def test_workgroup_member_search_of_discussions(self):
self.logout()
# Only workgroup members should be able to see discussion posts
self.discussionPost = models.DiscussionPost.objects.create(
title="Hello World", body="Text text", workgroup=self.wg1)
# Remove viewer from workgroup
self.wg1.removeUser(self.viewer)
# Check that the viewer was successfully removed
self.assertFalse(perms.user_in_workgroup(self.viewer, self.wg1))
# Confirm discussion in QuerySet
from haystack.query import SearchQuerySet
sqs = SearchQuerySet()
self.assertEqual(len(sqs.auto_query('Hello')), 1)
# User is not in workgroup, so there should be no results
psqs = get_permission_sqs().auto_query(
'Hello').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs), 0)
# Put the viewer in the correct workgroup
self.wg1.giveRoleToUser('manager', self.viewer)
self.assertTrue(perms.user_in_workgroup(self.viewer, self.wg1))
# Viewer is now in workgroup, so there should be results
psqs = get_permission_sqs().auto_query(
'Hello').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs), 1)
self.login_viewer()
response = self.client.get(reverse('aristotle:search') + "?q=Hello")
self.assertEqual(len(response.context['page'].object_list), 1)
def test_managersCanEditWorkgroups(self):
wg = models.Workgroup.objects.create(
name="Test WG 1", stewardship_organisation=self.steward_org_1)
user1 = get_user_model().objects.create_user('*****@*****.**',
'manager')
user2 = get_user_model().objects.create_user('*****@*****.**',
'viewer')
wg.giveRoleToUser('manager', user1)
wg.giveRoleToUser('viewer', user2)
wg.save()
wg = models.Workgroup.objects.get(pk=wg.id)
self.assertTrue(perms.user_in_workgroup(user1, wg))
self.assertTrue(perms.user_in_workgroup(user2, wg))
self.assertTrue(perms.user_can_view(user2, wg))
self.assertTrue(perms.user_can_view(user1, wg))
self.assertTrue(perms.user_can_edit(user1, wg))
self.assertFalse(perms.user_can_edit(user2, wg))
wg.removeUser(user1)
wg.removeUser(user2)
# Caching issue, refresh from DB with correct permissions
user1 = get_user_model().objects.get(pk=user1.pk)
user2 = get_user_model().objects.get(pk=user2.pk)
self.assertFalse(perms.user_can_edit(user1, wg))
self.assertFalse(perms.user_can_edit(user2, wg))
def items(request, iid):
wg = get_object_or_404(MDR.Workgroup, pk=iid)
if not user_in_workgroup(request.user, wg):
raise PermissionDenied
items = MDR._concept.objects.filter(workgroup=iid).select_subclasses()
context = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)}
return paginated_list(request, items, "aristotle_mdr/workgroupItems.html", context)
def test_userInWorkgroup(self):
wg = models.Workgroup.objects.create(
name="Test WG 1", stewardship_organisation=self.steward_org_1)
user = get_user_model().objects.create_user('*****@*****.**',
'editor1')
wg.giveRoleToUser('viewer', user)
self.assertTrue(perms.user_in_workgroup(user, wg))
def workgroupItems(request, iid):
wg = get_object_or_404(MDR.Workgroup,pk=iid)
if not user_in_workgroup(request.user,wg):
raise PermissionDenied
renderDict = {"item":wg,"workgroup":wg,"user_is_admin":user_is_workgroup_manager(request.user,wg)}
renderDict['items'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses()
page = render(request,"aristotle_mdr/workgroupItems.html",renderDict)
return page
def workgroup(request, iid):
wg = get_object_or_404(MDR.Workgroup,pk=iid)
if not user_in_workgroup(request.user,wg):
raise PermissionDenied
renderDict = {"item":wg,"workgroup":wg,"user_is_admin":user_is_workgroup_manager(request.user,wg)}
renderDict['recent'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses().order_by('-modified')[:10] #.filter("modified__gt"=(timezone.now()-datetime.timedelta(days=1)))[:10]
page = render(request,wg.template,renderDict)
return page
def workgroup(request, wgid):
wg = get_object_or_404(MDR.Workgroup, pk=wgid)
if not perms.user_in_workgroup(request.user, wg):
raise PermissionDenied
