def test_RegistrationAuthority_name_change(self): ra = models.RegistrationAuthority.objects.create(name="Test RA") user = get_user_model().objects.create_user('*****@*****.**','registrar') # User isn't in RA... yet self.assertFalse(perms.user_is_registrar(user,ra)) # Add user to RA, assert user is in RA ra.giveRoleToUser('registrar',user) # Caching issue, refresh from DB with correct permissions user = get_user_model().objects.get(pk=user.pk) self.assertTrue(perms.user_is_registrar(user,ra)) # Change name of RA, assert user is still in RA ra.name = "Test RA2" ra.save() user = get_user_model().objects.get(pk=user.pk) self.assertTrue(perms.user_is_registrar(user,ra)) # Add new RA with old RA's name, assert user is not in the new RA newRA = models.RegistrationAuthority.objects.create(name="Test RA") user = get_user_model().objects.get(pk=user.pk) self.assertFalse(perms.user_is_registrar(user,newRA)) # Remove user to RA, assert user is no longer in RA ra.removeRoleFromUser('registrar',user) # Caching issue, refresh from DB with correct permissions user = get_user_model().objects.get(pk=user.pk) self.assertFalse(perms.user_is_registrar(user,ra))
def setUp(self): super(TestSearch, self).setUp() import haystack haystack.connections.reload('default') self.ra = models.RegistrationAuthority.objects.create(name="Kelly Act") self.ra1 = models.RegistrationAuthority.objects.create(name="Superhuman Registration Act") # Anti-registration! self.registrar = User.objects.create_user('stryker','*****@*****.**','mutantsMustDie') self.ra.giveRoleToUser('registrar',self.registrar) self.assertTrue(perms.user_is_registrar(self.registrar,self.ra)) xmen = "professorX cyclops iceman angel beast phoenix wolverine storm nightcrawler" self.xmen_wg = models.Workgroup.objects.create(name="X Men") self.xmen_wg.registrationAuthorities.add(self.ra) self.xmen_wg.save() self.item_xmen = [ models.ObjectClass.objects.create(name=t,description="known xman",workgroup=self.xmen_wg,readyToReview=True)\ for t in xmen.split() ] for item in self.item_xmen: self.ra.register(item,models.STATES.standard,self.registrar) self.assertTrue(item.is_public()) avengers = "thor spiderman ironman hulk captainAmerica" self.avengers_wg = models.Workgroup.objects.create(name="Avengers") self.avengers_wg.registrationAuthorities.add(self.ra1) self.item_avengers = [ models.ObjectClass.objects.create(name=t,workgroup=self.avengers_wg) for t in avengers.split() ]
def test_registrar_search(self): self.logout() response = self.client.post(reverse('django.contrib.auth.views.login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar,self.ra)) dp = models.ObjectClass.objects.create(name="deadpool", description="not really an xman, no matter how much he tries", workgroup=self.xmen_wg,readyToReview=False) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertFalse(perms.user_can_view(self.registrar,dp)) self.assertFalse(dp.is_public()) response = self.client.get(reverse('aristotle:search')+"?q=xman") self.assertFalse(dp in [x.object for x in response.context['page'].object_list]) for i in response.context['page'].object_list: self.assertTrue(perms.user_can_view(self.registrar,i.object)) response = self.client.get(reverse('aristotle:search')+"?q=deadpool") self.assertEqual(len(response.context['page'].object_list),0) dp.readyToReview = True dp.save() dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar,dp)) # Stryker should be able to find items that are "ready for review" in his RA only. response = self.client.get(reverse('aristotle:search')+"?q=deadpool") self.assertEqual(len(response.context['page'].object_list),1) self.assertEqual(response.context['page'].object_list[0].object.item,dp) self.assertTrue(perms.user_can_view(self.registrar,response.context['page'].object_list[0].object))
def test_current_statuses_only_in_search_results_and_index(self): # See issue #327 self.logout() response = self.client.post(reverse('friendly_login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar,self.ra)) with reversion.create_revision(): dp = models.ObjectClass.objects.create(name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.xmen_wg,readyToReview=True) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar,dp)) self.assertFalse(dp.is_public()) from django.utils import timezone import datetime self.ra.register(dp,models.STATES.incomplete,self.registrar, registrationDate=timezone.now()+datetime.timedelta(days=-7) ) self.ra.register(dp,models.STATES.standard,self.registrar, registrationDate=timezone.now()+datetime.timedelta(days=-1) ) response = self.client.get(reverse('aristotle:search')+"?q=deadpool") self.assertEqual(len(response.context['page'].object_list),1) dp_result = response.context['page'].object_list[0] self.assertTrue(dp_result.object.name=="deadpool") self.assertTrue(len(dp_result.statuses) == 1) self.assertTrue(int(dp_result.statuses[0]) == int(models.STATES.standard))
