class RegionPermissionTests(TestCase):
def setUp(self):
self.regions = []
self.sf = Region(full_name="San Francisco", slug="sf")
self.sf.save()
self.oak = Region(full_name="Oakland", slug="oak")
self.oak.save()
self.philip = User(username="******", email="*****@*****.**")
self.philip.save()
self.marina = User(username="******", email="*****@*****.**")
self.marina.save()
# Philip admin of SF
self.sf.regionsettings.admins.add(self.philip)
# Marina admin of Oakland
self.oak.regionsettings.admins.add(self.marina)
def test_banned_cant_edit(self):
# Add Marina to the SF banned list
banned_sf, created = BannedFromRegion.objects.get_or_create(region=self.sf)
banned_sf.users.add(self.marina)
p = Page(name="In sf", region=self.sf)
self.assertFalse(self.marina.has_perm('pages.change_page', p))
mapdata = MapData(page=p, region=self.sf)
self.assertFalse(self.marina.has_perm('maps.change_map', mapdata))
redirect = Redirect(source="testsource", destination=p, region=self.sf)
self.assertFalse(self.marina.has_perm('redirects.change_redirect', redirect))
def test_ensure_profile_no_profile_if_not_staff(self):
george = User(username='******')
george.has_perm = Mock()
george.has_perm.return_value = True
signals.ensure_profile(sender=george.__class__, instance=george)
with self.assertRaises(Profile.DoesNotExist):
george.profile
def test_ensure_profile_handles_signal(self):
george = User(username='******', is_staff=True)
george.has_perm = Mock()
george.has_perm.return_value = True
with self.assertRaises(ValueError):
# post_save must raise, since John was not saved, so save() on
# related Profile is prohibited to prevent data loss.
post_save.send(sender=george.__class__, instance=george)
def test_permissions(self):
user = User()
user.first_name = "Justin"
user.last_name = "Gray"
user.username = "******"
user.save()
self.c.group.user_set.add(user)
self.assertTrue(user.has_perm('registration.test_admin'))
def get_menu(user: User, active_app: str=None) -> dict:
apps = []
for app in settings.INSTALLED_APPS:
if app in EXCLUDED_APPS:
continue
if app == "core":
continue
try:
module = importlib.import_module("%s.views" % app)
get_menu_entry = getattr(module, 'get_menu_entry')
menu_entry = get_menu_entry(active_app, user)
if menu_entry:
apps.append(menu_entry)
except:
pass
menu = {"full_name": user.get_full_name(), "apps": apps}
menu['admin_settings'] = user.has_perm('core.add_coresettingsmodel')
return menu
def main():
# User.objects.all().delete()
# Group.objects.all().delete()
django_users, django_groups, django_permissions = (
User.objects.all(), Group.objects.all(), Permission.objects.all())
if len(django_users) or len(django_groups):
print(
"Django users (%d) and/or groups (%d) already present, exiting ..."
% (len(django_users), len(django_groups)))
sys.exit(0)
non_basic_perms = [
cur_perm for cur_perm in django_permissions
if cur_perm.codename.split("_")[0] not in ["add", "delete", "change"]
]
if non_basic_perms:
print("removing %d non-django permissions" % (len(non_basic_perms)))
for nbp in non_basic_perms:
nbp.delete()
cluster_users, cluster_groups, cluster_perms = (
user.objects.all().order_by("pk"),
group.objects.all().order_by("pk"),
# capability.objects.all().order_by("pk")
[],
)
user_content_type = ContentType.objects.get(app_label="backbone",
model="user")
print("Found %s:" %
(logging_tools.get_plural("custer capability", len(cluster_perms))))
perm_lut = {}
for cluster_perm in cluster_perms:
new_perm = Permission(codename="wf_%s" % (cluster_perm.name),
content_type=user_content_type,
name=cluster_perm.description)
new_perm.save()
perm_lut[cluster_perm.pk] = new_perm
print("Meta block for user should contain:")
print()
print(" class Meta:")
print(" permissions = {")
print("\n".join([
" (\"%s\", \"%s\")," %
("wf_%s" % (cluster_perm.name), cluster_perm.description)
for cluster_perm in cluster_perms
]))
print(" }")
print()
if not len(cluster_users) and not len(cluster_groups):
print("No cluster users or groups defined, stragen ...")
