def handle(self, *args, **options):
verbose = options.get("verbose", True)
permissions = args
## Check if there are any assignments, optionally skip those?
## if the state is published, fix view perm XXX
## (or even better: properly define and consult workflow)
for m in models.get_models(include_auto_created=True):
if not issubclass(m, Content) or not type_registry.get(m.get_name()):
continue
for c in m.objects.all():
s = c.spoke()
wf = s.workflow()
state = c.state
wfassignment = wf.permission_assignment.get(state)
for permission in map(auth.Permission, permissions):
classassignment = getattr(s, "permission_assignment", {}).get(permission)
if not classassignment:
continue
assignments = RolePermission.assignments(c).filter(permission=permission)
if assignments.count() == 0:
if verbose:
print c.title, s, "has no assignment for", permission
for role in classassignment:
RolePermission.assign(c, role, permission).save()
if wfassignment and wfassignment.get(permission):
s.update_perms(c, {permission: wfassignment[permission]})
def test_assign_perms_explicit(self, pp, client):
t = Type1Type.create()
t.save()
assign_perms(t.instance, {p.view_content: (roles.owner,)})
assert RolePermission.assignments(t.instance).exists()
a = RolePermission.assignments(t.instance).all()[0]
assert a.role == roles.owner
assert a.permission == p.view_content
def test_update_perms(self, pp, client):
t = Type1Type.create()
t.save()
assign_perms(t.instance, {Permission("p"): (Role("r"),)})
update_perms(t.instance, {Permission("p"): (Role("r1"),)})
assert RolePermission.assignments(t.instance).count() == 1
a = RolePermission.assignments(t.instance).all()[0]
assert a.role == Role("r1")
assert a.permission == Permission("p")
def test_assign_perms_twice(self, pp, client):
t = Type1Type.create()
t.save()
assign_perms(t.instance, {Permission("p1"): (Role("r1"),)})
assign_perms(t.instance, {Permission("p2"): (Role("r2"),)})
assert RolePermission.assignments(t.instance).count() == 2
a = RolePermission.assignments(t.instance).all()
assert set((x.role for x in a)) == set((Role("r1"), Role("r2")))
assert set((x.permission for x in a)) == \
set((Permission("p1"), Permission("p2")))
def auth(self, handler, request, action):
##
## If post, handle/reset perm changes
if request.method == "POST":
existing = RolePermission.assignments(self.instance)
assignments = request.POST.getlist('assignment')
for e in existing:
if "{0}/{1}".format(e.permission, e.role) not in assignments:
e.delete()
for assignment in assignments:
perm, role = assignment.split('/', 1)
RolePermission.assign(self.instance, Role(role),
Permission(perm)).save()
ctx = {'spoke':self}
roles = Role.all()
permissions = []
## order roles, permissions (alphabetically?)
for perm in Permission.all():
d = dict(perm=perm, roles=[])
perms_per_role = RolePermission.assignments(
self.instance).filter(
permission=perm.id,
).values_list('role', flat=True)
r = []
for role in roles:
r.append(dict(role=role, checked=role.id in perms_per_role))
d['roles'] = r
permissions.append(d)
ctx['roles'] = roles
ctx['permissions'] = permissions
return handler.template("wheelcms_axle/edit_permissions.html", **ctx)
def test_update_perms_add(self, pp, client):
t = Type1Type.create()
t.save()
assign_perms(t.instance, {Permission("p"): (Role("r"),)})
update_perms(t.instance, {Permission("p1"): (Role("r1"),)})
rp = RolePermission.assignments(t.instance)
assert rp.count() == 2
assert set((i.permission, i.role) for i in rp) == \
set(((Permission("p"), Role("r")),
(Permission("p1"), Role("r1"))))
def test_assignment(self, pp, client):
t = Type1Type.create()
t.save()
assert RolePermission.assignments(t.instance).count() == 1
def test_assignment_blank(self, pp, client):
t = Type1Type.create()
t.save()
# import pytest; pytest.set_trace()
assert not RolePermission.assignments(t.instance).exists()
def update_perms(instance, permdict):
for permission, roles in permdict.iteritems():
RolePermission.clear(instance, permission)
for role in roles:
RolePermission.assign(instance, role, permission).save()
def assign_perms(instance, permdict):
""" invoked by a signal handler upon creation: Set initial
permissions """
for permission, roles in permdict.iteritems():
for role in roles:
RolePermission.assign(instance, role, permission).save()