def test_workgroup_member_search_of_discussions(self):
        self.logout()

        # Only workgroup members should be able to see discussion posts
        self.discussionPost = models.DiscussionPost.objects.create(
            title="Hello World", body="Text text", workgroup=self.wg1)
        # Remove viewer from workgroup
        self.wg1.removeUser(self.viewer)

        # Check that the viewer was successfully removed
        self.assertFalse(perms.user_in_workgroup(self.viewer, self.wg1))

        # Confirm discussion in QuerySet
        from haystack.query import SearchQuerySet
        sqs = SearchQuerySet()
        self.assertEqual(len(sqs.auto_query('Hello')), 1)

        # User is not in workgroup, so there should be no results
        psqs = get_permission_sqs().auto_query(
            'Hello').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs), 0)

        # Put the viewer in the correct workgroup
        self.wg1.giveRoleToUser('manager', self.viewer)
        self.assertTrue(perms.user_in_workgroup(self.viewer, self.wg1))

        # Viewer is now in workgroup, so there should be results
        psqs = get_permission_sqs().auto_query(
            'Hello').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs), 1)

        self.login_viewer()

        response = self.client.get(reverse('aristotle:search') + "?q=Hello")
        self.assertEqual(len(response.context['page'].object_list), 1)
    def test_managersCanEditWorkgroups(self):
        wg = models.Workgroup.objects.create(
            name="Test WG 1", stewardship_organisation=self.steward_org_1)
        user1 = get_user_model().objects.create_user('*****@*****.**',
                                                     'manager')
        user2 = get_user_model().objects.create_user('*****@*****.**',
                                                     'viewer')
        wg.giveRoleToUser('manager', user1)
        wg.giveRoleToUser('viewer', user2)
        wg.save()
        wg = models.Workgroup.objects.get(pk=wg.id)

        self.assertTrue(perms.user_in_workgroup(user1, wg))
        self.assertTrue(perms.user_in_workgroup(user2, wg))
        self.assertTrue(perms.user_can_view(user2, wg))
        self.assertTrue(perms.user_can_view(user1, wg))

