def test_update_view_ok_when_permitted():
user = factories.UserFactory()
s1 = factories.StoreFactory(name="a")
factories.StoreFactory(name="b")
perms["shrubberies.view_store"] = Attribute("name", "a")
perms["shrubberies.change_store"] = Attribute("name", "a")
v = StoreViewSet.as_view({"patch": "partial_update"})
r = RequestFactory().patch("/", {"name": "a"},
HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r, pk=s1.id)
assert response.status_code == 200
def test_update_view_ok_when_permitted():
user = factories.UserFactory()
s1 = factories.StoreFactory(name='a')
factories.StoreFactory(name='b')
perms['shrubberies.view_store'] = Attribute('name', 'a')
perms['shrubberies.change_store'] = Attribute('name', 'a')
v = StoreViewSet.as_view({'patch': 'partial_update'})
r = RequestFactory().patch(
'/', {'name': 'a'}, HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r, pk=s1.id)
assert response.status_code == 200
def test_detail_view_404_when_not_permitted():
user = factories.UserFactory()
factories.StoreFactory(name="a")
s2 = factories.StoreFactory(name="b")
perms["shrubberies.view_store"] = Attribute("name", "a")
v = StoreViewSet.as_view({"get": "retrieve"})
r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r, pk=s2.id)
assert response.status_code == 404
def test_detail_view_404_when_not_permitted():
user = factories.UserFactory()
factories.StoreFactory(name='a')
s2 = factories.StoreFactory(name='b')
perms['shrubberies.view_store'] = Attribute('name', 'a')
v = StoreViewSet.as_view({'get': 'retrieve'})
r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r, pk=s2.id)
assert response.status_code == 404
def test_list_view_is_filtered():
user = factories.UserFactory()
s1 = factories.StoreFactory(name="a")
factories.StoreFactory(name="b")
perms["shrubberies.view_store"] = Attribute("name", "a")
v = StoreViewSet.as_view({"get": "list"})
r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r)
response.render()
assert response.status_code == 200
data = json.loads(response.content.decode("utf8"))
assert len(data) == 1
assert data[0]["id"] == s1.id
def test_list_view_is_filtered():
user = factories.UserFactory()
s1 = factories.StoreFactory(name='a')
factories.StoreFactory(name='b')
perms['shrubberies.view_store'] = Attribute('name', 'a')
v = StoreViewSet.as_view({'get': 'list'})
r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r)
response.render()
print(response.content)
assert response.status_code == 200
data = json.loads(response.content.decode('utf8'))
assert len(data) == 1
assert data[0]['id'] == s1.id
from bridgekeeper import perms, rules
from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups
from django.contrib.auth.models import Group # lint-amnesty, pylint: disable=unused-import
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission
# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff
# Helper rules used to define the permissions below
# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
ManyRelation('permission_grants', (Attribute('user', lambda user: user)
| Relation('group', in_current_groups)))
# We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (ManyRelation(
'permission_grants', (Attribute('user', lambda user: user)
| Relation('group', in_current_groups)) &
(Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL)
| Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL))))
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (ManyRelation(
'permission_grants', (Attribute('user', lambda user: user)
| Relation('group', in_current_groups))
& Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))
from django.contrib.auth.models import Group
from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission
# Is the user active (and their email verified)?
is_user_active = rules.is_authenticated & rules.is_active
# Is the user global staff?
is_global_staff = is_user_active & rules.is_staff
# Helper rules used to define the permissions below
# Does the user have at least read permission for the specified library?
has_explicit_read_permission_for_library = (
ManyRelation(
'contentlibrarypermission',
(Attribute('user', lambda user: user) | Relation('group', in_current_groups))
)
# We don't check 'access_level' here because all access levels grant read permission
)
# Does the user have at least author permission for the specified library?
has_explicit_author_permission_for_library = (
ManyRelation(
'contentlibrarypermission',
(Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & (
Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) |
Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)
)
)
)
# Does the user have admin permission for the specified library?
has_explicit_admin_permission_for_library = (
from bridgekeeper import perms
from bridgekeeper.rules import is_authenticated, Attribute, Relation, ManyRelation, Is
from .models import Organization
is_public_course = ManyRelation("organizations", "organizations", Organization,
Attribute("name", matches="MITx"))
perms["queries.view_course"] = is_authenticated | is_public_course
