def add_kennel_permissions():
kennel_ct = ContentType.objects.get(app_label='pet', model='kennel')
is_kennel = Permission(name='Is Kennel',
codename='is_a_kennel',
content_type=kennel_ct)
is_kennel.save()
return is_kennel
def test_usuarios_render_form_change_pas(self):
"""
Testa renderização do formulário de troca de senha
"""
contentItem = ContentType.objects.get(app_label='acesso',model='usuario')
permission = Permission(name='Can Change Pass',content_type=contentItem,codename='change_pass_usuario')
permission.save()
permissions = Permission.objects.all().filter(content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
# Faz chamada da pagina
response = self.client.get('/acesso/usuarios/password/')
self.assertEquals(response.status_code, 200)
self.assertContains(response, 'name="new_password1"', status_code=200)
"""
Testa renderização do formulário de troca de senha
"""
dataPost = {
'new_password1' : 'testpass2',
'new_password2' : 'testpass2',
}
response = self.client.post('/acesso/usuarios/password/', dataPost)
self.assertEquals(response.status_code, 200)
def setUp(self):
"""
Set up the environment for the test cases
"""
super(GroupResourceTest, self).setUp()
self.username = '******'
self.password = '******'
self.user = User.objects.create_superuser('tester',
'*****@*****.**', 'test')
self.user.user_permissions.add(
Permission.objects.get(codename="add_user"))
self.api_client.client.login(username='******', password='******')
#Create a group
self.group = Group(name="God")
self.group.save()
#Create a permission
self.ct = ContentType(name='test')
self.ct.save()
self.permission = Permission(name='Test',
codename='test',
content_type=self.ct)
self.permission.save()
self.group.permissions.add(self.permission)
def permission_add(module, using=None):
'''
添加自定义权限
'''
content_type = None
try:
if not using:
content_type = ContentType.objects.get(
app_label=settings.PERMISSION_APP, model=module)
else:
content_type = ContentType.objects.using(using).get(
app_label=settings.PERMISSION_APP, model=module)
except:
content_type = ContentType(name=module,
app_label=settings.PERMISSION_APP,
model=module)
content_type.save(using=using)
for op in operations.values():
try:
perm = Permission(codename='%s_%s' % (op, module),
name='can %s %s' % (op, module),
content_type=content_type)
perm.save(using=using)
except:
pass
def manager_perms_add(request):
# login check start
if not request.user.is_authenticated:
return redirect('mylogin')
# login check end
perm = 0
for i in request.user.groups.all():
if i.name == "masteruser": perm = 1
if perm == 0:
error = "Access Denied"
return render(request, 'back/error.html', {'error': error})
if request.method == 'POST':
name = request.POST.get('name')
cname = request.POST.get('cname')
contenttype = ContentType.objects.get(app_label='main', model='main')
if len(Permission.objects.filter(codename=cname)) == 0:
perm = Permission(name=name,
codename=cname,
content_type=contenttype)
#permission = Permission.objects.create(codename=cname, name=name, content_type=content_type)
perm.save()
else:
error = "This Codename Used Before"
return render(request, 'back/error.html', {'error': error})
return redirect('manager_perms')
def _get_or_create_perm(perm):
from django.contrib.contenttypes.models import ContentType
from django.db import models
if not perm:
return None
try:
app, model, name = perm.split('.')
except ValueError:
return None
# NOTE: This check is added to support local userdb database connection.
# TODO: Ensure this is right.
m = models.get_model(app, model, only_installed=False)
if not m:
return None
try:
return Permission.objects.get_by_natural_key(name, app, model)
except Permission.DoesNotExist:
try:
ct = ContentType.objects.get_by_natural_key(app, model)
perm = Permission(name=name, content_type=ct, codename=name)
perm.save()
return perm
except ContentType.DoesNotExist:
return None
except ContentType.DoesNotExist:
return None
def add_owner_permissions():
owner_ct = ContentType.objects.get(app_label='pet', model='owner')
is_owner = Permission(name='Is Owner',
codename='is_a_owner',
content_type=owner_ct)
is_owner.save()
return is_owner
def test_user_permission_not_allowed(self):
permission = Permission(content_type_id=1, name='Can something',
codename='can_something')
permission.save()
response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something'))
self.assertEquals(response.status_code, 200)
self.assertEquals(json['is-allowed'], False, json)
def post(self, request):
ret = {'result': 0, 'msg': None}
## ajax 请求的权限验证
if not request.user.has_perm(self.permission_required):
ret["result"] = 1
ret["msg"] = "Sorry,你没有'添加 permission 模型对象'的权限,请联系运维!"
