def get_context_data(self, *args, **kwargs):
context = super(UserContactInfoView,
self).get_context_data(*args, **kwargs)
viewer_profile = models.UserProfile.get_profile(self.request.user)
context["username"] = self.kwargs.get("username", None)
context["user_profile"] = get_user_profile_or_404(context["username"])
if self.object:
owner_profile = self.object.profile
# pass in can_edit flag if viewer of the profile is also the owner
# it will then be used as a conditional to render edit buttons
context["can_edit"] = owner_profile == viewer_profile
# check access for both the profile and the contact
valid_profile_access = can_access(owner_profile, viewer_profile,
owner_profile.profile_access)
valid_contact_access = can_access(owner_profile, viewer_profile,
self.object.access)
# only let the page be viewed if there is valid access
if not (valid_profile_access and valid_contact_access):
raise PermissionDenied
self.username = context["username"]
self.profile = context["user_profile"]
return context
def test_private(self):
"""
Any combination of owner/viewer at the private level except when
the owner/viewer is the same returns False.
"""
# only true case
# test self viewing
self.assertTrue(can_access(self.member1_profile, self.member1_profile,
constants.PRIVATE_ACCESS))
# test member/anonymous viewing
self.assertFalse(can_access(self.member1_profile, None,
constants.PRIVATE_ACCESS))
# test member/registered viewing
self.assertFalse(can_access(self.member1_profile, self.registered1_profile,
constants.PRIVATE_ACCESS))
# test member/member viewing
self.assertFalse(can_access(self.member1_profile, self.member2_profile,
constants.PRIVATE_ACCESS))
# test admin/member viewing
self.assertFalse(can_access(self.admin1_profile, self.member1_profile,
constants.PRIVATE_ACCESS))
# test member/admin viewing
self.assertFalse(can_access(self.member1_profile, self.admin1_profile,
constants.PRIVATE_ACCESS))
# test admin/admin viewing
self.assertFalse(can_access(self.admin1_profile, self.admin2_profile,
constants.PRIVATE_ACCESS))
def test_admin(self):
"""
If the viewer is an admin, this should return True.
"""
# test member/anonymous viewing
self.assertFalse(can_access(self.member1_profile, None,
constants.ADMIN_ACCESS))
# test member/registered viewing
self.assertFalse(can_access(self.member1_profile, self.registered1_profile,
constants.ADMIN_ACCESS))
# test member/member viewing
self.assertFalse(can_access(self.member1_profile, self.member2_profile,
constants.ADMIN_ACCESS))
# test admin/member viewing
self.assertFalse(can_access(self.admin1_profile, self.member1_profile,
constants.ADMIN_ACCESS))
# test self viewing -- the one member level that is true because
# you can view your own things
self.assertTrue(can_access(self.member1_profile, self.member1_profile,
constants.ADMIN_ACCESS))
# test member/admin viewing
self.assertTrue(can_access(self.member1_profile, self.admin1_profile,
constants.ADMIN_ACCESS))
# test admin/admin viewing
self.assertTrue(can_access(self.admin1_profile, self.admin2_profile,
constants.ADMIN_ACCESS))
def test_member(self):
"""
If the viewer is a member, this should return True.
"""
# test member/anonymous viewing
self.assertFalse(can_access(self.member1_profile, None,
constants.MEMBERS_ACCESS))
# test member/registered viewing
self.assertFalse(can_access(self.member1_profile, self.registered1_profile,
constants.MEMBERS_ACCESS))
# test member/member viewing
self.assertTrue(can_access(self.member1_profile, self.member2_profile,
constants.MEMBERS_ACCESS))
# test self viewing
self.assertTrue(can_access(self.member1_profile, self.member1_profile,
constants.MEMBERS_ACCESS))
# test admin/member viewing
self.assertTrue(can_access(self.admin1_profile, self.member1_profile,
constants.MEMBERS_ACCESS))
# test member/admin viewing
self.assertTrue(can_access(self.member1_profile, self.admin1_profile,
constants.MEMBERS_ACCESS))
# test admin/admin viewing
self.assertTrue(can_access(self.admin1_profile, self.admin2_profile,
constants.MEMBERS_ACCESS))
def test_registered(self):
"""
If the viewer is anonymous, this should return False.
