
get_filtered_exam_attempts
(
course_id
,
search_by
)
attempt_url
=
reverse
(
'edx_proctoring.proctored_exam.attempt.search'
,
args
=
[
course_id
,
search_by
])
attempt_url
=
reverse
(
'edx_proctoring.proctored_exam.attempt.search'
,
args
=
[
course_id
,
search_by
])
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