return JsonResponse(ret)
perms_form = PermissionAddForm(request.POST)
if not perms_form.is_valid():
ret['result'] = 1
error_msg = json.loads(
perms_form.errors.as_json(escape_html=False))
ret["msg"] = '\n'.join(
[i["message"] for v in error_msg.values() for i in v])
return JsonResponse(ret)
try:
perm = Permission(**perms_form.cleaned_data)
except Exception as e:
ret['result'] = 1
ret['msg'] = e.args
else:
perm.save()
ret['msg'] = "权限创建成功"
return JsonResponse(ret)
def test_puede_obtener_grupos_junto_con_permisos(self):
user = User.objects.create_user(username='******', password='******')
grupo = Group.objects.create(name='coordinador')
tipo = ContentType.objects.get(app_label='escuelas', model='evento')
puede_crear_eventos = Permission(name='crear',
codename='evento.crear',
content_type=tipo)
puede_crear_eventos.save()
grupo.permissions.add(puede_crear_eventos)
self.client.force_authenticate(user=user)
response = self.client.get('/api/groups', format='json')
self.assertEqual(len(response.data['results']), 2)
item_1 = response.data['results'][1]
self.assertEquals(item_1["name"], "coordinador")
# Inicialmente este grupo no tiene perfil
self.assertEquals(item_1["perfiles"], [])
# Si se vincula el grupo a un perfil ...
user.perfil.group = grupo
grupo.save()
user.save()
user.perfil.save()
response = self.client.get('/api/groups', format='json')
item_1 = response.data['results'][1]
self.assertEquals(len(item_1["perfiles"]), 1)
self.assertEquals(item_1["perfiles"][0]['type'], 'perfiles')
def post(self, request):
"""
content_type_id = request.POST.get("content_type")
codename = request.POST.get("codename")
name = request.POST.get("name")
try:
content_type = ContentType.objects.get(pk=content_type_id)
except ContentType.DoesNotExist:
return redirect("error", next="permission_list", msg="模型不存在")
if not codename or codename.find(" ") >=0 :
return redirect("error", next="permission_list", msg="codename 不合法")
try:
Permission.objects.create(codename=codename, content_type=content_type,name=name)
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
return redirect("success", next="permission_list")
"""
permissionform = CreatePermissionForm(request.POST)
if permissionform.is_valid():
permission = Permission(**permissionform.cleaned_data)
try:
permission.save()
return redirect("success", next="permission_list")
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
else:
return redirect("error",
next="permission_list",
msg=json.dumps(permissionform.errors.as_json(),
ensure_ascii=False))
def checkAndCreateModelPermissions(appName):
from django.db.models.loading import get_app
from django.db import models
app = get_app(appName)
for i in dir(app):
try:
a = app.__getattribute__(i)
if issubclass(a, models.Model):
checkAndCreateModelPermission(a)
except:
pass
try:
ct = ContentType.objects.get_for_model(Transaction)
Permission(content_type=ct,
codename='init_database',
name='Init database').save()
except:
pass
try:
ct = ContentType.objects.get_for_model(Group)
Permission(content_type=ct,
codename='browse_' + Group.__name__.lower(),
name='Can browse %s' % Group.__name__).save()
except:
pass
def test_user_permission_not_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something'))
self.assertEquals(response.status_code, 200)
self.assertEquals(json['is-allowed'], False, json)
def test_usuarios_render_form_change_pas(self):
"""
Testa renderização do formulário de troca de senha
"""
contentItem = ContentType.objects.get(app_label='acesso',
model='usuario')
permission = Permission(name='Can Change Pass',
content_type=contentItem,
codename='change_pass_usuario')
permission.save()
permissions = Permission.objects.all().filter(
content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
# Faz chamada da pagina
response = self.client.get('/acesso/usuarios/password/')
self.assertEquals(response.status_code, 200)
self.assertContains(response, 'name="new_password1"', status_code=200)
"""
Testa renderização do formulário de troca de senha
"""
dataPost = {
'new_password1': 'testpass2',
'new_password2': 'testpass2',
}
response = self.client.post('/acesso/usuarios/password/', dataPost)
self.assertEquals(response.status_code, 200)
def pre_register(self, model, **kwargs):
content_type = ContentType.objects.get_for_model(model)
codename = 'can_receive_notification_%s' % content_type.model
if not Permission.objects.filter(content_type=content_type, codename=codename):
permission = Permission(name = 'Can receive notification', content_type = content_type, codename = codename)
permission.save()
def create_club_admin_permission(sender, **kwargs):
print "Creating club admin permission..."