        self.assertTrue(perms.user_can_edit(user1, wg))
        self.assertFalse(perms.user_can_edit(user2, wg))
        wg.removeUser(user1)
        wg.removeUser(user2)
        # Caching issue, refresh from DB with correct permissions
        user1 = get_user_model().objects.get(pk=user1.pk)
        user2 = get_user_model().objects.get(pk=user2.pk)
        self.assertFalse(perms.user_can_edit(user1, wg))
        self.assertFalse(perms.user_can_edit(user2, wg))
def items(request, iid):
    wg = get_object_or_404(MDR.Workgroup, pk=iid)
    if not user_in_workgroup(request.user, wg):
        raise PermissionDenied
    items = MDR._concept.objects.filter(workgroup=iid).select_subclasses()
    context = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)}
    return paginated_list(request, items, "aristotle_mdr/workgroupItems.html", context)
 def test_userInWorkgroup(self):
     wg = models.Workgroup.objects.create(
         name="Test WG 1", stewardship_organisation=self.steward_org_1)
     user = get_user_model().objects.create_user('*****@*****.**',
                                                 'editor1')
     wg.giveRoleToUser('viewer', user)
     self.assertTrue(perms.user_in_workgroup(user, wg))
def workgroupItems(request, iid):
    wg = get_object_or_404(MDR.Workgroup,pk=iid)
    if not user_in_workgroup(request.user,wg):
        raise PermissionDenied
    renderDict = {"item":wg,"workgroup":wg,"user_is_admin":user_is_workgroup_manager(request.user,wg)}
    renderDict['items'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses()
    page = render(request,"aristotle_mdr/workgroupItems.html",renderDict)
    return page
def workgroup(request, iid):
    wg = get_object_or_404(MDR.Workgroup,pk=iid)
    if not user_in_workgroup(request.user,wg):
        raise PermissionDenied
    renderDict = {"item":wg,"workgroup":wg,"user_is_admin":user_is_workgroup_manager(request.user,wg)}
    renderDict['recent'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses().order_by('-modified')[:10] #.filter("modified__gt"=(timezone.now()-datetime.timedelta(days=1)))[:10]
    page = render(request,wg.template,renderDict)
    return page
Beispiel #7
0
def workgroup(request, wgid):
    wg = get_object_or_404(MDR.Workgroup, pk=wgid)
    if not perms.user_in_workgroup(request.user, wg):
        raise PermissionDenied
    # Show all discussions for a workgroups
    page = render(request, "aristotle_mdr/discussions/workgroup.html", {
        'workgroup': wg,
        'discussions': wg.discussions.all()  # MDR.DiscussionPost.objects.filter(workgroup=wg)
        })
    return page
def workgroup(request,wgid):
    wg = get_object_or_404(MDR.Workgroup,pk=wgid)
    if not perms.user_in_workgroup(request.user,wg):
        raise PermissionDenied
    #Show all discussions for a workgroups
    page = render(request,"aristotle_mdr/discussions/workgroup.html",{
        'workgroup':wg,
        'discussions':wg.discussions.all() #MDR.DiscussionPost.objects.filter(workgroup=wg)
        })
    return page
Beispiel #9
0
def members(request, iid):
    wg = get_object_or_404(MDR.Workgroup, pk=iid)
    renderDict = {
        "item": wg,
        "workgroup": wg,
        "user_is_admin": user_is_workgroup_manager(request.user, wg)
    }
    if not user_in_workgroup(request.user, wg):
        raise PermissionDenied
    return render(request, "aristotle_mdr/workgroupMembers.html", renderDict)
def workgroup(request, iid, name_slug):
    wg = get_object_or_404(MDR.Workgroup, pk=iid)
    if not slugify(wg.name).startswith(str(name_slug)):
        return redirect(wg.get_absolute_url())
    if not user_in_workgroup(request.user, wg):
        raise PermissionDenied
    renderDict = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)}
    renderDict['recent'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses().order_by('-modified')[:5]
    page = render(request, wg.template, renderDict)
    return page
    def get(self, request, *args, **kwargs):
        context = super().get_context_data(*args, **kwargs)
        wg = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid'])

        if not perms.user_in_workgroup(request.user, wg):
            raise PermissionDenied

        context['workgroup'] = wg
        context['discussions'] = wg.discussions.all()

        return render(request, self.template_name, context)
Beispiel #12
0
    def get(self, request, *args, **kwargs):
        context = super(Workgroup, self).get_context_data(*args, **kwargs)
        wg = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid'])

        if not perms.user_in_workgroup(request.user, wg):
            raise PermissionDenied

        context['workgroup'] = wg
        context['discussions'] = wg.discussions.all()

