def setup(self):
self.loadstatement = '{% load forum_permission_tags %}'
self.request_factory = RequestFactory()
self.g1 = GroupFactory.create()
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
self.moderators = GroupFactory.create()
self.moderator = UserFactory.create()
self.moderator.groups.add(self.moderators)
self.superuser = UserFactory.create(is_superuser=True)
# Permission handler
self.perm_handler = PermissionHandler()
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
# Set up some topics and posts
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_2_topic = create_topic(forum=self.forum_2, poster=self.u2)
self.post_1 = PostFactory.create(topic=self.forum_1_topic, poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_2_topic, poster=self.u2)
def setup(self):
self.loadstatement = '{% load forum_permission_tags %}'
self.request_factory = RequestFactory()
self.g1 = GroupFactory.create()
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
self.moderators = GroupFactory.create()
self.moderator = UserFactory.create()
self.moderator.groups.add(self.moderators)
self.superuser = UserFactory.create(is_superuser=True)
# Permission handler
self.perm_handler = PermissionHandler()
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
# Set up some topics and posts
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_2_topic = create_topic(forum=self.forum_2, poster=self.u2)
self.post_1 = PostFactory.create(topic=self.forum_1_topic, poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_2_topic, poster=self.u2)
def test_knows_that_granted_permissions_should_take_precedence_over_the_same_non_granted_permissions(self): # noqa: E501
# Setup
user = UserFactory.create()
group_all_users = GroupFactory.create()
group_specific_access = GroupFactory.create()
user.groups.add(group_all_users)
user.groups.add(group_specific_access)
assign_perm('can_read_forum', group_all_users, None) # global permission
assign_perm('can_read_forum', group_all_users, self.forum, has_perm=False)
assign_perm('can_read_forum', group_specific_access, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert checker.has_perm('can_read_forum', self.forum)
def test_filter_methods_ensure_that_granted_permissions_take_precedence_over_the_same_non_granted_permissions(self): # noqa: E501
# Setup
user = UserFactory.create()
group_all_users = GroupFactory.create()
group_specific_access = GroupFactory.create()
user.groups.add(group_all_users)
user.groups.add(group_specific_access)
assign_perm('can_read_forum', group_all_users, None) # global permission
assign_perm('can_read_forum', group_all_users, self.top_level_cat, has_perm=False)
assign_perm('can_read_forum', group_specific_access, self.top_level_cat, has_perm=True)
# Run & check
assert self.top_level_cat in \
set(self.perm_handler._get_forums_for_user(user, ['can_read_forum']))
def test_knows_that_granted_permissions_should_take_precedence_over_the_same_non_granted_permissions(self): # noqa: E501
# Setup
user = UserFactory.create()
group_all_users = GroupFactory.create()
group_specific_access = GroupFactory.create()
user.groups.add(group_all_users)
user.groups.add(group_specific_access)
assign_perm('can_read_forum', group_all_users, None) # global permission
assign_perm('can_read_forum', group_all_users, self.forum, has_perm=False)
assign_perm('can_read_forum', group_specific_access, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert checker.has_perm('can_read_forum', self.forum)
def setup(self):
self.u1 = UserFactory.create()
self.g1 = GroupFactory.create()
self.u1.groups.add(self.g1)
# Permission handler
self.perm_handler = PermissionHandler()
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
self.forum_3 = create_link_forum(parent=self.top_level_cat)
# Set up a top-level forum link
self.top_level_link = create_link_forum()
# Set up some topics
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_3_topic = create_topic(forum=self.forum_3, poster=self.u1)
self.forum_3_topic_2 = create_topic(
