from __future__ import absolute_import, unicode_literals from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy from wagtail.wagtailredirects.models import Redirect permission_policy = ModelPermissionPolicy(Redirect)
class TestModelPermissionPolicy(PermissionPolicyTestCase):
def setUp(self):
super(TestModelPermissionPolicy, self).setUp()
self.policy = ModelPermissionPolicy(Image)
def test_user_has_permission(self):
self.assertUserPermissionMatrix([
# Superuser has permission to do everything
(self.superuser, True, True, True, True),
# Inactive superuser can do nothing
(self.inactive_superuser, False, False, False, False),
# User with 'add' permission via group can only add
(self.image_adder, True, False, False, False),
# User with 'add' permission via user can only add
(self.oneoff_image_adder, True, False, False, False),
# Inactive user with 'add' permission can do nothing
(self.inactive_image_adder, False, False, False, False),
# User with 'change' permission via group can only change
(self.image_changer, False, True, False, False),
# User with 'change' permission via user can only change
(self.oneoff_image_changer, False, True, False, False),
# Inactive user with 'add' permission can do nothing
(self.inactive_image_changer, False, False, False, False),
# User with 'delete' permission can only delete
(self.oneoff_image_deleter, False, False, True, False),
# User with no permissions can do nothing
(self.useless_user, False, False, False, False),
# Anonymous user can do nothing
(self.anonymous_user, False, False, False, False),
])
def test_user_has_any_permission(self):
# Superuser can do everything
self.assertTrue(
self.policy.user_has_any_permission(self.superuser, ['add', 'change'])
)
# Inactive superuser can do nothing
self.assertFalse(
self.policy.user_has_any_permission(self.inactive_superuser, ['add', 'change'])
)
# Only one of the permissions in the list needs to pass
# in order for user_has_any_permission to return true
self.assertTrue(
self.policy.user_has_any_permission(self.image_adder, ['add', 'change'])
)
self.assertTrue(
self.policy.user_has_any_permission(self.oneoff_image_adder, ['add', 'change'])
)
self.assertTrue(
self.policy.user_has_any_permission(self.image_changer, ['add', 'change'])
)
# User with some permission, but not the ones in the list,
# should return false
self.assertFalse(
self.policy.user_has_any_permission(self.image_changer, ['add', 'delete'])
)
# Inactive user with the appropriate permissions can do nothing
self.assertFalse(
self.policy.user_has_any_permission(self.inactive_image_adder, ['add', 'delete'])
)
# User with no permissions can do nothing
self.assertFalse(
self.policy.user_has_any_permission(self.useless_user, ['add', 'change'])
)
# Anonymous user can do nothing
self.assertFalse(
self.policy.user_has_any_permission(self.anonymous_user, ['add', 'change'])
)
def test_users_with_permission(self):
users_with_add_permission = self.policy.users_with_permission('add')
self.assertResultSetEqual(users_with_add_permission, [
self.superuser,
self.image_adder,
self.oneoff_image_adder,
])
users_with_change_permission = self.policy.users_with_permission('change')
self.assertResultSetEqual(users_with_change_permission, [
self.superuser,
self.image_changer,
self.oneoff_image_changer,
])
def test_users_with_any_permission(self):
users_with_add_or_change_permission = self.policy.users_with_any_permission(
['add', 'change']
)
self.assertResultSetEqual(users_with_add_or_change_permission, [
self.superuser,
self.image_adder,
self.oneoff_image_adder,
self.image_changer,
self.oneoff_image_changer,
])
users_with_change_or_delete_permission = self.policy.users_with_any_permission(
['change', 'delete']
)
self.assertResultSetEqual(users_with_change_or_delete_permission, [
self.superuser,
self.image_changer,
self.oneoff_image_changer,
self.oneoff_image_deleter,
])
def test_user_has_permission_for_instance(self):
# Permissions for this policy are applied at the model level,
# so rules for a specific instance will match rules for the
# model as a whole
self.assertUserInstancePermissionMatrix(self.adder_image, [
(self.superuser, True, True, True),
(self.inactive_superuser, False, False, False),
(self.image_adder, False, False, False),
(self.oneoff_image_adder, False, False, False),
(self.inactive_image_adder, False, False, False),
(self.image_changer, True, False, False),
(self.oneoff_image_changer, True, False, False),
(self.inactive_image_changer, False, False, False),
(self.oneoff_image_deleter, False, True, False),
(self.useless_user, False, False, False),
(self.anonymous_user, False, False, False),
])
def test_user_has_any_permission_for_instance(self):
# Superuser can do everything
self.assertTrue(
self.policy.user_has_any_permission_for_instance(
self.superuser, ['change', 'delete'], self.adder_image
)
)
# Inactive superuser can do nothing
self.assertFalse(
self.policy.user_has_any_permission_for_instance(
self.inactive_superuser, ['change', 'delete'], self.adder_image
)
)
# Only one of the permissions in the list needs to pass
# in order for user_has_any_permission to return true
self.assertTrue(
self.policy.user_has_any_permission_for_instance(
self.image_changer, ['change', 'delete'], self.adder_image
)
)
self.assertTrue(
self.policy.user_has_any_permission_for_instance(
self.oneoff_image_changer, ['change', 'delete'], self.adder_image
)
)
# User with some permission, but not the ones in the list,
# should return false
self.assertFalse(
self.policy.user_has_any_permission_for_instance(
self.image_adder, ['change', 'delete'], self.adder_image
)
)
# Inactive user with the appropriate permissions can do nothing
self.assertFalse(
self.policy.user_has_any_permission_for_instance(
self.inactive_image_changer, ['change', 'delete'], self.adder_image
)
)
# User with no permissions can do nothing
self.assertFalse(
self.policy.user_has_any_permission_for_instance(
self.useless_user, ['change', 'delete'], self.adder_image
)
)
# Anonymous user can do nothing
self.assertFalse(
self.policy.user_has_any_permission_for_instance(