club_content_type = ContentType.objects.get_for_model(Club)
if len(Permission.objects.filter(codename='full_club_admin')) == 0:
club_admin_permission = Permission(name='Full Club Admin Access',
codename='full_club_admin',
content_type=club_content_type)
club_admin_permission.save()
def test_current_user_permission_not_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
response, json = self.do_get(self.user_perm % 'auth.can_something',
username=self.user.username)
self.assertEquals(response.status_code, 200)
self.assertEquals(json['permissions']['auth.can_something'], False, json)
def _get_permission(self, obj, code, create = False):
ct = ContentType.objects.get_for_model(obj)
pe = Permission.objects.filter(codename = code, content_type = ct)
if pe:
pe = pe[0]
elif create:
pe = Permission(codename = code, content_type = ct, name = 'Can view %s' % force_str(obj._meta.verbose_name))
pe.save()
return pe
def test_current_user_permission_is_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
self.user.user_permissions.add(permission)
response, json = self.do_get(self.user_perm % 'auth.can_something',
username=self.user.username)
self.assertEquals(response.status_code, 200)
self.assertEquals(json['permissions']['auth.can_something'], True, json)
def mutate_and_get_payload(cls, root, info, **kwargs):
name = kwargs.get('name')
content_type = kwargs.get('content_type')
codename = kwargs.get('codename')
permission = Permission(name=name,
content_type=content_type,
codename=codename)
permission.save()
return CreatePermission(permission=permission)
def test_puede_sustituir_a_otro_usuario(self):
# Comienza con dos usuarios
user = User.objects.create_user(username='******', password='******')
usuario_secundario = User.objects.create_user(username='******',
password='******')
# Se genera un grupo para el administrador
grupo = Group.objects.create(name='coordinador')
tipo = ContentType.objects.get(app_label='escuelas', model='evento')
puede_administrar = Permission(name='perfil.global',
codename='perfil.global',
content_type=tipo)
puede_administrar.save()
grupo.permissions.add(puede_administrar)
# Se asigna una region al perfil de usuario
region_1 = models.Region.objects.create(numero=1)
user.perfil.region = region_1
usuario_secundario.perfil.region = region_1
grupo.save()
user.perfil.group = grupo
user.save()
user.perfil.save()
usuario_secundario.perfil.save()
usuario_secundario.save()
self.client.login(username='******', password='******')
self.client.force_authenticate(user=user)
response = self.client.get('/api/mi-perfil', format='json')
self.assertEqual(response.data['username'], "test")
self.assertEqual(len(response.data['grupos']), 1,
"Tiene un solo grupo")
self.assertEqual(response.data['grupos'][0]['nombre'], 'coordinador',
"Tiene asignado el grupo coordinador")
# Accede al perfil de otro usuario correctamente
response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' %
(usuario_secundario.id),
format='json')
self.assertEqual(response.data['username'], "secundario")
self.client.logout()
# Si un usuario que no tiene permisos de administrador intenta ver el perfil de otro usuario falla, por falta de permisos
self.client.login(username='******', password='******')
self.client.force_authenticate(user=usuario_secundario)
response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' %
(user.id),
format='json')
self.assertEqual(response.status_code, 500)
def createProjectPermission(pDesc, pCodeName, groups):
projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL, model='project')
permission = Permission(name=pDesc, codename=pCodeName, content_type=projectContenType)
permission.save()
print 'Created permission=%s...' % permission.codename
for group in groups:
group.permissions.add(permission)
group.save()
print '...and associated to group=%s' % group.name
return permission
def setUp(self):
"""
Set up dependent objects
"""
super(ItemTest, self).setUp()
self.ct = ContentType(app_label="po")
self.ct.save()
self.p = Permission(codename="add_purchaseorder", content_type=self.ct)
self.p.save()
self.p2 = Permission(codename="change_purchaseorder",
content_type=self.ct)
self.p2.save()
#Create the user
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(
self.username, '*****@*****.**', self.password)
self.user.save()
self.user.user_permissions.add(self.p)
self.user.user_permissions.add(self.p2)
self.client.login(username=self.username, password=self.password)
self.supplier = Supplier(**base_supplier)
self.supplier.save()
self.address = Address(**base_address)
self.address.contact = self.supplier
self.address.save()
self.contact = SupplierContact(name='test',
email='*****@*****.**',
telephone=1234,
primary=True)
self.contact.supplier = self.supplier
self.contact.save()
self.supply = Fabric.create(**base_fabric)
#self.supply.units = "m^2"
self.supply.save()
self.po = PurchaseOrder()
self.po.employee = self.user