forum=self.forum_3, poster=self.u1, status=Topic.TOPIC_LOCKED)
# Set up some posts
self.post_1 = PostFactory.create(topic=self.forum_1_topic, poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_3_topic, poster=self.u1)
# Assign some permissions
assign_perm('can_see_forum', self.u1, self.top_level_cat)
assign_perm('can_see_forum', self.u1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_3)
def setUp(self):
self.loadstatement = '{% load forum_tracking_tags %}'
self.request_factory = RequestFactory()
# Tracking handler
self.tracks_handler = TrackingHandler()
self.g1 = GroupFactory.create()
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
# Set up some topics and posts
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_2_topic = create_topic(forum=self.forum_2, poster=self.u1)
self.post_1 = PostFactory.create(topic=self.forum_1_topic, poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_2_topic, poster=self.u1)
# Assign some permissions
assign_perm('can_see_forum', self.g1, self.top_level_cat)
assign_perm('can_read_forum', self.g1, self.top_level_cat)
assign_perm('can_see_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_see_forum', self.g1, self.forum_2)
assign_perm('can_read_forum', self.g1, self.forum_2)
def setup(self):
# Add some users
self.u1 = UserFactory.create()
self.g1 = GroupFactory.create()
self.u1.groups.add(self.g1)
self.user.groups.add(self.g1)
# Permission handler
self.perm_handler = PermissionHandler()
self.top_level_cat_1 = create_category_forum()
self.forum_1 = create_forum(parent=self.top_level_cat_1)
self.forum_2 = create_forum(parent=self.top_level_cat_1)
self.forum_3 = create_forum(parent=self.top_level_cat_1)
self.topic_1 = create_topic(forum=self.forum_2, poster=self.u1)
PostFactory.create(topic=self.topic_1, poster=self.u1)
PostFactory.create(topic=self.topic_1, poster=self.user)
self.topic_2 = create_topic(forum=self.forum_1, poster=self.user)
PostFactory.create(topic=self.topic_2, poster=self.user)
PostFactory.create(topic=self.topic_2, poster=self.u1)
self.topic_3 = create_topic(forum=self.forum_2, poster=self.u1)
PostFactory.create(topic=self.topic_3, poster=self.u1)
self.topic_4 = create_topic(forum=self.forum_2, poster=self.user)
PostFactory.create(topic=self.topic_4, poster=self.user)
# Assign some permissions
assign_perm('can_read_forum', self.g1, self.top_level_cat_1)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_2)
def setUp(self):
self.loadstatement = '{% load forum_tracking_tags %}'
self.request_factory = RequestFactory()
# Tracking handler
self.tracks_handler = TrackingHandler()
self.g1 = GroupFactory.create()
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
# Set up some topics and posts
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_2_topic = create_topic(forum=self.forum_2, poster=self.u1)
self.post_1 = PostFactory.create(topic=self.forum_1_topic, poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_2_topic, poster=self.u1)
# Assign some permissions
assign_perm('can_see_forum', self.g1, self.top_level_cat)
assign_perm('can_read_forum', self.g1, self.top_level_cat)
assign_perm('can_see_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_see_forum', self.g1, self.forum_2)
assign_perm('can_read_forum', self.g1, self.forum_2)
def setup(self):
# Add some users
self.u1 = UserFactory.create()
self.g1 = GroupFactory.create()
self.u1.groups.add(self.g1)
self.user.groups.add(self.g1)
# Permission handler
self.perm_handler = PermissionHandler()
self.top_level_cat_1 = create_category_forum()
self.forum_1 = create_forum(parent=self.top_level_cat_1)
self.forum_2 = create_forum(parent=self.top_level_cat_1)
self.forum_3 = create_forum(parent=self.top_level_cat_1)
self.topic_1 = create_topic(forum=self.forum_2, poster=self.u1)
PostFactory.create(topic=self.topic_1, poster=self.u1)
PostFactory.create(topic=self.topic_1, poster=self.user)
self.topic_2 = create_topic(forum=self.forum_1, poster=self.user)