# Show all discussions for a workgroups
page = render(request, "aristotle_mdr/discussions/workgroup.html", {
'workgroup': wg,
'discussions': wg.discussions.all() # MDR.DiscussionPost.objects.filter(workgroup=wg)
})
return page
def workgroup(request,wgid):
wg = get_object_or_404(MDR.Workgroup,pk=wgid)
if not perms.user_in_workgroup(request.user,wg):
raise PermissionDenied
#Show all discussions for a workgroups
page = render(request,"aristotle_mdr/discussions/workgroup.html",{
'workgroup':wg,
'discussions':wg.discussions.all() #MDR.DiscussionPost.objects.filter(workgroup=wg)
})
return page
def members(request, iid):
wg = get_object_or_404(MDR.Workgroup, pk=iid)
renderDict = {
"item": wg,
"workgroup": wg,
"user_is_admin": user_is_workgroup_manager(request.user, wg)
}
if not user_in_workgroup(request.user, wg):
raise PermissionDenied
return render(request, "aristotle_mdr/workgroupMembers.html", renderDict)
def workgroup(request, iid, name_slug):
wg = get_object_or_404(MDR.Workgroup, pk=iid)
if not slugify(wg.name).startswith(str(name_slug)):
return redirect(wg.get_absolute_url())
if not user_in_workgroup(request.user, wg):
raise PermissionDenied
renderDict = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)}
renderDict['recent'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses().order_by('-modified')[:5]
page = render(request, wg.template, renderDict)
return page
def get(self, request, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
wg = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid'])
if not perms.user_in_workgroup(request.user, wg):
raise PermissionDenied
context['workgroup'] = wg
context['discussions'] = wg.discussions.all()
return render(request, self.template_name, context)
def get(self, request, *args, **kwargs):
context = super(Workgroup, self).get_context_data(*args, **kwargs)
wg = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid'])
if not perms.user_in_workgroup(request.user, wg):
raise PermissionDenied
context['workgroup'] = wg
context['discussions'] = wg.discussions.all()
return render(request, self.template_name, context)
def post(request, pid):
post = get_object_or_404(MDR.DiscussionPost, pk=pid)
if not perms.user_in_workgroup(request.user, post.workgroup):
raise PermissionDenied
# Show all discussions for a workgroups
comment_form = MDRForms.discussions.CommentForm(initial={'post': pid})
page = render(request, "aristotle_mdr/discussions/post.html", {
'workgroup': post.workgroup,
'post': post,
'comment_form': comment_form
})
return page
def items(request, iid):
wg = get_object_or_404(MDR.Workgroup, pk=iid)
if not user_in_workgroup(request.user, wg):
raise PermissionDenied
items = MDR._concept.objects.filter(workgroup=iid).select_subclasses()
context = {
"item": wg,
"workgroup": wg,
"user_is_admin": user_is_workgroup_manager(request.user, wg)
}
return paginated_list(request, items, "aristotle_mdr/workgroupItems.html",
context)
def post(request,pid):
post = get_object_or_404(MDR.DiscussionPost,pk=pid)
if not perms.user_in_workgroup(request.user,post.workgroup):
raise PermissionDenied
#Show all discussions for a workgroups
comment_form = MDRForms.discussions.CommentForm(initial={'post':pid})
page = render(request,"aristotle_mdr/discussions/post.html",{
'workgroup':post.workgroup,
'post':post,
'comment_form':comment_form
})
return page
def test_RemoveUserFromWorkgroup(self):
# Does removing a user from a workgroup remove their permissions? It should!
wg = models.Workgroup.objects.create(name="Test WG 1")
user = User.objects.create_user('editor1','','editor1')
wg.managers.add(user)
# Caching issue, refresh from DB with correct permissions
user = User.objects.get(pk=user.pk)
self.assertTrue(perms.user_in_workgroup(user,wg))
self.assertTrue(perms.user_is_workgroup_manager(user,wg))
wg.removeUser(user)
# Caching issue, refresh from DB with correct permissions
user = User.objects.get(pk=user.pk)
self.assertFalse(perms.user_is_workgroup_manager(user,wg))
def test_RemoveUserFromWorkgroup(self):