def setUp(self): super(TestSearch, self).setUp() import haystack haystack.connections.reload('default') self.ra = models.RegistrationAuthority.objects.create(name="Kelly Act") self.ra1 = models.RegistrationAuthority.objects.create(name="Superhuman Registration Act") # Anti-registration! self.registrar = get_user_model().objects.create_user('stryker','*****@*****.**','mutantsMustDie') self.ra.giveRoleToUser('registrar',self.registrar) self.assertTrue(perms.user_is_registrar(self.registrar,self.ra)) xmen = "professorX cyclops iceman angel beast phoenix wolverine storm nightcrawler" self.xmen_wg = models.Workgroup.objects.create(name="X Men") # self.xmen_wg.registrationAuthorities.add(self.ra) self.xmen_wg.save() self.item_xmen = [ models.ObjectClass.objects.create(name=t,definition="known xman",workgroup=self.xmen_wg)\ for t in xmen.split()] for item in self.item_xmen: registered = self.ra.register(item,models.STATES.standard,self.su) self.assertTrue(item in registered['success']) item = models._concept.objects.get(pk=item.pk).item # Stupid cache self.assertTrue(item.is_public()) avengers = "thor spiderman ironman hulk captainAmerica" self.avengers_wg = models.Workgroup.objects.create(name="Avengers") # self.avengers_wg.registrationAuthorities.add(self.ra1) self.item_avengers = [ models.ObjectClass.objects.create(name=t,workgroup=self.avengers_wg) for t in avengers.split()]
def get_context_data(self, *args, **kwargs): kwargs = super().get_context_data(*args, **kwargs) kwargs.update({ 'review': self.review, 'can_approve_review': perms.user_can_approve_review(self.request.user, self.review), 'can_open_close_review': perms.user_can_close_or_reopen_review(self.request.user, self.review), 'can_edit_review': perms.user_can_edit_review(self.request.user, self.review), 'is_registrar': perms.user_is_registrar(self.request.user) }) if hasattr(self, "active_tab_name"): kwargs['active_tab'] = self.active_tab_name if self.review.concepts.count() == 1: # It's for a single item review, display in breadcrumbs kwargs.update({ 'single_item_review': True, 'item_under_review': self.review.concepts.first() }) return kwargs
def test_visibility_restriction_facets(self): # See issue #351 self.logout() response = self.client.get(reverse('aristotle:search') + "?q=xman") self.assertNotContains(response, 'Restriction') response = self.client.post(reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar, self.ra)) with reversion.create_revision(): dp = models.ObjectClass.objects.create( name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.xmen_wg) review = models.ReviewRequest.objects.create( requester=self.su, registration_authority=self.ra, state=self.ra.public_state, registration_date=datetime.date(2010, 1, 1)) review.concepts.add(dp) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar, dp)) self.assertFalse(dp.is_public()) self.ra.register(dp, models.STATES.candidate, self.registrar, registrationDate=timezone.now() + datetime.timedelta(days=-7)) response = self.client.get(reverse('aristotle:search') + "?q=xman") self.assertContains(response, 'Restriction') response = self.client.get( reverse('aristotle:search') + "?q=xman&res=1") self.assertNotContains(response, 'Restriction') self.assertContains(response, 'Item visibility state is Locked') self.assertEqual(len(response.context['page'].object_list), 1) dp_result = response.context['page'].object_list[0] self.assertTrue(dp_result.object.name == "deadpool") self.assertTrue(len(dp_result.statuses) == 1) self.assertTrue(dp_result.object.is_locked()) self.assertFalse(dp_result.object.is_public()) self.assertTrue( int(dp_result.statuses[0]) == int(models.STATES.candidate))