        return render(request, self.template_name, context)
Beispiel #13
0
def post(request, pid):
    post = get_object_or_404(MDR.DiscussionPost, pk=pid)
    if not perms.user_in_workgroup(request.user, post.workgroup):
        raise PermissionDenied
    # Show all discussions for a workgroups
    comment_form = MDRForms.discussions.CommentForm(initial={'post': pid})
    page = render(request, "aristotle_mdr/discussions/post.html", {
        'workgroup': post.workgroup,
        'post': post,
        'comment_form': comment_form
        })
    return page
Beispiel #14
0
def items(request, iid):
    wg = get_object_or_404(MDR.Workgroup, pk=iid)
    if not user_in_workgroup(request.user, wg):
        raise PermissionDenied
    items = MDR._concept.objects.filter(workgroup=iid).select_subclasses()
    context = {
        "item": wg,
        "workgroup": wg,
        "user_is_admin": user_is_workgroup_manager(request.user, wg)
    }
    return paginated_list(request, items, "aristotle_mdr/workgroupItems.html",
                          context)
def post(request,pid):
    post = get_object_or_404(MDR.DiscussionPost,pk=pid)
    if not perms.user_in_workgroup(request.user,post.workgroup):
        raise PermissionDenied
    #Show all discussions for a workgroups
    comment_form = MDRForms.discussions.CommentForm(initial={'post':pid})
    page = render(request,"aristotle_mdr/discussions/post.html",{
        'workgroup':post.workgroup,
        'post':post,
        'comment_form':comment_form
        })
    return page
 def test_RemoveUserFromWorkgroup(self):
     # Does removing a user from a workgroup remove their permissions? It should!
     wg = models.Workgroup.objects.create(name="Test WG 1")
     user = User.objects.create_user('editor1','','editor1')
     wg.managers.add(user)
     # Caching issue, refresh from DB with correct permissions
     user = User.objects.get(pk=user.pk)
     self.assertTrue(perms.user_in_workgroup(user,wg))
     self.assertTrue(perms.user_is_workgroup_manager(user,wg))
     wg.removeUser(user)
     # Caching issue, refresh from DB with correct permissions
     user = User.objects.get(pk=user.pk)
     self.assertFalse(perms.user_is_workgroup_manager(user,wg))
 def test_RemoveUserFromWorkgroup(self):
     # Does removing a user from a workgroup remove their permissions? It should!
     wg = models.Workgroup.objects.create(name="Test WG 1")
     user = get_user_model().objects.create_user('*****@*****.**','editor1')
     wg.managers.add(user)
     # Caching issue, refresh from DB with correct permissions
     user = get_user_model().objects.get(pk=user.pk)
     self.assertTrue(perms.user_in_workgroup(user,wg))
     self.assertTrue(perms.user_is_workgroup_manager(user,wg))
     wg.removeUser(user)
     # Caching issue, refresh from DB with correct permissions
     user = get_user_model().objects.get(pk=user.pk)
     self.assertFalse(perms.user_is_workgroup_manager(user,wg))
 def test_managersCanEditWorkgroups(self):
     wg = models.Workgroup.objects.create(name="Test WG 1")
     user1 = User.objects.create_user('manager','','manager')
     user2 = User.objects.create_user('editor','','editor')
     wg.addUser(user1)
     wg.addUser(user2)
     wg.giveRoleToUser("Manager",user1)
     wg.giveRoleToUser("Viewer",user2)
     # Caching issue, refresh from DB with correct permissions
     user1 = User.objects.get(pk=user1.pk)
     user2 = User.objects.get(pk=user2.pk)
     self.assertTrue(perms.user_in_workgroup(user1,wg))
     self.assertTrue(perms.user_in_workgroup(user2,wg))
     self.assertTrue(perms.user_can_edit(user1,wg))
     self.assertFalse(perms.user_can_edit(user2,wg))
     wg.removeUser(user1)
     wg.removeUser(user2)
     # Caching issue, refresh from DB with correct permissions
     user1 = User.objects.get(pk=user1.pk)
     user2 = User.objects.get(pk=user2.pk)
     self.assertFalse(perms.user_can_edit(user1,wg))
     self.assertFalse(perms.user_can_edit(user2,wg))
    def test_managersCanEditWorkgroups(self):
        wg = models.Workgroup.objects.create(name="Test WG 1")
        user1 = get_user_model().objects.create_user('*****@*****.**','manager')
        user2 = get_user_model().objects.create_user('*****@*****.**','viewer')
        wg.managers.add(user1)
        wg.viewers.add(user2)
        wg.save()
        wg = models.Workgroup.objects.get(pk=wg.id)

        self.assertTrue(perms.user_in_workgroup(user1,wg))
        self.assertTrue(perms.user_in_workgroup(user2,wg))
        self.assertTrue(perms.user_can_view(user2,wg))
        self.assertTrue(perms.user_can_view(user1,wg))

        self.assertTrue(perms.user_can_edit(user1,wg))
        self.assertFalse(perms.user_can_edit(user2,wg))
        wg.removeUser(user1)
        wg.removeUser(user2)
        # Caching issue, refresh from DB with correct permissions
        user1 = get_user_model().objects.get(pk=user1.pk)
        user2 = get_user_model().objects.get(pk=user2.pk)
        self.assertFalse(perms.user_can_edit(user1,wg))
        self.assertFalse(perms.user_can_edit(user2,wg))
Beispiel #20
0
    def test_managersCanEditWorkgroups(self):
        wg = models.Workgroup.objects.create(name="Test WG 1")
        user1 = get_user_model().objects.create_user('manager','','manager')
        user2 = get_user_model().objects.create_user('viewer','','viewer')
        wg.managers.add(user1)
        wg.viewers.add(user2)
        wg.save()
        wg = models.Workgroup.objects.get(pk=wg.id)