# Does removing a user from a workgroup remove their permissions? It should!
wg = models.Workgroup.objects.create(name="Test WG 1")
user = get_user_model().objects.create_user('*****@*****.**','editor1')
wg.managers.add(user)
# Caching issue, refresh from DB with correct permissions
user = get_user_model().objects.get(pk=user.pk)
self.assertTrue(perms.user_in_workgroup(user,wg))
self.assertTrue(perms.user_is_workgroup_manager(user,wg))
wg.removeUser(user)
# Caching issue, refresh from DB with correct permissions
user = get_user_model().objects.get(pk=user.pk)
self.assertFalse(perms.user_is_workgroup_manager(user,wg))
def test_managersCanEditWorkgroups(self):
wg = models.Workgroup.objects.create(name="Test WG 1")
user1 = User.objects.create_user('manager','','manager')
user2 = User.objects.create_user('editor','','editor')
wg.addUser(user1)
wg.addUser(user2)
wg.giveRoleToUser("Manager",user1)
wg.giveRoleToUser("Viewer",user2)
# Caching issue, refresh from DB with correct permissions
user1 = User.objects.get(pk=user1.pk)
user2 = User.objects.get(pk=user2.pk)
self.assertTrue(perms.user_in_workgroup(user1,wg))
self.assertTrue(perms.user_in_workgroup(user2,wg))
self.assertTrue(perms.user_can_edit(user1,wg))
self.assertFalse(perms.user_can_edit(user2,wg))
wg.removeUser(user1)
wg.removeUser(user2)
# Caching issue, refresh from DB with correct permissions
user1 = User.objects.get(pk=user1.pk)
user2 = User.objects.get(pk=user2.pk)
self.assertFalse(perms.user_can_edit(user1,wg))
self.assertFalse(perms.user_can_edit(user2,wg))
def test_managersCanEditWorkgroups(self):
wg = models.Workgroup.objects.create(name="Test WG 1")
user1 = get_user_model().objects.create_user('*****@*****.**','manager')
user2 = get_user_model().objects.create_user('*****@*****.**','viewer')
wg.managers.add(user1)
wg.viewers.add(user2)
wg.save()
wg = models.Workgroup.objects.get(pk=wg.id)
self.assertTrue(perms.user_in_workgroup(user1,wg))
self.assertTrue(perms.user_in_workgroup(user2,wg))
self.assertTrue(perms.user_can_view(user2,wg))
self.assertTrue(perms.user_can_view(user1,wg))
self.assertTrue(perms.user_can_edit(user1,wg))
self.assertFalse(perms.user_can_edit(user2,wg))
wg.removeUser(user1)
wg.removeUser(user2)
# Caching issue, refresh from DB with correct permissions
user1 = get_user_model().objects.get(pk=user1.pk)
user2 = get_user_model().objects.get(pk=user2.pk)
self.assertFalse(perms.user_can_edit(user1,wg))
self.assertFalse(perms.user_can_edit(user2,wg))
def test_managersCanEditWorkgroups(self):
wg = models.Workgroup.objects.create(name="Test WG 1")
user1 = get_user_model().objects.create_user('manager','','manager')
user2 = get_user_model().objects.create_user('viewer','','viewer')
wg.managers.add(user1)
wg.viewers.add(user2)
wg.save()
wg = models.Workgroup.objects.get(pk=wg.id)
self.assertTrue(perms.user_in_workgroup(user1,wg))
self.assertTrue(perms.user_in_workgroup(user2,wg))
self.assertTrue(perms.user_can_view(user2,wg))
self.assertTrue(perms.user_can_view(user1,wg))
self.assertTrue(perms.user_can_edit(user1,wg))
self.assertFalse(perms.user_can_edit(user2,wg))
wg.removeUser(user1)
wg.removeUser(user2)
# Caching issue, refresh from DB with correct permissions
user1 = get_user_model().objects.get(pk=user1.pk)
user2 = get_user_model().objects.get(pk=user2.pk)
self.assertFalse(perms.user_can_edit(user1,wg))
self.assertFalse(perms.user_can_edit(user2,wg))
def get(self, request, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
post = self.get_object()
if not perms.user_in_workgroup(request.user, post.workgroup):
raise PermissionDenied
comment_form = MDRForms.discussions.CommentForm(
initial={'post': self.kwargs['pid']})
context['workgroup'] = post.workgroup
context['post'] = post
context['comment_form'] = comment_form
return render(request, self.template_name, context)
def test_userCanLeaveWorkgroup(self):
self.login_viewer()
response = self.client.get(self.wg1.get_absolute_url())
self.assertEqual(response.status_code,200)
self.assertTrue(perms.user_in_workgroup(self.viewer,self.wg1))
response = self.client.get(reverse('aristotle:workgroup_leave',args=[self.wg1.id]))
self.assertEqual(response.status_code,200)
response = self.client.post(reverse('aristotle:workgroup_leave',args=[self.wg1.id]))
self.assertEqual(response.status_code,302)
response = self.client.get(self.wg1.get_absolute_url())
