class RegionPermissionTests(TestCase): def setUp(self): self.regions = [] self.sf = Region(full_name="San Francisco", slug="sf") self.sf.save() self.oak = Region(full_name="Oakland", slug="oak") self.oak.save() self.philip = User(username="******", email="*****@*****.**") self.philip.save() self.marina = User(username="******", email="*****@*****.**") self.marina.save() # Philip admin of SF self.sf.regionsettings.admins.add(self.philip) # Marina admin of Oakland self.oak.regionsettings.admins.add(self.marina) def test_banned_cant_edit(self): # Add Marina to the SF banned list banned_sf, created = BannedFromRegion.objects.get_or_create(region=self.sf) banned_sf.users.add(self.marina) p = Page(name="In sf", region=self.sf) self.assertFalse(self.marina.has_perm('pages.change_page', p)) mapdata = MapData(page=p, region=self.sf) self.assertFalse(self.marina.has_perm('maps.change_map', mapdata)) redirect = Redirect(source="testsource", destination=p, region=self.sf) self.assertFalse(self.marina.has_perm('redirects.change_redirect', redirect))
def test_ensure_profile_no_profile_if_not_staff(self): george = User(username='******') george.has_perm = Mock() george.has_perm.return_value = True signals.ensure_profile(sender=george.__class__, instance=george) with self.assertRaises(Profile.DoesNotExist): george.profile
def test_ensure_profile_handles_signal(self): george = User(username='******', is_staff=True) george.has_perm = Mock() george.has_perm.return_value = True with self.assertRaises(ValueError): # post_save must raise, since John was not saved, so save() on # related Profile is prohibited to prevent data loss. post_save.send(sender=george.__class__, instance=george)
def test_permissions(self): user = User() user.first_name = "Justin" user.last_name = "Gray" user.username = "******" user.save() self.c.group.user_set.add(user) self.assertTrue(user.has_perm('registration.test_admin'))
def get_menu(user: User, active_app: str=None) -> dict: apps = [] for app in settings.INSTALLED_APPS: if app in EXCLUDED_APPS: continue if app == "core": continue try: module = importlib.import_module("%s.views" % app) get_menu_entry = getattr(module, 'get_menu_entry') menu_entry = get_menu_entry(active_app, user) if menu_entry: apps.append(menu_entry) except: pass menu = {"full_name": user.get_full_name(), "apps": apps} menu['admin_settings'] = user.has_perm('core.add_coresettingsmodel') return menu
def main(): # User.objects.all().delete() # Group.objects.all().delete() django_users, django_groups, django_permissions = ( User.objects.all(), Group.objects.all(), Permission.objects.all()) if len(django_users) or len(django_groups): print( "Django users (%d) and/or groups (%d) already present, exiting ..." % (len(django_users), len(django_groups))) sys.exit(0) non_basic_perms = [ cur_perm for cur_perm in django_permissions if cur_perm.codename.split("_")[0] not in ["add", "delete", "change"] ] if non_basic_perms: print("removing %d non-django permissions" % (len(non_basic_perms))) for nbp in non_basic_perms: nbp.delete() cluster_users, cluster_groups, cluster_perms = ( user.objects.all().order_by("pk"), group.objects.all().order_by("pk"), # capability.objects.all().order_by("pk") [], ) user_content_type = ContentType.objects.get(app_label="backbone", model="user") print("Found %s:" % (logging_tools.get_plural("custer capability", len(cluster_perms)))) perm_lut = {} for cluster_perm in cluster_perms: new_perm = Permission(codename="wf_%s" % (cluster_perm.name), content_type=user_content_type, name=cluster_perm.description) new_perm.save() perm_lut[cluster_perm.pk] = new_perm print("Meta block for user should contain:") print() print(" class Meta:") print(" permissions = {") print("\n".join([ " (\"%s\", \"%s\")," % ("wf_%s" % (cluster_perm.name), cluster_perm.description) for cluster_perm in cluster_perms ])) print(" }") print() if not len(cluster_users) and not len(cluster_groups): print("No cluster users or groups defined, stragen ...") sys.exit(0) print("Found %s and %s:" % (logging_tools.get_plural("cluster group", len(cluster_groups)), logging_tools.get_plural("cluster user", len(cluster_users)))) group_lut, user_lut = ({}, {}) for c_group in cluster_groups: new_group = Group(name=c_group.groupname) new_group.save() group_lut[c_group.pk] = new_group print(" created django group %s" % (str(new_group))) group_caps = c_group.group_cap_set.all() new_group.permissions.add( *[perm_lut[group_cap.capability_id] for group_cap in group_caps]) print(" added %s" % (logging_tools.get_plural("capability", len(group_caps)))) for c_user in cluster_users: new_user = User(username=c_user.login, first_name=c_user.uservname, last_name=c_user.usernname, email=c_user.useremail, password=CRYPT_HASH_FORMSTR % (c_user.password), is_staff=False, is_active=True if c_user.active else False, is_superuser=False) new_user.save() user_lut[c_user.pk] = new_user print(" created django user %s" % (str(new_user))) # add primary user new_user.groups.add(group_lut[c_user.group_id]) print(" added primary group %s" % (str(group_lut[c_user.group_id]))) # secondary groups for sec_group in c_user.user_group_set.all(): new_user.groups.add(group_lut[sec_group.pk]) print(" added secondary group %s" % (str(group_lut[sec_group.pk]))) # caps user_caps = c_user.user_cap_set.all() new_user.user_permissions.add( *[perm_lut[user_cap.capability_id] for user_cap in user_caps]) print(" added %s" % (logging_tools.get_plural("capability", len(user_caps)))) su_perm = "backbone.wf_mu" if new_user.has_perm(su_perm): new_user.is_staff = True new_user.is_superuser = True new_user.save() print( " user is staff and superuser because of %s permission" % (su_perm))
def test_add_global_permission(self): registry.register('test_permission', test_permission) user = User() user.save() self.assertTrue(user.has_perm('test_permission'))
def administrator_profile(request): print("entra a perfil admin") create_user_form = CreateUserForm() academic_periods = json.loads((get_periods()).decode('utf-8')) print("academics periods") print(type(academic_periods)) print(academic_periods) print("academics periods") context = { 'create_user_form' : create_user_form, 'academic_periods' : academic_periods, } if request.method == 'POST': create_user_form = CreateUserForm(request.POST or None) if create_user_form.is_valid(): type_user = create_user_form.cleaned_data.get("type_user") print("el tipo de dato de usuario es") print(type(type_user)) username = create_user_form.cleaned_data.get("username") first_name = create_user_form.cleaned_data.get("first_name") last_name = create_user_form.cleaned_data.get("last_name") email = create_user_form.cleaned_data.get("email") id = create_user_form.cleaned_data.get("id") password = create_user_form.cleaned_data.get("password") #-------Creating User--------> user = User( username = username, first_name=first_name , last_name=last_name, email=email, id=int(id) ) user.set_password(password) user.save() #------Giving permissions---> if type_user == "1": permission_administrator = Permission.objects.get(name='administrator') user.user_permissions.add(permission_administrator) user.save() if type_user == "2": permission_professor = Permission.objects.get(name='professor') user.user_permissions.add(permission_professor) user.save() # ------Creating token---> #user = User.objects.get(id=id) #token = Token.objects.create(user=user) #------Creating info to send api data_user = { "id": id, "username": username, "password": password, "first_name": first_name, "last_name": last_name, "email": email, #"token": token.key } data_str = json.dumps(data_user) print("data str") print(data_str) data_enc = data_str.encode('utf-8') print("data enc") print(data_enc) print(data_user) response = create_user(data_enc) print(response) if user.has_perm('auth.administrator') or user.has_perm('auth.professor'): return redirect("created_user/") else: return redirect("fail_user/") else: print(create_user_form.errors) return render(request, "profile/administrator_profile.html", context)
