Merge pull request #694 from isaacphysics/feature/anon-users-list-quizzes

Let anonymous users list student-visible quizzes

Author: jsharkey13

src/main/java/uk/ac/cam/cl/dtg/isaac/api/QuizFacade.java

@@ -37,6 +37,7 @@
 import uk.ac.cam.cl.dtg.isaac.dos.QuizFeedbackMode;
 import uk.ac.cam.cl.dtg.isaac.dos.content.Content;
 import uk.ac.cam.cl.dtg.isaac.dos.content.Question;
+import uk.ac.cam.cl.dtg.isaac.dos.users.Role;
 import uk.ac.cam.cl.dtg.isaac.dto.AssignmentStatusDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.IsaacQuestionBaseDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.IsaacQuizDTO;
@@ -54,6 +55,7 @@
 import uk.ac.cam.cl.dtg.isaac.dto.content.ContentBaseDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.content.ContentSummaryDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.content.DetailedQuizSummaryDTO;
+import uk.ac.cam.cl.dtg.isaac.dto.users.AbstractSegueUserDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.users.RegisteredUserDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.users.UserSummaryDTO;
 import uk.ac.cam.cl.dtg.segue.api.ErrorResponseWrapper;
@@ -161,7 +163,7 @@ public QuizFacade(final AbstractConfigLoader properties, final ILogManager logMa
     /**
      * Get quizzes visible to this user, starting from index 0.
      *
-     * Anonymous users can't see quizzes.
+     * See {@link #getAvailableQuizzes(Request, HttpServletRequest, Integer)}.
      *
      * @return a Response containing a list of ContentSummaryDTO for the visible quizzes.
      */
@@ -176,7 +178,7 @@ public final Response getAvailableQuizzes(@Context final Request request, @Conte
     /**
      * Get quizzes visible to this user, starting from the specified index.
      *
-     * Anonymous users can't see quizzes.
+     * Anonymous users can't view or take quizzes, but can list STUDENT quizzes using this endpoint.
      *
      * @param request            the Request needed for ETag checking.
      * @param httpServletRequest the Request needed for Cookies for the current user.
@@ -187,17 +189,21 @@ public final Response getAvailableQuizzes(@Context final Request request, @Conte
     @Path("/available/{startIndex}")
     @Produces(MediaType.APPLICATION_JSON)
     @GZIP
-    @Operation(summary = "Get tests visible to this user, from the specified index.")
+    @Operation(summary = "Get tests visible to this user, from the specified index.",
+               description = "Anonymous users can list student quizzes, but cannot take them.")
     public final Response getAvailableQuizzes(@Context final Request request,
                                               @Context final HttpServletRequest httpServletRequest,
                                               @PathParam("startIndex") final Integer startIndex) {
         try {
-            RegisteredUserDTO user = this.userManager.getCurrentRegisteredUser(httpServletRequest);
 
-            String userRoleString = user.getRole().name();
+            String userRoleString = Role.STUDENT.name();  // Allow anonymous users to list STUDENT quizzes.
+            AbstractSegueUserDTO currentUser = userManager.getCurrentUser(httpServletRequest);
+            if (currentUser instanceof RegisteredUserDTO) {
+                userRoleString = ((RegisteredUserDTO) currentUser).getRole().name();
+            }
 
             // Cache the list of quizzes based on current content version, user's role, and startIndex:
-            int etagValue = this.contentManager.getCurrentContentSHA().hashCode() + user.getRole().hashCode();
+            int etagValue = this.contentManager.getCurrentContentSHA().hashCode() + userRoleString.hashCode();
             if (null != startIndex) {
                 etagValue += startIndex;
             }
@@ -220,8 +226,10 @@ public final Response getAvailableQuizzes(@Context final Request request,
             String message = "ContentManagerException whilst getting available tests";
             log.error(message, e);
             return new SegueErrorResponse(Status.INTERNAL_SERVER_ERROR, message).toResponse();
-        } catch (NoUserLoggedInException e) {
-            return SegueErrorResponse.getNotLoggedInResponse();
+        } catch (SegueDatabaseException e) {
+            String message = "Database error whilst getting available tests";
+            log.error(message, e);
+            return new SegueErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, message).toResponse();
         }
     }
 
@@ -256,7 +264,7 @@ public final Response getAssignedQuizzes(@Context final HttpServletRequest reque
             return Response.ok(assignments)
                     .cacheControl(getCacheControl(NEVER_CACHE_WITHOUT_ETAG_CHECK, false)).build();
         } catch (SegueDatabaseException e) {
-            String message = "SegueDatabaseException whilst getting available tests";
+            String message = "Database error whilst getting available tests";
             log.error(message, e);
             return new SegueErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, message).toResponse();
         } catch (NoUserLoggedInException e) {
@@ -287,7 +295,7 @@ public final Response getFreeAttempts(@Context final HttpServletRequest request)
             return Response.ok(attempts)
                     .cacheControl(getCacheControl(NEVER_CACHE_WITHOUT_ETAG_CHECK, false)).build();
         } catch (SegueDatabaseException e) {
-            String message = "SegueDatabaseException whilst getting available tests";
+            String message = "Database error whilst getting available tests";
             log.error(message, e);
             return new SegueErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, message).toResponse();
         } catch (NoUserLoggedInException e) {