self.assertEqual(response.status_code,403)
def workgroup(request, iid, name_slug):
wg = get_object_or_404(MDR.Workgroup, pk=iid)
if not slugify(wg.name).startswith(str(name_slug)):
return redirect(wg.get_absolute_url())
if not user_in_workgroup(request.user, wg):
raise PermissionDenied
renderDict = {
"item": wg,
"workgroup": wg,
"user_is_admin": user_is_workgroup_manager(request.user, wg)
}
renderDict['recent'] = MDR._concept.objects.filter(
workgroup=iid).select_subclasses().order_by('-modified')[:5]
page = render(request, wg.template, renderDict)
return page
def in_workgroup(user, workgroup):
"""
A filter that acts as a wrapper around ``aristotle_mdr.perms.user_in_workgroup``.
Returns true if the user has permission to administer the workgroup, otherwise it returns False.
If calling ``user_in_workgroup`` throws an exception it safely returns False.
For example::
{% if request.user|in_workgroup:workgroup %}
{{ something }}
{% endif %}
"""
try:
return perms.user_in_workgroup(user, workgroup)
except:
return False
def in_workgroup(user,workgroup):
"""
A filter that acts as a wrapper around ``aristotle_mdr.perms.user_in_workgroup``.
Returns true if the user has permission to administer the workgroup, otherwise it returns False.
If calling ``user_in_workgroup`` throws an exception it safely returns False.
For example::
{% if request.user|in_workgroup:workgroup %}
{{ something }}
{% endif %}
"""
try:
return perms.user_in_workgroup(user,workgroup)
except:
return False
def get(self, request, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
post = self.get_object()
if not perms.user_in_workgroup(request.user, post.workgroup):
raise PermissionDenied
comment_form = MDRForms.discussions.CommentForm(initial={
'post': self.kwargs['pid']
})
context['workgroup'] = post.workgroup
context['post'] = post
context['comment_form'] = comment_form
return render(request, self.template_name, context)
def test_workgroup_member_search_has_valid_facets(self):
self.logout()
self.viewer = get_user_model().objects.create_user(
'*****@*****.**', 'equalRightsForAll')
response = self.client.post(
reverse('friendly_login'), {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 302) # logged in
self.xmen_wg.giveRoleToUser('viewer', self.viewer)
self.weaponx_wg = models.Workgroup.objects.create(
name="WeaponX", stewardship_organisation=self.steward_org)
response = self.client.post(
reverse('friendly_login'), {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 302) # logged in
# Create Deadpool in Weapon X workgroup
with reversion.create_revision():
dp = models.ObjectClass.objects.create(
name="deadpool",
definition="not really an xman, no matter how much he tries",
workgroup=self.weaponx_wg)
dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
self.assertFalse(perms.user_can_view(self.viewer, dp))
self.assertFalse(dp.is_public())
response = self.client.get(reverse('aristotle:search') + "?q=xman")
self.assertEqual(response.status_code, 200)
facets = response.context['form'].facets['fields']
self.assertTrue('restriction' in facets.keys())
self.assertTrue('facet_model_ct' in facets.keys())
self.assertTrue('statuses' in facets.keys())
self.assertTrue('workgroup' in facets.keys())
for wg in facets['workgroup']:
wg = models.Workgroup.objects.get(pk=wg)
self.assertTrue(perms.user_in_workgroup(self.viewer, wg))
def new_comment(request,pid):
post = get_object_or_404(MDR.DiscussionPost,pk=pid)
if not perms.user_in_workgroup(request.user,post.workgroup):
raise PermissionDenied
if request.method == 'POST':
form = MDRForms.discussions.CommentForm(request.POST)
if form.is_valid():
new = MDR.DiscussionComment(
post = post,
body = form.cleaned_data['body'],
author = request.user,
)
new.save()
return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[new.post.pk])+"#comment_%s"%new.id)
else:
# It makes no sense to "GET" this comment, so push them back to the discussion
return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[post.pk]))
return render(request,"aristotle_mdr/discussions/new.html",{"form":form,})
def new_comment(request, pid):
post = get_object_or_404(MDR.DiscussionPost, pk=pid)
if not perms.user_in_workgroup(request.user, post.workgroup):
raise PermissionDenied
if post.closed:
messages.error(request, _('This post is closed. Your comment was not added.'))