sys.exit(0)
print("Found %s and %s:" %
(logging_tools.get_plural("cluster group", len(cluster_groups)),
logging_tools.get_plural("cluster user", len(cluster_users))))
group_lut, user_lut = ({}, {})
for c_group in cluster_groups:
new_group = Group(name=c_group.groupname)
new_group.save()
group_lut[c_group.pk] = new_group
print(" created django group %s" % (str(new_group)))
group_caps = c_group.group_cap_set.all()
new_group.permissions.add(
*[perm_lut[group_cap.capability_id] for group_cap in group_caps])
print(" added %s" %
(logging_tools.get_plural("capability", len(group_caps))))
for c_user in cluster_users:
new_user = User(username=c_user.login,
first_name=c_user.uservname,
last_name=c_user.usernname,
email=c_user.useremail,
password=CRYPT_HASH_FORMSTR % (c_user.password),
is_staff=False,
is_active=True if c_user.active else False,
is_superuser=False)
new_user.save()
user_lut[c_user.pk] = new_user
print(" created django user %s" % (str(new_user)))
# add primary user
new_user.groups.add(group_lut[c_user.group_id])
print(" added primary group %s" %
(str(group_lut[c_user.group_id])))
# secondary groups
for sec_group in c_user.user_group_set.all():
new_user.groups.add(group_lut[sec_group.pk])
print(" added secondary group %s" %
(str(group_lut[sec_group.pk])))
# caps
user_caps = c_user.user_cap_set.all()
new_user.user_permissions.add(
*[perm_lut[user_cap.capability_id] for user_cap in user_caps])
print(" added %s" %
(logging_tools.get_plural("capability", len(user_caps))))
su_perm = "backbone.wf_mu"
if new_user.has_perm(su_perm):
new_user.is_staff = True
new_user.is_superuser = True
new_user.save()
print(
" user is staff and superuser because of %s permission"
% (su_perm))
def test_add_global_permission(self):
registry.register('test_permission', test_permission)
user = User()
user.save()
self.assertTrue(user.has_perm('test_permission'))
def administrator_profile(request):
print("entra a perfil admin")
create_user_form = CreateUserForm()
academic_periods = json.loads((get_periods()).decode('utf-8'))
print("academics periods")
print(type(academic_periods))
print(academic_periods)
print("academics periods")
context = {
'create_user_form' : create_user_form,
'academic_periods' : academic_periods,
}
if request.method == 'POST':
create_user_form = CreateUserForm(request.POST or None)
if create_user_form.is_valid():
type_user = create_user_form.cleaned_data.get("type_user")
print("el tipo de dato de usuario es")
print(type(type_user))
username = create_user_form.cleaned_data.get("username")
first_name = create_user_form.cleaned_data.get("first_name")
last_name = create_user_form.cleaned_data.get("last_name")
email = create_user_form.cleaned_data.get("email")
id = create_user_form.cleaned_data.get("id")
password = create_user_form.cleaned_data.get("password")
#-------Creating User-------->
user = User(
username = username,
first_name=first_name ,
last_name=last_name,
email=email,
id=int(id)
)
user.set_password(password)
user.save()
#------Giving permissions--->
if type_user == "1":
permission_administrator = Permission.objects.get(name='administrator')
user.user_permissions.add(permission_administrator)
user.save()
if type_user == "2":
permission_professor = Permission.objects.get(name='professor')
user.user_permissions.add(permission_professor)
user.save()
# ------Creating token--->
#user = User.objects.get(id=id)
#token = Token.objects.create(user=user)
#------Creating info to send api
data_user = {
"id": id,
"username": username,
"password": password,
"first_name": first_name,
"last_name": last_name,
"email": email,
#"token": token.key
}
data_str = json.dumps(data_user)
print("data str")
print(data_str)
data_enc = data_str.encode('utf-8')
print("data enc")
print(data_enc)
print(data_user)
response = create_user(data_enc)
print(response)
if user.has_perm('auth.administrator') or user.has_perm('auth.professor'):
return redirect("created_user/")
else:
return redirect("fail_user/")
else:
print(create_user_form.errors)
return render(request, "profile/administrator_profile.html", context)
def get_can_immediately_watch_tv_shows(self, user: User):
return user.is_staff or user.has_perm(
'app.{}'.format(PERM_CAN_WATCH_IMMEDIATELY_TV))
def has_permission(self, user: User, permission: Permission) -> bool:
"""Return whether the given user has a specific permission for the tree."""