def test_concept_autocomplete_statuses(self): # see also # tests.main.test_search.test_current_statuses_only_in_search_results_and_index from django.contrib.auth.models import User self.registrar = User.objects.create_user( 'stryker', '*****@*****.**', 'mutantsMustDie') self.ra.giveRoleToUser('registrar', self.registrar) self.logout() response = self.client.post(reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar, self.ra)) dp = models.ObjectClass.objects.create( name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.wg1) review = models.ReviewRequest.objects.create( requester=self.su, registration_authority=self.ra, state=self.ra.public_state, registration_date=datetime.date(2010, 1, 1)) review.concepts.add(dp) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar, dp)) self.assertFalse(dp.is_public()) self.ra.register(dp, models.STATES.incomplete, self.su, registrationDate=timezone.now() + datetime.timedelta(days=-7)) self.ra.register(dp, models.STATES.standard, self.su, registrationDate=timezone.now() + datetime.timedelta(days=-1)) response = self.client.get( reverse('aristotle-autocomplete:concept', args=['aristotle_mdr', 'objectclass']), { 'q': 'deadpoo', }) self.assertContains(response, 'Standard') self.assertNotContains(response, 'Incomplete')
def test_visibility_restriction_facets(self): # See issue #351 self.logout() response = self.client.get(reverse('aristotle:search')+"?q=xman") self.assertTrue('Restriction' not in response.content) response = self.client.post(reverse('friendly_login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar,self.ra)) with reversion.create_revision(): dp = models.ObjectClass.objects.create(name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.xmen_wg) review = models.ReviewRequest.objects.create(requester=self.su,registration_authority=self.ra) review.concepts.add(dp) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar,dp)) self.assertFalse(dp.is_public()) from django.utils import timezone import datetime self.ra.register(dp,models.STATES.candidate,self.registrar, registrationDate=timezone.now()+datetime.timedelta(days=-7) ) response = self.client.get(reverse('aristotle:search')+"?q=xman") self.assertTrue('Restriction' in response.content) response = self.client.get(reverse('aristotle:search')+"?q=xman&res=1") self.assertTrue('Restriction' not in response.content) self.assertTrue('Item visibility state is Locked' in response.content) self.assertEqual(len(response.context['page'].object_list),1) dp_result = response.context['page'].object_list[0] self.assertTrue(dp_result.object.name=="deadpool") self.assertTrue(len(dp_result.statuses) == 1) self.assertTrue(dp_result.object.is_locked()) self.assertFalse(dp_result.object.is_public()) self.assertTrue(int(dp_result.statuses[0]) == int(models.STATES.candidate))
def test_current_statuses_only_in_search_results_and_index(self): # See issue #327 self.logout() response = self.client.post(reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar, self.ra)) with reversion.create_revision(): dp = models.ObjectClass.objects.create( name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.xmen_wg) review = models.ReviewRequest.objects.create( requester=self.su, registration_authority=self.ra) review.concepts.add(dp) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar, dp)) self.assertFalse(dp.is_public()) from django.utils import timezone import datetime self.ra.register(dp, models.STATES.incomplete, self.registrar, registrationDate=timezone.now() + datetime.timedelta(days=-7)) self.ra.register(dp, models.STATES.standard, self.registrar, registrationDate=timezone.now() + datetime.timedelta(days=-1)) response = self.client.get(reverse('aristotle:search') + "?q=deadpool") self.assertEqual(len(response.context['page'].object_list), 1) dp_result = response.context['page'].object_list[0] self.assertTrue(dp_result.object.name == "deadpool") self.assertTrue(len(dp_result.statuses) == 1) self.assertTrue( int(dp_result.statuses[0]) == int(models.STATES.standard))
def test_concept_autocomplete_statuses(self): # see also # tests.main.test_search.test_current_statuses_only_in_search_results_and_index from django.contrib.auth.models import User self.registrar = User.objects.create_user('stryker','*****@*****.**','mutantsMustDie') self.ra.giveRoleToUser('registrar',self.registrar) self.logout() response = self.client.post(reverse('friendly_login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar,self.ra)) dp = models.ObjectClass.objects.create(name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.wg1) review = models.ReviewRequest.objects.create(requester=self.su,registration_authority=self.ra) review.concepts.add(dp) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar,dp)) self.assertFalse(dp.is_public()) self.ra.register(dp,models.STATES.incomplete,self.su, registrationDate=timezone.now()+datetime.timedelta(days=-7) ) self.ra.register(dp,models.STATES.standard,self.su, registrationDate=timezone.now()+datetime.timedelta(days=-1) ) response = self.client.get( reverse( 'aristotle-autocomplete:concept', args=['aristotle_mdr', 'objectclass'] ), { 'q': 'deadpoo', } ) self.assertTrue('standard' in response.content.lower()) self.assertTrue('incomplete' not in response.content.lower())