return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
if request.method == 'POST':
form = MDRForms.discussions.CommentForm(request.POST)
if form.is_valid():
new = MDR.DiscussionComment(
post=post,
body=form.cleaned_data['body'],
author=request.user,
)
new.save()
return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[new.post.pk]) + "#comment_%s" % new.id)
else:
return render(request, "aristotle_mdr/discussions/new.html", {"form": form})
else:
# It makes no sense to "GET" this comment, so push them back to the discussion
return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
def test_workgroup_member_search_has_valid_facets(self):
self.logout()
self.viewer = User.objects.create_user('charles.xavier','*****@*****.**','equalRightsForAll')
response = self.client.post(reverse('friendly_login'),
{'username': '******', 'password': '******'})
self.assertEqual(response.status_code,302) # logged in
self.xmen_wg.giveRoleToUser('viewer',self.viewer)
self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX")
response = self.client.post(reverse('friendly_login'),
{'username': '******', 'password': '******'})
self.assertEqual(response.status_code,302) # logged in
#Create Deadpool in Weapon X workgroup
with reversion.create_revision():
dp = models.ObjectClass.objects.create(name="deadpool",
definition="not really an xman, no matter how much he tries",
workgroup=self.weaponx_wg)
dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
self.assertFalse(perms.user_can_view(self.viewer,dp))
self.assertFalse(dp.is_public())
response = self.client.get(reverse('aristotle:search')+"?q=xman")
self.assertEqual(response.status_code,200)
facets = response.context['form'].facets['fields']
self.assertTrue('restriction' in facets.keys())
self.assertTrue('facet_model_ct' in facets.keys())
self.assertTrue('statuses' in facets.keys())
self.assertTrue('workgroup' in facets.keys())
for wg, count in facets['workgroup']:
wg = models.Workgroup.objects.get(pk=wg)
self.assertTrue(perms.user_in_workgroup(self.viewer,wg))
def test_userInWorkgroup(self):
wg = models.Workgroup.objects.create(name="Test WG 1")
user = User.objects.create_user('editor1','','editor1')
wg.viewers.add(user)
self.assertTrue(perms.user_in_workgroup(user,wg))
def test_workgroup_member_search(self):
self.logout()
self.viewer = User.objects.create_user(
'charles.xavier', '*****@*****.**',
'equalRightsForAll')
self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX")
response = self.client.post(reverse('friendly_login'), {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 302) # logged in
#Charles is not in any workgroups
self.assertFalse(perms.user_in_workgroup(self.viewer, self.xmen_wg))
self.assertFalse(perms.user_in_workgroup(self.viewer, self.weaponx_wg))
#Create Deadpool in Weapon X workgroup
with reversion.create_revision():
dp = models.ObjectClass.objects.create(
name="deadpool",
definition="not really an xman, no matter how much he tries",
workgroup=self.weaponx_wg,
readyToReview=False)
dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
self.assertFalse(perms.user_can_view(self.viewer, dp))
self.assertFalse(dp.is_public())
# Charles isn't a viewer of X-men yet, so no results.
from aristotle_mdr.forms.search import PermissionSearchQuerySet
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs), 0)
#response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
#self.assertEqual(len(response.context['page'].object_list),0)
# Make viewer of XMen
self.xmen_wg.giveRoleToUser('viewer', self.viewer)
self.assertFalse(perms.user_can_view(self.viewer, dp))
# Deadpool isn't an Xman yet, still no results.
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs), 0)
with reversion.create_revision():
dp.workgroup = self.xmen_wg
dp.save()
dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
# Charles is a viewer, Deadpool is in X-men, should have results now.
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs), 1)
response = self.client.get(reverse('aristotle:search') + "?q=deadpool")
self.assertTrue(perms.user_can_view(self.viewer, dp))
self.assertEqual(len(response.context['page'].object_list), 1)
self.assertEqual(response.context['page'].object_list[0].object.item,
dp)
# Take away Charles viewing rights and no results again.
self.xmen_wg.removeRoleFromUser('viewer', self.viewer)
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs), 0)
response = self.client.get(reverse('aristotle:search') + "?q=deadpool")
self.assertEqual(len(response.context['page'].object_list), 0)
def test_userInWorkgroup(self):
wg = models.Workgroup.objects.create(name="Test WG 1")
user = get_user_model().objects.create_user('*****@*****.**','editor1')
wg.viewers.add(user)
self.assertTrue(perms.user_in_workgroup(user,wg))
def members(request, iid):
wg = get_object_or_404(MDR.Workgroup, pk=iid)
renderDict = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)}
if not user_in_workgroup(request.user, wg):
raise PermissionDenied
return render(request, "aristotle_mdr/workgroupMembers.html", renderDict)
def test_workgroup_member_search(self):
self.logout()
self.viewer = User.objects.create_user('charles.xavier','*****@*****.**','equalRightsForAll')
self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX")
response = self.client.post(reverse('django.contrib.auth.views.login'),
{'username': '******', 'password': '******'})
self.assertEqual(response.status_code,302) # logged in
#Charles is not in any workgroups
self.assertFalse(perms.user_in_workgroup(self.viewer,self.xmen_wg))
self.assertFalse(perms.user_in_workgroup(self.viewer,self.weaponx_wg))
#Create Deadpool in Weapon X workgroup
dp = models.ObjectClass.objects.create(name="deadpool",
description="not really an xman, no matter how much he tries",
workgroup=self.weaponx_wg,readyToReview=False)
dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
self.assertFalse(perms.user_can_view(self.viewer,dp))
self.assertFalse(dp.is_public())
# Charles isn't a viewer of X-men yet, so no results.
from aristotle_mdr.forms.search import PermissionSearchQuerySet
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs),0)
#response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
#self.assertEqual(len(response.context['page'].object_list),0)
# Make viewer of XMen
self.xmen_wg.giveRoleToUser('viewer',self.viewer)
self.assertFalse(perms.user_can_view(self.viewer,dp))
# Deadpool isn't an Xman yet, still no results.
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs),0)
dp.workgroup = self.xmen_wg
dp.save()
dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache
# Charles is a viewer, Deadpool is in X-men, should have results now.
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs),1)
response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
self.assertTrue(perms.user_can_view(self.viewer,dp))
self.assertEqual(len(response.context['page'].object_list),1)
self.assertEqual(response.context['page'].object_list[0].object.item,dp)
# Take away Charles viewing rights and no results again.
self.xmen_wg.removeRoleFromUser('viewer',self.viewer)
psqs = PermissionSearchQuerySet()
psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer)
self.assertEqual(len(psqs),0)
response = self.client.get(reverse('aristotle:search')+"?q=deadpool")
self.assertEqual(len(response.context['page'].object_list),0)
def test_in_workgroup(self):
self.assertTrue(perms.user_in_workgroup(self.su,None))
def has_perm(self, user_obj, perm, obj=None):
if not user_obj.is_active:
return False
if user_obj.is_superuser:
return True
app_label, perm_name = perm.split('.', 1)
extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', [])
if app_label == "aristotle_mdr" and hasattr(perms, perm_name):
return getattr(perms, perm_name)(user_obj, obj)
from django.apps import apps
from aristotle_mdr.models import _concept
perm_parts = perm_name.split("_")
if len(perm_parts) == 2:
model = apps.get_model(app_label, perm_parts[1])
elif obj is not None:
model = type(obj)
else:
model = int
if app_label in extensions + ["aristotle_mdr"] and issubclass(model, _concept):