if permission == Permission.read and self.public:
return True
return any(user.has_perm(perm, self) for perm in permission.associated_permissions)
def has_read_snommoc_api_permission(user: User) -> bool:
return user.has_perm(f'api.{READ_SNOMMOC_API}')
class TestAPIPermissions(ResourceTestCase):
def setUp(self):
super(TestAPIPermissions, self).setUp()
self.c = Club()
self.c.name = "test"
self.c.save()
self.user = User()
self.user.first_name = "Justin"
self.user.last_name = "Gray"
self.user.username = "******"
self.user.save()
self.user.set_password("test")
self.user.save()
self.c.group.user_set.add(self.user)
self.user2 = User()
self.user2.first_name = "Eli"
self.user2.last_name = "Gray"
self.user2.username = "******"
self.user2.save()
self.user2.set_password("test")
self.user2.save()
self.detail_url = '/garage/api/v1/club/{0}/'.format(self.c.pk)
self.list_url = '/garage/api/v1/club/'
def tearDown(self):
for model in m.get_models():
model.objects.all().delete()
def get_credentials(self):
resp = self.api_client.client.login(username='******',
password='******')
return resp
def test_add_coupons(self):
data = {"code": "something",
"username": "******",
"discount_amount": "100",
"uses_left": "10",
"expires": "2013-10-01",
"club": "/garage/api/v1/club/test/",
"permanent": True}
resp = self.api_client.post('/garage/api/v1/coupon/', format='json',
authenticate=self.get_credentials(), data=data)
self.assertHttpCreated(resp)
def test_not_allowed(self):
cred = self.api_client.client.login(username='******',
password='******')
resp = self.api_client.get(self.detail_url, format="json",
authenticate=cred)
self.assertHttpUnauthorized(resp)
def test_list_club_admins(self):
self.client.login(username='******', password='******')
resp = self.api_client.get(self.detail_url, format="json",
authenticate=self.get_credentials())
self.assertValidJSONResponse(resp)
data = self.deserialize(resp)
self.assertEqual([{u'username': u'justingray', u'first_name': u'Justin', u'last_name': u'Gray', u'email': u''}],
data['admins'])
new_data = data.copy()
new_data['admins'].append({u'username': u'eligray'})
#use2 should not have permissions yet
self.assertFalse(self.user2.has_perm('registration.test_admin'))
resp = self.api_client.post(self.list_url, format='json', data=new_data,
authentication=self.get_credentials())
self.assertHttpCreated(resp)
#make sure the new person was added to the list
resp = self.api_client.get(self.detail_url, format="json",
authenticate=self.get_credentials())
self.assertValidJSONResponse(resp)
data = self.deserialize(resp)
self.assertEqual([{u'username': u'justingray', u'first_name': u'Justin', u'last_name': u'Gray', u'email': u''},
{u'username': u'eligray', u'first_name': u'Eli', u'last_name': u'Gray', u'email': u''}],
data['admins'])
#justin should still have perms
u = User.objects.get(username='******')
#mser2 should now have permissions
self.assertTrue(u.has_perm('registration.test_admin'))
u = User.objects.get(username='******') #need to re-get from db here, for perms to update
#eli should now has permissions
self.assertTrue(u.has_perm('registration.test_admin'))
#try empty admins list
new_data['admins'] = []
resp = self.api_client.post(self.list_url, format='json', data=new_data,
authentication=self.get_credentials())
self.assertHttpCreated(resp)
def has_perm_obj(user: User, perm: Permission):
key = perm.natural_key()
codename = '{}.{}'.format(key[1], key[0])
return user.has_perm(codename)
def administrator_profile(request):
create_user_form = CreateUserForm()
academic_periods = json.loads((get_periods()).decode('utf-8'))
print("academics periods")
print(type(academic_periods))
print(academic_periods)
print("academics periods")
context = {
'create_user_form': create_user_form,
'academic_periods': academic_periods,
}
if request.method == 'POST':
create_user_form = CreateUserForm(request.POST or None)
if create_user_form.is_valid():
type_user = create_user_form.cleaned_data.get("type_user")