src/test/java/uk/ac/cam/cl/dtg/isaac/IsaacTest.java

@@ -38,6 +38,7 @@
 import uk.ac.cam.cl.dtg.isaac.dto.ResultsWrapper;
 import uk.ac.cam.cl.dtg.isaac.dto.UserGroupDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.content.QuizSummaryDTO;
+import uk.ac.cam.cl.dtg.isaac.dto.users.AnonymousUserDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.users.RegisteredUserDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.users.UserSummaryWithEmailAddressDTO;
 import uk.ac.cam.cl.dtg.segue.api.managers.GroupManager;
@@ -86,6 +87,7 @@ public class IsaacTest {
     protected RegisteredUserDTO secondTeacher;
     protected RegisteredUserDTO otherTeacher;
     protected RegisteredUserDTO noone;
+    protected AnonymousUserDTO anonUser;
     protected RegisteredUserDTO secondStudent;
     protected RegisteredUserDTO otherStudent;
     protected RegisteredUserDTO adminUser;
@@ -190,6 +192,7 @@ protected void initializeIsaacObjects() {
         otherTeacher.setId(++id);
 
         noone = null;
+        anonUser = new AnonymousUserDTO("fake-session-id");
 
         secondStudent = new RegisteredUserDTO("Second", "Student", "second-student@test.com", EmailVerificationStatus.VERIFIED, somePastDate, Gender.FEMALE, somePastDate, "", null, false);
         secondStudent.setRole(Role.STUDENT);

src/test/java/uk/ac/cam/cl/dtg/isaac/api/AbstractFacadeTest.java

@@ -17,21 +17,21 @@
 
 import com.google.api.client.util.Maps;
 import com.google.common.base.Joiner;
-import jakarta.ws.rs.core.Request;
 import org.junit.Before;
 import org.junit.runner.RunWith;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import uk.ac.cam.cl.dtg.isaac.IsaacTest;
-import uk.ac.cam.cl.dtg.segue.api.managers.UserAccountManager;
-import uk.ac.cam.cl.dtg.segue.auth.exceptions.NoUserLoggedInException;
 import uk.ac.cam.cl.dtg.isaac.dto.SegueErrorResponse;
 import uk.ac.cam.cl.dtg.isaac.dto.users.RegisteredUserDTO;
 import uk.ac.cam.cl.dtg.isaac.dto.users.UserSummaryDTO;
+import uk.ac.cam.cl.dtg.segue.api.managers.UserAccountManager;
+import uk.ac.cam.cl.dtg.segue.auth.exceptions.NoUserLoggedInException;
 
 import jakarta.annotation.Nullable;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.core.Request;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.Status;
 import java.util.ArrayList;
@@ -105,7 +105,7 @@ public void abstractFacadeTestSetup() {
         request = createNiceMock(Request.class);  // We don't particularly care about what gets called on this.
         replay(request);
 
-        userManager = createPartialMock(UserAccountManager.class, "getCurrentRegisteredUser", "convertToUserSummaryObject", "getUserDTOById");
+        userManager = createPartialMock(UserAccountManager.class, "getCurrentUser", "getCurrentRegisteredUser", "convertToUserSummaryObject", "getUserDTOById");
 
         registerDefaultsFor(userManager, m -> {
             expect(m.convertToUserSummaryObject(anyObject(RegisteredUserDTO.class))).andStubAnswer(() -> {
@@ -428,9 +428,11 @@ private void runSteps(Endpoint endpoint) {
         private void runStepsAs(@Nullable RegisteredUserDTO user, Endpoint endpoint) {
             withMock(userManager, m -> {
                 if (user == null) {
-                    expect(m.getCurrentRegisteredUser(httpServletRequest)).andThrow(new NoUserLoggedInException());
+                    expect(m.getCurrentRegisteredUser(httpServletRequest)).andThrow(new NoUserLoggedInException()).anyTimes();
+                    expect(m.getCurrentUser(httpServletRequest)).andReturn(anonUser).anyTimes();
                 } else {
-                    expect(m.getCurrentRegisteredUser(httpServletRequest)).andReturn(user);
+                    expect(m.getCurrentRegisteredUser(httpServletRequest)).andReturn(user).anyTimes();
+                    expect(m.getCurrentUser(httpServletRequest)).andReturn(user).anyTimes();
                 }
             });
             currentUser = user;

src/test/java/uk/ac/cam/cl/dtg/isaac/api/QuizFacadeTest.java

@@ -183,8 +183,7 @@ public void setUp() throws ContentManagerException {
     @Test
     public void availableQuizzes() {
         forEndpoint(() -> quizFacade.getAvailableQuizzes(request, httpServletRequest),
-            requiresLogin(),
-            as(anyOf(student, secondStudent),
+            as(anyOf(noone, student, secondStudent),
                 check((response) ->
                     assertEquals(Collections.singletonList(studentQuizSummary), extractResults(response)))
             ),