def get_can_immediately_watch_tv_shows(self, user: User): return user.is_staff or user.has_perm( 'app.{}'.format(PERM_CAN_WATCH_IMMEDIATELY_TV))
def has_permission(self, user: User, permission: Permission) -> bool: """Return whether the given user has a specific permission for the tree.""" if permission == Permission.read and self.public: return True return any(user.has_perm(perm, self) for perm in permission.associated_permissions)
def has_read_snommoc_api_permission(user: User) -> bool: return user.has_perm(f'api.{READ_SNOMMOC_API}')
class TestAPIPermissions(ResourceTestCase): def setUp(self): super(TestAPIPermissions, self).setUp() self.c = Club() self.c.name = "test" self.c.save() self.user = User() self.user.first_name = "Justin" self.user.last_name = "Gray" self.user.username = "******" self.user.save() self.user.set_password("test") self.user.save() self.c.group.user_set.add(self.user) self.user2 = User() self.user2.first_name = "Eli" self.user2.last_name = "Gray" self.user2.username = "******" self.user2.save() self.user2.set_password("test") self.user2.save() self.detail_url = '/garage/api/v1/club/{0}/'.format(self.c.pk) self.list_url = '/garage/api/v1/club/' def tearDown(self): for model in m.get_models(): model.objects.all().delete() def get_credentials(self): resp = self.api_client.client.login(username='******', password='******') return resp def test_add_coupons(self): data = {"code": "something", "username": "******", "discount_amount": "100", "uses_left": "10", "expires": "2013-10-01", "club": "/garage/api/v1/club/test/", "permanent": True} resp = self.api_client.post('/garage/api/v1/coupon/', format='json', authenticate=self.get_credentials(), data=data) self.assertHttpCreated(resp) def test_not_allowed(self): cred = self.api_client.client.login(username='******', password='******') resp = self.api_client.get(self.detail_url, format="json", authenticate=cred) self.assertHttpUnauthorized(resp) def test_list_club_admins(self): self.client.login(username='******', password='******') resp = self.api_client.get(self.detail_url, format="json", authenticate=self.get_credentials()) self.assertValidJSONResponse(resp) data = self.deserialize(resp) self.assertEqual([{u'username': u'justingray', u'first_name': u'Justin', u'last_name': u'Gray', u'email': u''}], data['admins']) new_data = data.copy() new_data['admins'].append({u'username': u'eligray'}) #use2 should not have permissions yet self.assertFalse(self.user2.has_perm('registration.test_admin')) resp = self.api_client.post(self.list_url, format='json', data=new_data, authentication=self.get_credentials()) self.assertHttpCreated(resp) #make sure the new person was added to the list resp = self.api_client.get(self.detail_url, format="json", authenticate=self.get_credentials()) self.assertValidJSONResponse(resp) data = self.deserialize(resp) self.assertEqual([{u'username': u'justingray', u'first_name': u'Justin', u'last_name': u'Gray', u'email': u''}, {u'username': u'eligray', u'first_name': u'Eli', u'last_name': u'Gray', u'email': u''}], data['admins']) #justin should still have perms u = User.objects.get(username='******') #mser2 should now have permissions self.assertTrue(u.has_perm('registration.test_admin')) u = User.objects.get(username='******') #need to re-get from db here, for perms to update #eli should now has permissions self.assertTrue(u.has_perm('registration.test_admin')) #try empty admins list new_data['admins'] = [] resp = self.api_client.post(self.list_url, format='json', data=new_data, authentication=self.get_credentials()) self.assertHttpCreated(resp)
def has_perm_obj(user: User, perm: Permission): key = perm.natural_key() codename = '{}.{}'.format(key[1], key[0]) return user.has_perm(codename)