print("el tipo de dato de usuario es")
print(type(type_user))
username = create_user_form.cleaned_data.get("username")
first_name = create_user_form.cleaned_data.get("first_name")
last_name = create_user_form.cleaned_data.get("last_name")
email = create_user_form.cleaned_data.get("email")
id = create_user_form.cleaned_data.get("id")
password = create_user_form.cleaned_data.get("password")
#-------Creating User-------->
user = User(username=username,
first_name=first_name,
last_name=last_name,
email=email,
id=id)
user.set_password(password)
user.save()
#------Giving permissions--->
if type_user == "1":
permission_administrator = Permission.objects.get(
name='administrator')
user.user_permissions.add(permission_administrator)
user.save()
if type_user == "2":
permission_professor = Permission.objects.get(name='professor')
user.user_permissions.add(permission_professor)
user.save()
if user.has_perm('auth.administrator') or user.has_perm(
'auth.professor'):
return redirect("/uvdomjugde/administrator/created_user")
else:
return redirect("/uvdomjugde/administrator/fail_user")
else:
print(create_user_form.errors)
return render(request, "profile/administrator_profile.html", context)
def delete_if_has_perm(self, principal: User):
if not principal.has_perm("connector_accessmod.delete_fileset", self):
raise PermissionDenied
return super().delete()
class TestAPIPermissions(ResourceTestCase):
def setUp(self):
super(TestAPIPermissions, self).setUp()
self.c = Club()
self.c.name = "test"
self.c.save()
self.user = User()
self.user.first_name = "Justin"
self.user.last_name = "Gray"
self.user.username = "******"
self.user.save()
self.user.set_password("test")
self.user.save()
self.c.group.user_set.add(self.user)
self.user2 = User()
self.user2.first_name = "Eli"
self.user2.last_name = "Gray"
self.user2.username = "******"
self.user2.save()
self.user2.set_password("test")
self.user2.save()
self.detail_url = '/garage/api/v1/club/{0}/'.format(self.c.pk)
self.list_url = '/garage/api/v1/club/'
def tearDown(self):
for model in m.get_models():
model.objects.all().delete()
def get_credentials(self):
resp = self.api_client.client.login(username='******',
password='******')
return resp
def test_add_coupons(self):
data = {
"code": "something",
"username": "******",
"discount_amount": "100",
"uses_left": "10",
"expires": "2013-10-01",
"club": "/garage/api/v1/club/test/",
"permanent": True
}
resp = self.api_client.post('/garage/api/v1/coupon/',
format='json',
authenticate=self.get_credentials(),
data=data)
self.assertHttpCreated(resp)
def test_not_allowed(self):
cred = self.api_client.client.login(username='******',
password='******')
resp = self.api_client.get(self.detail_url,
format="json",
authenticate=cred)
self.assertHttpUnauthorized(resp)
def test_list_club_admins(self):
self.client.login(username='******', password='******')
resp = self.api_client.get(self.detail_url,
format="json",
authenticate=self.get_credentials())
self.assertValidJSONResponse(resp)
data = self.deserialize(resp)
self.assertEqual([{
u'username': u'justingray',
u'first_name': u'Justin',
u'last_name': u'Gray',
u'email': u''
}], data['admins'])
new_data = data.copy()
new_data['admins'].append({u'username': u'eligray'})
#use2 should not have permissions yet
self.assertFalse(self.user2.has_perm('registration.test_admin'))
resp = self.api_client.post(self.list_url,
format='json',
data=new_data,
authentication=self.get_credentials())
self.assertHttpCreated(resp)
#make sure the new person was added to the list
resp = self.api_client.get(self.detail_url,
format="json",
authenticate=self.get_credentials())
self.assertValidJSONResponse(resp)
data = self.deserialize(resp)
self.assertEqual([{
u'username': u'justingray',
u'first_name': u'Justin',
u'last_name': u'Gray',
u'email': u''
}, {
u'username': u'eligray',
u'first_name': u'Eli',
u'last_name': u'Gray',
u'email': u''
}], data['admins'])
#justin should still have perms
