Example #1
0
    def test_is_group_owner(self):
        # user is group owner
        sec = security.get_security_for_group(self.user, self.group)
        self.assertTrue(sec.is_group_owner())

        # superuser is not group owner
        sec = security.get_security_for_group(self.superuser, self.group)
        self.assertFalse(sec.is_group_owner())

        # staff user is not group owner
        sec = security.get_security_for_group(self.staffuser, self.group)
        self.assertFalse(sec.is_group_owner())
Example #2
0
    def test_is_group_owner(self):
        # user is group owner
        sec = security.get_security_for_group(self.user, self.group)
        self.assertTrue(sec.is_group_owner())

        # superuser is not group owner
        sec = security.get_security_for_group(self.superuser, self.group)
        self.assertFalse(sec.is_group_owner())

        # staff user is not group owner
        sec = security.get_security_for_group(self.staffuser, self.group)
        self.assertFalse(sec.is_group_owner())
Example #3
0
def can_delete_group(group, user):
    """
    Checks if a given user has enough rights to delete a group
    :param group: booki.editor.models.BookiGroup instance
    :param user: django.contrib.auth.models.User instance
    :returns: Boolean
    """

    group_security = security.get_security_for_group(user, group)

    return group_security.is_group_admin()
Example #4
0
    def dispatch(self, request, *args, **kwargs):
        """
        Checks if user is a group admin. If not, return no permissions page
        """

        self.object = self.get_object()
        group_security = security.get_security_for_group(request.user, self.object)

        if not group_security.is_admin():
            return views.ErrorPage(request, "errors/nopermissions.html")

        return super(GroupUpdateView, self).dispatch(request, *args, **kwargs)
Example #5
0
    def dispatch(self, request, *args, **kwargs):
        """
        Checks if user is a group admin. If not, return no permissions page
        """

        self.object = self.get_object()
        group_security = security.get_security_for_group(request.user, self.object)

        if not group_security.is_admin():
            return views.ErrorPage(request, "errors/nopermissions.html")

        return super(GroupUpdateView, self).dispatch(request, *args, **kwargs)
Example #6
0
    def get_context_data(self, **kwargs):
        context = super(GroupPageView, self).get_context_data(**kwargs)
        try:
            context['selected_group'] = BookiGroup.objects.get(url_name=context['groupid'])
        except BookiGroup.DoesNotExist:
            context['selected_group_error'] = True
            return context
        except BookiGroup.MultipleObjectsReturned:
            context['selected_group_error'] = True
            return context

        context['selected_group_error'] = False
        context['title'] = context['selected_group'].name

        context['group_members'] = context['selected_group'].members.all()
        if self.request.user.is_superuser:
            context['books_list'] = Book.objects.filter(group=context['selected_group']).order_by('-created')
        else:
            context['books_list'] = Book.objects.filter(
                Q(group=context['selected_group']), Q(hidden=False) | Q(owner=self.request.user)
            ).order_by('-created')

        context['user_group'] = {
            'url_name': context['selected_group'].url_name, 'name': context['selected_group'].name,
            'description': context['selected_group'].description, 'num_members': context['selected_group'].members.count(),
            'num_books': context['books_list'].count(), 'group_image': context['selected_group'].get_big_group_image
        }

        context['books_to_add'] = []

        user_group_security = security.get_security_for_group(self.request.user, context['selected_group'])
        context['is_group_admin'] = user_group_security.is_group_admin()

        if context['is_group_admin']:
            if self.request.user.is_superuser:
                # Last filter (group__isnull=True) should be removed when Book model will support multiple groups
                list_of_books = Book.objects.exclude(group=context['selected_group']).\
                    filter(group__isnull=True)
            else:
                # Last filter (group__isnull=True) should be removed when Book model will support multiple groups
                list_of_books = Book.objects.exclude(group=context['selected_group']).\
                    filter(owner=self.request.user).\
                    filter(group__isnull=True)

            for b in list_of_books:
                context['books_to_add'].append({'id': b.id, 'cover': b.cover, 'url_title': b.url_title, 'title': b.title})

        context['is_group_member'] = self.request.user in context['group_members']

        return context
Example #7
0
    def get_context_data(self, **kwargs):
        context = super(GroupPageView, self).get_context_data(**kwargs)
        try:
            context['selected_group'] = BookiGroup.objects.get(url_name=context['groupid'])
        except BookiGroup.DoesNotExist:
            context['selected_group_error'] = True
            return context
        except BookiGroup.MultipleObjectsReturned:
            context['selected_group_error'] = True
            return context

        context['selected_group_error'] = False
        context['title'] = context['selected_group'].name

        context['group_members'] = context['selected_group'].members.all()
        if self.request.user.is_superuser:
            context['books_list'] = Book.objects.filter(group=context['selected_group']).order_by('-created')
        else:
            context['books_list'] = Book.objects.filter(
                Q(group=context['selected_group']), Q(hidden=False) | Q(owner=self.request.user)
            ).order_by('-created')