def test_registrar_search(self): self.logout() response = self.client.post(reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in self.assertTrue(perms.user_is_registrar(self.registrar, self.ra)) with reversion.create_revision(): dp = models.ObjectClass.objects.create( name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.xmen_wg, readyToReview=False) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertFalse(perms.user_can_view(self.registrar, dp)) self.assertFalse(dp.is_public()) response = self.client.get(reverse('aristotle:search') + "?q=xman") self.assertFalse( dp in [x.object for x in response.context['page'].object_list]) for i in response.context['page'].object_list: self.assertTrue(perms.user_can_view(self.registrar, i.object)) response = self.client.get(reverse('aristotle:search') + "?q=deadpool") self.assertEqual(len(response.context['page'].object_list), 0) with reversion.create_revision(): dp.readyToReview = True dp.save() dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertTrue(perms.user_can_view(self.registrar, dp)) # Stryker should be able to find items that are "ready for review" in his RA only. response = self.client.get(reverse('aristotle:search') + "?q=deadpool") self.assertEqual(len(response.context['page'].object_list), 1) self.assertEqual(response.context['page'].object_list[0].object.item, dp) self.assertTrue( perms.user_can_view( self.registrar, response.context['page'].object_list[0].object))
def get_context_data(self, *args, **kwargs): context = super().get_context_data(*args, **kwargs) if self.request.user.is_anonymous: context['isFavourite'] = False else: context['isFavourite'] = self.request.user.profile.is_favourite( self.item) aristotle_settings = fetch_aristotle_settings() links_from, links_to = self.get_links() context.update({ 'last_edit': Version.objects.get_for_object(self.item).first(), # Only display viewable slots 'slots': Slot.objects.get_item_allowed(self.item, self.user), 'item': self.item, 'statuses': self.item.current_statuses, 'discussions': self.item.relatedDiscussions.all(), 'activetab': 'item', 'has_links': links_from or links_to, 'links_from': links_from, 'links_to': links_to, 'custom_values': self.get_custom_values(), 'submitting_organizations': self.item.submitting_organizations, 'responsible_organizations': self.item.responsible_organizations, 'infobox_identifier_name': aristotle_settings['INFOBOX_IDENTIFIER_NAME'] }) # Add a list of viewable concept ids for fast visibility checks in # templates # Since its lazy we can do this every time :) lazy_viewable_ids = SimpleLazyObject(lambda: list( MDR._concept.objects.visible(self.user).values_list('id', flat=True))) context['viewable_ids'] = lazy_viewable_ids # Permissions (so they are looked up once) context.update({ 'can_edit': user_can_edit(self.user, self.item), 'can_publish': user_can_publish_object(self.user, self.item), 'can_supersede': user_can_supersede(self.user, self.item), 'can_add_status': user_can_add_status(self.user, self.item), 'is_registrar': user_is_registrar(self.user) }) return context
def has_add_permission(self, request): if perms.user_is_registrar(request.user): return True return super(StatusInline, self).has_add_permission(request)
def has_perm(self, user_obj, perm, obj=None): if not user_obj.is_active: return False if user_obj.is_superuser: return True app_label, perm_name = perm.split('.', 1) extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', []) if app_label == "aristotle_mdr" and hasattr(perms, perm_name): return getattr(perms, perm_name)(user_obj, obj) from django.apps import apps from aristotle_mdr.models import _concept perm_parts = perm_name.split("_") if len(perm_parts) == 2: model = apps.get_model(app_label, perm_parts[1]) elif obj is not None: model = type(obj) else: model = int if app_label in extensions + ["aristotle_mdr"] and issubclass(model, _concept): # This is required so that a user can correctly delete the 'concept' parent class in the admin site. # This is a rough catch all, and is designed to indicate a user could # delete an item type, but not a specific item. if ( perm_name.startswith('delete_') or perm_name.startswith('create_') or perm_name.startswith('add_') ): if obj is None: return perms.user_is_editor(user_obj) else: return perms.user_can_edit(user_obj, obj) if app_label in extensions + ["aristotle_mdr"]: if perm_name == "delete_concept_from_admin": return obj is None or perms.user_can_edit(user_obj, obj) if