class SubsequentOverridesView(PermissionsTemplateView):
template_name = 'tests/passed.html'
permissions = Permissions(
P(user__is_authenticated=True, if_false=Login2View.as_view())
| P(user__is_superuser=True,
if_false=TemplateView.as_view(template_name='tests/welcome.html')))
def test_request_arguments(self):
request = self.get_request()
request.user = self.user
request.user2 = self.admin
self.assertTrue(
Permissions(P(user__user_is_user=Arg('user'))).check(request))
self.assertFalse(
Permissions(P(user__user_is_user=Arg('user2'))).check(request))
def get_rules(self, request=None, **kwargs):
try:
request.article = Article.objects.get(slug=kwargs.get('slug'))
except Article.DoesNotExist:
request.article = None
return editor_or_administrator | P(
P(user__is_author=True) & P(article__is_published=False)
& P(article__author=request.user))
class OverridesIfTrueView(PermissionsTemplateView):
template_name = 'tests/passed.html'
permissions = Permissions(
P(user__is_authenticated=True) | P(
P(user__is_authenticated=True)
& P(user__is_superuser=True,
if_true=TemplateView.as_view(
template_name='tests/welcome.html'))))
class TrueFalseRedirects25View(PermissionsTemplateView):
template_name = 'tests/passed.html'
permissions = Permissions(
P(user__is_authenticated=True)
& P(P(user__is_superuser=True) | P(object__owner=Cmp('user')),
if_false=AccessDeniedView.as_view()))
def dispatch(self, request, *args, **kwargs):
request.object = TestObject.objects.get(title='Test!')
return super(TrueFalseRedirects25View,
self).dispatch(request, *args, **kwargs)
class SomeBasicObjectPermissions(Permissions):
rules = P(some_object1__title='Some Object 1')
def get_rules(self, request, **kwargs):
request.some_object1 = TestObject(title='Some Object 1')
request.some_object2 = TestObject(title='Some Object 2')
request.some_object3 = TestObject(title='Some Object 3')
return P(some_object2__title='Some Object 2')
class AuthenticatedPermissions(Permissions):
rules = P(user__is_authenticated=True)
def get_rules(self, request, **kwargs):
request.some_object = TestObject(title='Some Object')
return P()
class TestView(DjangoViewMixin, SimpleGetView):
permissions = SomeObjectPermissions(
P(user_is_staff | user_is_superuser))
class AdministratorPermissions(Permissions):
rules = P(user__is_administrator=True)
class NestedPermissions(Permissions):
rules = P(
P(user__is_authenticated=True) & P(
P(user__is_staff=True)
& P(P(user__is_superuser=True) & P(user__username='******'))))
class NestedNegatedPermissions(Permissions):
rules = P(
~P(user__is_authenticated=False)
& P(P(user__is_authenticated=True) | ~P(user__is_authenticated=False)))
class UserPermissions(Permissions):
rules = P(user__is_authenticated=True,
if_false=SubscriptionRequiredRedirectView.as_view())
class NegatePermissions(Permissions):
rules = ~P(user__is_public=False) & ~P(user__is_authenticated=False)
def test_children(self):
self.assertEqual(
'(&(&(~(&{\'user\': 1})),(|{\'user\': 2},(~(&{\'user\': 3})))))',
str(P(~P(user=1) & P(P(user=2) | ~P(user=3)))))
class NegatedOverrideIfTrueFalsePermissions(Permissions):
rules = ~P(user__is_authenticated=True,
if_true=if_true_override,
if_false=if_false_override)
def test_oneliners(self):
request = self.get_request()
self.assertFalse(
Permissions(
P(user__is_authenticated=True)
& P(user__username=request.user.username)).check(request))
request.user = self.user
self.assertTrue(
Permissions(
P(user__is_authenticated=True)
| P(user__username='******')).check(request))
Permissions(user_is_authenticated
& P(user__is_superuser=True, if_false=if_true_override)
).check(request)
self.assertEqual(OVERRIDE_TRUE,
request.permissionsx_return_overrides())
Permissions(user_is_superuser
