def has_permission(self, request, view):
user = request.user
return \
request.method in SAFE_METHODS \
or is_admin(user) \
or (hasattr(view, 'dataset') and view.dataset and (
view.dataset.is_custodian(user) or view.dataset.is_data_engineer(user)))
def has_object_permission(self, request, view, obj):
"""
Object level. Will be called only if the global level passed (see above).
Note: it won't be called for a Create (POST) method
"""
is_owner = (request.user == obj)
return request.method in SAFE_METHODS or is_admin(request.user) or is_owner
def has_permission(self, request, view):
if settings.ALLOW_PUBLIC_REGISTRATION:
return request.user and (is_admin(request.user)
or is_data_engineer(request.user))
else:
# authenticated
return request.user and request.user.is_authenticated
def setUp(self):
password = '******'
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_1 = Project.objects.filter(title="Project1").first()
self.site_1 = Site.objects.filter(code="Adolphus").first()
self.ds_1 = Dataset.objects.filter(name="Generic1", project=self.project_1).first()
self.assertIsNotNone(self.ds_1)
self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
self.record_1 = GenericRecord.objects.filter(dataset=self.ds_1).first()
self.assertIsNotNone(self.record_1)
self.assertTrue(self.record_1.is_custodian(self.custodian_1_user))
self.assertIsNotNone(self.record_1.site)
self.assertEquals(self.site_1, self.record_1.site)
def has_object_destroy_permission(self, request):
"""
Admin or program data_engineer or project custodian
:param request:
:return:
"""
user = request.user
return is_admin(user) or self.program.is_data_engineer(user)
def setUp(self):
from main.api.views import SpeciesMixin
SpeciesMixin.species_facade_class = self.species_facade_class
password = '******'
self.admin_user = factories.UserFactory.create(username='******', is_superuser=True)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.program_1 = factories.ProgramFactory.create(name='program_1')
self.program_2 = factories.ProgramFactory.create(name='program_2')
self.data_engineer_1_user = factories.UserFactory.create(username='******')
self.data_engineer_1_user.set_password(password)
self.data_engineer_1_user.save()
self.program_1.data_engineers.add(self.data_engineer_1_user)
self.data_engineer_1_client = APIClient()
self.assertTrue(self.data_engineer_1_client.login(username=self.data_engineer_1_user.username, password=password))
self.data_engineer_2_user = factories.UserFactory.create(username='******')
self.data_engineer_2_user.set_password(password)
self.data_engineer_2_user.save()
self.program_2.data_engineers.add(self.data_engineer_2_user)
self.data_engineer_2_client = APIClient()
self.assertTrue(self.data_engineer_2_client.login(username=self.data_engineer_2_user.username, password=password))
self.project_1 = factories.ProjectFactory.create(name="Project_1", program=self.program_1)
self.custodian_1_user = factories.UserFactory.create(username="******")
self.project_1.custodians.add(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_2 = factories.ProjectFactory.create(name="Project_2", program=self.program_2)
self.custodian_2_user = factories.UserFactory.create(username="******")
self.project_2.custodians.add(self.custodian_2_user)
self.custodian_2_user.set_password(password)
self.custodian_2_user.save()
self.custodian_2_client = APIClient()
self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password))
self.readonly_user = factories.UserFactory.create(username='******')
self.assertIsNotNone(self.custodian_2_user)
self.readonly_user.set_password(password)
self.readonly_user.save()
self.readonly_client = APIClient()
self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password))
self.anonymous_client = APIClient()
if hasattr(self, '_more_setup') and callable(self._more_setup):
self._more_setup()
def setUp(self):
password = '******'
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_1 = Project.objects.filter(title="Project1").first()
self.site_1 = Site.objects.filter(code="Adolphus").first()
self.ds_1 = Dataset.objects.filter(name="Observation1", project=self.project_1).first()
self.assertIsNotNone(self.ds_1)
self.assertEqual(self.ds_1.type, Dataset.TYPE_OBSERVATION)
self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
self.record_1 = GenericRecord.objects.filter(dataset=self.ds_1).first()
self.assertIsNotNone(self.ds_1)
self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
self.record_1 = self.ds_1.record_model.objects.filter(dataset=self.ds_1).first()
self.assertIsNotNone(self.record_1)
self.assertIsNotNone(self.record_1.datetime)
self.assertIsNotNone(self.record_1.geometry)
self.assertTrue(self.record_1.is_custodian(self.custodian_1_user))
self.assertTrue(self.record_1.site, self.site_1)
self.custodian_2_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.custodian_2_user.set_password(password)
self.custodian_2_user.save()
self.custodian_2_client = APIClient()
self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password))
self.project_2 = Project.objects.filter(title="Project2").first()
self.site_2 = Site.objects.filter(code="Site2").first()
self.ds_2 = Dataset.objects.filter(name="Bats2", project=self.project_2).first()
self.assertTrue(self.ds_2.is_custodian(self.custodian_2_user))
self.assertFalse(self.ds_1.is_custodian(self.custodian_2_user))
self.readonly_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.assertFalse(self.site_2.is_custodian(self.readonly_user))
self.assertFalse(self.site_1.is_custodian(self.readonly_user))
self.readonly_user.set_password(password)
self.readonly_user.save()
self.readonly_client = APIClient()
self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password))
self.anonymous_client = APIClient()
def has_permission(self, request, view):
"""
Global level.
