def test_util_has_perm_or_owns_sanity(self):
"""Sanity check for access.has_perm_or_owns."""
me = User.objects.get(pk=118533)
my_t = Thread.objects.filter(creator=me)[0]
other_t = Thread.objects.exclude(creator=me)[0]
perm = 'forums_forum.thread_edit_forum'
allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
eq_(allowed, True)
allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
eq_(allowed, False)
def test_util_has_perm_or_owns_sanity(self):
"""Sanity check for access.has_perm_or_owns."""
me = User.objects.get(pk=118533)
my_t = Thread.objects.filter(creator=me)[0]
other_t = Thread.objects.exclude(creator=me)[0]
perm = 'forums_forum.thread_edit_forum'
allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
eq_(allowed, True)
allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
eq_(allowed, False)
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
"""
Check if the user has a permission or owns the object.
Ownership is determined by comparing perm_obj.field_name to the user in
context.
"""
user = context['request'].user
return access.has_perm_or_owns(user, perm, obj, perm_obj, field_name)
def _wrapped_view(request, *args, **kwargs):
# based on authority/decorators.py
user = request.user
if user.is_authenticated():
obj = _resolve_lookup(obj_lookup, kwargs)
perm_obj = _resolve_lookup(perm_obj_lookup, kwargs)
granted = access.has_perm_or_owns(user, perm, obj, perm_obj, owner_attr)
if granted or user.has_perm(perm):
return view_func(request, *args, **kwargs)
# In all other cases, permission denied
return HttpResponseForbidden()
def _wrapped_view(request, *args, **kwargs):
# based on authority/decorators.py
user = request.user
if user.is_authenticated():
obj = _resolve_lookup(obj_lookup, kwargs)
perm_obj = _resolve_lookup(perm_obj_lookup, kwargs)
granted = access.has_perm_or_owns(user, perm, obj, perm_obj,
owner_attr)
if granted or user.has_perm(perm):
return view_func(request, *args, **kwargs)
# In all other cases, permission denied
return HttpResponseForbidden()