# This is required so that a user can correctly delete the 'concept' parent class in the admin site.
# This is a rough catch all, and is designed to indicate a user could
# delete an item type, but not a specific item.
if (
perm_name.startswith('delete_') or
perm_name.startswith('create_') or
perm_name.startswith('add_')
):
if obj is None:
return perms.user_is_editor(user_obj)
else:
return perms.user_can_edit(user_obj, obj)
if app_label in extensions + ["aristotle_mdr"]:
if perm_name == "delete_concept_from_admin":
return obj is None or perms.user_can_edit(user_obj, obj)
if perm == "aristotle_mdr.can_create_metadata":
return perms.user_is_editor(user_obj)
if perm == "aristotle_mdr.view_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.can_leave_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.change_workgroup_memberships":
return perms.user_is_workgroup_manager(user_obj, obj)
if perm == "aristotle_mdr.change_workgroup":
return perms.user_is_workgroup_manager(user_obj, obj)
if perm == "aristotle_mdr.can_archive_workgroup":
return perms.user_is_workgroup_manager(user_obj, obj)
if perm == "aristotle_mdr.can_view_discussions_in_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.can_post_discussion_in_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.can_view_discussion_post":
return perms.user_in_workgroup(user_obj, obj.workgroup)
if perm == "aristotle_mdr.view_registrationauthority_details":
return (
perms.user_is_registation_authority_manager(user_obj, obj) or
perms.user_is_registrar(user_obj, obj)
)
if perm == "aristotle_mdr.change_registrationauthority":
return perms.user_is_registation_authority_manager(user_obj, obj)
if perm == "aristotle_mdr.change_registrationauthority_memberships":
return perms.user_is_registation_authority_manager(user_obj, obj)
from aristotle_mdr.contrib.links import perms as link_perms
if perm == "aristotle_mdr_links.add_link":
return link_perms.user_can_make_link(user_obj)
return super().has_perm(user_obj, perm, obj)
def has_perm(self, user_obj, perm, obj=None):
if not user_obj.is_active:
return False
if user_obj.is_superuser:
return True
app_label, perm_name = perm.split('.', 1)
extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', [])
if app_label == "aristotle_mdr" and hasattr(perms, perm_name):
return getattr(perms, perm_name)(user_obj, obj)
from django.apps import apps
from aristotle_mdr.models import _concept
perm_parts = perm_name.split("_")
if len(perm_parts) == 2:
model = apps.get_model(app_label, perm_parts[1])
else:
model = int
if app_label in extensions + ["aristotle_mdr"] and issubclass(
model, _concept):
# This is required so that a user can correctly delete the 'concept' parent class in the admin site.
# This is a rough catch all, and is designed to indicate a user could
# delete an item type, but not a specific item.
if (perm_name.startswith('delete_')
or perm_name.startswith('create_')
or perm_name.startswith('add_')):
if obj is None:
return perms.user_is_editor(user_obj)
else:
return perms.user_can_edit(user_obj, obj)
if app_label in extensions + ["aristotle_mdr"]:
if perm_name == "delete_concept_from_admin":
return obj is None or perms.user_can_edit(user_obj, obj)
if perm == "aristotle_mdr.can_create_metadata":
return perms.user_is_editor(user_obj)
if perm == "aristotle_mdr.view_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.can_leave_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.change_workgroup_memberships":
return perms.user_is_workgroup_manager(user_obj, obj)
if perm == "aristotle_mdr.change_workgroup":
return perms.user_is_workgroup_manager(user_obj, obj)
if perm == "aristotle_mdr.can_archive_workgroup":
return perms.user_is_workgroup_manager(user_obj, obj)
if perm == "aristotle_mdr.can_view_discussions_in_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.can_post_discussion_in_workgroup":
return perms.user_in_workgroup(user_obj, obj)
if perm == "aristotle_mdr.can_view_discussion_post":
return perms.user_in_workgroup(user_obj, obj.workgroup)
if perm == "aristotle_mdr.view_registrationauthority_details":
return (perms.user_is_registation_authority_manager(user_obj, obj)
or perms.user_is_registrar(user_obj, obj))
if perm == "aristotle_mdr.change_registrationauthority":
return perms.user_is_registation_authority_manager(user_obj, obj)
if perm == "aristotle_mdr.change_registrationauthority_memberships":
return perms.user_is_registation_authority_manager(user_obj, obj)
from aristotle_mdr.contrib.links import perms as link_perms
if perm == "aristotle_mdr_links.add_link":
return link_perms.user_can_make_link(user_obj)
return super(AristotleBackend, self).has_perm(user_obj, perm, obj)
def dispatch(self, request, *args, **kwargs):
self.workgroup = get_object_or_404(MDR.Workgroup,
pk=self.kwargs['wgid'])
if not perms.user_in_workgroup(request.user, self.workgroup):
raise PermissionDenied
return super().dispatch(request, *args, **kwargs)