def administrator_profile(request): create_user_form = CreateUserForm() academic_periods = json.loads((get_periods()).decode('utf-8')) print("academics periods") print(type(academic_periods)) print(academic_periods) print("academics periods") context = { 'create_user_form': create_user_form, 'academic_periods': academic_periods, } if request.method == 'POST': create_user_form = CreateUserForm(request.POST or None) if create_user_form.is_valid(): type_user = create_user_form.cleaned_data.get("type_user") print("el tipo de dato de usuario es") print(type(type_user)) username = create_user_form.cleaned_data.get("username") first_name = create_user_form.cleaned_data.get("first_name") last_name = create_user_form.cleaned_data.get("last_name") email = create_user_form.cleaned_data.get("email") id = create_user_form.cleaned_data.get("id") password = create_user_form.cleaned_data.get("password") #-------Creating User--------> user = User(username=username, first_name=first_name, last_name=last_name, email=email, id=id) user.set_password(password) user.save() #------Giving permissions---> if type_user == "1": permission_administrator = Permission.objects.get( name='administrator') user.user_permissions.add(permission_administrator) user.save() if type_user == "2": permission_professor = Permission.objects.get(name='professor') user.user_permissions.add(permission_professor) user.save() if user.has_perm('auth.administrator') or user.has_perm( 'auth.professor'): return redirect("/uvdomjugde/administrator/created_user") else: return redirect("/uvdomjugde/administrator/fail_user") else: print(create_user_form.errors) return render(request, "profile/administrator_profile.html", context)
def delete_if_has_perm(self, principal: User): if not principal.has_perm("connector_accessmod.delete_fileset", self): raise PermissionDenied return super().delete()
class TestAPIPermissions(ResourceTestCase): def setUp(self): super(TestAPIPermissions, self).setUp() self.c = Club() self.c.name = "test" self.c.save() self.user = User() self.user.first_name = "Justin" self.user.last_name = "Gray" self.user.username = "******" self.user.save() self.user.set_password("test") self.user.save() self.c.group.user_set.add(self.user) self.user2 = User() self.user2.first_name = "Eli" self.user2.last_name = "Gray" self.user2.username = "******" self.user2.save() self.user2.set_password("test") self.user2.save() self.detail_url = '/garage/api/v1/club/{0}/'.format(self.c.pk) self.list_url = '/garage/api/v1/club/' def tearDown(self): for model in m.get_models(): model.objects.all().delete() def get_credentials(self): resp = self.api_client.client.login(username='******', password='******') return resp def test_add_coupons(self): data = { "code": "something", "username": "******", "discount_amount": "100", "uses_left": "10", "expires": "2013-10-01", "club": "/garage/api/v1/club/test/", "permanent": True } resp = self.api_client.post('/garage/api/v1/coupon/', format='json', authenticate=self.get_credentials(), data=data) self.assertHttpCreated(resp) def test_not_allowed(self): cred = self.api_client.client.login(username='******', password='******') resp = self.api_client.get(self.detail_url, format="json", authenticate=cred) self.assertHttpUnauthorized(resp) def test_list_club_admins(self): self.client.login(username='******', password='******') resp = self.api_client.get(self.detail_url, format="json", authenticate=self.get_credentials()) self.assertValidJSONResponse(resp) data = self.deserialize(resp) self.assertEqual([{ u'username': u'justingray', u'first_name': u'Justin', u'last_name': u'Gray', u'email': u'' }], data['admins']) new_data = data.copy() new_data['admins'].append({u'username': u'eligray'}) #use2 should not have permissions yet self.assertFalse(self.user2.has_perm('registration.test_admin')) resp = self.api_client.post(self.list_url, format='json', data=new_data, authentication=self.get_credentials()) self.assertHttpCreated(resp) #make sure the new person was added to the list resp = self.api_client.get(self.detail_url, format="json", authenticate=self.get_credentials()) self.assertValidJSONResponse(resp) data = self.deserialize(resp) self.assertEqual([{ u'username': u'justingray', u'first_name': u'Justin', u'last_name': u'Gray', u'email': u'' }, { u'username': u'eligray', u'first_name': u'Eli', u'last_name': u'Gray', u'email': u'' }], data['admins']) #justin