u = User.objects.get(username='******')
#mser2 should now have permissions
self.assertTrue(u.has_perm('registration.test_admin'))
u = User.objects.get(
username='******'
) #need to re-get from db here, for perms to update
#eli should now has permissions
self.assertTrue(u.has_perm('registration.test_admin'))
#try empty admins list
new_data['admins'] = []
resp = self.api_client.post(self.list_url,
format='json',
data=new_data,
authentication=self.get_credentials())
self.assertHttpCreated(resp)
def has_perm(user: User, obj: django.db.models.Model, perm: str):
# wrapper for guardian.user.has_perm
if hasattr(obj, 'owner') and obj.owner == user:
return True
else:
return user.has_perm(perm, obj)
class RestrictiveBackendTest(TestCase):
def setUp(self):
self.user = User(username='******', email='*****@*****.**',
password='******')
self.user.save()
self.group = Group.objects.create(name='Cool group')
self.user.groups.add(self.group)
self.user.save()
def tearDown(self):
self.user.delete()
self.group.delete()
def test_inactive_user_blocked(self):
t = Thing(name='Test thing')
t.save()
self.user.is_active = False
self.user.save()
assign_perm('change_thing', self.user, t)
self.assertFalse(self.user.has_perm('tests.change_thing', t))
def test_banned_user_blocked(self):
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
t = Thing(name='Test thing')
t.save()
assign_perm('change_thing', self.user, t)
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.user.groups.add(banned)
self.user.save()
self.assertFalse(self.user.has_perm('tests.change_thing', t))
def test_admin_not_blocked(self):
t = Thing(name='Test thing')
t.save()
self.user.is_superuser = True
self.assertTrue(self.user.has_perm('tests.change_thing', t))
assign_perm('change_thing', self.user, t)
self.assertTrue(self.user.has_perm('tests.change_thing', t))
# let's ban the admin, should still have access
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.user.groups.add(banned)
self.user.save()
self.assertTrue(self.user.has_perm('tests.change_thing', t))
# inactive is a global Django concept, so should obey it
self.user.is_active = False
self.user.save()
self.assertFalse(self.user.has_perm('tests.change_thing', t))
def test_object_permissions_win_over_user(self):
t = Thing(name='Test thing')
t.save()
perm = Permission.objects.get(codename="add_thing")
self.user.user_permissions.add(perm)
perm = Permission.objects.get(codename="change_thing")
self.user.user_permissions.add(perm)
perm = Permission.objects.get(codename="delete_thing")
self.user.user_permissions.add(perm)
self.user.save()
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertTrue(self.user.has_perm('tests.add_thing', t))
self.assertTrue(self.user.has_perm('tests.delete_thing', t))
assign_perm('change_thing', self.user, t) # per-object permission
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertFalse(self.user.has_perm('tests.add_thing', t))
self.assertFalse(self.user.has_perm('tests.delete_thing', t))
def test_object_permissions_win_over_group(self):
t = Thing(name='Test thing')
t.save()
perm = Permission.objects.get(codename="add_thing")
self.group.permissions.add(perm)
perm = Permission.objects.get(codename="change_thing")
self.group.permissions.add(perm)
perm = Permission.objects.get(codename="delete_thing")
self.group.permissions.add(perm)
self.user.save()
self.assertTrue(self.user.has_perm('tests.change_thing'))
self.assertTrue(self.user.has_perm('tests.add_thing'))
self.assertTrue(self.user.has_perm('tests.delete_thing'))
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertTrue(self.user.has_perm('tests.add_thing', t))
self.assertTrue(self.user.has_perm('tests.delete_thing', t))
assign_perm('change_thing', self.group, t) # per-object permission
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertFalse(self.user.has_perm('tests.add_thing', t))
self.assertFalse(self.user.has_perm('tests.delete_thing', t))
class RestrictiveBackendTest(TestCase):
def setUp(self):