| P(user__is_staff=True, if_false=if_false_override)
).check(request)
self.assertEqual(OVERRIDE_FALSE,
request.permissionsx_return_overrides())
permissions_tested = Permissions(
P(user__is_authenticated=True)
& P(user__is_staff=True, if_false=if_false_override)
& P(user__is_superuser=False))
permissions_tested.check(request)
self.assertEqual(OVERRIDE_FALSE,
request.permissionsx_return_overrides())
request.user = self.staff
permissions_tested = Permissions(
P(user__is_authenticated=True)
& P(user__is_staff=True, if_true=if_true_override)
& P(user__is_superuser=False))
permissions_tested.check(request)
self.assertEqual(OVERRIDE_TRUE,
request.permissionsx_return_overrides())
class OverrideIfTruePermissions(Permissions):
rules = P(user__is_authenticated=True, if_true=if_true_override)
class OverrideIfFalsePermissions(Permissions):
rules = P(user__is_authenticated=True, if_false=if_false_override)
def get_rules(self, request=None):
return ~P(user__is_authenticated=False) & P(
user__username=request.user.username)
class OverridesIfFalseView(PermissionsTemplateView):
template_name = 'tests/passed.html'
permissions = Permissions(
P(user__is_authenticated=True)
& P(user__is_superuser=True, if_false=Login2View.as_view()))
class NestedNegatedOverridePermissions(Permissions):
rules = P(
P(user__is_authenticated=False) & ~P(user__is_authenticated=True,
if_true=if_true_override,
if_false=if_false_override))
class UserAttributesDependentPermissions(Permissions):
rules = P(user__username='******')
def get_rules(self, request, **kwargs):
request.some_object1 = TestObject(title='Some Object 1')
request.some_object2 = TestObject(title='Some Object 2')
request.some_object3 = TestObject(title='Some Object 3')
return P(some_object2__title='Some Object 2')
from django.core.urlresolvers import reverse_lazy
from django.contrib import messages
from permissionsx.models import P
from permissionsx.models import Permissions
from permissionsx.contrib.django.views import MessageRedirectView
from example.content.models import Article
editor_or_administrator = P(user__is_editor=True) | P(
user__is_administrator=True)
class SubscriptionRequiredRedirectView(MessageRedirectView):
message = (messages.warning, 'You must be signed up to access content!')
redirect_url = reverse_lazy('account_signup')
class UserPermissions(Permissions):
rules = P(user__is_authenticated=True,
if_false=SubscriptionRequiredRedirectView.as_view())
class AuthorPermissions(Permissions):
rules = P(user__is_author=True) | editor_or_administrator
class StaffPermissions(Permissions):
def get_rules(self, request, **kwargs):
rules = super(SomeObjectPermissions,
self).get_rules(request, **kwargs)
request.some_object4 = TestObject(title='Some Object 4')
return rules & P(some_object3__title='Some Object 3')
class AuthorPermissions(Permissions):
rules = P(user__is_author=True) | editor_or_administrator
class TestView(DjangoViewMixin, SimpleGetView):
permissions = SomeObjectPermissions(
P(some_object4__title='Some Object 4'))
"""PermissionsX - Authorization for Django.
:copyright: Copyright (c) 2013-2014 by Robert Pogorzelski.
:license: BSD, see LICENSE for more details.
"""
from __future__ import absolute_import
from permissionsx.models import P
from permissionsx.models import Permissions
user_is_authenticated = P(user__is_authenticated=True)
user_is_staff = P(user__is_staff=True)
user_is_superuser = P(user__is_superuser=True)
OVERRIDE_TRUE = 'Override returns True'
OVERRIDE_FALSE = 'Override returns False'
def if_true_override():
return OVERRIDE_TRUE
def if_false_override():
return OVERRIDE_FALSE
class AuthenticatedPermissions(Permissions):
rules = P(user__is_authenticated=True)
class IsPublicPermissions(Permissions):
rules = P(user__is_public=True)