def test_group_role(self):
assign_role("role2", self.group)
self.assertTrue(self.user.has_perm("core.view_remote"))
self.assertFalse(self.user.has_perm("core.view_remote", self.remote))
self.assertEqual(self.user.get_all_permissions(), {"core.view_remote"})
self.assertEqual(self.user.get_all_permissions(self.remote), set())
remove_role("role2", self.group)
def test_user_role(self):
assign_role("role1", self.user)
self.assertTrue(self.user.has_perm("core.view_repository"))
self.assertFalse(self.user.has_perm("core.view_repository", self.repository))
self.assertEqual(self.user.get_all_permissions(), {"core.view_repository"})
self.assertEqual(self.user.get_all_permissions(self.repository), set())
remove_role("role1", self.user)
def add_roles_for_object_creator(self, roles):
"""
Adds object-level roles for the user creating the newly created object.
If the ``django_currentuser.middleware.get_current_authenticated_user`` returns None because
the API client did not provide authentication credentials, *no* permissions are added and
this passes silently. This allows endpoints which create objects and do not require
authorization to execute without error.
Args:
roles (list or str): One or more roles to be added at the object-level for the user.
This can either be a single role as a string, or list of role names.
"""
from pulpcore.app.role_util import assign_role
roles = _ensure_iterable(roles)
current_user = get_current_authenticated_user()
if current_user:
for role in roles:
assign_role(role, current_user, self)
def test_combination_role(self):
assign_role("role1", self.user, self.repository)
assign_role("role2", self.group)
self.assertEqual(self.user.get_all_permissions(), {"core.view_remote"})
self.assertEqual(self.user.get_all_permissions(self.repository),
{"view_repository"})
self.assertEqual(self.user.get_all_permissions(self.remote), set())
self.assertEqual(
set(
get_objects_for_user(self.user, "core.view_repository",
Repository.objects.all()).values_list(
"pk", flat=True)),
{self.repository.pk},
)
self.assertEqual(
set(
get_objects_for_user(self.user, "core.view_remote",
Remote.objects.all()).values_list(
"pk", flat=True)),
{self.remote.pk, self.remote2.pk},
)
remove_role("role2", self.group)
def add_roles_for_groups(self, roles, groups):
"""
Adds object-level roles for one or more groups for this newly created object.
Args:
roles (str or list): One or more object-level roles to be added for the groups. This
can either be a single role as a string, or list of role names.
groups (str or list): One or more groups who will receive object-level roles. This
can either be a single group name as a string or a list of group names.
Raises:
ObjectDoesNotExist: If any of the groups do not exist.
"""
from pulpcore.app.role_util import assign_role
roles = _ensure_iterable(roles)
groups = _ensure_iterable(groups)
for group_name in groups:
group = Group.objects.get(name=group_name)
for role in roles:
assign_role(role, group, self)
def add_roles_for_users(self, roles, users):
"""
Adds object-level roles for one or more users for this newly created object.
Args:
roles (str or list): One or more roles to be added at object-level for the users.
This can either be a single role as a string, or a list of role names.
users (str or list): One or more users who will receive object-level roles. This can
either be a single username as a string or a list of usernames.
Raises:
ObjectDoesNotExist: If any of the users do not exist.
"""
from pulpcore.app.role_util import assign_role
roles = _ensure_iterable(roles)
users = _ensure_iterable(users)
for username in users:
user = get_user_model().objects.get(username=username)
for role in roles:
assign_role(role, user, self)