self.user = User(username='******',
email='*****@*****.**',
password='******')
self.user.save()
self.group = Group.objects.create(name='Cool group')
self.user.groups.add(self.group)
self.user.save()
def tearDown(self):
self.user.delete()
self.group.delete()
def test_inactive_user_blocked(self):
t = Thing(name='Test thing')
t.save()
self.user.is_active = False
self.user.save()
assign('change_thing', self.user, t)
self.assertFalse(self.user.has_perm('tests.change_thing', t))
def test_banned_user_blocked(self):
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
t = Thing(name='Test thing')
t.save()
assign('change_thing', self.user, t)
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.user.groups.add(banned)
self.user.save()
self.assertFalse(self.user.has_perm('tests.change_thing', t))
def test_admin_not_blocked(self):
t = Thing(name='Test thing')
t.save()
self.user.is_superuser = True
self.assertTrue(self.user.has_perm('tests.change_thing', t))
assign('change_thing', self.user, t)
self.assertTrue(self.user.has_perm('tests.change_thing', t))
# let's ban the admin, should still have access
banned = Group.objects.get(name=settings.USERS_BANNED_GROUP)
self.user.groups.add(banned)
self.user.save()
self.assertTrue(self.user.has_perm('tests.change_thing', t))
# inactive is a global Django concept, so should obey it
self.user.is_active = False
self.user.save()
self.assertFalse(self.user.has_perm('tests.change_thing', t))
def test_object_permissions_win_over_user(self):
t = Thing(name='Test thing')
t.save()
perm = Permission.objects.get(codename="add_thing")
self.user.user_permissions.add(perm)
perm = Permission.objects.get(codename="change_thing")
self.user.user_permissions.add(perm)
perm = Permission.objects.get(codename="delete_thing")
self.user.user_permissions.add(perm)
self.user.save()
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertTrue(self.user.has_perm('tests.add_thing', t))
self.assertTrue(self.user.has_perm('tests.delete_thing', t))
assign('change_thing', self.user, t) # per-object permission
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertFalse(self.user.has_perm('tests.add_thing', t))
self.assertFalse(self.user.has_perm('tests.delete_thing', t))
def test_object_permissions_win_over_group(self):
t = Thing(name='Test thing')
t.save()
perm = Permission.objects.get(codename="add_thing")
self.group.permissions.add(perm)
perm = Permission.objects.get(codename="change_thing")
self.group.permissions.add(perm)
perm = Permission.objects.get(codename="delete_thing")
self.group.permissions.add(perm)
self.user.save()
self.assertTrue(self.user.has_perm('tests.change_thing'))
self.assertTrue(self.user.has_perm('tests.add_thing'))
self.assertTrue(self.user.has_perm('tests.delete_thing'))
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertTrue(self.user.has_perm('tests.add_thing', t))
self.assertTrue(self.user.has_perm('tests.delete_thing', t))
assign('change_thing', self.group, t) # per-object permission
self.assertTrue(self.user.has_perm('tests.change_thing', t))
self.assertFalse(self.user.has_perm('tests.add_thing', t))
self.assertFalse(self.user.has_perm('tests.delete_thing', t))
def test_view_modify(self):
"""
Test modifying an instance
"""
args = (self.cluster.slug, self.vm.hostname)
url = '/cluster/%s/%s/edit' % args
user = User(id=52, username='******')
user.set_password('secret2')
user.save()
# -- GET
# Anonymous User
response = self.c.get(url)
self.assertEqual(302, response.status_code)
# User with Modify Permissions
user.grant('modify', self.vm)
self.assertTrue(self.c.login(username=user.username,
password='******'))
self.assertFalse(user.is_superuser)
self.assertTrue(user.has_perm('modify', self.vm))
self.assertFalse(user.has_perm('admin', self.vm))
response = self.c.get(url)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/edit_kvm.html')
user.revoke_all(self.vm)
self.c.logout()
# User with Admin Permissions
user.grant('admin', self.vm)