        self.assertTrue(perms.user_in_workgroup(user1,wg))
        self.assertTrue(perms.user_in_workgroup(user2,wg))
        self.assertTrue(perms.user_can_view(user2,wg))
        self.assertTrue(perms.user_can_view(user1,wg))

        self.assertTrue(perms.user_can_edit(user1,wg))
        self.assertFalse(perms.user_can_edit(user2,wg))
        wg.removeUser(user1)
        wg.removeUser(user2)
        # Caching issue, refresh from DB with correct permissions
        user1 = get_user_model().objects.get(pk=user1.pk)
        user2 = get_user_model().objects.get(pk=user2.pk)
        self.assertFalse(perms.user_can_edit(user1,wg))
        self.assertFalse(perms.user_can_edit(user2,wg))
Beispiel #21
0
    def get(self, request, *args, **kwargs):
        context = super().get_context_data(*args, **kwargs)

        post = self.get_object()

        if not perms.user_in_workgroup(request.user, post.workgroup):
            raise PermissionDenied
        comment_form = MDRForms.discussions.CommentForm(
            initial={'post': self.kwargs['pid']})

        context['workgroup'] = post.workgroup
        context['post'] = post
        context['comment_form'] = comment_form

        return render(request, self.template_name, context)
    def test_userCanLeaveWorkgroup(self):
        self.login_viewer()
        response = self.client.get(self.wg1.get_absolute_url())
        self.assertEqual(response.status_code,200)

        self.assertTrue(perms.user_in_workgroup(self.viewer,self.wg1))

        response = self.client.get(reverse('aristotle:workgroup_leave',args=[self.wg1.id]))
        self.assertEqual(response.status_code,200)

        response = self.client.post(reverse('aristotle:workgroup_leave',args=[self.wg1.id]))
        self.assertEqual(response.status_code,302)

        response = self.client.get(self.wg1.get_absolute_url())
        self.assertEqual(response.status_code,403)
Beispiel #23
0
def workgroup(request, iid, name_slug):
    wg = get_object_or_404(MDR.Workgroup, pk=iid)
    if not slugify(wg.name).startswith(str(name_slug)):
        return redirect(wg.get_absolute_url())
    if not user_in_workgroup(request.user, wg):
        raise PermissionDenied
    renderDict = {
        "item": wg,
        "workgroup": wg,
        "user_is_admin": user_is_workgroup_manager(request.user, wg)
    }
    renderDict['recent'] = MDR._concept.objects.filter(
        workgroup=iid).select_subclasses().order_by('-modified')[:5]
    page = render(request, wg.template, renderDict)
    return page
Beispiel #24
0
def in_workgroup(user, workgroup):
    """
    A filter that acts as a wrapper around ``aristotle_mdr.perms.user_in_workgroup``.
    Returns true if the user has permission to administer the workgroup, otherwise it returns False.
    If calling ``user_in_workgroup`` throws an exception it safely returns False.

    For example::

      {% if request.user|in_workgroup:workgroup %}
        {{ something }}
      {% endif %}
    """
    try:
        return perms.user_in_workgroup(user, workgroup)
    except:
        return False
def in_workgroup(user,workgroup):
    """
    A filter that acts as a wrapper around ``aristotle_mdr.perms.user_in_workgroup``.
    Returns true if the user has permission to administer the workgroup, otherwise it returns False.
    If calling ``user_in_workgroup`` throws an exception it safely returns False.

