def setup_env(self, *args, **options):
""" Create some seed data """
instance = Instance.objects.get(pk=options['instance'])
try:
user = User.system_user()
except User.DoesNotExist:
self.stdout.write('Error: Could not find a superuser to use')
return 1
instance_user = user.get_instance_user(instance)
if instance_user is None:
r = Role(name='global', rep_thresh=0, instance=instance)
r.save()
instance_user = InstanceUser(instance=instance,
user=user,
role=r)
instance_user.save_with_user(user)
self.stdout.write('Added system user to instance with global role')
for field in Plot._meta.get_all_field_names():
_, c = FieldPermission.objects.get_or_create(
model_name='Plot',
field_name=field,
role=instance_user.role,
instance=instance,
permission_level=FieldPermission.WRITE_DIRECTLY)
if c:
self.stdout.write('Created plot permission for field "%s"'
% field)
for field in Tree._meta.get_all_field_names():
_, c = FieldPermission.objects.get_or_create(
model_name='Tree',
field_name=field,
role=instance_user.role,
instance=instance,
permission_level=FieldPermission.WRITE_DIRECTLY)
if c:
self.stdout.write('Created tree permission for field "%s"'
% field)
dt = 0
dp = 0
if options.get('delete', False):
for t in Tree.objects.all():
t.delete_with_user(user)
dt += 1
for p in Plot.objects.all():
p.delete_with_user(user)
dp += 1
self.stdout.write("Deleted %s trees and %s plots" % (dt, dp))
return instance, user
def setup_env(self, *args, **options):
""" Create some seed data """
instance = Instance.objects.get(pk=options['instance'])
user = User.objects.filter(is_superuser=True)
if len(user) == 0:
print('Error: Could not find a superuser to use')
return 1
else:
user = user[0]
if user.roles.count() == 0:
print('Added global role to user')
r = Role(name='global', rep_thresh=0, instance=instance)
r.save()
user.roles.add(r)
user.save_base()
for field in ('geom', 'import_event'):
_, c = FieldPermission.objects.get_or_create(
model_name='Plot',
field_name=field,
role=user.roles.all()[0],
instance=instance,
permission_level=FieldPermission.WRITE_DIRECTLY)
if c:
print('Created plot permission for field "%s"' % field)
for field in ('plot',):
_, c = FieldPermission.objects.get_or_create(
model_name='Tree',
field_name=field,
role=user.roles.all()[0],
instance=instance,
permission_level=FieldPermission.WRITE_DIRECTLY)
if c:
print('Created tree permission for field "%s"' % field)
dt = 0
dp = 0
if options.get('delete', False):
for t in Tree.objects.all():
t.delete_with_user(user)
dt += 1
for p in Plot.objects.all():
p.delete_with_user(user)
dp += 1
print("Deleted %s trees and %s plots" % (dt, dp))
return instance, user
def make_role(instance):
role = _make_loaded_role(instance, rolename, FieldPermission.NONE,
field_permissions)
if models_to_permit:
role.instance_permissions.add(
*Role.model_permissions(models_to_permit))
return role
def make_role(instance):
role = _make_loaded_role(instance, rolename, FieldPermission.NONE,
field_permissions)
if models_to_permit:
role.instance_permissions.add(
*Role.model_permissions(models_to_permit))
return role
def photo_is_addable(role_related_obj, associated_model):
'''
photo_is_addable(role_related_obj, associated_model) returns
True if a user possessing role_related_obj can add a photo
to the associated_model, False otherwise.
role_related_obj may be a role or an instance user.
associated_model may be a model class or instance of a model.
'''
AssociatedClass = _get_associated_model_class(associated_model)
PhotoClass = TreePhoto if AssociatedClass == Tree else MapFeaturePhoto
codename = Role.permission_codename(AssociatedClass, 'add', photo=True)
role = _get_role_from_related_object(role_related_obj)
return role and role.has_permission(codename, PhotoClass) or False
def photo_is_addable(role_related_obj, associated_model):
'''
photo_is_addable(role_related_obj, associated_model) returns
True if a user possessing role_related_obj can add a photo
to the associated_model, False otherwise.
role_related_obj may be a role or an instance user.
associated_model may be a model class or instance of a model.