should still have perms u = User.objects.get(username='******') #mser2 should now have permissions self.assertTrue(u.has_perm('registration.test_admin')) u = User.objects.get( username='******' ) #need to re-get from db here, for perms to update #eli should now has permissions self.assertTrue(u.has_perm('registration.test_admin')) #try empty admins list new_data['admins'] = [] resp = self.api_client.post(self.list_url, format='json', data=new_data, authentication=self.get_credentials()) self.assertHttpCreated(resp)
def has_perm(user: User, obj: django.db.models.Model, perm: str): # wrapper for guardian.user.has_perm if hasattr(obj, 'owner') and obj.owner == user: return True else: return user.has_perm(perm, obj)
class RestrictiveBackendTest(TestCase): def setUp(self): self.user = User(username='******', email='*****@*****.**', password='******') self.user.save() self.group = Group.objects.create(name='Cool group') self.user.groups.add(self.group) self.user.save() def tearDown(self): self.user.delete() self.group.delete() def test_inactive_user_blocked(self): t = Thing(name='Test thing') t.save() self.user.is_active = False self.user.save() assign_perm('change_thing', self.user, t) self.assertFalse(self.user.has_perm('tests.change_thing', t)) def test_banned_user_blocked(self): banned = Group.objects.get(name=settings.USERS_BANNED_GROUP) t = Thing(name='Test thing') t.save() assign_perm('change_thing', self.user, t) self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.user.groups.add(banned) self.user.save() self.assertFalse(self.user.has_perm('tests.change_thing', t)) def test_admin_not_blocked(self): t = Thing(name='Test thing') t.save() self.user.is_superuser = True self.assertTrue(self.user.has_perm('tests.change_thing', t)) assign_perm('change_thing', self.user, t) self.assertTrue(self.user.has_perm('tests.change_thing', t)) # let's ban the admin, should still have access banned = Group.objects.get(name=settings.USERS_BANNED_GROUP) self.user.groups.add(banned) self.user.save() self.assertTrue(self.user.has_perm('tests.change_thing', t)) # inactive is a global Django concept, so should obey it self.user.is_active = False self.user.save() self.assertFalse(self.user.has_perm('tests.change_thing', t)) def test_object_permissions_win_over_user(self): t = Thing(name='Test thing') t.save() perm = Permission.objects.get(codename="add_thing") self.user.user_permissions.add(perm) perm = Permission.objects.get(codename="change_thing") self.user.user_permissions.add(perm) perm = Permission.objects.get(codename="delete_thing") self.user.user_permissions.add(perm) self.user.save() self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertTrue(self.user.has_perm('tests.add_thing', t)) self.assertTrue(self.user.has_perm('tests.delete_thing', t)) assign_perm('change_thing', self.user, t) # per-object permission self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertFalse(self.user.has_perm('tests.add_thing', t)) self.assertFalse(self.user.has_perm('tests.delete_thing', t)) def test_object_permissions_win_over_group(self): t = Thing(name='Test thing') t.save() perm = Permission.objects.get(codename="add_thing") self.group.permissions.add(perm) perm = Permission.objects.get(codename="change_thing") self.group.permissions.add(perm) perm = Permission.objects.get(codename="delete_thing") self.group.permissions.add(perm) self.user.save() self.assertTrue(self.user.has_perm('tests.change_thing')) self.assertTrue(self.user.has_perm('tests.add_thing')) self.assertTrue(self.user.has_perm('tests.delete_thing')) self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertTrue(self.user.has_perm('tests.add_thing', t)) self.assertTrue(self.user.has_perm('tests.delete_thing', t)) assign_perm('change_thing', self.group, t) # per-object permission self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertFalse(self.user.has_perm('tests.add_thing', t)) self.assertFalse(self.user.has_perm('tests.delete_thing', t))