Reject Delete and Create for non admin.
The rest will be checked at object level (below)
"""
method = request.method
if method == 'DELETE':
return False
if method == 'POST':
return is_admin(request.user)
return True
def setUp(self):
from main.api.views import SpeciesMixin
SpeciesMixin.species_facade_class = self.species_facade_class
password = '******'
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_1 = Project.objects.filter(title="Project1").first()
self.site_1 = Site.objects.filter(code="Site1").first()
self.ds_1 = Dataset.objects.filter(name="Bats1", project=self.project_1).first()
self.assertIsNotNone(self.ds_1)
self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
self.record_1 = self.ds_1.record_model.objects.filter(dataset=self.ds_1).first()
self.assertIsNotNone(self.record_1)
self.assertTrue(self.record_1.is_custodian(self.custodian_1_user))
self.assertTrue(self.record_1.species_name)
self.assertTrue(self.record_1.name_id > 0)
self.custodian_2_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.custodian_2_user.set_password(password)
self.custodian_2_user.save()
self.custodian_2_client = APIClient()
self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password))
self.project_2 = Project.objects.filter(title="Project2").first()
self.site_2 = Site.objects.filter(code="Site2").first()
self.ds_2 = Dataset.objects.filter(name="Bats2", project=self.project_2).first()
self.assertTrue(self.ds_2.is_custodian(self.custodian_2_user))
self.assertFalse(self.ds_1.is_custodian(self.custodian_2_user))
self.readonly_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.assertFalse(self.site_2.is_custodian(self.readonly_user))
self.assertFalse(self.site_1.is_custodian(self.readonly_user))
self.readonly_user.set_password(password)
self.readonly_user.save()
self.readonly_client = APIClient()
self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password))
self.anonymous_client = APIClient()
def has_create_permission(request):
"""
Custodian and admin only
Check that the user is a custodian of the project pk passed in the POST data.
:param request:
:return:
"""
result = False
if is_admin(request.user):
result = True
elif 'project' in request.data:
project = Project.objects.filter(pk=request.data['project']).first()
result = project is not None and project.is_custodian(request.user)
return result
def has_create_permission(request):
"""
Data engineers and admin only
Check that the user is a custodian of the project pk passed in the POST data
:param request:
:return:
"""
result = False
user = request.user
if is_admin(user):
result = True
elif 'project' in request.data:
project = Project.objects.filter(
pk=request.data['project']).first()
result = project is not None and project.is_data_engineer(user)
return result
def has_create_permission(request):
"""
Admin or data_engineer of the program the project would belong to.
Check that the user is a data_engineer of the program pk passed in the POST data.
:param request:
:return:
"""
result = False
if is_admin(request.user):
result = True
elif 'program' in request.data:
program = Program.objects.filter(
pk=request.data['program']).first()
result = program is not None and program.is_data_engineer(
request.user)
return result
def has_create_permission(request):
"""
Data engineer and admin only
Check that the user is a data engineer of the dataset pk passed in the POST data.
:param request:
:return:
"""
result = False
user = request.user
if is_admin(user):
result = True
elif 'dataset' in request.data:
dataset = Dataset.objects.filter(
pk=request.data['dataset']).first()
result = dataset is not None and dataset.is_data_engineer(user)
return result
def has_create_permission(request):
"""
Custodian and admin only
Check that the user is a custodian of the dataset pk passed in the POST data.