'''
AssociatedClass = _get_associated_model_class(associated_model)
PhotoClass = TreePhoto if AssociatedClass == Tree else MapFeaturePhoto
codename = Role.permission_codename(AssociatedClass, 'add', photo=True)
role = _get_role_from_related_object(role_related_obj)
return role and role.has_permission(codename, PhotoClass) or False
def make_officer_role(instance):
"""
The officer role has permission to modify only a few fields,
and only a few models under test, but the officer is permitted to
modify them directly without moderation.
"""
permissions = (
('Plot', 'length', FieldPermission.WRITE_DIRECTLY),
('RainBarrel', 'capacity', FieldPermission.WRITE_DIRECTLY),
('Tree', 'diameter', FieldPermission.WRITE_DIRECTLY),
('Tree', 'height', FieldPermission.WRITE_DIRECTLY))
officer = _make_loaded_role(instance, 'officer', FieldPermission.NONE,
permissions)
models = [Model for Model in leaf_models_of_class(Authorizable)
if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}]
officer.instance_permissions.add(*Role.model_permissions(models))
officer.save()
return officer
def make_conjurer_role(instance):
"""
The conjurer role has permission to create and delete all models
under test and their related photo types,
but limited permission to read or write fields in them.
"""
permissions = (
('Plot', 'length', FieldPermission.WRITE_DIRECTLY),
('Tree', 'height', FieldPermission.WRITE_DIRECTLY))
conjurer = _make_loaded_role(instance, 'conjurer', FieldPermission.NONE,
permissions)
models = [Model for Model in leaf_models_of_class(Authorizable)
if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}]
ThroughModel = Role.instance_permissions.through
model_permissions = Role.model_permissions(models)
role_perms = [ThroughModel(role_id=conjurer.id, permission_id=perm.id)
for perm in model_permissions]
ThroughModel.objects.bulk_create(role_perms)
return conjurer
def test_none_perm(self):
self.assertEqual(
False,
perms._allows_perm(Role(), 'NonExistentModel', any,
'allows_reads'))
def handle(self, *args, **options):
""" Create some seed data """
instance = Instance.objects.get(pk=options['instance'])
user = User.objects.filter(is_superuser=True)
if len(user) == 0:
print('Error: Could not find a superuser to use')
return 1
else:
user = user[0]
if user.roles.count() == 0:
print('Added global role to user')
r = Role(name='global', rep_thresh=0, instance=instance)
r.save()
user.roles.add(r)
user.save()
for field in ('geom', 'created_by', 'import_event'):
_, c = FieldPermission.objects.get_or_create(
model_name='Plot',
field_name=field,
role=user.roles.all()[0],
instance=instance,
permission_level=FieldPermission.WRITE_DIRECTLY)
if c:
print('Created plot permission for field "%s"' % field)
for field in ('plot', 'created_by'):
_, c = FieldPermission.objects.get_or_create(
model_name='Tree',
field_name=field,
role=user.roles.all()[0],
instance=instance,
permission_level=FieldPermission.WRITE_DIRECTLY)
if c:
print('Created tree permission for field "%s"' % field)
dt = 0
dp = 0
if options.get('delete', False):
for t in Tree.objects.all():
t.delete_with_user(user)
dt += 1
for p in Plot.objects.all():
p.delete_with_user(user)
dp += 1
print("Deleted %s trees and %s plots" % (dt, dp))
n = options['n']
print("Will create %s plots" % n)
tree_prob = float(max(100, min(0, options['ptree']))) / 100.0
max_radius = options['radius']
center_x = instance.center.x
center_y = instance.center.y
import_event = ImportEvent(imported_by=user)
import_event.save()
ct = 0
cp = 0
for i in xrange(0, n):
mktree = random.random() < tree_prob
radius = random.gauss(0.0, max_radius)
theta = random.random() * 2.0 * math.pi
x = math.cos(theta) * radius + center_x
y = math.sin(theta) * radius + center_y
plot = Plot(instance=instance,
geom=Point(x, y),
created_by=user,
import_event=import_event)
plot.save_with_user(user)
cp += 1
if mktree:
tree = Tree(plot=plot,
created_by=user,
import_event=import_event,
instance=instance)
tree.save_with_user(user)
ct += 1
print("Created %s trees and %s plots" % (ct, cp))
