def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) with mock.patch.object(self.UserModel, 'is_anonymous', True): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self): """ #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), set(["auth.test_user", "auth.test_group"])) self.assertEqual(backend.get_user_permissions(user), set(["auth.test_user", "auth.test_group"])) self.assertEqual(backend.get_group_permissions(user), set(["auth.test_group"])) user.is_anonymous = lambda: True self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self): """ #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) with mock.patch.object(self.UserModel, 'is_anonymous', True): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self): """Anonymous users shouldn't have permissions in ModelBackend #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). https://code.djangoproject.com/ticket/17903 """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual( backend.get_all_permissions(user), {"auth.test_user", "auth.test_group"}, ) # Django 2.0 avoids cache permission problems # https://code.djangoproject.com/ticket/28713 # https://github.com/django/django/pull/9242 if DJANGO_VERSION >= (2, 0): self.assertEqual(backend.get_user_permissions(user), {"auth.test_user"}) else: self.assertEqual( backend.get_user_permissions(user), {"auth.test_user", "auth.test_group"}, ) self.assertEqual(backend.get_group_permissions(user), {"auth.test_group"}) # In Django 1.10, is_anonymous became a property. if DJANGO_VERSION >= (1, 10): is_anon_mock = True else: is_anon_mock = lambda s: True # noqa: E731 with patch.object(self.UserModel, "is_anonymous", is_anon_mock): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self): """Inactive users shouldn't have permissions in ModelBackend #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). https://code.djangoproject.com/ticket/17903 """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual( backend.get_all_permissions(user), {"auth.test_user", "auth.test_group"}, ) # Django 2.0 avoids cache permission problems # https://code.djangoproject.com/ticket/28713 # https://github.com/django/django/pull/9242 if DJANGO_VERSION >= (2, 0): self.assertEqual(backend.get_user_permissions(user), {"auth.test_user"}) else: self.assertEqual( backend.get_user_permissions(user), {"auth.test_user", "auth.test_group"}, ) self.assertEqual(backend.get_group_permissions(user), {"auth.test_group"}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
class ElectionAuthBackend(object): """ Authenticate against django.contrib.auth.backends.ModelBackend AND ipauth.backend.RangeBackend Users must pass both sets of authentication to use the system """ supports_anonymous_user = False ipauth_backend = None model_backend = None def __init__(self): self.ipauth_backend = RangeBackend() self.model_backend = ModelBackend() def authenticate(self, username=None, password=None, ip=None): """ Authenticate against multiple backends AND'd together TODO: Election admin """ model_user = self.model_backend.authenticate(username=username, password=password) ip_user = self.ipauth_backend.authenticate(ip=ip) #print 'model_user', repr(model_user) #print 'model_user groups', repr(model_user.groups.all()) #print 'ip_user', repr(ip_user) admin_group = Group.objects.filter(name='ADMIN').all() if admin_group.count() > 0: admin_group = admin_group[0] else: admin_group = None if not model_user: return None if model_user.is_superuser or model_user.is_staff: # Super admin return model_user if model_user.groups.count() > 0 and admin_group in model_user.groups.all(): # Election admin return model_user #if ip_user is None: #print 'Your IP=%s is not in the IPAuth' % (ip, ) #return None return model_user def get_group_permissions(self, user_obj): """ Returns a set of permission strings that this user has through his/her groups. """ return self.model_backend.get_group_permissions(user_obj) def get_all_permissions(self, user_obj): return self.model_backend.get_all_permissions(user_obj) def has_perm(self, user_obj, perm): return self.model_backend.has_perm(user_obj, perm) def has_module_perms(self, user_obj, app_label): return self.model_backend.has_module_perms(user_obj, app_label) def get_user(self, user_id): return self.model_backend.get_user(user_id)
def get_group_permissions(self, user_obj, obj=None): """ Returns a set of permission strings that this user has through his/her groups. """ if obj is None: return ModelBackend.get_group_permissions(self, user_obj) else: return set() # not implemented
def get_group_permissions(self, user_obj, obj=None): """ Returns a set of permission strings that this user has through his/her groups. """ if obj is None: return ModelBackend.get_group_permissions(self, user_obj) else: return set() # not implemented
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) # In Django 1.10, is_anonymous became a property. is_anon = self.UserModel.is_anonymous if django.VERSION >= (1, 10): self.UserModel.is_anonymous = True else: user.is_anonymous = lambda: True self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set()) self.UserModel.is_anonymous = is_anon