PostFactory.create(topic=self.topic_2, poster=self.user)
PostFactory.create(topic=self.topic_2, poster=self.u1)
self.topic_3 = create_topic(forum=self.forum_2, poster=self.u1)
PostFactory.create(topic=self.topic_3, poster=self.u1)
self.topic_4 = create_topic(forum=self.forum_2, poster=self.user)
PostFactory.create(topic=self.topic_4, poster=self.user)
# Assign some permissions
assign_perm('can_read_forum', self.g1, self.top_level_cat_1)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_2)
def test_knows_that_user_permissions_take_precedence_over_group_permissions(
self):
# Setup
machina_settings.DEFAULT_AUTHENTICATED_USER_FORUM_PERMISSIONS = []
user = UserFactory.create()
group = GroupFactory.create()
user.groups.add(group)
# Check on forum level if user permission takes precedence over group permission
assign_perm('can_read_forum', group, self.forum, has_perm=True)
assign_perm('can_read_forum', user, self.forum, has_perm=False)
assign_perm('can_see_forum', group, self.forum, has_perm=False)
assign_perm('can_see_forum', user, self.forum, has_perm=True)
# Check on global level if user permission takes precedence over group permission
assign_perm('can_edit_own_posts', group, None, has_perm=True)
assign_perm('can_edit_own_posts', user, None, has_perm=False)
assign_perm('can_delete_own_posts', group, None, has_perm=False)
assign_perm('can_delete_own_posts', user, None, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
assert checker.has_perm('can_see_forum', self.forum)
assert not checker.has_perm('can_edit_own_posts', self.forum)
assert checker.has_perm('can_delete_own_posts', self.forum)
def setup(self):
self.loadstatement = '{% load forum_conversation_tags %}'
self.request_factory = RequestFactory()
self.g1 = GroupFactory.create()
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
self.moderators = GroupFactory.create()
self.moderator = UserFactory.create()
self.moderator.groups.add(self.moderators)
self.superuser = UserFactory.create(is_superuser=True)
# Permission handler
self.perm_handler = PermissionHandler()
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
# Set up some topics and posts
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_2_topic = create_topic(forum=self.forum_2, poster=self.u2)
self.forum_3_topic = create_topic(forum=self.forum_2, poster=self.u2)
self.post_1 = PostFactory.create(topic=self.forum_1_topic,
poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_2_topic,
poster=self.u2)
self.post_3 = PostFactory.create(topic=self.forum_3_topic,
poster=self.u2)
# Assign some permissions
assign_perm('can_see_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_edit_own_posts', self.g1, self.forum_1)
assign_perm('can_delete_own_posts', self.g1, self.forum_1)
assign_perm('can_reply_to_topics', self.g1, self.forum_1)
assign_perm('can_see_forum', self.moderators, self.forum_1)
assign_perm('can_read_forum', self.moderators, self.forum_1)
assign_perm('can_edit_own_posts', self.moderators, self.forum_1)
assign_perm('can_delete_own_posts', self.moderators, self.forum_1)
assign_perm('can_edit_posts', self.moderators, self.forum_1)
assign_perm('can_delete_posts', self.moderators, self.forum_1)
def setup(self):
self.loadstatement = '{% load forum_polls_tags %}'
self.request_factory = RequestFactory()
self.g1 = GroupFactory.create()
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
self.moderators = GroupFactory.create()
self.moderator = UserFactory.create()
self.moderator.groups.add(self.moderators)
self.superuser = UserFactory.create(is_superuser=True)
# Permission handler
self.perm_handler = PermissionHandler()
# Set up a top-level category
self.top_level_cat = create_category_forum()
# Set up some forums
self.forum_1 = create_forum(parent=self.top_level_cat)
self.forum_2 = create_forum(parent=self.top_level_cat)
# Set up some topics and posts
self.forum_1_topic = create_topic(forum=self.forum_1, poster=self.u1)
self.forum_2_topic = create_topic(forum=self.forum_2, poster=self.u2)
