def test_any_permissions(self):
groups = Group.objects.bulk_create(
[Group(name=name) for name in ['group1', 'group2', 'group3']])
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': None
}])
perms = Permission.objects.filter(
content_type__app_label='auth',
codename__in=['add_group', 'change_group'])
access_rule.permissions.add(*perms)
self.user1.user_permissions.add(*perms)
self.user1.groups.add(*groups)
objects = utils.get_objects_for_user(
self.user1, ['auth.add_group', 'auth.delete_group'],
any_perm=False)
self.assertEqual(set(), set(objects))
objects = utils.get_objects_for_user(
self.user1, ['auth.add_group', 'auth.delete_group'], any_perm=True)
self.assertEqual(set(groups), set(objects))
def test_multiple_permissions_to_check_use_groups(self):
self.group.permissions.add(
Permission.objects.get(content_type__app_label='auth',
codename='add_group'))
self.user1.user_permissions.add(
Permission.objects.get(content_type__app_label='auth',
codename='change_group'))
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': None
}])
access_rule.permissions.add(*Permission.objects.filter(
content_type__app_label='auth',
codename__in=['add_group', 'change_group']))
self.user1.groups.add(self.group)
objects = utils.get_objects_for_user(
self.user1, ['auth.add_group', 'auth.change_group'],
use_groups=True)
self.assertEqual(set(self.user1.groups.all()), set(objects))
self.user1.groups.remove(self.group)
objects = utils.get_objects_for_user(
self.user1, ['auth.add_group', 'auth.change_group'],
use_groups=False)
self.assertEqual(set(), set(objects))
def test_with_superuser_false(self):
BookFixture(Book, follow_fk=True, generate_m2m={
'authors': (1, 1)
}).create(count=2)
user = User.objects.latest('pk')
user.is_superuser = True
# `with_superuser=False` requires defined access rules - should yield no results!
self.assertEqual(
set(Book.objects.none()),
set(
utils.get_objects_for_user(user, ['testapp.change_book'],
Book.objects.all(),
with_superuser=False)))
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(user),
ctype_target=utils.get_content_type(Book),
relation_types=[{
'AUTHOR': None
}, {
'BOOK': None
}])
perm = Permission.objects.get(content_type__app_label='testapp',
codename='change_book')
access_rule.permissions.add(perm)
user.user_permissions.add(perm)
objects = utils.get_objects_for_user(user, ['testapp.change_book'],
Book.objects.all(),
with_superuser=False)
self.assertEqual(set(user.author.book_set.all()), set(objects))
def test_multiple_permissions_to_check_requires_staff(self):
groups = Group.objects.bulk_create(
[Group(name=name) for name in ['group1', 'group2', 'group3']])
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
requires_staff=True,
relation_types=[{
'GROUPS': None
}])
perms = Permission.objects.filter(
content_type__app_label='auth',
codename__in=['add_group', 'delete_group'])
access_rule.permissions.add(*perms)
self.user1.user_permissions.add(*perms)
self.user1.groups.add(*groups)
self.user1.is_staff = True
get_node_for_object(self.user1).sync(
) # Sync node in order to write `is_staff` property
objects = utils.get_objects_for_user(
self.user1, ['auth.add_group', 'auth.delete_group'])
self.assertEqual(set(groups), set(objects))
self.user2.user_permissions.add(*perms)
self.user2.groups.add(*groups)
self.assertFalse(self.user2.is_staff)
objects = utils.get_objects_for_user(
self.user2, ['auth.add_group', 'auth.delete_group'])
self.assertEqual(set(), set(objects))
def test_relation_types_definition_index_variable(self):
book = BookFixture(Book, generate_m2m={'authors': (2, 2)}).create_one()
get_nodeset_for_queryset(Store.objects.filter(pk=book.pk), sync=True)
user = User.objects.filter(
pk__in=book.authors.values('user')).latest('pk')
perm = Permission.objects.get(content_type__app_label='auth',
codename='change_user')
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(User),
relation_types=[{
'AUTHOR': None
}, {
'BOOK': None
}, {
'{0:AUTHORS}': None
}, {
'USER': None
}])
access_rule.permissions.add(perm)
user.user_permissions.add(perm)
objects = utils.get_objects_for_user(user, 'auth.change_user')
self.assertEqual({user}, set(objects))