perm == "aristotle_mdr.can_create_metadata": return perms.user_is_editor(user_obj) if perm == "aristotle_mdr.view_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_leave_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.change_workgroup_memberships": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.change_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_archive_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_view_discussions_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_post_discussion_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_view_discussion_post": return perms.user_in_workgroup(user_obj, obj.workgroup) if perm == "aristotle_mdr.view_registrationauthority_details": return ( perms.user_is_registation_authority_manager(user_obj, obj) or perms.user_is_registrar(user_obj, obj) ) if perm == "aristotle_mdr.change_registrationauthority": return perms.user_is_registation_authority_manager(user_obj, obj) if perm == "aristotle_mdr.change_registrationauthority_memberships": return perms.user_is_registation_authority_manager(user_obj, obj) from aristotle_mdr.contrib.links import perms as link_perms if perm == "aristotle_mdr_links.add_link": return link_perms.user_can_make_link(user_obj) return super().has_perm(user_obj, perm, obj)
def is_registrar(self): return perms.user_is_registrar(self.user)
def has_perm(self, user_obj, perm, obj=None): if not user_obj.is_active: return False if user_obj.is_superuser: return True app_label, perm_name = perm.split('.', 1) extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', []) if app_label == "aristotle_mdr" and hasattr(perms, perm_name): return getattr(perms, perm_name)(user_obj, obj) from django.apps import apps from aristotle_mdr.models import _concept perm_parts = perm_name.split("_") if len(perm_parts) == 2: model = apps.get_model(app_label, perm_parts[1]) else: model = int if app_label in extensions + ["aristotle_mdr"] and issubclass( model, _concept): # This is required so that a user can correctly delete the 'concept' parent class in the admin site. # This is a rough catch all, and is designed to indicate a user could # delete an item type, but not a specific item. if (perm_name.startswith('delete_') or perm_name.startswith('create_') or perm_name.startswith('add_')): if obj is None: return perms.user_is_editor(user_obj) else: return perms.user_can_edit(user_obj, obj) if app_label in extensions + ["aristotle_mdr"]: if perm_name == "delete_concept_from_admin": return obj is None or perms.user_can_edit(user_obj, obj) if perm == "aristotle_mdr.can_create_metadata": return perms.user_is_editor(user_obj) if perm == "aristotle_mdr.view_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_leave_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.change_workgroup_memberships": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.change_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_archive_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_view_discussions_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_post_discussion_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_view_discussion_post": return perms.user_in_workgroup(user_obj, obj.workgroup) if perm == "aristotle_mdr.view_registrationauthority_details": return (perms.user_is_registation_authority_manager(user_obj, obj) or perms.user_is_registrar(user_obj, obj)) if perm == "aristotle_mdr.change_registrationauthority": return perms.user_is_registation_authority_manager(user_obj, obj) if perm == "aristotle_mdr.change_registrationauthority_memberships": return perms.user_is_registation_authority_manager(user_obj, obj) from aristotle_mdr.contrib.links import perms as link_perms if perm == "aristotle_mdr_links.add_link": return link_perms.user_can_make_link(user_obj) return super(AristotleBackend, self).has_perm(user_obj, perm, obj)
def has_add_permission(self, request): if perms.user_is_registrar(request.user): return True return super().has_add_permission(request)
def test_is_registrar(self): self.assertTrue(perms.user_is_registrar(self.su))
def test_is_registrar(self): self.assertTrue(perms.user_is_registrar(self.su)) ra = models.RegistrationAuthority.objects.create(name="Test RA") self.assertTrue(perms.user_is_registrar(self.su,ra))
def can_use(cls, user): return user_is_registrar(user)
def test_is_registrar(self): self.assertTrue(perms.user_is_registrar(self.su)) ra = models.RegistrationAuthority.objects.create(name="Test RA", stewardship_organisation=self.steward_org_1) self.assertTrue(perms.user_is_registrar(self.su,ra))