    For example::

      {% if request.user|in_workgroup:workgroup %}
        {{ something }}
      {% endif %}
    """
    try:
        return perms.user_in_workgroup(user,workgroup)
    except:
        return False
    def get(self, request, *args, **kwargs):
        context = super().get_context_data(*args, **kwargs)

        post = self.get_object()

        if not perms.user_in_workgroup(request.user, post.workgroup):
            raise PermissionDenied
        comment_form = MDRForms.discussions.CommentForm(initial={
            'post': self.kwargs['pid']
        })

        context['workgroup'] = post.workgroup
        context['post'] = post
        context['comment_form'] = comment_form

        return render(request, self.template_name, context)
    def test_workgroup_member_search_has_valid_facets(self):
        self.logout()
        self.viewer = get_user_model().objects.create_user(
            '*****@*****.**', 'equalRightsForAll')
        response = self.client.post(
            reverse('friendly_login'), {
                'username': '******',
                'password': '******'
            })

        self.assertEqual(response.status_code, 302)  # logged in

        self.xmen_wg.giveRoleToUser('viewer', self.viewer)
        self.weaponx_wg = models.Workgroup.objects.create(
            name="WeaponX", stewardship_organisation=self.steward_org)

        response = self.client.post(
            reverse('friendly_login'), {
                'username': '******',
                'password': '******'
            })

        self.assertEqual(response.status_code, 302)  # logged in

        # Create Deadpool in Weapon X workgroup
        with reversion.create_revision():
            dp = models.ObjectClass.objects.create(
                name="deadpool",
                definition="not really an xman, no matter how much he tries",
                workgroup=self.weaponx_wg)
        dp = models.ObjectClass.objects.get(pk=dp.pk)  # Un-cache
        self.assertFalse(perms.user_can_view(self.viewer, dp))
        self.assertFalse(dp.is_public())

        response = self.client.get(reverse('aristotle:search') + "?q=xman")
        self.assertEqual(response.status_code, 200)
        facets = response.context['form'].facets['fields']
        self.assertTrue('restriction' in facets.keys())

        self.assertTrue('facet_model_ct' in facets.keys())
        self.assertTrue('statuses' in facets.keys())
        self.assertTrue('workgroup' in facets.keys())

        for wg in facets['workgroup']:
            wg = models.Workgroup.objects.get(pk=wg)
            self.assertTrue(perms.user_in_workgroup(self.viewer, wg))
def new_comment(request,pid):
    post = get_object_or_404(MDR.DiscussionPost,pk=pid)
    if not perms.user_in_workgroup(request.user,post.workgroup):
        raise PermissionDenied
    if request.method == 'POST':
        form = MDRForms.discussions.CommentForm(request.POST)
        if form.is_valid():
            new = MDR.DiscussionComment(
                post = post,
                body = form.cleaned_data['body'],
                author = request.user,
            )
            new.save()
            return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[new.post.pk])+"#comment_%s"%new.id)
    else:
        # It makes no sense to "GET" this comment, so push them back to the discussion
        return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[post.pk]))
    return render(request,"aristotle_mdr/discussions/new.html",{"form":form,})
Beispiel #29
0
def new_comment(request, pid):
    post = get_object_or_404(MDR.DiscussionPost, pk=pid)
    if not perms.user_in_workgroup(request.user, post.workgroup):
        raise PermissionDenied
    if post.closed:
        messages.error(request, _('This post is closed. Your comment was not added.'))
        return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
    if request.method == 'POST':
        form = MDRForms.discussions.CommentForm(request.POST)
        if form.is_valid():
            new = MDR.DiscussionComment(
                post=post,
                body=form.cleaned_data['body'],
                author=request.user,
            )
            new.save()
            return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[new.post.pk]) + "#comment_%s" % new.id)
        else:
            return render(request, "aristotle_mdr/discussions/new.html", {"form": form})
    else:
        # It makes no sense to "GET" this comment, so push them back to the discussion
        return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
Beispiel #30
0
    def test_workgroup_member_search_has_valid_facets(self):
        self.logout()
        self.viewer = User.objects.create_user('charles.xavier','*****@*****.**','equalRightsForAll')
        response = self.client.post(reverse('friendly_login'),
                    {'username': '******', 'password': '******'})

        self.assertEqual(response.status_code,302) # logged in

        self.xmen_wg.giveRoleToUser('viewer',self.viewer)
        self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX")

        response = self.client.post(reverse('friendly_login'),
                    {'username': '******', 'password': '******'})