"""
# only false case
# test member/anonymous viewing
self.assertFalse(can_access(self.member1_profile, None,
constants.REGISTERED_ACCESS))
# test member/registered viewing
self.assertTrue(can_access(self.member1_profile, self.registered1_profile,
constants.REGISTERED_ACCESS))
# test member/member viewing
self.assertTrue(can_access(self.member1_profile, self.member2_profile,
constants.REGISTERED_ACCESS))
# test self viewing
self.assertTrue(can_access(self.member1_profile, self.member1_profile,
constants.REGISTERED_ACCESS))
# test admin/member viewing
self.assertTrue(can_access(self.admin1_profile, self.member1_profile,
constants.REGISTERED_ACCESS))
# test member/admin viewing
self.assertTrue(can_access(self.member1_profile, self.admin1_profile,
constants.REGISTERED_ACCESS))
# test admin/admin viewing
self.assertTrue(can_access(self.admin1_profile, self.admin2_profile,
constants.REGISTERED_ACCESS))
def test_public(self):
"""
Any combination of owner/viewer at the public level should
be True.
"""
# test member/anonymous viewing
self.assertTrue(can_access(self.member1_profile, None,
constants.PUBLIC_ACCESS))
# test member/registered viewing
self.assertTrue(can_access(self.member1_profile, self.registered1_profile,
constants.PUBLIC_ACCESS))
# test member/member viewing
self.assertTrue(can_access(self.member1_profile, self.member2_profile,
constants.PUBLIC_ACCESS))
# test self viewing
self.assertTrue(can_access(self.member1_profile, self.member1_profile,
constants.PUBLIC_ACCESS))
# test admin/member viewing
self.assertTrue(can_access(self.admin1_profile, self.member1_profile,
constants.PUBLIC_ACCESS))
# test member/admin viewing
self.assertTrue(can_access(self.member1_profile, self.admin1_profile,
constants.PUBLIC_ACCESS))
# test admin/admin viewing
self.assertTrue(can_access(self.admin1_profile, self.admin2_profile,
constants.PUBLIC_ACCESS))
def test_private(self):
"""
Any combination of owner/viewer at the private level except when
the owner/viewer is the same returns False.
"""
# only true case
# test self viewing
self.assertTrue(
can_access(self.member1_profile, self.member1_profile,
constants.PRIVATE_ACCESS))
# test member/anonymous viewing
self.assertFalse(
can_access(self.member1_profile, None, constants.PRIVATE_ACCESS))
# test member/registered viewing
self.assertFalse(
can_access(self.member1_profile, self.registered1_profile,
constants.PRIVATE_ACCESS))
# test member/member viewing
self.assertFalse(
can_access(self.member1_profile, self.member2_profile,
constants.PRIVATE_ACCESS))
# test admin/member viewing
self.assertFalse(
can_access(self.admin1_profile, self.member1_profile,
constants.PRIVATE_ACCESS))
# test member/admin viewing
self.assertFalse(
can_access(self.member1_profile, self.admin1_profile,
constants.PRIVATE_ACCESS))
# test admin/admin viewing
self.assertFalse(
can_access(self.admin1_profile, self.admin2_profile,
constants.PRIVATE_ACCESS))
def test_admin(self):
"""
If the viewer is an admin, this should return True.
"""
# test member/anonymous viewing
self.assertFalse(
can_access(self.member1_profile, None, constants.ADMIN_ACCESS))
# test member/registered viewing
self.assertFalse(
can_access(self.member1_profile, self.registered1_profile,
constants.ADMIN_ACCESS))
# test member/member viewing
self.assertFalse(
can_access(self.member1_profile, self.member2_profile,
constants.ADMIN_ACCESS))
# test admin/member viewing
self.assertFalse(
can_access(self.admin1_profile, self.member1_profile,
constants.ADMIN_ACCESS))
# test self viewing -- the one member level that is true because
# you can view your own things
self.assertTrue(
can_access(self.member1_profile, self.member1_profile,
constants.ADMIN_ACCESS))
# test member/admin viewing
self.assertTrue(
can_access(self.member1_profile, self.admin1_profile,
constants.ADMIN_ACCESS))
# test admin/admin viewing
self.assertTrue(
can_access(self.admin1_profile, self.admin2_profile,
constants.ADMIN_ACCESS))
def test_member(self):
"""
If the viewer is a member, this should return True.
