def test_set_access_perms_returns_correct_diffs_1(self): """ Here we are concerned only with returned value of set_access_perms. Let's test the simplest case. 1. Given New folder created by uploader 2. User tries to set one access entry for margaret """ node = Folder.objects.create(title="some_folder", user=self.uploader_user) access_diffs = set_access_perms(node, [{ 'model': 'user', 'name': 'margaret', 'access_type': 'allow', 'permissions': { 'read': True, 'write': True, 'delete': True } }]) # only one entry AccessDiff(operation=ADD) self.assertEqual(len(access_diffs), 1, [str(diff) for diff in access_diffs]) self.assertEqual(access_diffs[0].operation, AccessDiff.ADD) access = access_diffs[0].pop() self.assertEqual("margaret", access.user.username) self.assertEqual("allow", access.access_type) perms = set() perms.add("read") perms.add("write") perms.add("delete") self.assertEqual(perms, access.perms_codenames())
def test_set_access_perms_returns_correct_diffs_2(self): """ 1. New folder is created by uploader 2. New folder has margaret READ & WRITE & DELETE access (allow) 3. User tries to leave for margaret only read permission. (it will set_access_perms only with READ flag) """ node = Folder.objects.create(title="some_folder", user=self.uploader_user) create_access(node=node, model_type=Access.MODEL_USER, name=self.margaret_user, access_type=Access.ALLOW, access_inherited=False, permissions={ READ: True, WRITE: True, DELETE: True }) access_diffs = set_access_perms( node, [{ 'model': 'user', 'name': 'margaret', 'access_type': 'allow', 'permissions': { 'read': True, # only read flag } }]) # only one entry AccessDiff(operation=ADD) self.assertEqual(len(access_diffs), 1, [str(diff) for diff in access_diffs]) self.assertEqual(access_diffs[0].operation, AccessDiff.UPDATE) access = access_diffs[0].pop() self.assertEqual("margaret", access.user.username) self.assertEqual("allow", access.access_type) perms = set() perms.add("read") self.assertEqual(perms, access.perms_codenames())
def test_access_on_all_document(self): """ Superuser/root user creates one folder: * for_margaret And places there 3 documents: * for_margaret * doc_1 * doc_2 * doc_3 Superuser assigns read only access permission on folder for_margaret Expected: Margaret can now see/view ALL 3 documents. """ # (f1) for_margaret = Folder.objects.create( title="for_margaret", user=self.root_user ) doc_1 = Document.objects.create_document( title="doc_1", file_name="doc_1.pdf", size='36', lang='DEU', user=self.root_user, page_count=4, parent_id=for_margaret.id ) doc_2 = Document.objects.create_document( title="doc_2", file_name="doc_2.pdf", size='36', lang='DEU', user=self.root_user, page_count=4, parent_id=for_margaret.id ) doc_3 = Document.objects.create_document( title="doc_3", file_name="doc_3.pdf", size='36', lang='DEU', user=self.root_user, page_count=4, parent_id=for_margaret.id ) for_margaret.refresh_from_db() self.assertEqual( for_margaret.get_children().count(), 3, "for_margaret folder expected to have 3 child nodes" ) access_diffs = set_access_perms( for_margaret, [ { 'model': 'user', 'name': self.margaret_user.username, 'access_type': 'allow', 'permissions': { 'read': True, 'write': False, 'delete': False } } ] ) for_margaret.propagate_changes( diffs_set=access_diffs, apply_to_self=False ) self.assertTrue( self.margaret_user.has_perm(READ, for_margaret) ) self.assertTrue( self.margaret_user.has_perm(READ, doc_1) ) self.assertTrue( self.margaret_user.has_perm(READ, doc_2) ) self.assertTrue( self.margaret_user.has_perm(READ, doc_3) )
def access(request, id): """ Returns json of access right for a given node """ try: node = BaseTreeNode.objects.get(id=id) except BaseTreeNode.DoesNotExist: raise Http404("Node does not exists") if not request.user.has_perm(Access.PERM_READ, node): return HttpResponseForbidden() result = [] if request.method == 'GET': for acc in node.access_set.all(): item = {} if acc.user: item['name'] = acc.user.username item['model'] = 'user' if acc.group: item['name'] = acc.group.name item['model'] = 'group' item['access_type'] = acc.access_type item['access_inherited'] = acc.access_inherited item['permissions'] = get_access_perms_as_hash( node, item['model'], item['name']) result.append(item) if request.method == 'POST': if request.is_ajax(): if not request.user.has_perm(Access.PERM_CHANGE_PERM, node): return HttpResponseForbidden() # # json data of following format is expected: # { # 'add': [ # { # 'model': 'user', # 'name': 'margaret', # 'access_type': 'allow', # 'permissions': { # 'read': true, 'write': true, 'delete': false # } # } # ], # 'delete': [ # { # 'model': 'user', # 'name': 'uploader', # 'access_type': 'allow', # 'permissions': { // does not matter, # 'read': true # } # } # ] # } # access_data = json.loads(request.body) if 'add' in access_data.keys(): access_diffs = set_access_perms(node, access_data['add']) node.propagate_access_changes(access_diffs, apply_to_self=False) if 'delete' in access_data.keys(): access_diffs = delete_access_perms(node, access_data['delete']) node.propagate_access_changes(access_diffs, apply_to_self=False) else: # POST but not ajax return HttpResponseBadRequest() return HttpResponse(json.dumps(result), content_type="application/json")