self.post_1 = PostFactory.create(topic=self.forum_1_topic, poster=self.u1)
self.post_2 = PostFactory.create(topic=self.forum_2_topic, poster=self.u2)
self.poll_1 = TopicPollFactory.create(topic=self.forum_1_topic)
self.poll_2 = TopicPollFactory.create(topic=self.forum_2_topic)
# Assign some permissions
assign_perm('can_see_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_edit_own_posts', self.g1, self.forum_1)
assign_perm('can_delete_own_posts', self.g1, self.forum_1)
assign_perm('can_reply_to_topics', self.g1, self.forum_1)
assign_perm('can_see_forum', self.moderators, self.forum_1)
assign_perm('can_read_forum', self.moderators, self.forum_1)
assign_perm('can_edit_own_posts', self.moderators, self.forum_1)
assign_perm('can_delete_own_posts', self.moderators, self.forum_1)
assign_perm('can_edit_posts', self.moderators, self.forum_1)
assign_perm('can_delete_posts', self.moderators, self.forum_1)
assign_perm('can_vote_in_polls', self.g1, self.forum_1)
def test_editpermission_index_view_can_copy_permissions_from_another_forum(
self):
# Setup
group = GroupFactory.create()
model = self.model
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_see_forum'),
forum=self.sub_forum_1,
user=self.user,
has_perm=False)
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_read_forum'),
forum=self.sub_forum_1,
user=self.user,
has_perm=True)
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(
codename='can_start_new_topics'),
forum=self.sub_forum_1,
user=self.user,
has_perm=False)
GroupForumPermissionFactory.create(
permission=ForumPermission.objects.get(
codename='can_start_new_topics'),
forum=self.sub_forum_1,
group=group,
has_perm=False)
raw_url = 'admin:{}_{}_editpermission_index'.format(
model._meta.app_label, self._get_module_name(model._meta))
# Run
url = reverse(raw_url, kwargs={'forum_id': self.top_level_cat.id})
response = self.client.post(url, {'forum': self.sub_forum_1.id})
# Check
assert response.status_code == 200
assert UserForumPermission.objects.filter(
permission__codename='can_see_forum',
forum=self.top_level_cat,
user=self.user,
has_perm=False).exists()
assert UserForumPermission.objects.filter(
permission__codename='can_read_forum',
forum=self.top_level_cat,
user=self.user,
has_perm=True).exists()
assert UserForumPermission.objects.filter(
permission__codename='can_start_new_topics',
forum=self.top_level_cat,
user=self.user,
has_perm=False).exists()
assert GroupForumPermission.objects.filter(
permission__codename='can_start_new_topics',
forum=self.top_level_cat,
group=group,
has_perm=False).exists()
def test_knows_that_user_permissions_take_precedence_over_group_permissions(self):
# Setup
user = UserFactory.create()
group = GroupFactory.create()
user.groups.add(group)
assign_perm('can_read_forum', user, self.forum, has_perm=False)
assign_perm('can_read_forum', group, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
def test_knows_that_user_permissions_take_precedence_over_group_permissions(self):
# Setup
user = UserFactory.create()
group = GroupFactory.create()
user.groups.add(group)
assign_perm('can_read_forum', user, self.forum, has_perm=False)
assign_perm('can_read_forum', group, self.forum, has_perm=True)
checker = ForumPermissionChecker(user)
# Run & check
assert not checker.has_perm('can_read_forum', self.forum)
def test_editpermission_index_view_can_redirect_to_group_permissions_form(self):
# Setup
group = GroupFactory.create()
model = self.model
raw_url = 'admin:{}_{}_editpermission_index'.format(model._meta.app_label, self._get_module_name(model._meta))
# Run
url = reverse(raw_url, kwargs={'forum_id': self.top_level_cat.id})
response = self.client.post(url, {'group': group.id}, follow=True)
# Check
editpermissions_group_raw_url = 'admin:{}_{}_editpermission_group'.format(
model._meta.app_label, self._get_module_name(model._meta))
editpermissions_group_url = reverse(editpermissions_group_raw_url, kwargs={
'forum_id': self.top_level_cat.id, 'group_id': self.user.id})
assert len(response.redirect_chain)