self.po.supplier = self.supplier
self.po.terms = self.supplier.terms
self.po.vat = 7
self.po.order_date = datetime.datetime(2014, 3, 2)
self.po.save()
self.item = Item(unit_cost=Decimal('13.55'),
quantity=Decimal('10'),
supply=self.supply)
self.item.description = self.supply.description
self.item.purchase_order = self.po
self.item.save()
def get_permission(self, permission_prefix, create_permission=False):
permission_codename = u"%s_%s" % (permission_prefix, self.name)
permission_description = u"%s %s instances" % (permission_prefix, self.name)
try:
permission = Permission.objects.get(codename=permission_codename)
except Permission.DoesNotExist:
content_type = ContentType.objects.get(app_label=APP_LABEL, model='qproject')
permission = Permission(codename=permission_codename, name=permission_description, content_type=content_type)
if create_permission:
permission.save()
return permission
def test_user_is_checked_for_global_db_permission(self):
user = User(is_active=True)
user.save()
content_type = ContentType(app_label='test_app')
content_type.save()
permission = Permission(content_type=content_type,
codename='test_permission')
permission.save()
user.user_permissions.add(permission)
backend = PermissionBackend()
self.assertTrue(backend.has_perm(user, 'test_app.test_permission'))
def edit_all_permission(self, log=None):
ct = ContentType.objects.get_for_model(self)
try:
p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name())
except Permission.DoesNotExist:
p = Permission(content_type=ct, codename=self.edit_all_permission_name(),
name="Edit all data for widget %s" % self.name)
p.save()
if log is not None:
print >> log, "Created edit all permission for widget %s" % self.name
return p
def test_create_permissions(self):
'''Test creating and adding permissions'''
self.p = Permission()
self.p.codename = 'change_product_price'
self.p.name = 'Change the price of a product'
self.p.content_type = ContentType.objects.get(id=1)
self.p.save()
self.assertTrue(self.p.codename, 'change_product_price')
self.u1.user_permissions.add(self.p)
self.assertEquals(self.u1.has_perm('admin.change_product_price'), True)
def __new__(cls, name, bases, attrs):
module = attrs.pop('__module__')
parents = [b for b in bases if isinstance(b, ProfilePermissonBase)]
if parents:
fields = []
for obj_name, obj in attrs.items():
if isinstance(obj, models.Field):
fields.append(obj_name)
Permission.add_to_class(obj_name, obj)
return super(ProfilePermissonBase,
cls).__new__(cls, name, bases, attrs)
def post(self, request):
permission_form = CreatePermissionForm(request.POST)
if permission_form.is_valid():
permission = Permission(**permission_form.cleaned_data)
try:
permission.save()
return redirect('success', next='permission_list')
except Exception as e:
return redirect('error', next='permission_add', msg=e.args)
else:
return redirect('error', next='permission_add', msg=json.dumps(json.load(permission_form.errors.as_json()), ensure_ascii=False))
def employe(request):
logger.info('function_call employe(request) ->')
if request.method == 'POST':
employe = User.objects.get(id = int(request.POST.get('id_record')))
profile = UserProfile.objects.get(user = employe)
form = EmployeForm(initial={'username': employe.username, 'email': employe.email, 'firstname': employe.first_name, 'lastname': employe.last_name,
'vacation_days': profile.vacation_days, 'min_hours': profile.min_hours, 'max_hours': profile.max_hours,
'hourly_rate': profile.hourly_rate, 'management': employe.has_perm('auth.management'), 'api': employe.is_staff})
if request.POST.get('action'):
if request.POST.get('action') == "modifie":
form = EmployeForm(request.POST)
if form.is_valid():
employe.username = form.cleaned_data['username']
employe.email = form.cleaned_data['email']
employe.first_name = form.cleaned_data['firstname']
employe.last_name = form.cleaned_data['lastname']
employe.save()
profile.vacation_days = form.cleaned_data['vacation_days']
profile.min_hours = form.cleaned_data['min_hours']
profile.max_hours = form.cleaned_data['max_hours']
profile.hourly_rate = form.cleaned_data['hourly_rate']
profile.save()
try:
permission = Permission.objects.get(codename='management')
except Exception:
permissionNew = Permission(name = "management", content_type = ContentType.objects.get(model='permission'), codename = "management")
permissionNew.save()
permission = Permission.objects.get(codename='management')
if form.cleaned_data['management'] == True:
employe.user_permissions.add(permission)
else:
employe.user_permissions.remove(permission)
if form.cleaned_data['api'] == True:
employe.is_staff = 1
employe.save()
else:
employe.is_staff = 0
employe.save()
return HttpResponseRedirect(reverse('staff'))
c = {'user':request.user, 'employe':employe, 'form':form, 'SITENAME':settings.SITENAME, 'management':request.user.has_perm('auth.management')}
c.update(csrf(request))
