def obj_perms_manage_group_view(self, request, **kwargs): """ Manages selected groups' permissions for current object. """ if not self.has_change_permission(): post_url = reverse('xadmin:index', current_app=self.admin_site.name) return redirect(post_url) group = get_object_or_404(Group, id=self.group_id) obj = get_object_or_404(self.get_queryset(), pk=self.object_pk) form_class = self.get_obj_perms_manage_group_form(request) form = form_class(group, obj, request.POST or None) if request.method == 'POST' and form.is_valid(): form.save_obj_perms() msg = ugettext("Permissions saved.") messages.success(request, msg) url = reverse( '{0.admin_site.name}:guardian_permissions_group'.format(self), args=[self.app_label, self.model_name, obj.pk, self.group_id] ) return redirect(url) context = self.get_obj_perms_base_context(request, obj) context['group_obj'] = group context['group_perms'] = get_group_perms(group, obj) context['form'] = form request.current_app = self.admin_site.name return render(request, self.get_obj_perms_manage_group_template(), context)
def test_view_manage_group_form(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) data = {'group': self.group.name, 'submit_manage_group': 'submit'} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) redirect_url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info, args=[self.obj.pk, self.group.id]) self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view_manage_group_form(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) data = {'group': self.group.name, 'submit_manage_group': 'submit'} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) redirect_url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info, args=[self.obj.pk, self.group.id]) self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view_manage_negative_user_form(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) self.user = User.objects.create(username='******', pk=-2010) data = {'user': self.user.username, 'submit_manage_user': '******'} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) redirect_url = reverse('admin:%s_%s_permissions_manage_user' % self.obj_info, args=[self.obj.pk, self.user.pk]) self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view_manage_negative_user_form(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) self.user = User.objects.create(username='******', pk=-2010) data = {'user': self.user.username, 'submit_manage_user': '******'} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) redirect_url = reverse('admin:%s_%s_permissions_manage_user' % self.obj_info, args=[self.obj.pk, self.user.pk]) self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) response = self.client.get(url) self.assertEqual(response.status_code, 200) self.assertEqual(response.context['object'], self.obj)
def test_view(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) response = self.client.get(url) self.assertEqual(response.status_code, 200) self.assertEqual(response.context['object'], self.obj)
def test_view_manage_wrong_user(self): self._login_superuser() url = reverse('admin:%s_%s_permissions_manage_user' % self.obj_info, kwargs={ 'object_pk': self.obj.pk, 'user_id': -10 }) response = self.client.get(url) self.assertEqual(response.status_code, 404)
def test_view_manage_group_wrong_perms(self): self._login_superuser() url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info, args=[self.obj.pk, self.group.id]) perms = ['change_user'] # This is not self.obj related permission data = {'permissions': perms} response = self.client.post(url, data, follow=True) self.assertEqual(response.status_code, 200) self.assertTrue('permissions' in response.context['form'].errors)
def test_view_manage_group_wrong_perms(self): self._login_superuser() url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info, args=[self.obj.pk, self.group.id]) perms = ['change_user'] # This is not self.obj related permission data = {'permissions': perms} response = self.client.post(url, data, follow=True) self.assertEqual(response.status_code, 200) self.assertTrue('permissions' in response.context['form'].errors)
def test_view_manage_group_form_empty_group(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) data = {'group': '', 'submit_manage_group': 'submit'} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 0) self.assertEqual(response.status_code, 200) self.assertTrue('group' in response.context['group_form'].errors)