last_url, status_code = response.redirect_chain[-1]
assert editpermissions_group_url in last_url
def test_editpermission_form_can_update_group_permissions(self):
# Setup
group = GroupFactory.create()
model = self.model
raw_url = 'admin:{}_{}_editpermission_group'.format(
model._meta.app_label, self._get_module_name(model._meta))
post_data = {
'can_see_forum': 'granted',
'can_read_forum': 'not-granted',
'can_start_new_topics': 'not-set',
'can_reply_to_topics': 'not-set',
'can_post_announcements': 'not-set',
'can_post_stickies': 'not-set',
'can_delete_own_posts': 'not-set',
'can_edit_own_posts': 'not-set',
'can_post_without_approval': 'not-set',
'can_create_polls': 'not-set',
'can_vote_in_polls': 'not-set',
'can_attach_file': 'not-set',
'can_download_file': 'not-set',
'can_lock_topics': 'not-set',
'can_edit_posts': 'not-set',
'can_delete_posts': 'not-set',
'can_move_posts': 'not-set',
'can_approve_posts': 'not-set',
}
# Run
url = reverse(raw_url,
kwargs={
'forum_id': self.top_level_cat.id,
'group_id': group.id
})
response = self.client.post(url, post_data)
# Check
assert response.status_code == 200
granted_perm = GroupForumPermission.objects.filter(
permission__codename='can_see_forum',
has_perm=True,
group=group,
forum=self.top_level_cat)
assert granted_perm.exists()
not_granted_perm = GroupForumPermission.objects.filter(
permission__codename='can_read_forum',
has_perm=False,
group=group,
forum=self.top_level_cat)
assert not_granted_perm.exists()
def test_editpermission_index_view_can_redirect_to_group_permissions_form(self):
# Setup
group = GroupFactory.create()
model = self.model
raw_url = 'admin:{}_{}_editpermission_index'.format(
model._meta.app_label, self._get_module_name(model._meta))
# Run
url = reverse(raw_url, kwargs={'forum_id': self.top_level_cat.id})
response = self.client.post(url, {'group': group.id, '_select_group': True}, follow=True)
# Check
editpermissions_group_raw_url = 'admin:{}_{}_editpermission_group'.format(
model._meta.app_label, self._get_module_name(model._meta))
editpermissions_group_url = reverse(editpermissions_group_raw_url, kwargs={
'forum_id': self.top_level_cat.id, 'group_id': group.id})
assert len(response.redirect_chain)
last_url, status_code = response.redirect_chain[-1]
assert editpermissions_group_url in last_url
def test_editpermission_index_view_can_copy_permissions_from_another_forum(self):
# Setup
group = GroupFactory.create()
model = self.model
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_see_forum'),
forum=self.sub_forum_1,
user=self.user, has_perm=False)
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_read_forum'),
forum=self.sub_forum_1,
user=self.user, has_perm=True)
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_start_new_topics'),
forum=self.sub_forum_1,
user=self.user, has_perm=False)
GroupForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_start_new_topics'),
forum=self.sub_forum_1,
group=group, has_perm=False)
raw_url = 'admin:{}_{}_editpermission_index'.format(
model._meta.app_label, self._get_module_name(model._meta))
# Run
url = reverse(raw_url, kwargs={'forum_id': self.top_level_cat.id})
response = self.client.post(url, {'forum': self.sub_forum_1.id})
# Check
assert response.status_code == 200
assert UserForumPermission.objects.filter(
permission__codename='can_see_forum', forum=self.top_level_cat,
user=self.user, has_perm=False).exists()
assert UserForumPermission.objects.filter(
permission__codename='can_read_forum', forum=self.top_level_cat,
user=self.user, has_perm=True).exists()
assert UserForumPermission.objects.filter(
permission__codename='can_start_new_topics', forum=self.top_level_cat,
user=self.user, has_perm=False).exists()
assert GroupForumPermission.objects.filter(
permission__codename='can_start_new_topics', forum=self.top_level_cat,
group=group, has_perm=False).exists()
def setup(self):
# Add some users
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.g1 = GroupFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