self.assertNotEqual(User.objects.count(), objects.count())
def test_nonexistent_source_node(self):
user = User.objects.create_user(username='******')
node = get_node_for_object(user).sync()
node.delete()
objects = utils.get_objects_for_user(user, ['testapp.add_book'])
self.assertEqual(set(objects), set(Book.objects.none()))
def test_with_superuser_true(self):
self.user1.is_superuser = True
queryset = Book.objects.all()
objects = utils.get_objects_for_user(self.user1,
['testapp.change_book'],
queryset,
with_superuser=True)
self.assertEqual(set(queryset), set(objects))
def filter_queryset(self, request, queryset, view):
from chemtrails.contrib.permissions.utils import get_objects_for_user
permission = self.perm_format % {
'app_label': queryset.model._meta.app_label,
'model_name': queryset.model._meta.model_name
}
return get_objects_for_user(request.user, permissions=permission, klass=queryset)
def test_extra_perms_single(self):
group = Group.objects.create(name='a group')
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': None
}])
access_rule.permissions.add(
Permission.objects.get(content_type__app_label='auth',
codename='add_group'))
self.user1.groups.add(group)
objects = utils.get_objects_for_user(self.user1, 'auth.add_group')
self.assertEqual(set(), set(objects))
objects = utils.get_objects_for_user(self.user1,
'auth.add_group',
extra_perms='auth.add_group')
self.assertEqual({group}, set(objects))
def test_permissions_single(self):
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': None
}])
perm = Permission.objects.get(content_type__app_label='auth',
codename='change_group')
access_rule.permissions.add(perm)
self.user1.user_permissions.add(perm)
self.user1.groups.add(self.group)
self.assertEqual(
set(self.user1.groups.all()),
set(utils.get_objects_for_user(self.user1, 'auth.change_group')))
self.assertEqual(
set(self.user1.groups.all()),
set(utils.get_objects_for_user(self.user1, ['auth.change_group'])))
def test_klass_as_queryset(self):
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': None
}])
perm = Permission.objects.get(content_type__app_label='auth',
codename='change_group')
access_rule.permissions.add(perm)
self.user1.user_permissions.add(perm)
self.user1.groups.add(self.group)
objects = utils.get_objects_for_user(self.user1, ['auth.change_group'],
Group.objects.all())
self.assertEqual([obj.name for obj in objects], [self.group.name])
def test_single_permission_to_check(self):
groups = Group.objects.bulk_create(
[Group(name=name) for name in ['group1', 'group2', 'group3']])
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': None
}])
perm = Permission.objects.get(content_type__app_label='auth',
codename='change_group')
access_rule.permissions.add(perm)
self.user1.user_permissions.add(perm)
self.user1.groups.add(*groups)
objects = utils.get_objects_for_user(self.user1, 'auth.change_group')
self.assertEqual(len(groups), len(objects))
self.assertEqual(set(groups), set(objects))
def test_relation_types_target_props(self):
groups = Group.objects.bulk_create(
[Group(name=name) for name in ['group1', 'group2']])
access_rule = AccessRule.objects.create(
ctype_source=utils.get_content_type(User),
ctype_target=utils.get_content_type(Group),
relation_types=[{
'GROUPS': {
'name': 'group1'
}
}])
perm = Permission.objects.get(content_type__app_label='auth',
codename='add_group')
access_rule.permissions.add(perm)
self.user1.user_permissions.add(perm)
self.user1.groups.add(*groups)
objects = utils.get_objects_for_user(self.user1, 'auth.add_group')
self.assertEqual({Group.objects.get(name='group1')}, set(objects))
def test_ensure_returns_queryset(self):
objects = utils.get_objects_for_user(self.user1, ['auth.change_group'])
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(objects.model, Group)
def test_empty_permissions_sequence(self):
objects = utils.get_objects_for_user(self.user1, [],
Book.objects.all())
self.assertEqual(set(objects), set())
def test_anonymous(self):
user = AnonymousUser()
queryset = Book.objects.all()
objects = utils.get_objects_for_user(user, ['testapp.change_book'],
queryset)
self.assertEqual(set(Book.objects.none()), set(objects))
