def test_has_perm_delete_with_obj(self):
permission_logic = StaffPermissionLogic()
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(
permission_logic.has_perm(self.user1, self.perm3, self.article))
self.assertFalse(
permission_logic.has_perm(self.user2, self.perm3, self.article))
def test_has_perm_change_without_obj_without_any_permission(self):
permission_logic = GroupInPermissionLogic('admin', any_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm2))
self.assertFalse(permission_logic.has_perm(self.user2, self.perm2))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm2))
def test_has_perm_delete_with_obj(self):
permission_logic = StaffPermissionLogic()
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(
permission_logic.has_perm(self.user1, self.perm3, self.article))
self.assertFalse(
permission_logic.has_perm(self.user2, self.perm3, self.article))
def test_constructor_with_specifing_delete_permission(self):
permission_logic = GroupInPermissionLogic('admin',
delete_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, GroupInPermissionLogic))
self.assertEqual(permission_logic.delete_permission, False)
def test_has_perm_change_with_obj_without_any(self):
permission_logic = StaffPermissionLogic(any_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(
permission_logic.has_perm(self.user1, self.perm2, self.article))
self.assertFalse(
permission_logic.has_perm(self.user2, self.perm2, self.article))
def test_has_perm_delete_without_obj(self):
permission_logic = GroupInPermissionLogic('admin')
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm3))
self.assertFalse(permission_logic.has_perm(self.user2, self.perm3))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm3))
def test_has_perm_change_with_obj_without_any(self):
permission_logic = StaffPermissionLogic(any_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(
permission_logic.has_perm(self.user1, self.perm2, self.article))
self.assertFalse(
permission_logic.has_perm(self.user2, self.perm2, self.article))
def test_has_perm_delete_with_obj_with_two_groups(self):
permission_logic = GroupInPermissionLogic(["admin", "staff"])
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm3, self.article))
self.assertTrue(permission_logic.has_perm(self.user2, self.perm3, self.article))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm3, self.article))
def test_has_perm_change_with_obj(self):
permission_logic = GroupInPermissionLogic("admin")
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm2, self.article))
self.assertFalse(permission_logic.has_perm(self.user2, self.perm2, self.article))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm2, self.article))
def test_has_perm_change_without_obj_with_two_groups(self):
permission_logic = GroupInPermissionLogic(['admin', 'staff'])
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm2))
self.assertTrue(permission_logic.has_perm(self.user2, self.perm2))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm2))
def test_has_perm_delete_without_obj(self):
permission_logic = GroupInPermissionLogic('admin')
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm3))
self.assertFalse(permission_logic.has_perm(self.user2, self.perm3))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm3))
def test_has_perm_change_without_obj_without_any_permission(self):
permission_logic = GroupInPermissionLogic('admin', any_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm2))
self.assertFalse(permission_logic.has_perm(self.user2, self.perm2))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm2))
def test_has_perm_change_without_obj_with_two_groups(self):
permission_logic = GroupInPermissionLogic(['admin', 'staff'])
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(permission_logic.has_perm(self.user1, self.perm2))
self.assertTrue(permission_logic.has_perm(self.user2, self.perm2))
self.assertFalse(permission_logic.has_perm(self.user3, self.perm2))
def test_constructor(self):
permission_logic = StaffPermissionLogic()
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, StaffPermissionLogic))
self.assertEqual(permission_logic.any_permission, True)
self.assertEqual(permission_logic.add_permission, True)
self.assertEqual(permission_logic.change_permission, True)
self.assertEqual(permission_logic.delete_permission, True)
def test_constructor(self):
permission_logic = StaffPermissionLogic()
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, StaffPermissionLogic))
self.assertEqual(permission_logic.any_permission, True)
self.assertEqual(permission_logic.add_permission, True)
self.assertEqual(permission_logic.change_permission, True)
self.assertEqual(permission_logic.delete_permission, True)
def test_add_permission_logic_registry(self):
m = self.mock_logic
# nothing have been registered in registry
self.assertEqual(registry._registry, {})
# but after add permission logic, they will be appeared
add_permission_logic(Article, m)
self.assertEqual(Article._permission_logics, set([m]))
self.assertTrue(
isinstance(registry._registry[Article], LogicalPermissionHandler))
def test_add_permission_logic_registry(self):
m = self.mock_logic
# nothing have been registered in registry
self.assertEqual(registry._registry, {})
# but after add permission logic, they will be appeared
add_permission_logic(Article, m)
self.assertEqual(Article._permission_logics, set([m]))
self.assertTrue(isinstance(registry._registry[Article],
LogicalPermissionHandler))
def test_remove_permission_logic_exception(self):
m = self.mock_logic
add_permission_logic(Article, m)
remove_permission_logic(Article, m)
# it shuld not raise exception
remove_permission_logic(Article, m)
