def test_user_allow_non_role_obj_perm(self):
self.assertIs(
self.brandon.has_role_perm('test_app.change_author', self.twain),
False)
assign_perm(self.change_author, self.brandon, self.twain)
clear_cache(self.brandon)
self.assertIs(
self.brandon.has_role_perm('test_app.change_author', self.twain),
True)
def test_user_allow_role_model_perm(self):
self.brandon.user_permissions.add(self.manager_role.delegate)
self.assertIs(self.brandon.has_role_perm('test_app.use_role_manager'),
True) # default backend
clear_cache(self.brandon)
self.assertIs(self.brandon.has_role_perm('test_app.change_author'),
True)
self.assertIs(self.jack.has_role_perm('test_app.change_author'), False)
def test_user_allow_role_obj_perm(self):
assign_perm(self.manager_role.delegate, self.brandon, self.twain)
clear_cache(self.brandon)
self.assertIs(
self.brandon.has_perm('test_app.use_role_manager', self.twain),
True) # default backend
self.assertIs(
self.brandon.has_role_perm('test_app.change_author', self.twain),
True)
self.assertIs(
self.jack.has_role_perm('test_app.change_author', self.twain),
False)
def test_group_allow_role_model_perm(self):
self.assertIs(self.jack.has_role_perm('test_app.change_blog'), False)
self.assertIs(self.jack.has_role_perm('test_app.add_blog'), False)
self.users_group.permissions.add(
self.editor_role.delegate) # all users have editor role
clear_cache(self.jack)
clear_cache(self.brandon)
self.assertIs(self.jack.has_role_perm('test_app.use_role_editor'),
True) # default backend
self.assertIs(self.jack.has_role_perm('test_app.change_blog'), True)
self.assertIs(self.jack.has_role_perm('test_app.add_blog'),
False) # not author
self.assertIs(self.brandon.has_role_perm('test_app.use_role_editor'),
False)
self.assertIs(self.brandon.has_role_perm('test_app.change_blog'),
False)
def test_get_all_permissions(self):
self.assertEqual(self.brandon.get_all_permissions(), set())
self.admins_group.permissions.add(self.manager_role.delegate)
# all admins have manager role
clear_cache(self.brandon)
self.assertEqual(self.brandon.get_all_permissions(),
{'test_app.use_role_manager'})
self.assertEqual(
self.brandon.get_all_role_perms(), {
'test_app.use_role_manager', 'test_app.change_author',
'test_app.delete_author'
})
# will approve perms in roles only
# brandon decides to write on the side; and perms recognized by roles supervisor
self.brandon.user_permissions.add(self.add_blog)
clear_cache(self.brandon)
self.assertEqual(self.brandon.get_all_permissions(),
{'test_app.use_role_manager', 'test_app.add_blog'})
# brandon wants the entire role
self.brandon.user_permissions.add(self.author_role.delegate)
clear_cache(self.brandon)
self.assertEqual(
self.brandon.get_all_role_perms(), {
'test_app.use_role_manager', 'test_app.use_role_author',
'test_app.change_author', 'test_app.delete_author',
'test_app.add_blog', 'test_app.change_blog'
})
def test_group_allow_role_obj_perm(self):
self.assertIs(self.jack.has_role_perm('test_app.change_blog'), False)
self.assertIs(self.jack.has_role_perm('test_app.add_blog'), False)
assign_perm(self.editor_role.delegate, self.users_group, self.twain)
clear_cache(self.jack)
clear_cache(self.brandon)
self.assertIs(
self.jack.has_perm('test_app.use_role_editor', self.twain),
True) # default backend
self.assertIs(
self.jack.has_role_perm('test_app.change_blog', self.twain), True)
self.assertIs(self.jack.has_role_perm('test_app.add_blog', self.twain),
False) # not author
self.assertIs(
self.brandon.has_perm('test_app.use_role_editor', self.twain),
False)
self.assertIs(
self.brandon.has_role_perm('test_app.change_blog', self.twain),
False)
def clear_cache(self, user):
clear_cache(user)
def clear_cache(self):
clear_cache(self)
