Test team validation

apps/participation/tests.py

@@ -5,11 +5,17 @@ from django.test import TestCase
 from django.urls import reverse
 from registration.models import StudentRegistration
 
-from .models import Participation, Question, Team, Video
+from .models import Participation, Question, Team
 
 
 class TestStudentParticipation(TestCase):
     def setUp(self) -> None:
+        self.superuser = User.objects.create_superuser(
+            username="admin",
+            email="admin@example.com",
+            password="toto1234",
+        )
+
         self.user = User.objects.create(
             first_name="Toto",
             last_name="Toto",
@@ -33,16 +39,31 @@ class TestStudentParticipation(TestCase):
                                                 question="Pourquoi l'existence précède l'essence ?")
         self.client.force_login(self.user)
 
+        self.second_user = User.objects.create(
+            first_name="Lalala",
+            last_name="Lalala",
+            email="lalala@example.com",
+            password="lalala",
+        )
+        StudentRegistration.objects.create(
+            user=self.second_user,
+            student_class=11,
+            school="Moon",
+            give_contact_to_animath=True,
+            email_confirmed=True,
+        )
+        self.second_team = Team.objects.create(
+            name="Poor team",
+            trigram="FFF",
+            access_code="qwerty",
+            grant_animath_access_videos=True,
+        )
+
     def test_admin_pages(self):
         """
         Load Django-admin pages.
         """
-        superuser = User.objects.create_superuser(
+        self.client.force_login(self.superuser)
-            username="admin",
-            email="admin@example.com",
-            password="toto1234",
-        )
-        self.client.force_login(superuser)
 
         # Test team pages
         response = self.client.get(reverse("admin:index") + "participation/team/")
@@ -173,6 +194,161 @@ class TestStudentParticipation(TestCase):
         response = self.client.get(reverse("participation:team_detail", args=(self.team.pk,)))
         self.assertEqual(response.status_code, 200)
 
+        # Can't see other teams
+        self.second_user.registration.team = self.second_team
+        self.second_user.registration.save()
+        self.client.force_login(self.second_user)
+        response = self.client.get(reverse("participation:team_detail", args=(self.team.participation.pk,)))
+        self.assertEqual(response.status_code, 403)
+
+    def test_request_validate_team(self):
+        """
+        The team ask for validation.
+        """
+        self.user.registration.team = self.team
+        self.user.registration.save()
+
+        second_user = User.objects.create(
+            first_name="Blublu",
+            last_name="Blublu",
+            email="blublu@example.com",
+            password="blublu",
+        )
+        StudentRegistration.objects.create(
+            user=second_user,
+            student_class=12,
+            school="Jupiter",
+            give_contact_to_animath=True,
+            email_confirmed=True,
+            team=self.team,
+            photo_authorization="authorization/photo/mai-linh",
+        )
+
+        third_user = User.objects.create(
+            first_name="Zupzup",
+            last_name="Zupzup",
+            email="zupzup@example.com",
+            password="zupzup",
+        )
+        StudentRegistration.objects.create(
+            user=third_user,
+            student_class=10,
+            school="Sun",
+            give_contact_to_animath=False,
+            email_confirmed=True,
+            team=self.team,
+            photo_authorization="authorization/photo/yohann",
+        )
+
+        self.client.force_login(self.superuser)
+        # Admin users can't ask for validation
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="RequestValidationForm",
+            engagement=True,
+        ))
+        self.assertEqual(resp.status_code, 200)
+
+        self.client.force_login(self.user)
+
+        self.assertIsNone(self.team.participation.valid)
+
+        resp = self.client.get(reverse("participation:team_detail", args=(self.team.pk,)))
+        self.assertEqual(resp.status_code, 200)
+        self.assertFalse(resp.context["can_validate"])
+        # Can't validate
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="RequestValidationForm",
+            engagement=True,
+        ))
+        self.assertEqual(resp.status_code, 200)
+
+        self.user.registration.photo_authorization = "authorization/photo/ananas"
+        self.user.registration.save()
+
+        resp = self.client.get(reverse("participation:team_detail", args=(self.team.pk,)))
+        self.assertEqual(resp.status_code, 200)
+        self.assertFalse(resp.context["can_validate"])
+
+        self.team.participation.problem = 2
+        self.team.participation.save()
+
+        resp = self.client.get(reverse("participation:team_detail", args=(self.team.pk,)))
+        self.assertEqual(resp.status_code, 200)
+        self.assertTrue(resp.context["can_validate"])
+
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="RequestValidationForm",
+            engagement=True,
+        ))
+        self.assertRedirects(resp, reverse("participation:team_detail", args=(self.team.pk,)), 302, 200)
+        self.team.participation.refresh_from_db()
+        self.assertFalse(self.team.participation.valid)
+        self.assertIsNotNone(self.team.participation.valid)
+
+        # Team already asked for validation
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="RequestValidationForm",
+            engagement=True,
+        ))
+        self.assertEqual(resp.status_code, 200)
+
+    def test_validate_team(self):
+        """
+        A team asked for validation. Try to validate it.
+        """
+        self.team.participation.valid = False
+        self.team.participation.save()
+
+        # No right to do that
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="ValidateParticipationForm",
+            message="J'ai 4 ans",
+            validate=True,
+        ))
+        self.assertEqual(resp.status_code, 200)
+
+        self.client.force_login(self.superuser)
+
+        resp = self.client.get(reverse("participation:team_detail", args=(self.team.pk,)))
+        self.assertEqual(resp.status_code, 200)
+
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="ValidateParticipationForm",
+            message="Woops I didn't said anything",
+        ))
+        self.assertEqual(resp.status_code, 200)
+
+        # Test invalidate team
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="ValidateParticipationForm",
+            message="Wsh nope",
+            invalidate=True,
+        ))
+        self.assertRedirects(resp, reverse("participation:team_detail", args=(self.team.pk,)), 302, 200)
+        self.team.participation.refresh_from_db()
+        self.assertIsNone(self.team.participation.valid)
+
+        # Team did not ask validation
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="ValidateParticipationForm",
+            message="Bienvenue ça va être trop cool",
+            validate=True,
+        ))
+        self.assertEqual(resp.status_code, 200)
+
+        self.team.participation.valid = False
+        self.team.participation.save()
+
+        # Test validate team
+        resp = self.client.post(reverse("participation:team_detail", args=(self.team.pk,)), data=dict(
+            _form_type="ValidateParticipationForm",
+            message="Bienvenue ça va être trop cool",
+            validate=True,
+        ))
+        self.assertRedirects(resp, reverse("participation:team_detail", args=(self.team.pk,)), 302, 200)
+        self.team.participation.refresh_from_db()
+        self.assertTrue(self.team.participation.valid)
+
     def test_update_team(self):
         """
         Try to update team information.
@@ -215,6 +391,7 @@ class TestStudentParticipation(TestCase):
         self.user.registration.team = self.team
         self.user.registration.save()
 