# it should raise exception if fail_silently is False
self.assertRaises(KeyError,
remove_permission_logic, Article, m,
fail_silently=False)
def test_remove_permission_logic_private_attributes(self):
m = self.mock_logic
add_permission_logic(Article, m)
self.assertTrue(hasattr(Article, '_permission_logics'))
self.assertTrue(hasattr(Article, '_permission_handler'))
# private attribute should not be disappeared
remove_permission_logic(Article, m)
self.assertTrue(hasattr(Article, '_permission_logics'))
self.assertTrue(hasattr(Article, '_permission_handler'))
def test_add_permission_logic_private_attributes(self):
m = self.mock_logic
# the following private attribute should not be exists in Article model
self.assertFalse(hasattr(Article, '_permission_logics'))
self.assertFalse(hasattr(Article, '_permission_handler'))
# but after add permission logic, they will be appeared
add_permission_logic(Article, m)
self.assertTrue(hasattr(Article, '_permission_logics'))
self.assertTrue(hasattr(Article, '_permission_handler'))
def test_remove_permission_logic_private_attributes(self):
m = self.mock_logic
add_permission_logic(Article, m)
self.assertTrue(hasattr(Article, '_permission_logics'))
self.assertTrue(hasattr(Article, '_permission_handler'))
# private attribute should not be disappeared
remove_permission_logic(Article, m)
self.assertTrue(hasattr(Article, '_permission_logics'))
self.assertTrue(hasattr(Article, '_permission_handler'))
def test_add_permission_logic_private_attributes(self):
m = self.mock_logic
# the following private attribute should not be exists in Article model
self.assertFalse(hasattr(Article, '_permission_logics'))
self.assertFalse(hasattr(Article, '_permission_handler'))
# but after add permission logic, they will be appeared
add_permission_logic(Article, m)
self.assertTrue(hasattr(Article, '_permission_logics'))
self.assertTrue(hasattr(Article, '_permission_handler'))
def test_remove_permission_logic_exception(self):
m = self.mock_logic
add_permission_logic(Article, m)
remove_permission_logic(Article, m)
# it shuld not raise exception
remove_permission_logic(Article, m)
# it should raise exception if fail_silently is False
self.assertRaises(KeyError,
remove_permission_logic,
Article,
m,
fail_silently=False)
def test_remove_permission_logic_registry(self):
m = self.mock_logic
add_permission_logic(Article, m)
self.assertEqual(Article._permission_logics, set([m]))
self.assertTrue(
isinstance(registry._registry[Article], LogicalPermissionHandler))
# permission_logics should be changed but registry
# should not be changed
remove_permission_logic(Article, m)
self.assertEqual(Article._permission_logics, set())
self.assertTrue(
isinstance(registry._registry[Article], LogicalPermissionHandler))
def test_remove_permission_logic_registry(self):
m = self.mock_logic
add_permission_logic(Article, m)
self.assertEqual(Article._permission_logics, set([m]))
self.assertTrue(isinstance(registry._registry[Article],
LogicalPermissionHandler))
# permission_logics should be changed but registry
# should not be changed
remove_permission_logic(Article, m)
self.assertEqual(Article._permission_logics, set())
self.assertTrue(isinstance(registry._registry[Article],
LogicalPermissionHandler))
def test_user_can_create_customer_if_he_is_not_staff_if_settings_are_tweaked(
self):
add_permission_logic(Customer, OWNER_CAN_MANAGE_CUSTOMER_LOGICS)
self.client.force_authenticate(user=self.users['not_owner'])
response = self.client.post(reverse('customer-list'),
self._get_valid_payload())
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# User became owner of created customer
self.assertEqual(response.data['owners'][0]['uuid'],
self.users['not_owner'].uuid.hex)
remove_permission_logic(Customer, OWNER_CAN_MANAGE_CUSTOMER_LOGICS)
def test_constructor(self):
permission_logic = GroupInPermissionLogic('admin')
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, GroupInPermissionLogic))
self.assertEqual(permission_logic.group_names, ['admin'])
self.assertEqual(permission_logic.any_permission, True)
self.assertEqual(permission_logic.add_permission, True)
self.assertEqual(permission_logic.change_permission, True)
self.assertEqual(permission_logic.delete_permission, True)
permission_logic = GroupInPermissionLogic(['admin', 'staff'])
self.assertTrue(isinstance(permission_logic, GroupInPermissionLogic))
self.assertEqual(permission_logic.group_names, ['admin', 'staff'])
self.assertEqual(permission_logic.any_permission, True)
self.assertEqual(permission_logic.add_permission, True)
self.assertEqual(permission_logic.change_permission, True)
self.assertEqual(permission_logic.delete_permission, True)
def test_constructor(self):
permission_logic = GroupInPermissionLogic('admin')
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, GroupInPermissionLogic))
self.assertEqual(permission_logic.group_names, ['admin'])
self.assertEqual(permission_logic.any_permission, True)
self.assertEqual(permission_logic.add_permission, True)
self.assertEqual(permission_logic.change_permission, True)
self.assertEqual(permission_logic.delete_permission, True)
permission_logic = GroupInPermissionLogic(['admin', 'staff'])
self.assertTrue(isinstance(permission_logic, GroupInPermissionLogic))
self.assertEqual(permission_logic.group_names, ['admin', 'staff'])
self.assertEqual(permission_logic.any_permission, True)
self.assertEqual(permission_logic.add_permission, True)
self.assertEqual(permission_logic.change_permission, True)
self.assertEqual(permission_logic.delete_permission, True)
def discover(app, module_name=None):
"""
Automatically apply the permission logics written in the specified
module.
