class UserPermissionConfigSet(FieldPermissionConfigSet):
"""
This is an example ConfigSet for the User model. ConfigSets can be used on non-models as well.
* Everyone can view the username and first name and last name of all users;
* Staff can change all user first names, last names and e-mail addresses;
* Users can change their own first name, last name and e-mail address;
* Everyone can view staff e-mail address;
* Users can view their own e-mail address.
This ConfigSet is used both the rest_framework and tastypie implementations
of the API.
"""
field_config = [
FieldPermissionConfig(fields=['first_name', 'last_name'],
can_view=True,
can_change=can_change_profile),
FieldPermissionConfig(fields=['email'],
can_view=can_change_profile | can_view_email,
can_change=can_change_profile)
]
allow_view = (
'id',
'username',
)
def test_field_config_validation(self):
"""
Tests whether the field config is validated correctly.
"""
# Fields must be a tuple or list.
with self.assertRaises(ValueError):
FieldPermissionConfig(fields='this is not a list')
# Fields must specify at least one field.
with self.assertRaises(ValueError):
FieldPermissionConfig(fields=[])
# can_view and can_change must be BaseLogicalPermission instance or bool.
with self.assertRaises(ValueError):
FieldPermissionConfig(fields=['blep'], can_view='this is invalid')
with self.assertRaises(ValueError):
FieldPermissionConfig(fields=['blep'],
can_change='this is invalid')
# These are all valid.
perm = FunctionalLogicalPermission(lambda user_, obj=None: True)
FieldPermissionConfig(fields=('blep', ))
FieldPermissionConfig(fields=['blep'])
FieldPermissionConfig(fields=['blep'], can_view=True, can_change=False)
FieldPermissionConfig(fields=['blep'], can_view=perm, can_change=perm)
FieldPermissionConfig(fields=['blep'],
can_view=perm | perm,
can_change=perm & perm)
def test_field_config_default(self):
"""
Tests the default permissions set by the field permission config.
"""
# By not specifying can_view and/or can_change, they should default
# to False.
user = AnonymousUser()
config = FieldPermissionConfig(fields=['field_a'])
self.assertFalse(config.can_view(user))
self.assertFalse(config.can_change(user))
def test_field_config_static(self):
"""
Tests static permissions in field permission configs.
"""
user = AnonymousUser()
config = FieldPermissionConfig(fields=['field_a'],
can_view=False,
can_change=True)
self.assertFalse(config.can_view(user))
self.assertTrue(config.can_change(user))
class ConfigSet(FieldPermissionConfigSet):
field_config = [
FieldPermissionConfig(fields=['field_a'],
can_view=True,
can_change=True),
FieldPermissionConfig(fields=['field_b'],
can_view=only_anon_perm,
can_change=False),
]
allow_view = ('field_c', )
allow_change = ('field_d', )
def test_field_config_dynamic(self):
"""
Tests dynamic (logical) permissions in field permission configs.
"""
user = AnonymousUser()
perm_yes = FunctionalLogicalPermission(lambda user_, obj=None: True)
perm_no = FunctionalLogicalPermission(lambda user_, obj=None: False)
config = FieldPermissionConfig(fields=['field_a'],
can_view=perm_yes,
can_change=perm_no)
self.assertTrue(config.can_view(user))
self.assertFalse(config.can_change(user))
class ConfigSetInvalid(FieldPermissionConfigSet):
field_config = [FieldPermissionConfig(fields=['field_a'])]
allow_view = ('field_a', )