"""
# test member/anonymous viewing
self.assertFalse(
can_access(self.member1_profile, None, constants.MEMBERS_ACCESS))
# test member/registered viewing
self.assertFalse(
can_access(self.member1_profile, self.registered1_profile,
constants.MEMBERS_ACCESS))
# test member/member viewing
self.assertTrue(
can_access(self.member1_profile, self.member2_profile,
constants.MEMBERS_ACCESS))
# test self viewing
self.assertTrue(
can_access(self.member1_profile, self.member1_profile,
constants.MEMBERS_ACCESS))
# test admin/member viewing
self.assertTrue(
can_access(self.admin1_profile, self.member1_profile,
constants.MEMBERS_ACCESS))
# test member/admin viewing
self.assertTrue(
can_access(self.member1_profile, self.admin1_profile,
constants.MEMBERS_ACCESS))
# test admin/admin viewing
self.assertTrue(
can_access(self.admin1_profile, self.admin2_profile,
constants.MEMBERS_ACCESS))
def test_registered(self):
"""
If the viewer is anonymous, this should return False.
"""
# only false case
# test member/anonymous viewing
self.assertFalse(
can_access(self.member1_profile, None,
constants.REGISTERED_ACCESS))
# test member/registered viewing
self.assertTrue(
can_access(self.member1_profile, self.registered1_profile,
constants.REGISTERED_ACCESS))
# test member/member viewing
self.assertTrue(
can_access(self.member1_profile, self.member2_profile,
constants.REGISTERED_ACCESS))
# test self viewing
self.assertTrue(
can_access(self.member1_profile, self.member1_profile,
constants.REGISTERED_ACCESS))
# test admin/member viewing
self.assertTrue(
can_access(self.admin1_profile, self.member1_profile,
constants.REGISTERED_ACCESS))
# test member/admin viewing
self.assertTrue(
can_access(self.member1_profile, self.admin1_profile,
constants.REGISTERED_ACCESS))
# test admin/admin viewing
self.assertTrue(
can_access(self.admin1_profile, self.admin2_profile,
constants.REGISTERED_ACCESS))
def test_public(self):
"""
Any combination of owner/viewer at the public level should
be True.
"""
# test member/anonymous viewing
self.assertTrue(
can_access(self.member1_profile, None, constants.PUBLIC_ACCESS))
# test member/registered viewing
self.assertTrue(
can_access(self.member1_profile, self.registered1_profile,
constants.PUBLIC_ACCESS))
# test member/member viewing
self.assertTrue(
can_access(self.member1_profile, self.member2_profile,
constants.PUBLIC_ACCESS))
# test self viewing
self.assertTrue(
can_access(self.member1_profile, self.member1_profile,
constants.PUBLIC_ACCESS))
# test admin/member viewing
self.assertTrue(
can_access(self.admin1_profile, self.member1_profile,
constants.PUBLIC_ACCESS))
# test member/admin viewing
self.assertTrue(
can_access(self.member1_profile, self.admin1_profile,
constants.PUBLIC_ACCESS))
# test admin/admin viewing
self.assertTrue(
can_access(self.admin1_profile, self.admin2_profile,
constants.PUBLIC_ACCESS))
def test_func(self, user):
"""
Test for the given user's ability to access based on the access field.
"""
detail_object = self.get_object()
access = getattr(detail_object, self.access_field_name, None)
profile = models.UserProfile.get_profile(user)
logger.debug("testing access %s for %s" % (access, str(profile)))
if can_access(None, profile, access):
return True
elif user.is_authenticated():
raise PermissionDenied()