Examples
--------
Assume if you have a ``perms.py`` in ``your_app`` as::
from permission.logics import AuthorPermissionLogic
PERMISSION_LOGICS = (
('your_app.your_model', AuthorPermissionLogic),
)
Use this method to apply the permission logics enumerated in
``PERMISSION_LOGICS`` variable like:
>>> discover('your_app')
"""
from permission.compat import import_module
from permission.compat import get_model
from permission.conf import settings
from permission.utils.logics import add_permission_logic
variable_name = settings.PERMISSION_AUTODISCOVER_VARIABLE_NAME
module_name = module_name or settings.PERMISSION_AUTODISCOVER_MODULE_NAME
# import the module
m = import_module('%s.%s' % (app, module_name))
# check if the module have PERMISSION_LOGICS variable
if hasattr(m, variable_name):
# apply permission logics automatically
permission_logic_set = getattr(m, variable_name)
for model, permission_logic in permission_logic_set:
if isinstance(model, six.string_types):
# convert model string to model instance
model = get_model(*model.split('.', 1))
add_permission_logic(model, permission_logic)
def discover(app, module_name=None):
"""
Automatically apply the permission logics written in the specified
module.
Examples
--------
Assume if you have a ``perms.py`` in ``your_app`` as::
from permission.logics import AuthorPermissionLogic
PERMISSION_LOGICS = (
('your_app.your_model', AuthorPermissionLogic),
)
Use this method to apply the permission logics enumerated in
``PERMISSION_LOGICS`` variable like:
>>> discover('your_app')
"""
from permission.compat import import_module
from permission.compat import get_model
from permission.conf import settings
from permission.utils.logics import add_permission_logic
variable_name = settings.PERMISSION_AUTODISCOVER_VARIABLE_NAME
module_name = module_name or settings.PERMISSION_AUTODISCOVER_MODULE_NAME
# import the module
m = import_module('%s.%s' % (app, module_name))
# check if the module have PERMISSION_LOGICS variable
if hasattr(m, variable_name):
# apply permission logics automatically
permission_logic_set = getattr(m, variable_name)
for model, permission_logic in permission_logic_set:
if isinstance(model, basestring):
# convert model string to model instance
model = get_model(*model.split('.', 1))
add_permission_logic(model, permission_logic)
def test_has_perm_delete_with_obj_with_anonymous(self):
permission_logic = GroupInPermissionLogic('admin')
add_permission_logic(self.article.__class__, permission_logic)
self.assertFalse(
permission_logic.has_perm(self.anonymous, self.perm3, self.article))
def test_constructor_with_specifing_change_permission(self):
permission_logic = GroupInPermissionLogic('admin', change_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, GroupInPermissionLogic))
self.assertEqual(permission_logic.change_permission, False)
def test_constructor_with_specifing_change_permission(self):
permission_logic = StaffPermissionLogic(change_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, StaffPermissionLogic))
self.assertEqual(permission_logic.change_permission, False)
def test_has_perm_change_with_obj_with_anonymous(self):
permission_logic = GroupInPermissionLogic('admin')
add_permission_logic(self.article.__class__, permission_logic)
self.assertFalse(
permission_logic.has_perm(self.anonymous, self.perm2, self.article))
def test_has_perm_delete_with_obj_with_anonymous(self):
permission_logic = StaffPermissionLogic()
add_permission_logic(self.article.__class__, permission_logic)
self.assertFalse(
permission_logic.has_perm(self.anonymous, self.perm3, self.article))
def test_has_perm_change_with_obj_with_anonymous(self):
permission_logic = StaffPermissionLogic()
add_permission_logic(self.article.__class__, permission_logic)
self.assertFalse(
permission_logic.has_perm(self.anonymous, self.perm2, self.article))
def test_constructor_with_specifing_delete_permission(self):
permission_logic = StaffPermissionLogic(delete_permission=False)
add_permission_logic(self.article.__class__, permission_logic)
self.assertTrue(isinstance(permission_logic, StaffPermissionLogic))
self.assertEqual(permission_logic.delete_permission, False)
def test_has_perm_change_without_obj_with_anonymous(self):
permission_logic = GroupInPermissionLogic("admin")
add_permission_logic(self.article.__class__, permission_logic)
self.assertFalse(permission_logic.has_perm(self.anonymous, self.perm2))