        context['user_group'] = {
            'url_name': context['selected_group'].url_name, 'name': context['selected_group'].name,
            'description': context['selected_group'].description, 'num_members': context['selected_group'].members.count(),
            'num_books': context['books_list'].count(), 'group_image': context['selected_group'].get_big_group_image
        }

        context['books_to_add'] = []

        user_group_security = security.get_security_for_group(self.request.user, context['selected_group'])
        context['is_group_admin'] = user_group_security.is_group_admin()

        if context['is_group_admin']:
            if self.request.user.is_superuser:
                # Last filter (group__isnull=True) should be removed when Book model will support multiple groups
                list_of_books = Book.objects.exclude(group=context['selected_group']).\
                    filter(group__isnull=True)
            else:
                # Last filter (group__isnull=True) should be removed when Book model will support multiple groups
                list_of_books = Book.objects.exclude(group=context['selected_group']).\
                    filter(owner=self.request.user).\
                    filter(group__isnull=True)

            for b in list_of_books:
                context['books_to_add'].append({'id': b.id, 'cover': b.cover, 'url_title': b.url_title, 'title': b.title})

        context['is_group_member'] = self.request.user in context['group_members']

        return context
Example #8
0
    def delete(self, request, *args, **kwargs):
        user = self.request.user
        group = self.get_object()
        group_security = security.get_security_for_group(user, group)

        if group.owner != user and not user.is_superuser or not group_security.is_group_admin():
            messages.warning(self.request, _("You are not allowed to delete this group"))
            return HttpResponseRedirect(self.get_success_url())
        else:
            # remove books from group
            group.book_set.update(group=None)

            # delete group images if needed
            try:
                group.remove_group_images()
            except Exception as e:
                print e

            messages.success(self.request, _('Group successfully deleted.'))
        return super(GroupDeleteView, self).delete(request, *args, **kwargs)
Example #9
0
    def delete(self, request, *args, **kwargs):
        user = self.request.user
        group = self.get_object()
        group_security = security.get_security_for_group(user, group)

        if group.owner != user and not user.is_superuser or not group_security.is_group_admin():
            messages.warning(self.request, _("You are not allowed to delete this group"))
            return HttpResponseRedirect(self.get_success_url())
        else:
            # remove books from group
            group.book_set.update(group=None)

            # delete group images if needed
            try:
                group.remove_group_images()
            except Exception as e:
                print e

            messages.success(self.request, _('Group successfully deleted.'))
        return super(GroupDeleteView, self).delete(request, *args, **kwargs)
Example #10
0
    def dispatch(self, request, *args, **kwargs):
        # try to create security instance
        try:
            if self.security_bridge is Security:
                self.security = get_security(request.user)
            elif self.security_bridge is BookSecurity:
                book = Book.objects.get(url_title__iexact=kwargs['bookid'])
                self.security = get_security_for_book(request.user, book)
            elif self.security_bridge is GroupSecurity:
                group = BookiGroup.objects.get(url_name=kwargs['groupid'])
                self.security = get_security_for_group(request.user, group)
        except (BookiGroup.DoesNotExist, Book.DoesNotExist):
            raise Http404
        except KeyError as e:
            raise Exception('{bridge} bridge requires "{key}" in request'.format(bridge=self.security_bridge,
                                                                                 key=e.message))

        # hook for checking permissions
        self.check_permissions(request, *args, **kwargs)

        return super(SecurityMixin, self).dispatch(request, *args, **kwargs)
Example #11
0
    def dispatch(self, request, *args, **kwargs):
        # try to create security instance
        try:
            if self.security_bridge is Security:
                self.security = get_security(request.user)
            elif self.security_bridge is BookSecurity:
                book = Book.objects.get(url_title__iexact=kwargs['bookid'])
                self.security = get_security_for_book(request.user, book)
            elif self.security_bridge is GroupSecurity:
                group = BookiGroup.objects.get(url_name=kwargs['groupid'])
                self.security = get_security_for_group(request.user, group)
        except (BookiGroup.DoesNotExist, Book.DoesNotExist):
            raise Http404
        except KeyError as e:
            raise Exception('{bridge} bridge requires "{key}" in request'.format(bridge=self.security_bridge,
                                                                                 key=e.message))

        # hook for checking permissions
        self.check_permissions(request, *args, **kwargs)

        return super(SecurityMixin, self).dispatch(request, *args, **kwargs)
Example #12
0
 def test_get_security_for_group(self):
     # let's test helper for retrieving BookSecurity instance
     group = self.bookrole.book.group
     self.assertEqual(security.GroupSecurity(self.user, group).__class__,
                      security.get_security_for_group(self.user, group).__class__)
Example #13
0
 def test_get_security_for_group(self):
     # let's test helper for retrieving BookSecurity instance
     group = self.bookrole.book.group
     self.assertEqual(
         security.GroupSecurity(self.user, group).__class__,
         security.get_security_for_group(self.user, group).__class__)