def test_permissions(self):
for configuration in self.test_configuration:
instance = configuration['instance']
for group_name, permission_key in configuration['groups'].items():
group = Group.objects.get(name=group_name)
class_permissions_keys = PermissionKey.permission_keys(
permission_key,
instance.__class__) if permission_key else []
for permission in class_permissions_keys:
# See if the group has all of the expected permissions to the instance
assert ObjectPermissionChecker(group).has_perm(permission, instance), \
"Group %s expected to have %s permission to instance %s with id %s and key %s but doesn't. %s" % \
(group.name,
permission,
instance,
instance.id,
self.key_class.Fab.remove(self.instance_key_lambda(instance)),
get_list_or_if_empty(
ObjectPermissionChecker(group).get_perms(instance),
lambda: 'It has no permissions',
lambda lisst: 'It has permissions: %s' % ', '.join(lisst)
))
for nopermission in set(
PermissionKey.permission_keys(
PermissionKey.ALL,
instance.__class__)) - set(class_permissions_keys):
# Make sure the other permissions are not set
assert not ObjectPermissionChecker(group).has_perm(nopermission, instance), \
"Group %s should not have %s permission to instance %s with id %s and key %s but does. %s" % \
(group.name,
nopermission,
instance,
instance.id,
self.key_class.Fab.remove(self.instance_key_lambda(instance)),
'It has permissions: %s' % ', '.join(ObjectPermissionChecker(group).get_perms(instance))
)
# Test that any configured users are in the expected group
for group_name, user_name in configuration.get('users',
{}).items():
user = User.objects.get(username=user_name)
group = Group.objects.get(name=group_name)
assert_equal(
user.groups.filter(name=group).count(), 1,
"Expected user %s to be in group %s, but it wasn't. User is in the following groups %s"
% (user_name, group_name, ', '.join(
user.groups.values_list('name', flat=True))))
def test_permissions(self):
for configuration in self.test_configuration:
instance = configuration['instance']
for group_name, permission_key in configuration['groups'].items():
group = Group.objects.get(name=group_name)
class_permissions_keys = PermissionKey.permission_keys(permission_key, instance.__class__) if permission_key else []
for permission in class_permissions_keys:
# See if the group has all of the expected permissions to the instance
assert ObjectPermissionChecker(group).has_perm(permission, instance), \
"Group %s expected to have %s permission to instance %s with id %s and key %s but doesn't. %s" % \
(group.name,
permission,
instance,
instance.id,
self.key_class.Fab.remove(self.instance_key_lambda(instance)),
get_list_or_if_empty(
ObjectPermissionChecker(group).get_perms(instance),
lambda: 'It has no permissions',
lambda lisst: 'It has permissions: %s' % ', '.join(lisst)
))
for nopermission in set(PermissionKey.permission_keys(PermissionKey.ALL, instance.__class__)) - set(class_permissions_keys):
# Make sure the other permissions are not set
assert not ObjectPermissionChecker(group).has_perm(nopermission, instance), \
"Group %s should not have %s permission to instance %s with id %s and key %s but does. %s" % \
(group.name,
nopermission,
instance,
instance.id,
self.key_class.Fab.remove(self.instance_key_lambda(instance)),
'It has permissions: %s' % ', '.join(ObjectPermissionChecker(group).get_perms(instance))
)
# Test that any configured users are in the expected group
for group_name, user_name in configuration.get('users', {}).items():
user = User.objects.get(username=user_name)
group = Group.objects.get(name=group_name)
assert_equal(user.groups.filter(name=group).count(), 1,
"Expected user %s to be in group %s, but it wasn't. User is in the following groups %s" %
(user_name, group_name, ', '.join(user.groups.values_list('name', flat=True))))
def permitted_ids(cls, groups, objects, permission_key=PermissionKey.VIEW):
"""
Given one or more groups and list of instances return the ids of the objects
to which the groups have permission.
:param groups: Typically user.groups
:param objects: The instances of the cls to test
:param objects: The key to check permission for, defaults to View
:return:
"""
# Find the content_type_ids of the resource model and subclass models
# Then find the corresponding view ids
# This stuff almost never changes, so cache at the model class level it for speed
# Get all classes
content_type_dict = ContentType.objects.get_for_models(
cls, *_all_subclasses(cls))
# split keys/values into two matching lists
models_with_content_types, models_content_types = zip(
*content_type_dict.iteritems())
content_type_ids = [
content_type.id for content_type in models_content_types
]
perm_ids = Permission.objects.filter(codename__in=flat_map(
lambda model: PermissionKey.permission_keys(permission_key, model),
models_with_content_types)).values_list('id', flat=True)
group_ids = [group.id for group in groups]
obj_ids = [unicode(obj.id) for obj in objects]
from guardian.models import GroupObjectPermission
# Find all the objects of this type that this group has permission to access.
group_objects = GroupObjectPermission.objects.filter(
content_type_id__in=content_type_ids,
group__in=group_ids,
permission_id__in=perm_ids,
object_pk__in=obj_ids)
return group_objects.values_list('object_pk', flat=True)
def permitted_ids(cls, groups, objects, permission_key=PermissionKey.VIEW):
"""
Given one or more groups and list of instances return the ids of the objects
to which the groups have permission.
:param groups: Typically user.groups
:param objects: The instances of the cls to test
:param objects: The key to check permission for, defaults to View
:return:
"""
# Find the content_type_ids of the resource model and subclass models
# Then find the corresponding view ids
# This stuff almost never changes, so cache at the model class level it for speed
# Get all classes
content_type_dict = ContentType.objects.get_for_models(cls, *_all_subclasses(cls))
# split keys/values into two matching lists
models_with_content_types, models_content_types = zip(*content_type_dict.iteritems())
content_type_ids = [content_type.id for content_type in models_content_types]
perm_ids = Permission.objects.filter(
codename__in=flat_map(
lambda model: PermissionKey.permission_keys(permission_key,
model),
models_with_content_types
)).values_list('id', flat=True)
group_ids = [group.id for group in groups]
obj_ids = [unicode(obj.id) for obj in objects]
from guardian.models import GroupObjectPermission
# Find all the objects of this type that this group has permission to access.
group_objects = GroupObjectPermission.objects.filter(
content_type_id__in=content_type_ids,
group__in=group_ids,
permission_id__in=perm_ids,
object_pk__in=obj_ids)
return group_objects.values_list('object_pk', flat=True)