return render_to_response('employe.html', c, context_instance=RequestContext(request))
def view_permisions(apps=None):
if not apps: apps = ['whs', 'lab', 'energy', 'it']
for app in apps:
for c in ContentType.objects.filter(app_label=app):
if issubclass(c.model_class(),UrlMixin):
p = Permission(codename='view_%s' % c.model, name=u'Можно просматривать %s' % c.name, content_type=c)
try:
p.validate_unique()
except ValidationError:
pass
else:
p.save()
def permission(self, log=None):
ct = ContentType.objects.get_for_model(self)
try:
p = Permission.objects.get(content_type=ct,
codename=self.permission_name())
except Permission.DoesNotExist:
p = Permission(content_type=ct, codename=self.permission_name(),
name="upload data files for %s" % self.app)
p.save()
if log:
print >> log, "Created uploader permission for %s" % self.app
return p
def setUp(self):
self.product_type = Product_Type()
self.user = Dojo_User()
self.group = Group()
self.permission_a = Permission()
self.permission_a.codename = 'a'
self.permission_b = Permission()
self.permission_b.codename = 'b'
self.permission_c = Permission()
self.permission_c.codename = 'c'
def test_render_configuracoes(self):
# Faz chamada da pagina
contentItem = ContentType.objects.get(app_label='core',model='parametro')
permission = Permission(name='Can Access Configurations',content_type=contentItem,codename='core_configurations')
permission.save()
permissions = Permission.objects.all().filter(content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
response = self.client.get('/core/configuracoes/')
self.assertEquals(response.status_code, 200)
def create_permission_if_doesnt_exist(codename, desc, content_type):
try:
permission = Permission(name=desc,
codename=codename,
content_type=content_type)
permission.save()
except IntegrityError:
print('permission {} exists'.format(codename))
permission = Permission.objects.get(codename=codename)
else:
print('created permission {}'.format(codename))
return permission
def createProjectPermission(pDesc, pCodeName, groups):
projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL,
model='project')
permission = Permission(name=pDesc,
codename=pCodeName,
content_type=projectContenType)
permission.save()
print 'Created permission=%s...' % permission.codename
for group in groups:
group.permissions.add(permission)
group.save()
print '...and associated to group=%s' % group.name
return permission
def tagPreSave(sender, instance, created, **kwargs):
if not created:
return
permission = Permission()
permission.codename = 'tag_{0}'.format(instance.name)
permission.name = 'Can add tag {0}'.format(instance.name)
permission.content_type = ContentType.objects.get_for_model(Tag)
permission.full_clean()
permission.save()
def create_permission(request):
new_permission=Permission()
new_permission.content_type_id=1
new_permission.codename=request.POST.get("codename")
new_permission.name=request.POST.get("permission_title")
new_permission.save()
description=request.POST.get("permission_desc")
permission_type=request.POST.get("permission_type")
new_permission.save()
PermissionService.create_permission_extend(new_permission.id,permission_type, description)
def setUp(self):
"""
Set up dependent objects
"""
super(ItemTest, self).setUp()
self.ct = ContentType(app_label="po")
self.ct.save()
self.p = Permission(codename="add_purchaseorder", content_type=self.ct)
self.p.save()
self.p2 = Permission(codename="change_purchaseorder", content_type=self.ct)
self.p2.save()
#Create the user
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(self.username, '*****@*****.**', self.password)
self.user.save()
self.user.user_permissions.add(self.p)
self.user.user_permissions.add(self.p2)
self.client.login(username=self.username, password=self.password)
self.supplier = Supplier(**base_supplier)
self.supplier.save()
self.address = Address(**base_address)
self.address.contact = self.supplier
self.address.save()
self.contact = SupplierContact(name='test', email='*****@*****.**', telephone=1234, primary=True)
self.contact.supplier = self.supplier
self.contact.save()
self.supply = Fabric.create(**base_fabric)
#self.supply.units = "m^2"
self.supply.save()
self.po = PurchaseOrder()
self.po.employee = self.user
self.po.supplier = self.supplier
self.po.terms = self.supplier.terms
self.po.vat = 7
self.po.order_date = datetime.datetime(2014, 3, 2)
self.po.save()
self.item = Item(unit_cost=Decimal('13.55'), quantity=Decimal('10'), supply=self.supply)
self.item.description = self.supply.description
self.item.purchase_order = self.po
self.item.save()
def add_permissions(self):
#busca tabela de models
contentItem = ContentType.objects.get(app_label='oportunidade',model='oportunidade')
#busca permissoes do model
if not contentItem:
self.assertTrue(False)
customPermission = Permission(name='Dashboard',content_type=contentItem,codename='index_dashboard')
customPermission.save()