self.assertTrue(self.c.login(username=user.username,
password='******'))
self.assertFalse(user.is_superuser)
response = self.c.get(url)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/edit_kvm.html')
user.revoke_all(self.vm)
self.c.logout()
# Superuser
user.is_superuser = True
user.save()
self.assertTrue(self.c.login(username=user.username,
password='******'))
response = self.c.get(url)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/edit_kvm.html')
self.c.logout()
user.is_superuser = False
user.save()
# -- POST
os_list = cluster_os_list(self.cluster)
data = dict(vcpus=2,
acpi=True,
disk_cache='default',
initrd_path='',
kernel_args='ro',
kvm_flag='',
mem_path='',
migration_downtime=30,
security_domain='',
security_model='none',
usb_mouse='',
use_chroot=False,
use_localtime=False,
vnc_bind_address='0.0.0.0',
vnc_tls=False,
vnc_x509_path='',
vnc_x509_verify=False,
memory=512,
os='image+debian-osgeo',
disk_type='paravirtual',
boot_order='disk',
nic_type='paravirtual',
nic_count=1,
nic_count_original=1,
nic_link_0='br0',
nic_mac_0='aa:bb:00:00:33:d2',
root_path='/dev/vda1',
kernel_path='/boot/vmlinuz-2.32.6-27-generic',
serial_console=True,
cdrom_image_path='',
cdrom2_image_path='')
# Required Values
user.grant('modify', self.vm)
self.assertTrue(self.c.login(username=user.username,
password='******'))
session = self.c.session
session['os_list'] = os_list
session.save()
for property in ['vcpus', 'memory', 'disk_type', 'boot_order',
'nic_type']:
data_ = data.copy()
del data_[property]
self.assertFalse(user.is_superuser)
response = self.c.post(url, data_)
# If failure then a field that is not required by the model, but
# should be required by the form, is not being required by
# the form. See the ModifyVirtualMachineForm.required field.
self.assertNotEqual(response.context['form'][property].errors,
[], msg=property)
self.assertEqual(200, response.status_code) # 302 if success (BAD)
self.assertEqual('text/html; charset=utf-8',
response['content-type'])
self.assertTemplateUsed(response,
'ganeti/virtual_machine/edit_kvm.html')
self.c.logout()
user.revoke_all(self.vm)
# Anonymous User
response = self.c.post(url, data)
self.assertEqual(302, response.status_code)
# Superuser
user.is_superuser = True
user.save()
self.assertTrue(self.c.login(username=user.username,
password='******'))
self.assertTrue(user.is_superuser)
session = self.c.session
session['os_list'] = os_list
session.save()
response = self.c.post(url, data)
self.assertEqual(302, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.c.logout()
user.is_superuser = False
user.save()
# User without Permissions
self.assertTrue(self.c.login(username=user.username,
password='******'))
self.assertFalse(user.is_superuser)
session = self.c.session
session['os_list'] = os_list
session.save()
response = self.c.post(url, data)
self.assertEqual(403, response.status_code)
self.assertTrue(response.context['message'])
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, '403.html')
self.c.logout()
# User with Modify Permissions
user.grant('modify', self.vm)
self.assertTrue(self.c.login(username=user.username,
password='******'))
self.assertFalse(user.is_superuser)
session = self.c.session
session['os_list'] = os_list
session.save()
response = self.c.post(url, data)
self.assertEqual(302, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
user.revoke_all(self.vm)
self.c.logout()
# User with Admin Permissions
user.grant('admin', self.vm)
self.assertTrue(self.c.login(username=user.username,
password='******'))
self.assertFalse(user.is_superuser)
session = self.c.session
session['os_list'] = os_list
session.save()
response = self.c.post(url, data)
self.assertEqual(302, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
user.revoke_all(self.vm)
self.c.logout()
def test_add_object_permission(self):
registry.register('test_permission', test_permission, ModelStub)
user = User()
user.save()
self.assertTrue(user.has_perm('test_permission', ModelStub()))