        self.assertEqual(response.status_code,302) # logged in

        #Create Deadpool in Weapon X workgroup
        with reversion.create_revision():
            dp = models.ObjectClass.objects.create(name="deadpool",
                    definition="not really an xman, no matter how much he tries",
                    workgroup=self.weaponx_wg)
        dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
        self.assertFalse(perms.user_can_view(self.viewer,dp))
        self.assertFalse(dp.is_public())

        response = self.client.get(reverse('aristotle:search')+"?q=xman")
        self.assertEqual(response.status_code,200)
        facets = response.context['form'].facets['fields']
        self.assertTrue('restriction' in facets.keys())

        self.assertTrue('facet_model_ct' in facets.keys())
        self.assertTrue('statuses' in facets.keys())
        self.assertTrue('workgroup' in facets.keys())

        for wg, count in facets['workgroup']:
            wg = models.Workgroup.objects.get(pk=wg)
            self.assertTrue(perms.user_in_workgroup(self.viewer,wg))
 def test_userInWorkgroup(self):
     wg = models.Workgroup.objects.create(name="Test WG 1")
     user = User.objects.create_user('editor1','','editor1')
     wg.viewers.add(user)
     self.assertTrue(perms.user_in_workgroup(user,wg))
    def test_workgroup_member_search(self):
        self.logout()
        self.viewer = User.objects.create_user(
            'charles.xavier', '*****@*****.**',
            'equalRightsForAll')
        self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX")

        response = self.client.post(reverse('friendly_login'), {
            'username': '******',
            'password': '******'
        })

        self.assertEqual(response.status_code, 302)  # logged in

        #Charles is not in any workgroups
        self.assertFalse(perms.user_in_workgroup(self.viewer, self.xmen_wg))
        self.assertFalse(perms.user_in_workgroup(self.viewer, self.weaponx_wg))

        #Create Deadpool in Weapon X workgroup
        with reversion.create_revision():
            dp = models.ObjectClass.objects.create(
                name="deadpool",
                definition="not really an xman, no matter how much he tries",
                workgroup=self.weaponx_wg,
                readyToReview=False)
        dp = models.ObjectClass.objects.get(pk=dp.pk)  # Un-cache
        self.assertFalse(perms.user_can_view(self.viewer, dp))
        self.assertFalse(dp.is_public())

        # Charles isn't a viewer of X-men yet, so no results.
        from aristotle_mdr.forms.search import PermissionSearchQuerySet
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs), 0)
        #response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
        #self.assertEqual(len(response.context['page'].object_list),0)

        # Make viewer of XMen
        self.xmen_wg.giveRoleToUser('viewer', self.viewer)
        self.assertFalse(perms.user_can_view(self.viewer, dp))

        # Deadpool isn't an Xman yet, still no results.
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs), 0)

        with reversion.create_revision():
            dp.workgroup = self.xmen_wg
            dp.save()
        dp = models.ObjectClass.objects.get(pk=dp.pk)  # Un-cache

        # Charles is a viewer, Deadpool is in X-men, should have results now.
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs), 1)

        response = self.client.get(reverse('aristotle:search') + "?q=deadpool")
        self.assertTrue(perms.user_can_view(self.viewer, dp))
        self.assertEqual(len(response.context['page'].object_list), 1)
        self.assertEqual(response.context['page'].object_list[0].object.item,
                         dp)

        # Take away Charles viewing rights and no results again.
        self.xmen_wg.removeRoleFromUser('viewer', self.viewer)
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs), 0)

        response = self.client.get(reverse('aristotle:search') + "?q=deadpool")
        self.assertEqual(len(response.context['page'].object_list), 0)
 def test_userInWorkgroup(self):
     wg = models.Workgroup.objects.create(name="Test WG 1")
     user = get_user_model().objects.create_user('*****@*****.**','editor1')
     wg.viewers.add(user)
     self.assertTrue(perms.user_in_workgroup(user,wg))
def members(request, iid):
    wg = get_object_or_404(MDR.Workgroup, pk=iid)
    renderDict = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)}
    if not user_in_workgroup(request.user, wg):
        raise PermissionDenied
    return render(request, "aristotle_mdr/workgroupMembers.html", renderDict)
    def test_workgroup_member_search(self):
        self.logout()
        self.viewer = User.objects.create_user('charles.xavier','*****@*****.**','equalRightsForAll')
        self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX")