permissions = Permission.objects.filter(content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
def save(request):
"""
:param request:
:return:
"""
name = request.POST.get('name', '')
key = request.POST.get('key', '')
module = request.POST.get('module', '')
if module:
content_type = ContentType.objects.get(id=int(module))
perm = Permission(name=name, codename=key, content_type=content_type)
perm.save()
return HttpResponseRedirect("/sys/account/perm")
def show_urls(urllist, depth=0):
urls = []
# show_urls(urls.urlpatterns)
for entry in urllist:
urls.append(entry)
perm = Permission(name=entry.name, codename=entry.pattern.regex.pattern, content_type_id=7)
if Permission.objects.filter(name=entry.name).count() == 0:
perm.save()
if hasattr(entry, 'url_patterns'):
show_urls(entry.url_patterns, depth + 1)
return urls
def edit_all_permission(self, log=None):
"""
Returns the actual :model:`auth.Permission` permission object required to manually edit
all data for this widget family, creating it if it does not already exist.
"""
ct = ContentType.objects.get_for_model(self)
try:
p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name())
except Permission.DoesNotExist:
p = Permission(content_type=ct, codename=self.edit_all_permission_name(),
name="Edit all data for widget %s" % self.name)
p.save()
if log is not None:
print >> log, "Created edit all permission for widget %s" % self.name
return p
def permission_add(request):
if request.method == "POST":
name = request.POST['name']
contenttype = request.POST['contenttype']
codename = request.POST['codename']
#print name,contenttype,codename
permission_to_save = Permission(
name=name,
content_type_id=contenttype,
codename=codename,
)
permission_to_save.save()
return HttpResponseRedirect('/account/manage/permission_list.html')
else:
content_types = ContentType.objects.all()
return render_to_response('perm_add.html',{'content_types':content_types},context_instance=RequestContext(request))
def post(self, request):
##使用Form类处理前端输入的内容
permissionform = CreatePermissionForm(request.POST)
if permissionform.is_valid():
permission = Permission(**permissionform.cleaned_data)
try:
permission.save()
return redirect("success", next="permission_list")
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
else:
return redirect("error",
next="permission_list",
msg=json.dumps(json.loads(
permissionform.errors.as_json()),
ensure_ascii=False))
def get_missing_permissions_for_app_config(app_config):
"""
Return missing permissions for a given app config
"""
# get existing contenttypes
ctypes = get_all_contenttypes_for_app_config(app_config)
if not ctypes:
return []
# get all permissions that should exist
searched_perms = get_searched_permissions(ctypes)
if not searched_perms:
return []
# get existing permissions
all_perms = get_all_permissions([ctype for ctype, klass in ctypes])
# build missing permissions
perms = [
Permission(codename=codename, name=name, content_type=ct)
for ct, (codename, name) in searched_perms
if (ct.pk, codename) not in all_perms
]
return perms
def save(self, force_insert=False, force_update=False, using=None,
update_fields=None):
try:
content_type1 = ContentType.objects.get(app_label="frontend", model="Article", name="文章板块权限")
except:
content_type1 = ContentType(app_label="frontend", model="Article", name="文章板块权限")
content_type1.save()
try:
content_type2 = ContentType.objects.get(app_label="frontend", model="Slider", name="幻灯片推送权限")
except:
content_type2 = ContentType(app_label="frontend", model="Slider", name="幻灯片推送权限")
content_type2.save()
try:
content_type3 = ContentType.objects.get(app_label="frontend", model="Activity", name="活动发布权限")
except:
content_type3 = ContentType(app_label="frontend", model="Activity", name="活动发布权限")
content_type3.save()
translate = {"add": "添加", "delete": "删除", "change": "修改"}
for permission in ["add", "delete", "change"]:
try:
codename = permission + "_" + self.codename + "_articles"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的文章"
codename = permission + "_" + self.codename + "_articles"
p = Permission(name=name, content_type=content_type1, codename=codename)
p.save()
try:
codename = permission + "_" + self.codename + "_sliders"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的幻灯片"
codename = permission + "_" + self.codename + "_sliders"
p = Permission(name=name, content_type=content_type2, codename=codename)
p.save()
try:
codename = permission + "_" + self.codename + "_activities"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的活动"
codename = permission + "_" + self.codename + "_activities"
p = Permission(name=name, content_type=content_type3, codename=codename)
p.save()
if self.order == None:
self.order = self.id
result = super(SecondaryMenu, self).save()
return result
def test_has_perm(self):
userObject = User.objects.create_user('testuser', '*****@*****.**', 'test')
basic, _ = Group.objects.get_or_create(name='account_basic')