self.user.groups.add(self.g1)
# Permission handler
self.perm_handler = PermissionHandler()
# Tracking handler
self.tracks_handler = TrackingHandler()
self.top_level_cat_1 = create_category_forum()
self.top_level_cat_2 = create_category_forum()
self.forum_1 = create_forum(parent=self.top_level_cat_1)
self.forum_2 = create_forum(parent=self.top_level_cat_1)
self.forum_2_child_1 = create_forum(parent=self.forum_2)
self.forum_3 = create_forum(parent=self.top_level_cat_1)
self.forum_4 = create_forum(parent=self.top_level_cat_2)
self.topic = create_topic(forum=self.forum_2, poster=self.u1)
PostFactory.create(topic=self.topic, poster=self.u1)
# Initially u2 and user read the previously created topic
ForumReadTrackFactory.create(forum=self.forum_2, user=self.u2)
ForumReadTrackFactory.create(forum=self.forum_2, user=self.user)
# Assign some permissions
assign_perm('can_read_forum', self.g1, self.top_level_cat_1)
assign_perm('can_read_forum', self.g1, self.top_level_cat_2)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_2)
assign_perm('can_read_forum', self.g1, self.forum_2_child_1)
assign_perm('can_read_forum', self.g1, self.forum_4)
def setup(self):
# Add some users
self.u1 = UserFactory.create()
self.u2 = UserFactory.create()
self.g1 = GroupFactory.create()
self.u1.groups.add(self.g1)
self.u2.groups.add(self.g1)
self.user.groups.add(self.g1)
# Permission handler
self.perm_handler = PermissionHandler()
# Tracking handler
self.tracks_handler = TrackingHandler()
self.top_level_cat_1 = create_category_forum()
self.top_level_cat_2 = create_category_forum()
self.forum_1 = create_forum(parent=self.top_level_cat_1)
self.forum_2 = create_forum(parent=self.top_level_cat_1)
self.forum_2_child_1 = create_forum(parent=self.forum_2)
self.forum_3 = create_forum(parent=self.top_level_cat_1)
self.forum_4 = create_forum(parent=self.top_level_cat_2)
self.topic = create_topic(forum=self.forum_2, poster=self.u1)
PostFactory.create(topic=self.topic, poster=self.u1)
# Initially u2 and user read the previously created topic
ForumReadTrackFactory.create(forum=self.forum_2, user=self.u2)
ForumReadTrackFactory.create(forum=self.forum_2, user=self.user)
# Assign some permissions
assign_perm('can_read_forum', self.g1, self.top_level_cat_1)
assign_perm('can_read_forum', self.g1, self.top_level_cat_2)
assign_perm('can_read_forum', self.g1, self.forum_1)
assign_perm('can_read_forum', self.g1, self.forum_2)
assign_perm('can_read_forum', self.g1, self.forum_2_child_1)
assign_perm('can_read_forum', self.g1, self.forum_4)
def test_editpermission_form_can_update_group_permissions(self):
# Setup
group = GroupFactory.create()
model = self.model
raw_url = 'admin:{}_{}_editpermission_group'.format(model._meta.app_label, self._get_module_name(model._meta))
post_data = {
'can_see_forum': 'granted',
'can_read_forum': 'not-granted',
'can_start_new_topics': 'not-set',
'can_reply_to_topics': 'not-set',
'can_post_announcements': 'not-set',
'can_post_stickies': 'not-set',
'can_delete_own_posts': 'not-set',
'can_edit_own_posts': 'not-set',
'can_post_without_approval': 'not-set',
'can_create_polls': 'not-set',
'can_vote_in_polls': 'not-set',
'can_attach_file': 'not-set',
'can_download_file': 'not-set',
'can_lock_topics': 'not-set',
'can_edit_posts': 'not-set',
'can_delete_posts': 'not-set',
'can_move_posts': 'not-set',
'can_approve_posts': 'not-set',
}
# Run
url = reverse(raw_url, kwargs={
'forum_id': self.top_level_cat.id, 'group_id': group.id})
response = self.client.post(url, post_data)
# Check
assert response.status_code == 200
granted_perm = GroupForumPermission.objects.filter(
permission__codename='can_see_forum', has_perm=True,
group=group, forum=self.top_level_cat)
assert granted_perm.exists()
not_granted_perm = GroupForumPermission.objects.filter(
permission__codename='can_read_forum', has_perm=False,
group=group, forum=self.top_level_cat)
assert not_granted_perm.exists()
def test_editpermission_index_view_do_not_allow_users_to_copy_permissions_if_they_do_not_have_the_required_permissions(self): # noqa: E501