class RestrictiveBackendTest(TestCase): def setUp(self): self.user = User(username='******', email='*****@*****.**', password='******') self.user.save() self.group = Group.objects.create(name='Cool group') self.user.groups.add(self.group) self.user.save() def tearDown(self): self.user.delete() self.group.delete() def test_inactive_user_blocked(self): t = Thing(name='Test thing') t.save() self.user.is_active = False self.user.save() assign('change_thing', self.user, t) self.assertFalse(self.user.has_perm('tests.change_thing', t)) def test_banned_user_blocked(self): banned = Group.objects.get(name=settings.USERS_BANNED_GROUP) t = Thing(name='Test thing') t.save() assign('change_thing', self.user, t) self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.user.groups.add(banned) self.user.save() self.assertFalse(self.user.has_perm('tests.change_thing', t)) def test_admin_not_blocked(self): t = Thing(name='Test thing') t.save() self.user.is_superuser = True self.assertTrue(self.user.has_perm('tests.change_thing', t)) assign('change_thing', self.user, t) self.assertTrue(self.user.has_perm('tests.change_thing', t)) # let's ban the admin, should still have access banned = Group.objects.get(name=settings.USERS_BANNED_GROUP) self.user.groups.add(banned) self.user.save() self.assertTrue(self.user.has_perm('tests.change_thing', t)) # inactive is a global Django concept, so should obey it self.user.is_active = False self.user.save() self.assertFalse(self.user.has_perm('tests.change_thing', t)) def test_object_permissions_win_over_user(self): t = Thing(name='Test thing') t.save() perm = Permission.objects.get(codename="add_thing") self.user.user_permissions.add(perm) perm = Permission.objects.get(codename="change_thing") self.user.user_permissions.add(perm) perm = Permission.objects.get(codename="delete_thing") self.user.user_permissions.add(perm) self.user.save() self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertTrue(self.user.has_perm('tests.add_thing', t)) self.assertTrue(self.user.has_perm('tests.delete_thing', t)) assign('change_thing', self.user, t) # per-object permission self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertFalse(self.user.has_perm('tests.add_thing', t)) self.assertFalse(self.user.has_perm('tests.delete_thing', t)) def test_object_permissions_win_over_group(self): t = Thing(name='Test thing') t.save() perm = Permission.objects.get(codename="add_thing") self.group.permissions.add(perm) perm = Permission.objects.get(codename="change_thing") self.group.permissions.add(perm) perm = Permission.objects.get(codename="delete_thing") self.group.permissions.add(perm) self.user.save() self.assertTrue(self.user.has_perm('tests.change_thing')) self.assertTrue(self.user.has_perm('tests.add_thing')) self.assertTrue(self.user.has_perm('tests.delete_thing')) self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertTrue(self.user.has_perm('tests.add_thing', t)) self.assertTrue(self.user.has_perm('tests.delete_thing', t)) assign('change_thing', self.group, t) # per-object permission self.assertTrue(self.user.has_perm('tests.change_thing', t)) self.assertFalse(self.user.has_perm('tests.add_thing', t)) self.assertFalse(self.user.has_perm('tests.delete_thing', t))
def test_view_modify(self): """ Test modifying an instance """ args = (self.cluster.slug, self.vm.hostname) url = '/cluster/%s/%s/edit' % args user = User(id=52, username='******') user.set_password('secret2') user.save() # -- GET # Anonymous User response = self.c.get(url) self.assertEqual(302, response.status_code) # User with Modify Permissions user.grant('modify', self.vm) self.assertTrue(self.c.login(username=user.username, password='******')) self.assertFalse(user.is_superuser) self.assertTrue(user.has_perm('modify', self.vm)) self.assertFalse(user.has_perm('admin', self.vm)) response = self.c.get(url) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/edit_kvm.html') user.revoke_all(self.vm) self.c.logout() # User with Admin Permissions