        response = self.client.post(reverse('django.contrib.auth.views.login'),
                    {'username': '******', 'password': '******'})

        self.assertEqual(response.status_code,302) # logged in

        #Charles is not in any workgroups
        self.assertFalse(perms.user_in_workgroup(self.viewer,self.xmen_wg))
        self.assertFalse(perms.user_in_workgroup(self.viewer,self.weaponx_wg))

        #Create Deadpool in Weapon X workgroup
        dp = models.ObjectClass.objects.create(name="deadpool",
                    description="not really an xman, no matter how much he tries",
                    workgroup=self.weaponx_wg,readyToReview=False)
        dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
        self.assertFalse(perms.user_can_view(self.viewer,dp))
        self.assertFalse(dp.is_public())

        # Charles isn't a viewer of X-men yet, so no results.
        from aristotle_mdr.forms.search import PermissionSearchQuerySet
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs),0)
        #response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
        #self.assertEqual(len(response.context['page'].object_list),0)

        # Make viewer of XMen
        self.xmen_wg.giveRoleToUser('viewer',self.viewer)
        self.assertFalse(perms.user_can_view(self.viewer,dp))

        # Deadpool isn't an Xman yet, still no results.
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs),0)

        dp.workgroup = self.xmen_wg
        dp.save()
        dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache

        # Charles is a viewer, Deadpool is in X-men, should have results now.
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs),1)

        response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
        self.assertTrue(perms.user_can_view(self.viewer,dp))
        self.assertEqual(len(response.context['page'].object_list),1)
        self.assertEqual(response.context['page'].object_list[0].object.item,dp)

        # Take away Charles viewing rights and no results again.
        self.xmen_wg.removeRoleFromUser('viewer',self.viewer)
        psqs = PermissionSearchQuerySet()
        psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
        self.assertEqual(len(psqs),0)

        response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
        self.assertEqual(len(response.context['page'].object_list),0)
 def test_in_workgroup(self):
     self.assertTrue(perms.user_in_workgroup(self.su,None))
    def has_perm(self, user_obj, perm, obj=None):

        if not user_obj.is_active:
            return False
        if user_obj.is_superuser:
            return True

        app_label, perm_name = perm.split('.', 1)
        extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', [])

        if app_label == "aristotle_mdr" and hasattr(perms, perm_name):
            return getattr(perms, perm_name)(user_obj, obj)

        from django.apps import apps
        from aristotle_mdr.models import _concept

        perm_parts = perm_name.split("_")
        if len(perm_parts) == 2:
            model = apps.get_model(app_label, perm_parts[1])
        elif obj is not None:
            model = type(obj)
        else:
            model = int

        if app_label in extensions + ["aristotle_mdr"] and issubclass(model, _concept):
            # This is required so that a user can correctly delete the 'concept' parent class in the admin site.

            # This is a rough catch all, and is designed to indicate a user could
            # delete an item type, but not a specific item.
            if (
                perm_name.startswith('delete_') or
                perm_name.startswith('create_') or
                perm_name.startswith('add_')
            ):
                if obj is None:
                    return perms.user_is_editor(user_obj)
                else:
                    return perms.user_can_edit(user_obj, obj)

        if app_label in extensions + ["aristotle_mdr"]:
            if perm_name == "delete_concept_from_admin":
                return obj is None or perms.user_can_edit(user_obj, obj)

        if perm == "aristotle_mdr.can_create_metadata":
            return perms.user_is_editor(user_obj)

        if perm == "aristotle_mdr.view_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.can_leave_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.change_workgroup_memberships":
            return perms.user_is_workgroup_manager(user_obj, obj)
        if perm == "aristotle_mdr.change_workgroup":
            return perms.user_is_workgroup_manager(user_obj, obj)
        if perm == "aristotle_mdr.can_archive_workgroup":
            return perms.user_is_workgroup_manager(user_obj, obj)

