def test_dumps_and_loads_with_other_instance(self):
     dumps = self.qserializer.dumps(self.q1)
     self.assertEqual(dumps, self.dumps)
     qserializer2 = QSerializer(base64=True)
     loads = qserializer2.loads(dumps)
     self.assertEqual(qserializer2.serialize(loads),
                      qserializer2.serialize(self.q1))
 def setUp(self):
     self.q1 = Q(Q(field1__contains="test") |
                 Q(rel1__field2__exact="test2") &
                 Q(Q(field3="test3") |
                   Q(field3__range=(datetime.datetime(2005, 1, 1),
                                    datetime.datetime(2005, 3, 31)))))
     self.qserializer = QSerializer(base64=True)
     self.dumps = self.qserializer.dumps(self.q1)
 def setUp(self):
     self.filterperm = FilterPermission()
     self.request = HttpRequest()
     self.me = User.objects.create(username="******", password='******')
     self.userok = User.objects.create(username="******", password='******')
     self.not_admin = User.objects.create(username="******", password='******')
     self.wrong = User.objects.create(username="******", password='******')
     self.admin = User.objects.create_superuser(username="******", password="******", email="")
     self.user_ct = ContentType.objects.get_by_natural_key("auth", "user")
     self.q = Q(Q(username='******') | Q(username='******'))
     self.qserializer = QSerializer(base64=True)
     self.myfilter = self.qserializer.dumps(self.q)
     self.fpm = FilterPermissionModel.objects.create(user=self.me,
                                                     content_type=self.user_ct,
                                                     filter=self.myfilter)
     self.request.user = self.me
Beispiel #4
0
    def has_object_permission(self, request, view, obj):
        """
        check filter permissions
        """

        user = request.user

        if not user.is_superuser and not user.is_anonymous:
            valid = False
            try:
                ct = ContentType.objects.get_for_model(obj)
                fpm = FilterPermissionModel.objects.get(user=user,
                                                        content_type=ct)
                myq = QSerializer(base64=True).loads(fpm.filter)
                try:
                    myobj = obj.__class__.objects.filter(myq).distinct().get(
                        pk=obj.pk)
                    if myobj:
                        valid = True
                except ObjectDoesNotExist:
                    valid = False
            except ObjectDoesNotExist:
                valid = True
            finally:
                return valid
        else:
            return True
class TestQSerializer(TestCase):
    """
    test the q serializer
    """

    def setUp(self):
        self.q1 = Q(Q(field1__contains="test") |
                    Q(rel1__field2__exact="test2") &
                    Q(Q(field3="test3") |
                      Q(field3__range=(datetime.datetime(2005, 1, 1),
                                       datetime.datetime(2005, 3, 31)))))
        self.qserializer = QSerializer(base64=True)
        self.dumps = self.qserializer.dumps(self.q1)

    def test_dumps(self):
        dumps = self.qserializer.dumps(self.q1)
        self.assertEqual(dumps, self.dumps)

    def test_loads(self):
        loads = self.qserializer.loads(self.dumps)
        self.assertEqual(self.qserializer.serialize(loads),
                         self.qserializer.serialize(self.q1))

    def test_dumps_and_loads_with_other_instance(self):
        dumps = self.qserializer.dumps(self.q1)
        self.assertEqual(dumps, self.dumps)
        qserializer2 = QSerializer(base64=True)
        loads = qserializer2.loads(dumps)
        self.assertEqual(qserializer2.serialize(loads),
                         qserializer2.serialize(self.q1))
Beispiel #6
0
 def filter_queryset(self, request, queryset, view):
     user = request.user
     if not user.is_superuser and not user.is_anonymous and isinstance(queryset, QuerySet):
         try:
             model = queryset.model
             ct = ContentType.objects.get_for_model(model)
             fpm = FilterPermissionModel.objects.get(user=user,
                                                     content_type=ct)
             myfilter = QSerializer(base64=True).loads(fpm.filter)
         except ObjectDoesNotExist:
             myfilter = Q()
         return queryset.filter(myfilter)
     else:
         return queryset
class TestFilterPermissionFilter(TestCase):
    """
    test filter
    """