userObject.groups.add(basic)
userObject.save()
self.assertFalse(has_perm(userObject, Group.objects, 'projects.can_view'))
userObjectTwo = User.objects.create_user('testuser2', '*****@*****.**', 'test')
premium, _ = Group.objects.get_or_create(name='account_premium')
userObjectTwo.groups.add(premium)
userObjectTwo.save()
project_ct = ContentType.objects.get(app_label='projects', model='Project')
can_view = Permission(name='Test Permssion', codename='test_perm', content_type=project_ct)
can_view.save()
premium.permissions.add(can_view)
self.assertTrue(has_perm(userObjectTwo, Group.objects, 'projects.test_perm'))
def check_plugin_permissions():
"""
Add custom can_use_plugin_* permissions for registered plugins
"""
logger.endGroup()
logger.setGroup('permissions', 'check custom permissions for registered plugins')
# Get permission content_type from existing can_submit_jobs permission
p = Permission.objects.filter(codename = 'can_submit_jobs')[0]
ct = p.content_type
for plugin in manager.plugins:
perm_name = 'can_use_plugin_' + plugin.id
p = Permission.objects.filter(codename = perm_name)
if p:
logger.log("Permission %s found" % perm_name)
else:
np = Permission(name = ("Can use %s plugin" % plugin.description)[:50], content_type = ct, codename = perm_name)
np.save()
logger.log("Added %s permission" % perm_name)
def permission_add(module, using=None):
'''
添加自定义权限
'''
content_type = None
try:
if not using:
content_type = ContentType.objects.get(app_label=settings.PERMISSION_APP, model=module)
else:
content_type = ContentType.objects.using(using).get(app_label=settings.PERMISSION_APP, model=module)
except:
content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module)
content_type.save(using=using)
for op in operations.values():
try:
perm = Permission(codename='%s_%s'%(op,module),name='can %s %s'%(op,module),content_type=content_type)
perm.save(using=using)
except:
pass
def save_related (self, request, form, formsets, change):
if change:
# If any grade change occurred; the save override will take care of the removal of previous permissions associated with the previous grade
# All we have to care aboot here is saving the related objects i.e. subject with the appropriate permissions
# codename: {Level.grade}_{ClassRoom.section}_{Subject.name}
# name: {Level.grade}-{ClassRoom.section}: {Subject.name}
LEVEL = Level.objects.get (pk = request.META['HTTP_REFERER'][request.META['HTTP_REFERER'].rfind('/', 0, -1) + 1: -1]) # level object: related fields UNSAVED untill form save
if LEVEL.classroom_set.count(): # we will have to create/edit permission if a level is associated with a class room
NEW_SUBJECT_LIST = []
for SID in request.POST.getlist ("subject"): # Looping through the subject id's
NEW_SUBJECT_LIST.append (Subject.objects.get(pk = SID).name)
for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have deleted any permission that shouldn't exist anymore due to the change in the level object
for S in LEVEL.subject.all():
if S.name not in NEW_SUBJECT_LIST:
Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S.name).delete()
for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have created any new permission that should be created due to the change in the level object
for S in NEW_SUBJECT_LIST:
if not Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S).exists():
# Permission Structure
# codename: {Level.grade}_{ClassRoom.section}_{Subject.name}
# name: {Level.grade}-{ClassRoom.section}: {Subject.name}
NEW_P = Permission ()
NEW_P.codename = LEVEL.grade +"_"+ CR.section +"_"+ S
NEW_P.name = LEVEL.grade +"-"+ CR.section +": "+ S
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.save()
form.save()
def save(self, force_insert=False, force_update=False, using=None,
update_fields=None):
try:
content_type = ContentType.objects.get(app_label="frontend", model="Article", name="文章板块权限")
except:
content_type = ContentType(app_label="frontend", model="Article", name="文章板块权限")
content_type.save()
translate = {"add": "添加", "delete": "删除", "change": "修改"}
for permission in ["add", "delete", "change"]:
try:
codename = permission + "_" + self.codename + "_articles"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的文章"
codename = permission + "_" + self.codename + "_articles"
p = Permission(name=name, content_type=content_type, codename=codename)
p.save()
if self.order == None:
self.order = self.id
result = super(MainMenu, self).save()
return result
def make_permission(modeladmin, request, queryset):
for project in queryset:
p = Permission(name=u'编辑%s锁定文本'%project.title_cn, \
content_type_id=10, codename='can_edit_lock_%s'%project.project_name)
p.save()
p = Permission(name=u'%s项目组员'%project.title_cn, \
content_type_id=11, codename='%s_member'%project.project_name)
p.save()
def handle(self, *args, **options):
self.stdout.write("Check if \"Forum.forum_admin\" permission exists.")
