def has_permission(self, request, view):
if not request.user.is_authenticated():
return False
ozp_authorization.authorization_update(request.user.username)
user_profile = model_access.get_profile(request.user.username)
if (request.method in SAFE_METHODS or
user_profile.highest_role() in ['APPS_MALL_STEWARD', 'ORG_STEWARD']):
return True
return False
def has_permission(self, request, view):
if not request.user.is_authenticated():
return False
ozp_authorization.authorization_update(request.user.username)
profile = model_access.get_profile(request.user.username)
if profile is None:
return False
if profile.highest_role() == 'APPS_MALL_STEWARD':
return True
else:
return False
def test_valid_cache(self):
if not settings.OZP['USE_AUTH_SERVER']:
return
profile = model_access.get_profile('jones')
# set auth cache to expire in 1 day
profile.auth_expires = datetime.datetime.now(pytz.utc) + datetime.timedelta(days=1)
profile.save()
self.assertEqual(auth.authorization_update('jones'), True)
# try again with cache almost expired
profile.auth_expires = datetime.datetime.now(pytz.utc) + datetime.timedelta(seconds=2)
profile.save()
self.assertEqual(auth.authorization_update('jones'), True)
def test_org_change(self):
"""
A user's agency (organization) changes
"""
if not settings.OZP['USE_AUTH_SERVER']:
return
profile = model_access.get_profile('rutherford')
profile.auth_expires = datetime.datetime.now(pytz.utc)
profile.save()
org = profile.organizations.values_list('title', flat=True)[0]
self.assertEqual(org, 'Ministry of Plenty')
auth_data = {
'dn': 'Rutherford rutherford',
'cn': 'Rutherford',
'clearances': ['U', 'C', 'S'],
'formal_accesses': [],
'visas': [],
'duty_org': 'Miniluv',
'is_org_steward': False,
'is_apps_mall_steward': False,
'is_metrics_user': False
}
a = auth.authorization_update('rutherford', auth_data)
profile = model_access.get_profile('rutherford')
org = profile.organizations.values_list('title', flat=True)[0]
self.assertEqual(org, 'Ministry of Love')
def test_update_cache(self):
if not settings.OZP['USE_AUTH_SERVER']:
return
profile = model_access.get_profile('jones')
profile.auth_expires = datetime.datetime.now(pytz.utc)
profile.save()
auth_data = {
'dn': 'Jones jones',
'cn': 'Jones',
'clearances': ['U', 'C', 'S'],
'formal_accesses': [],
'visas': ['NOVEMBER'],
'duty_org': 'Minitrue',
'is_org_steward': False,
'is_apps_mall_steward': False,
'is_metrics_user': False
}
a = auth.authorization_update('jones', auth_data)
self.assertEqual(a, True)
# auth_expires should be rest to ~1 day from now
profile = model_access.get_profile('jones')
auth_expires_in = profile.auth_expires - datetime.datetime.now(pytz.utc)
# 86,400 seconds in a day
min_sec = int(settings.OZP['OZP_AUTHORIZATION']['SECONDS_TO_CACHE_DATA']) - 2
self.assertTrue(min_sec < auth_expires_in.seconds < 86400)
def test_org_steward_to_apps_mall_steward(self):
"""
A user who was an org steward is now also an apps mall steward
"""
if not settings.OZP['USE_AUTH_SERVER']:
return
profile = model_access.get_profile('wsmith')
profile.auth_expires = datetime.datetime.now(pytz.utc)
profile.save()
stewarded_orgs = profile.stewarded_organizations.values_list('title', flat=True)
self.assertTrue('Ministry of Truth' in stewarded_orgs)
self.assertEqual(profile.highest_role(), 'ORG_STEWARD')
groups = profile.user.groups.values_list('name', flat=True)
self.assertTrue('ORG_STEWARD' in groups)
auth_data = {
'dn': 'Winston Smith wsmith',
'cn': 'Winston Smith',
'clearances': ['U', 'C', 'S', 'TS'],
'formal_accesses': [],
'visas': [],
'duty_org': 'Minitrue',
'is_org_steward': True,
'is_apps_mall_steward': True,
'is_metrics_user': False
}
a = auth.authorization_update('wsmith', auth_data)
profile = model_access.get_profile('wsmith')
stewarded_orgs = profile.stewarded_organizations.values_list('title', flat=True)
self.assertTrue('Ministry of Truth' in stewarded_orgs)
groups = profile.user.groups.values_list('name', flat=True)
self.assertTrue('APPS_MALL_STEWARD' in groups)
self.assertTrue('ORG_STEWARD' in groups)
self.assertEqual(profile.highest_role(), 'APPS_MALL_STEWARD')
def test_apps_mall_steward_to_user(self):
"""
A user who was an apps mall steward is now a regular user
"""
if not settings.OZP['USE_AUTH_SERVER']:
return
profile = model_access.get_profile('bigbrother')
profile.auth_expires = datetime.datetime.now(pytz.utc)
profile.save()
groups = profile.user.groups.values_list('name', flat=True)
self.assertTrue('APPS_MALL_STEWARD' in groups)
self.assertEqual(profile.highest_role(), 'APPS_MALL_STEWARD')
auth_data = {
'dn': 'Big Brother bigbrother',
'cn': 'Big Brother',
'clearances': ['U', 'C', 'S', 'TS'],
'formal_accesses': [],
'visas': [],
'duty_org': 'Minitrue',
'is_org_steward': False,
'is_apps_mall_steward': False,
'is_metrics_user': False
}
a = auth.authorization_update('bigbrother', auth_data)
profile = model_access.get_profile('bigbrother')
groups = profile.user.groups.values_list('name', flat=True)
self.assertTrue('USER' in groups)
self.assertTrue(len(groups) == 1)
self.assertEqual(profile.highest_role(), 'USER')