self.anonymous_user, ['change', 'delete'], self.adder_image
)
)
def test_instances_user_has_permission_for(self):
all_images = [
self.adder_image, self.useless_image, self.anonymous_image
]
no_images = []
# the set of images editable by superuser includes all images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.superuser, 'change'
),
all_images
)
# the set of images editable by inactive superuser includes no images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.inactive_superuser, 'change'
),
no_images
)
# given the relevant model permission at the group level, a user can edit all images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.image_changer, 'change'
),
all_images
)
# given the relevant model permission at the user level, a user can edit all images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.oneoff_image_changer, 'change'
),
all_images
)
# a user with no permission can edit no images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.useless_user, 'change'
),
no_images
)
# an inactive user with the relevant permission can edit no images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.inactive_image_changer, 'change'
),
no_images
)
# a user with permission, but not the matching one, can edit no images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.image_changer, 'delete'
),
no_images
)
# the set of images editable by anonymous user includes no images
self.assertResultSetEqual(
self.policy.instances_user_has_permission_for(
self.anonymous_user, 'change'
),
no_images
)
def test_instances_user_has_any_permission_for(self):
all_images = [
self.adder_image, self.useless_image, self.anonymous_image
]
no_images = []
# the set of images editable by superuser includes all images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.superuser, ['change', 'delete']
),
all_images
)
# the set of images editable by inactive superuser includes no images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.inactive_superuser, ['change', 'delete']
),
no_images
)
# given the relevant model permission at the group level, a user can edit all images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.image_changer, ['change', 'delete']
),
all_images
)
# given the relevant model permission at the user level, a user can edit all images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.oneoff_image_changer, ['change', 'delete']
),
all_images
)
# a user with no permission can edit no images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.useless_user, ['change', 'delete']
),
no_images
)
# an inactive user with the relevant permission can edit no images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.inactive_image_changer, ['change', 'delete']
),
no_images
)
# a user with permission, but not the matching one, can edit no images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.image_adder, ['change', 'delete']
),
no_images
)
# the set of images editable by anonymous user includes no images
self.assertResultSetEqual(
self.policy.instances_user_has_any_permission_for(
self.anonymous_user, ['change', 'delete']
),
no_images
)
def test_users_with_permission_for_instance(self):
users_with_change_permission = self.policy.users_with_permission_for_instance(
'change', self.useless_image
)
self.assertResultSetEqual(users_with_change_permission, [
self.superuser,
self.image_changer,
self.oneoff_image_changer,
])
users_with_delete_permission = self.policy.users_with_permission_for_instance(
'delete', self.useless_image
)
self.assertResultSetEqual(users_with_delete_permission, [
self.superuser,
self.oneoff_image_deleter,
])
def test_users_with_any_permission_for_instance(self):
users_with_change_or_del_permission = self.policy.users_with_any_permission_for_instance(
['change', 'delete'], self.useless_image
)
self.assertResultSetEqual(users_with_change_or_del_permission, [
self.superuser,
self.image_changer,
self.oneoff_image_changer,
self.oneoff_image_deleter,
])
def setUp(self):
super(TestModelPermissionPolicy, self).setUp()
self.policy = ModelPermissionPolicy(Image)
from __future__ import absolute_import, unicode_literals
from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy
from wagtailreports.models import get_report_model, get_report_panel_model
report_permission_policy = ModelPermissionPolicy(get_report_model())
report_panel_permission_policy = ModelPermissionPolicy(
get_report_panel_model())
from __future__ import absolute_import, unicode_literals from django.contrib.auth import get_user_model from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy User = get_user_model() permission_policy = ModelPermissionPolicy(User)
from __future__ import absolute_import, unicode_literals
from django.utils.translation import ugettext_lazy
from wagtail.wagtailadmin.views import generic
from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy
from wagtailtrans.forms import LanguageForm
from wagtailtrans.models import Language
language_permission_policy = ModelPermissionPolicy(Language)
class Index(generic.IndexView):
model = Language
permission_policy = language_permission_policy
context_object_name = 'languages'
template_name = 'wagtailtrans/languages/index.html'
add_url_name = 'wagtailtrans_languages:add'
page_title = ugettext_lazy("Languages")
add_item_label = ugettext_lazy("Add a language")
header_icon = 'folder-open-1'
class Create(generic.CreateView):
form_class = LanguageForm
permission_policy = language_permission_policy
page_title = ugettext_lazy("Add language")
success_message = ugettext_lazy("Language '{0}' created.")
add_url_name = 'wagtailtrans_languages:add'
edit_url_name = 'wagtailtrans_languages:edit'
index_url_name = 'wagtailtrans_languages:index'
from wagtail.wagtailcore.models import Collection, Site from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy site_permission_policy = ModelPermissionPolicy(Site) collection_permission_policy = ModelPermissionPolicy(Collection)
from wagtail.wagtailcore.models import Site from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy site_permission_policy = ModelPermissionPolicy(Site)