group = GroupFactory.create()
model = self.model
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_see_forum'),
forum=self.sub_forum_1,
user=self.user,
has_perm=False
)
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_read_forum'),
forum=self.sub_forum_1,
user=self.user,
has_perm=True
)
UserForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_start_new_topics'),
forum=self.sub_forum_1,
user=self.user,
has_perm=False
)
GroupForumPermissionFactory.create(
permission=ForumPermission.objects.get(codename='can_start_new_topics'),
forum=self.sub_forum_1,
group=group,
has_perm=False
)
raw_url = 'admin:{}_{}_editpermission_index'.format(
model._meta.app_label,
self._get_module_name(model._meta)
)
user = self.create_user(username='******', is_staff=True, is_superuser=False)
client = Client()
client.force_login(user)
url = reverse(raw_url, kwargs={'forum_id': self.top_level_cat.id})
response = client.post(url, {'forum': self.sub_forum_1.id})
assert response.status_code == 200
assert not (
UserForumPermission
.objects
.filter(
permission__codename='can_see_forum',
forum=self.top_level_cat,
user=self.user,
has_perm=False
)
.exists()
)
assert not (
UserForumPermission
.objects
.filter(
permission__codename='can_read_forum',
forum=self.top_level_cat,
user=self.user,
has_perm=True
)
.exists()
)
assert not (
UserForumPermission
.objects
.filter(
permission__codename='can_start_new_topics',
forum=self.top_level_cat,
user=self.user,
has_perm=False
)
.exists()
)
assert not (
GroupForumPermission
.objects
.filter(
permission__codename='can_start_new_topics',
forum=self.top_level_cat,
group=group,
has_perm=False
)
.exists()
)
def test_knows_precedence_of_permissions_is_user_group_allusers(self):
# Setup
machina_settings.DEFAULT_AUTHENTICATED_USER_FORUM_PERMISSIONS = []
user = UserFactory.create()
group = GroupFactory.create()
user.groups.add(group)
# 'res' in the following dict means 'expected result'
test_list = [
# Differing user settings, all_auth and group to True
{
'level': 'global',
'all_auth': True,
'group': True,
'user': True,
'res': True
},
{
'level': 'global',
'all_auth': True,
'group': True,
'user': '******',
'res': True
},
{
'level': 'global',
'all_auth': True,
'group': True,
'user': False,
'res': False
},
# Differing user settings, all_auto True, group permission False
{
'level': 'global',
'all_auth': True,
'group': False,
'user': True,
'res': True
},
{
'level': 'global',
'all_auth': True,
'group': False,
'user': '******',
'res': False
},
{
'level': 'global',
'all_auth': True,
'group': False,
'user': False,
'res': False
},
# Differing user settings, all_auth and group on False
{
'level': 'global',
'all_auth': False,
'group': False,
'user': True,
'res': True
},
{
'level': 'global',
'all_auth': False,
'group': False,
'user': '******',
'res': False
},
{
'level': 'global',
'all_auth': False,
'group': False,
'user': False,
'res': False
},
# Differing user settings, all_auth False, group permission True
{
'level': 'global',
'all_auth': False,
'group': True,
'user': True,
'res': True
},
{
'level': 'global',
'all_auth': False,
'group': True,
'user': '******',
'res': True
},
{
'level': 'global',
'all_auth': False,
'group': True,
'user': False,
'res': False
},
# Now on forum level instead of global
# Differing user settings, all_auth and group to True
{
'level': 'forum',
'all_auth': True,
'group': True,
'user': True,
'res': True
},
{
'level': 'forum',
'all_auth': True,
'group': True,
'user': '******',
'res': True
},
{
'level': 'forum',
'all_auth': True,
'group': True,
'user': False,
'res': False
},
# Differing user settings, all_auto True, group permission False
{
'level': 'forum',
'all_auth': True,
'group': False,
'user': True,
'res': True
},
{
'level': 'forum',
'all_auth': True,
'group': False,
'user': '******',
'res': False
},
{
'level': 'forum',
'all_auth': True,
'group': False,
'user': False,
'res': False
},
# Differing user settings, all_auth and group on False
{