user.grant('admin', self.vm) self.assertTrue(self.c.login(username=user.username, password='******')) self.assertFalse(user.is_superuser) response = self.c.get(url) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/edit_kvm.html') user.revoke_all(self.vm) self.c.logout() # Superuser user.is_superuser = True user.save() self.assertTrue(self.c.login(username=user.username, password='******')) response = self.c.get(url) self.assertEqual(200, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/edit_kvm.html') self.c.logout() user.is_superuser = False user.save() # -- POST os_list = cluster_os_list(self.cluster) data = dict(vcpus=2, acpi=True, disk_cache='default', initrd_path='', kernel_args='ro', kvm_flag='', mem_path='', migration_downtime=30, security_domain='', security_model='none', usb_mouse='', use_chroot=False, use_localtime=False, vnc_bind_address='0.0.0.0', vnc_tls=False, vnc_x509_path='', vnc_x509_verify=False, memory=512, os='image+debian-osgeo', disk_type='paravirtual', boot_order='disk', nic_type='paravirtual', nic_count=1, nic_count_original=1, nic_link_0='br0', nic_mac_0='aa:bb:00:00:33:d2', root_path='/dev/vda1', kernel_path='/boot/vmlinuz-2.32.6-27-generic', serial_console=True, cdrom_image_path='', cdrom2_image_path='') # Required Values user.grant('modify', self.vm) self.assertTrue(self.c.login(username=user.username, password='******')) session = self.c.session session['os_list'] = os_list session.save() for property in ['vcpus', 'memory', 'disk_type', 'boot_order', 'nic_type']: data_ = data.copy() del data_[property] self.assertFalse(user.is_superuser) response = self.c.post(url, data_) # If failure then a field that is not required by the model, but # should be required by the form, is not being required by # the form. See the ModifyVirtualMachineForm.required field. self.assertNotEqual(response.context['form'][property].errors, [], msg=property) self.assertEqual(200, response.status_code) # 302 if success (BAD) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'ganeti/virtual_machine/edit_kvm.html') self.c.logout() user.revoke_all(self.vm) # Anonymous User response = self.c.post(url, data) self.assertEqual(302, response.status_code) # Superuser user.is_superuser = True user.save() self.assertTrue(self.c.login(username=user.username, password='******')) self.assertTrue(user.is_superuser) session = self.c.session session['os_list'] = os_list session.save() response = self.c.post(url, data) self.assertEqual(302, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.c.logout() user.is_superuser = False user.save() # User without Permissions self.assertTrue(self.c.login(username=user.username, password='******')) self.assertFalse(user.is_superuser) session = self.c.session session['os_list'] = os_list session.save() response = self.c.post(url, data) self.assertEqual(403, response.status_code) self.assertTrue(response.context['message']) self.assertEqual('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, '403.html') self.c.logout() # User with Modify Permissions user.grant('modify', self.vm) self.assertTrue(self.c.login(username=user.username, password='******')) self.assertFalse(user.is_superuser) session = self.c.session session['os_list'] = os_list session.save() response = self.c.post(url, data) self.assertEqual(302, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) user.revoke_all(self.vm) self.c.logout() # User with Admin Permissions user.grant('admin', self.vm) self.assertTrue(self.c.login(username=user.username, password='******')) self.assertFalse(user.is_superuser) session = self.c.session session['os_list'] = os_list session.save() response = self.c.post(url, data) self.assertEqual(302, response.status_code) self.assertEqual('text/html; charset=utf-8', response['content-type']) user.revoke_all(self.vm) self.c.logout()
def test_add_object_permission(self): registry.register('test_permission', test_permission, ModelStub) user = User() user.save() self.assertTrue(user.has_perm('test_permission', ModelStub()))