:param request:
:return:
"""
result = False
user = request.user
if is_admin(user):
result = True
elif 'record' in request.data:
record = Record.objects.filter(pk=request.data['record']).first()
result = record is not None and record.is_custodian(
user) or record.is_data_engineer(user)
return result
def setUp(self):
password = '******'
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_1 = Project.objects.filter(title="Project1").first()
self.site_1 = Site.objects.filter(code="Site1").first()
self.ds_1 = Dataset.objects.filter(name="Generic1", project=self.project_1).first()
self.assertIsNotNone(self.ds_1)
self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
self.record_1 = GenericRecord.objects.filter(dataset=self.ds_1).first()
self.assertIsNotNone(self.record_1)
self.assertTrue(self.record_1.is_custodian(self.custodian_1_user))
self.custodian_2_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.custodian_2_user.set_password(password)
self.custodian_2_user.save()
self.custodian_2_client = APIClient()
self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password))
self.project_2 = Project.objects.filter(title="Project2").first()
self.site_2 = Site.objects.filter(code="Site2").first()
self.ds_2 = Dataset.objects.filter(name="Bats2", project=self.project_2).first()
self.assertTrue(self.ds_2.is_custodian(self.custodian_2_user))
self.assertFalse(self.ds_1.is_custodian(self.custodian_2_user))
self.readonly_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.assertFalse(self.site_2.is_custodian(self.readonly_user))
self.assertFalse(self.site_1.is_custodian(self.readonly_user))
self.readonly_user.set_password(password)
self.readonly_user.save()
self.readonly_client = APIClient()
self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password))
self.anonymous_client = APIClient()
def has_permission(self, request, view):
"""
Global level.
GET: Only admins and data_engineers
POST: depends if the server allows public registration or not
DELETE: forbidden
UPDATE/PATCH: handle by has_object_permission below. Admin or user itself.
"""
method = request.method
user = request.user
if method == 'DELETE':
return False
elif method == 'POST':
return can_create_user(user)
elif method == 'GET':
return is_admin(user) or is_data_engineer(user)
else:
# UPDATE and PATCH permission are sorted in has_object_permission() below.
return user.is_authenticated
def setUp(self):
password = '******'
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_1 = Project.objects.filter(title="Project1").first()
self.site_1 = Site.objects.filter(code="Site1").first()
self.ds_1 = Dataset.objects.filter(name="Bats1", project=self.project_1).first()
self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
def setUp(self):
password = "******"
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.project_1 = Project.objects.filter(title="Project1").first()
self.site_1 = Site.objects.filter(code="Site1").first()
self.assertTrue(self.site_1.is_custodian(self.custodian_1_user))
self.custodian_2_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.custodian_2_user.set_password(password)
self.custodian_2_user.save()
self.custodian_2_client = APIClient()
self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password))
self.project_2 = Project.objects.filter(title="Project2").first()
self.site_2 = Site.objects.filter(code="Site2").first()
self.assertTrue(self.site_2.is_custodian(self.custodian_2_user))
self.assertFalse(self.site_1.is_custodian(self.custodian_2_user))
self.readonly_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_2_user)
self.assertFalse(self.site_2.is_custodian(self.readonly_user))
self.assertFalse(self.site_1.is_custodian(self.readonly_user))
self.readonly_user.set_password(password)
self.readonly_user.save()
self.readonly_client = APIClient()
self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password))
self.anonymous_client = APIClient()
def setUp(self):
password = '******'
self.admin_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.admin_user)
self.assertTrue(is_admin(self.admin_user))
self.admin_user.set_password(password)
self.admin_user.save()
self.admin_client = APIClient()
self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password))
self.custodian_1_user = User.objects.filter(username="******").first()
self.assertIsNotNone(self.custodian_1_user)
self.custodian_1_user.set_password(password)
self.custodian_1_user.save()
self.custodian_1_client = APIClient()
self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password))
self.readonly_user = User.objects.filter(username="******").first()
self.readonly_user.set_password(password)
self.readonly_user.save()
self.readonly_client = APIClient()
self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password))
self.anonymous_client = APIClient()
def has_object_update_permission(self, request):
user = request.user
return is_admin(user) or self.is_custodian(
user) or self.is_data_engineer(user)
def has_object_destroy_permission(self, request):
return is_admin(request.user) or self.is_custodian(request.user)
def has_object_destroy_permission(self, request):
user = request.user
return is_admin(user) or self.project.is_data_engineer(user)
def has_create_permission(request):
return is_admin(request.user)
def has_permission(self, request, view):
user = request.user
return \
request.method in SAFE_METHODS \
or is_admin(user) \
or (hasattr(view, 'dataset') and view.dataset and view.dataset.is_custodian(user))
def has_object_update_permission(request):
return is_admin(request.user)
def has_create_permission(request):
return is_admin(request.user)
def has_permission(self, request, view):
user = request.user
return \
request.method in SAFE_METHODS \
or is_admin(user) \
or (hasattr(view, 'project') and view.project and view.project.is_custodian(user))
def has_object_destroy_permission(self, request):
return is_admin(request.user) or self.is_custodian(
request.user) or self.is_data_engineer(request.user)
def get_is_admin(self, user):
return is_admin(user)
def has_object_destroy_permission(request):
return is_admin(request.user)