        if perm == "aristotle_mdr.can_view_discussions_in_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.can_post_discussion_in_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.can_view_discussion_post":
            return perms.user_in_workgroup(user_obj, obj.workgroup)

        if perm == "aristotle_mdr.view_registrationauthority_details":
            return (
                perms.user_is_registation_authority_manager(user_obj, obj) or
                perms.user_is_registrar(user_obj, obj)
            )
        if perm == "aristotle_mdr.change_registrationauthority":
            return perms.user_is_registation_authority_manager(user_obj, obj)
        if perm == "aristotle_mdr.change_registrationauthority_memberships":
            return perms.user_is_registation_authority_manager(user_obj, obj)

        from aristotle_mdr.contrib.links import perms as link_perms
        if perm == "aristotle_mdr_links.add_link":
            return link_perms.user_can_make_link(user_obj)

        return super().has_perm(user_obj, perm, obj)
    def has_perm(self, user_obj, perm, obj=None):

        if not user_obj.is_active:
            return False
        if user_obj.is_superuser:
            return True

        app_label, perm_name = perm.split('.', 1)
        extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', [])

        if app_label == "aristotle_mdr" and hasattr(perms, perm_name):
            return getattr(perms, perm_name)(user_obj, obj)

        from django.apps import apps
        from aristotle_mdr.models import _concept

        perm_parts = perm_name.split("_")
        if len(perm_parts) == 2:
            model = apps.get_model(app_label, perm_parts[1])
        else:
            model = int

        if app_label in extensions + ["aristotle_mdr"] and issubclass(
                model, _concept):
            # This is required so that a user can correctly delete the 'concept' parent class in the admin site.

            # This is a rough catch all, and is designed to indicate a user could
            # delete an item type, but not a specific item.
            if (perm_name.startswith('delete_')
                    or perm_name.startswith('create_')
                    or perm_name.startswith('add_')):
                if obj is None:
                    return perms.user_is_editor(user_obj)
                else:
                    return perms.user_can_edit(user_obj, obj)

        if app_label in extensions + ["aristotle_mdr"]:
            if perm_name == "delete_concept_from_admin":
                return obj is None or perms.user_can_edit(user_obj, obj)

        if perm == "aristotle_mdr.can_create_metadata":
            return perms.user_is_editor(user_obj)

        if perm == "aristotle_mdr.view_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.can_leave_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.change_workgroup_memberships":
            return perms.user_is_workgroup_manager(user_obj, obj)
        if perm == "aristotle_mdr.change_workgroup":
            return perms.user_is_workgroup_manager(user_obj, obj)
        if perm == "aristotle_mdr.can_archive_workgroup":
            return perms.user_is_workgroup_manager(user_obj, obj)

        if perm == "aristotle_mdr.can_view_discussions_in_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.can_post_discussion_in_workgroup":
            return perms.user_in_workgroup(user_obj, obj)
        if perm == "aristotle_mdr.can_view_discussion_post":
            return perms.user_in_workgroup(user_obj, obj.workgroup)

        if perm == "aristotle_mdr.view_registrationauthority_details":
            return (perms.user_is_registation_authority_manager(user_obj, obj)
                    or perms.user_is_registrar(user_obj, obj))
        if perm == "aristotle_mdr.change_registrationauthority":
            return perms.user_is_registation_authority_manager(user_obj, obj)
        if perm == "aristotle_mdr.change_registrationauthority_memberships":
            return perms.user_is_registation_authority_manager(user_obj, obj)

        from aristotle_mdr.contrib.links import perms as link_perms
        if perm == "aristotle_mdr_links.add_link":
            return link_perms.user_can_make_link(user_obj)

        return super(AristotleBackend, self).has_perm(user_obj, perm, obj)
Beispiel #39
0
 def dispatch(self, request, *args, **kwargs):
     self.workgroup = get_object_or_404(MDR.Workgroup,
                                        pk=self.kwargs['wgid'])
     if not perms.user_in_workgroup(request.user, self.workgroup):
         raise PermissionDenied
     return super().dispatch(request, *args, **kwargs)