'level': 'forum',
'all_auth': False,
'group': False,
'user': True,
'res': True
},
{
'level': 'forum',
'all_auth': False,
'group': False,
'user': '******',
'res': False
},
{
'level': 'forum',
'all_auth': False,
'group': False,
'user': False,
'res': False
},
# Differing user settings, all_auth False, group permission True
{
'level': 'forum',
'all_auth': False,
'group': True,
'user': True,
'res': True
},
{
'level': 'forum',
'all_auth': False,
'group': True,
'user': '******',
'res': True
},
{
'level': 'forum',
'all_auth': False,
'group': True,
'user': False,
'res': False
},
]
# loop over test dict:
for dct in test_list:
# set each permission as instructed in the dict
if dct['level'] == 'global':
forum_val = None
else:
forum_val = self.forum
assign_perm('can_read_forum',
ALL_AUTHENTICATED_USERS,
forum_val,
has_perm=dct['all_auth'])
assign_perm('can_read_forum',
group,
forum_val,
has_perm=dct['group'])
if dct['user'] != 'unset':
assign_perm('can_read_forum',
user,
forum_val,
has_perm=dct['user'])
checker = ForumPermissionChecker(user)
# test if value is as the expected value
assert checker.has_perm('can_read_forum', forum_val) == dct['res']
# unset the set permissions so the next iteration goes in blankly
remove_perm('can_read_forum', ALL_AUTHENTICATED_USERS, forum_val)
remove_perm('can_read_forum', group, forum_val)
if dct['user'] != 'unset':
remove_perm('can_read_forum', user, forum_val)
def test_can_return_a_list_of_readable_forums_taking_into_account_user_over_group_precedence(self): # noqa: E501
u2 = UserFactory.create()
g2 = GroupFactory.create()
u2.groups.add(g2)
# Restrict permission for group but allow for user
assign_perm('can_see_forum', g2, self.top_level_cat, False)
assign_perm('can_see_forum', g2, self.forum_1, False)
assign_perm('can_read_forum', g2, self.top_level_cat, False)
assign_perm('can_read_forum', g2, self.forum_1, False)
assign_perm('can_see_forum', u2, self.top_level_cat, True)
assign_perm('can_see_forum', u2, self.forum_1, True)
assign_perm('can_read_forum', u2, self.top_level_cat, True)
assign_perm('can_read_forum', u2, self.forum_1, True)
readable_forums_u2 = self.perm_handler._get_forums_for_user(
u2,
['can_see_forum', 'can_read_forum'],
False
)
u3 = UserFactory.create()
g3 = GroupFactory.create()
u3.groups.add(g3)
# Now allow for group but restrict for user
assign_perm('can_see_forum', g3, self.top_level_cat, True)
assign_perm('can_see_forum', g3, self.forum_1, True)
assign_perm('can_read_forum', g3, self.top_level_cat, True)
assign_perm('can_read_forum', g3, self.forum_1, True)
assign_perm('can_see_forum', u3, self.top_level_cat, False)
assign_perm('can_see_forum', u3, self.forum_1, False)
assign_perm('can_read_forum', u3, self.top_level_cat, False)
assign_perm('can_read_forum', u3, self.forum_1, False)
readable_forums_u3 = self.perm_handler._get_forums_for_user(
u3,
['can_see_forum', 'can_read_forum'],
False
)
# Now we'll test for global permissions that are set
u4 = UserFactory.create()
g4 = GroupFactory.create()
u4.groups.add(g4)
# Allow for group but restrict for user
assign_perm('can_see_forum', g4, None, True)
assign_perm('can_read_forum', g4, None, True)
assign_perm('can_see_forum', u4, None, False)
assign_perm('can_read_forum', u4, None, False)
readable_forums_u4 = self.perm_handler._get_forums_for_user(
u4,
['can_see_forum', 'can_read_forum'],
False
)
u5 = UserFactory.create()
g5 = GroupFactory.create()
u5.groups.add(g5)
# Restrict for group but allow for user
assign_perm('can_see_forum', g5, None, False)
assign_perm('can_read_forum', g5, None, False)
assign_perm('can_see_forum', u5, None, True)
assign_perm('can_read_forum', u5, None, True)
readable_forums_u5 = self.perm_handler._get_forums_for_user(
u5,
['can_see_forum', 'can_read_forum'],
False
)
assert set(readable_forums_u2) == set([self.top_level_cat, self.forum_1])
assert set(readable_forums_u3) == set([])
assert set(readable_forums_u4) == set([])
assert set(readable_forums_u5) == set(Forum.objects.all())