+        # Can't see the participation if it is not valid
         response = self.client.get(reverse("participation:my_participation_detail"))
         self.assertRedirects(response,
                              reverse("participation:participation_detail", args=(self.team.participation.pk,)),
@@ -230,6 +407,13 @@ class TestStudentParticipation(TestCase):
         response = self.client.get(reverse("participation:participation_detail", args=(self.team.participation.pk,)))
         self.assertEqual(response.status_code, 200)
 
+        # Can't see other participations
+        self.second_user.registration.team = self.second_team
+        self.second_user.registration.save()
+        self.client.force_login(self.second_user)
+        response = self.client.get(reverse("participation:participation_detail", args=(self.team.participation.pk,)))
+        self.assertEqual(response.status_code, 403)
+
     def test_upload_video(self):
         """
         Try to send a solution video link.

apps/participation/views.py

@@ -144,7 +144,8 @@ class TeamDetailView(LoginRequiredMixin, FormMixin, ProcessFormView, DetailView)
         user = request.user
         self.object = self.get_object()
         # Ensure that the user is an admin or a member of the team
-        if user.registration.is_admin or user.registration.participates and user.registration.team.pk == kwargs["pk"]:
+        if user.registration.is_admin or user.registration.participates and \
+                user.registration.team and user.registration.team.pk == kwargs["pk"]:
             return super().get(request, *args, **kwargs)
         raise PermissionDenied
 
@@ -171,7 +172,6 @@ class TeamDetailView(LoginRequiredMixin, FormMixin, ProcessFormView, DetailView)
             return RequestValidationForm
         elif self.request.POST["_form_type"] == "ValidateParticipationForm":
             return ValidateParticipationForm
-        return None
 
     def form_valid(self, form):
         self.object = self.get_object()
@@ -182,6 +182,13 @@ class TeamDetailView(LoginRequiredMixin, FormMixin, ProcessFormView, DetailView)
             if self.object.participation.valid is not None:
                 form.add_error(None, _("The validation of the team is already done or pending."))
                 return self.form_invalid(form)
+            if not (self.object.students.count() >= 3 and
+                    all(r.email_confirmed for r in self.object.students.all()) and
+                    all(r.photo_authorization for r in self.object.students.all()) and
+                    self.object.participation.problem):
+                form.add_error(None, _("The team can't be validated: missing email address confirmations, "
+                                       "photo authorizations, people or the chosen problem is not set."))
+                return self.form_invalid(form)
 
             self.object.participation.valid = False
             self.object.participation.save()
@@ -218,7 +225,7 @@ class TeamDetailView(LoginRequiredMixin, FormMixin, ProcessFormView, DetailView)
                 form.add_error(None, _("You must specify if you validate the registration or not."))
                 return self.form_invalid(form)
 
-        return super().form_invalid(form)
+        return super().form_valid(form)
 
     def get_success_url(self):
         return self.request.path
@@ -347,6 +354,7 @@ class ParticipationDetailView(LoginRequiredMixin, DetailView):
         if not self.get_object().valid:
             raise PermissionDenied(_("The team is not validated yet."))
         if user.registration.is_admin or user.registration.participates \
+                and user.registration.team.participation \
                 and user.registration.team.participation.pk == kwargs["pk"]:
             return super().dispatch(request, *args, **kwargs)
         raise PermissionDenied