def test_view_manage_group_form_empty_group(self): self._login_superuser() url = reverse('admin:%s_%s_permissions' % self.obj_info, args=[self.obj.pk]) data = {'group': '', 'submit_manage_group': 'submit'} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 0) self.assertEqual(response.status_code, 200) self.assertTrue('group' in response.context['group_form'].errors)
def get_context(self, context): if isinstance(getattr(self.admin_view, 'org_obj', None), models.Model): # is update view context.setdefault('guardian', {'button': { 'title': self.permission_button_title, 'url': reverse('{0.admin_site.name}:guardian_permissions'.format(self), kwargs=dict( app_label=self.opts.app_label, model_name=self.opts.model_name, object_pk=self.admin_view.org_obj.pk )) }}) return context
def obj_perms_manage_group_view(self, request, object_pk, group_id): """ Manages selected groups' permissions for current object. """ if not self.has_change_permission(request, None): post_url = reverse('admin:index', current_app=self.admin_site.name) return redirect(post_url) group = get_object_or_404(Group, id=group_id) obj = get_object_or_404(self.get_queryset(request), pk=object_pk) form_class = self.get_obj_perms_manage_group_form(request) form = form_class(group, obj, request.POST or None) if request.method == 'POST' and form.is_valid(): form.save_obj_perms() msg = ugettext("Permissions saved.") messages.success(request, msg) info = ( self.admin_site.name, self.model._meta.app_label, get_model_name(self.model) ) url = reverse( '%s:%s_%s_permissions_manage_group' % info, args=[obj.pk, group.id] ) return redirect(url) context = self.get_obj_perms_base_context(request, obj) context['group_obj'] = group context['group_perms'] = get_group_perms(group, obj) context['form'] = form request.current_app = self.admin_site.name if django.VERSION >= (1, 10): return render(request, self.get_obj_perms_manage_group_template(), context) return render_to_response(self.get_obj_perms_manage_group_template(), context, RequestContext(request))
def obj_perms_manage_group_view(self, request, object_pk, group_id): """ Manages selected groups' permissions for current object. """ if not self.has_change_permission(request, None): post_url = reverse('admin:index', current_app=self.admin_site.name) return redirect(post_url) group = get_object_or_404(Group, id=group_id) obj = get_object_or_404(self.get_queryset(request), pk=object_pk) form_class = self.get_obj_perms_manage_group_form(request) form = form_class(group, obj, request.POST or None) if request.method == 'POST' and form.is_valid(): form.save_obj_perms() msg = ugettext("Permissions saved.") messages.success(request, msg) info = (self.admin_site.name, self.model._meta.app_label, get_model_name(self.model)) url = reverse('%s:%s_%s_permissions_manage_group' % info, args=[obj.pk, group.id]) return redirect(url) context = self.get_obj_perms_base_context(request, obj) context['group_obj'] = group context['group_perms'] = get_group_perms(group, obj) context['form'] = form request.current_app = self.admin_site.name if django.VERSION >= (1, 10): return render(request, self.get_obj_perms_manage_group_template(), context) return render_to_response(self.get_obj_perms_manage_group_template(), context, RequestContext(request))
def test_view_manage_group(self): self._login_superuser() url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info, args=[self.obj.pk, self.group.id]) response = self.client.get(url) self.assertEqual(response.status_code, 200) choices = set([ c[0] for c in response.context['form'].fields['permissions'].choices ]) self.assertEqual( set([p.codename for p in get_perms_for_model(self.obj)]), choices, ) # Add some perms and check if changes were persisted perms = [ 'change_%s' % self.obj_info[1], 'delete_%s' % self.obj_info[1] ] data = {'permissions': perms} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) self.assertEqual( set(get_perms(self.group, self.obj)), set(perms), ) # Remove perm and check if change was persisted perms = ['delete_%s' % self.obj_info[1]] data = {'permissions': perms} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) self.assertEqual( set(get_perms(self.group, self.obj)), set(perms), )