    def setUp(self):
        self.filterperm = FilterPermission()
        self.me = User.objects.create(username="******", password='******')
        self.userok = User.objects.create(username="******", password='******')
        self.not_admin = User.objects.create(username="******", password='******')
        self.wrong = User.objects.create(username="******", password='******')
        self.admin = User.objects.create_superuser(username="******", password="******", email="")
        self.user_ct = ContentType.objects.get_by_natural_key("auth", "user")
        self.q = Q(Q(username='******') | Q(username='******'))
        self.qserializer = QSerializer(base64=True)
        self.myfilter = self.qserializer.dumps(self.q)
        self.fpm = FilterPermissionModel.objects.create(user=self.me,
                                                        content_type=self.user_ct,
                                                        filter=self.myfilter)
        self.request = HttpRequest()
        self.request.user = self.me
        self.queryset = User.objects.all()
        self.filterbackend = FilterPermissionBackend()


    def test_manager_valid(self):
        filter = self.filterbackend.filter_queryset(self.request, self.queryset, None)
        self.assertEqual(len(filter.all()), 2)
        self.assertEqual(filter.get(username='******'), self.userok)

    def test_manager_not_valid(self):
        filter = self.filterbackend.filter_queryset(self.request, self.queryset, None)
        self.assertEqual(len(filter.all()), 2)
        with self.assertRaises(User.DoesNotExist):
            filter.get(username='******')

    def test_superuser(self):
        self.request.user = self.admin
        filter = self.filterbackend.filter_queryset(self.request, self.queryset, None)
        self.assertEqual(len(filter.all()), 5)

    def test_no_filter(self):
        self.request.user = self.not_admin
        filter = self.filterbackend.filter_queryset(self.request, self.queryset, None)
        self.assertEqual(len(filter.all()), 5)
class TestFilterPermissionModel(TestCase):
    """
    test the filter permissions model
    """

    def setUp(self):
        self.me = User.objects.create(username="******", password='******')        
        self.q = Q(Q(username='******') | Q(username='******'))
        self.qserializer = QSerializer(base64=True)
        self.myfilter = self.qserializer.dumps(self.q)
        self.user_ct = ContentType.objects.get_by_natural_key("auth", "user")

    def test_create(self):
        fp = FilterPermissionModel.objects.create(user=self.me,
                                                  content_type=self.user_ct,
                                                  filter=self.myfilter)
        self.assertEqual(fp.user.username, 'morgan')
        self.assertEqual(fp.content_type.name, 'user')
        self.assertEqual(fp.filter, self.myfilter)
class TestFilterPermission(TestCase):
    """
    test filter permission
    """

    def setUp(self):
        self.filterperm = FilterPermission()
        self.request = HttpRequest()
        self.me = User.objects.create(username="******", password='******')
        self.userok = User.objects.create(username="******", password='******')
        self.not_admin = User.objects.create(username="******", password='******')
        self.wrong = User.objects.create(username="******", password='******')
        self.admin = User.objects.create_superuser(username="******", password="******", email="")
        self.user_ct = ContentType.objects.get_by_natural_key("auth", "user")
        self.q = Q(Q(username='******') | Q(username='******'))
        self.qserializer = QSerializer(base64=True)
        self.myfilter = self.qserializer.dumps(self.q)
        self.fpm = FilterPermissionModel.objects.create(user=self.me,
                                                        content_type=self.user_ct,
                                                        filter=self.myfilter)
        self.request.user = self.me

    def test_superuser(self):
        self.request.user = self.admin
        res = self.filterperm.has_object_permission(self.request, None, None)
        self.assertTrue(res)

    def test_no_filter(self):
        self.request.user = self.not_admin
        res = self.filterperm.has_object_permission(self.request, None, self.userok)
        self.assertTrue(res)
        res = self.filterperm.has_object_permission(self.request, None, self.wrong)
        self.assertTrue(res)

    def test_obj_valid(self):
        res = self.filterperm.has_object_permission(self.request, None, self.userok)
        self.assertTrue(res)

    def test_obj_not_valid(self):
        res = self.filterperm.has_object_permission(self.request, None, self.wrong)
        self.assertFalse(res)
 def setUp(self):
     self.me = User.objects.create(username="******", password='******')        
     self.q = Q(Q(username='******') | Q(username='******'))
     self.qserializer = QSerializer(base64=True)
     self.myfilter = self.qserializer.dumps(self.q)
     self.user_ct = ContentType.objects.get_by_natural_key("auth", "user")