content_type = ContentType.objects.get_for_model(Forum)
perm = Permission(codename='forum_admin',name='Is Forum global administrator',content_type=content_type)
try:
perm = Permission.objects.get(codename=perm.codename, name=perm.name, content_type=perm.content_type)
self.stdout.write("Already exists. No need to create it.")
except:
self.stdout.write("Create \"Forum.forum_admin\" permission.")
perm.save()
self.stdout.write("Check if \"Forum Admins\" group exists.")
group = Group(name="Forum Admins")
try:
Group.objects.get(name="Forum Admins")
self.stdout.write("Already exists. No need to create it.")
except:
self.stdout.write("Create \"Forum Admins\" group.")
group.save()
group.permissions.add(perm)
self.stdout.write("Check if Main Forum exists.")
try:
Forum.objects.get(id=0)
self.stdout.write("Already exists. No need to create it.")
except:
f_name = raw_input("Main Forum name (if empty it'll be 'Main Forum'):")
if f_name == "":
f_name = "Main Forum"
self.stdout.write("Create Main Forum.")
f = Forum(name=f_name, local_id=0)
f.save()
self.stdout.write("Done.")
def save(self, *args, **kwargs):
if not self.id and hasattr(self, "instance_permissions"):
for perm in self.instance_permissions:
p = Permission()
p.codename = "%s%s" % (perm[0], self.slug)
p.name = "%s%s" % (perm[1], self.name)
p.content_type = ContentType.objects.get_for_model(self)
p.save()
return super(PermissionMixIn, self).save(*args, **kwargs)
def setUp(self):
self.factory = RequestFactory()
self.test_user = UserModel.objects.create_user("test_user", "*****@*****.**", "123456")
self.test_noscope_user = UserModel.objects.create_user("test_no_scope_user", "*****@*****.**", "123456")
from django.contrib.auth.models import Permission
p = Permission()
p.name = "test_user_scope"
p.content_type_id = 7
p.save()
self.test_user.user_permissions.add(p)
self.application = Application(
name="Test Application",
user=self.test_user,
client_type=Application.CLIENT_CONFIDENTIAL,
client_id="test_client_id",
authorization_grant_type=Application.GRANT_PASSWORD,
client_secret="test_client_secret",
scopes="test_app_scope1 test_app_scope2"
)
self.application.save()
oauth2_settings._SCOPES = ['read', 'write']
def save (self, *args, **kwargs):
self.first_name = self.first_name.title()
self.father_name = self.father_name.title()
super (Parent, self).save(*args, **kwargs)
if not Permission.objects.filter (codename = "send_message_p").exists():
NEW_P = Permission ()
NEW_P.codename = "send_message_p"
NEW_P.name = "Can Send Messages to Parents (Directly)"
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="parent")
NEW_P.save()
def create_user(self):
self.user = User.objects.create_user('test', '*****@*****.**', 'test')
self.ct = ContentType(app_label='acknowledgements')
self.ct.save()
perm = Permission(content_type=self.ct, codename='change_item')
perm.save()
self.user.user_permissions.add(perm)
perm = Permission(content_type=self.ct, codename='change_fabric')
perm.save()
self.user.user_permissions.add(perm)
self.assertTrue(self.user.has_perm('acknowledgements.change_item'))
return self.user
def filter_data_by_user_and_perm(query_set, user, perm):
'''
API 目前暂无地方调用
根据用户user的角色和权限对记录集query_set进行过滤,返回其中用户具有perm权限的记录集
'''
model=query_set.model
ct=ContentType.objects.get_for_model(model)
if isinstance(perm, Permission):
p=perm
else:
p=Permission.get(content_type=ct, codename=perm)
q=models.Q(pk__in=[])
for ur in user_role.objects.filter(user=user): #检查该用户的所有角色
if p in ur.role.permissions.all():
f=model_owner_rel(ur.role.object_type.model, model) #得到该角色对应的对象数据查询条件
if f:
q|=models.Q(**{f:ur.object_id})
return query_set.filter(q)