def test_view_manage_group(self): self._login_superuser() url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info, args=[self.obj.pk, self.group.id]) response = self.client.get(url) self.assertEqual(response.status_code, 200) choices = set([c[0] for c in response.context['form'].fields['permissions'].choices]) self.assertEqual( set([p.codename for p in get_perms_for_model(self.obj)]), choices, ) # Add some perms and check if changes were persisted perms = ['change_%s' % self.obj_info[ 1], 'delete_%s' % self.obj_info[1]] data = {'permissions': perms} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) self.assertEqual( set(get_perms(self.group, self.obj)), set(perms), ) # Remove perm and check if change was persisted perms = ['delete_%s' % self.obj_info[1]] data = {'permissions': perms} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) self.assertEqual( set(get_perms(self.group, self.obj)), set(perms), )
def obj_perms_manage_view(self, request, object_pk): """ Main object permissions view. Presents all users and groups with any object permissions for the current model *instance*. Users or groups without object permissions for related *instance* would **not** be shown. In order to add or manage user or group one should use links or forms presented within the page. """ if not self.has_change_permission(request, None): post_url = reverse('admin:index', current_app=self.admin_site.name) return redirect(post_url) try: # django >= 1.7 from django.contrib.admin.utils import unquote except ImportError: # django < 1.7 from django.contrib.admin.util import unquote obj = get_object_or_404(self.get_queryset( request), pk=unquote(object_pk)) users_perms = OrderedDict( sorted( get_users_with_perms(obj, attach_perms=True, with_group_users=False).items(), key=lambda user: getattr( user[0], get_user_model().USERNAME_FIELD) ) ) groups_perms = OrderedDict( sorted( get_groups_with_perms(obj, attach_perms=True).items(), key=lambda group: group[0].name ) ) if request.method == 'POST' and 'submit_manage_user' in request.POST: user_form = self.get_obj_perms_user_select_form(request)(request.POST) group_form = self.get_obj_perms_group_select_form(request)(request.POST) info = ( self.admin_site.name, self.model._meta.app_label, get_model_name(self.model) ) if user_form.is_valid(): user_id = user_form.cleaned_data['user'].pk url = reverse( '%s:%s_%s_permissions_manage_user' % info, args=[obj.pk, user_id] ) return redirect(url) elif request.method == 'POST' and 'submit_manage_group' in request.POST: user_form = self.get_obj_perms_user_select_form(request)(request.POST) group_form = self.get_obj_perms_group_select_form(request)(request.POST) info = ( self.admin_site.name, self.model._meta.app_label, get_model_name(self.model) ) if group_form.is_valid(): group_id = group_form.cleaned_data['group'].id url = reverse( '%s:%s_%s_permissions_manage_group' % info, args=[obj.pk, group_id] ) return redirect(url) else: user_form = self.get_obj_perms_user_select_form(request)() group_form = self.get_obj_perms_group_select_form(request)() context = self.get_obj_perms_base_context(request, obj) context['users_perms'] = users_perms context['groups_perms'] = groups_perms context['user_form'] = user_form context['group_form'] = group_form # https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b request.current_app = self.admin_site.name if django.VERSION >= (1, 10): return render(request, self.get_obj_perms_manage_template(), context) return render_to_response(self.get_obj_perms_manage_template(), context, RequestContext(request))
def obj_perms_manage_view(self, request, object_pk): """ Main object permissions view. Presents all users and groups with any object permissions for the current model *instance*. Users or groups without object permissions for related *instance* would **not** be shown. In order to add or manage user or group one should use links or forms presented within the page. """ if not self.has_change_permission(request, None): post_url = reverse('admin:index', current_app=self.admin_site.name) return redirect(post_url) try: # django >= 1.7 from django.contrib.admin.utils import unquote except ImportError: # django < 1.7 from django.contrib.admin.util import unquote obj = get_object_or_404(self.get_queryset(request), pk=unquote(object_pk)) users_perms = OrderedDict( sorted(get_users_with_perms(obj, attach_perms=True, with_group_users=False).items(), key=lambda user: getattr(user[0], get_user_model().USERNAME_FIELD))) groups_perms = OrderedDict( sorted(get_groups_with_perms(obj, attach_perms=True).items(), key=lambda group: group[0].name)) if request.method == 'POST' and 'submit_manage_user' in request.POST: user_form = self.get_obj_perms_user_select_form(request)( request.POST) group_form = self.get_obj_perms_group_select_form(request)( request.POST) info = (self.admin_site.name, self.model._meta.app_label, get_model_name(self.model)) if user_form.is_valid(): user_id = user_form.cleaned_data['user'].pk url = reverse('%s:%s_%s_permissions_manage_user' % info, args=[obj.pk, user_id]) return redirect(url) elif request.method == 'POST' and 'submit_manage_group' in request.POST: user_form = self.get_obj_perms_user_select_form(request)( request.POST) group_form = self.get_obj_perms_group_select_form(request)( request.POST) info = (self.admin_site.name, self.model._meta.app_label, get_model_name(self.model)) if group_form.is_valid(): group_id = group_form.cleaned_data['group'].id url = reverse('%s:%s_%s_permissions_manage_group' % info, args=[obj.pk, group_id]) return redirect(url) else: user_form = self.get_obj_perms_user_select_form(request)() group_form = self.get_obj_perms_group_select_form(request)() context = self.get_obj_perms_base_context(request, obj) context['users_perms'] = users_perms context['groups_perms'] = groups_perms context['user_form'] = user_form context['group_form'] = group_form # https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b request.current_app = self.admin_site.name if django.VERSION >= (1, 10): return render(request, self.get_obj_perms_manage_template(), context) return render_to_response(self.get_obj_perms_manage_template(), context, RequestContext(request))
def test_view_manage_wrong_user(self): self._login_superuser() url = reverse('admin:%s_%s_permissions_manage_user' % self.obj_info, kwargs={'object_pk': self.obj.pk, 'user_id': -10}) response = self.client.get(url) self.assertEqual(response.status_code, 404)
def obj_perms_manage_view(self, request, **kwargs): """ Main object permissions view. Presents all users and groups with any object permissions for the current model *instance*. Users or groups without object permissions for related *instance* would **not** be shown. In order to add or manage user or group one should use links or forms presented within the page. """ current_app = self.admin_site.name if not self.has_change_permission(): post_url = reverse('xadmin:index', current_app=current_app) return redirect(post_url) obj = get_object_or_404(self.get_queryset(), pk=unquote(self.object_pk)) users_perms = OrderedDict( sorted( get_users_with_perms(obj, attach_perms=True, with_group_users=False).items(), key=lambda user: getattr(user[0], User.USERNAME_FIELD) ) ) groups_perms = OrderedDict( sorted( get_groups_with_perms(obj, attach_perms=True).items(), key=lambda group: group[0].name ) ) if request.method == 'POST' and 'submit_manage_user' in request.POST: user_form = self.get_obj_perms_user_select_form(request)(request.POST) group_form = self.get_obj_perms_group_select_form(request)(request.POST) if user_form.is_valid(): user_id = user_form.cleaned_data['user'].pk url = reverse( '{0.admin_site.name}:guardian_permissions_user'.format(self), args=[self.app_label, self.model_name, obj.pk, user_id] ) return redirect(url) elif request.method == 'POST' and 'submit_manage_group' in request.POST: user_form = self.get_obj_perms_user_select_form(request)(request.POST) group_form = self.get_obj_perms_group_select_form(request)(request.POST) if group_form.is_valid(): group_id = group_form.cleaned_data['group'].id url = reverse( '{0.admin_site.name}:guardian_permissions_group'.format(self), args=[self.app_label, self.model_name, obj.pk, group_id] ) return redirect(url) else: user_form = self.get_obj_perms_user_select_form(request)() group_form = self.get_obj_perms_group_select_form(request)() context = self.get_obj_perms_base_context(request, obj) context['users_perms'] = users_perms context['groups_perms'] = groups_perms context['user_form'] = user_form context['group_form'] = group_form # https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b request.current_app = current_app return render(request, self.get_obj_perms_manage_template(), context)
def get_absolute_url(self): return reverse('articles:details', kwargs={'slug': self.slug})