def setUp(self): self.test_user = User.objects.get_or_create(username='******', password='******')[0] self.setup_request() # Superuser. self.superuser = User.objects.get(username='******') # Cyder admin. self.cyder_admin = User.objects.get_or_create(username='******', password='******')[0] self.ctnr_global = Ctnr.objects.get(id=1) self.ctnr_user_cyder_admin_global = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin_global.save() # Admin. self.ctnr_admin = Ctnr(id=None, name="admin") self.ctnr_admin.save() self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=2) self.ctnr_user_admin.save() self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin.save() # User. self.ctnr_user = Ctnr(id=None, name="user") self.ctnr_user.save() self.ctnr_user_user = CtnrUser(id=None, ctnr=self.ctnr_user, user=self.test_user, level=1) self.ctnr_user_user.save() # Guest. self.ctnr_guest = Ctnr(id=None, name="guest") self.ctnr_guest.save() self.ctnr_user_guest = CtnrUser(id=None, ctnr=self.ctnr_guest, user=self.test_user, level=0) self.ctnr_user_guest.save() # Pleb. self.pleb_user = User.objects.get_or_create(username='******', password='******')[0]
def setUp(self): self.test_user = User.objects.get_or_create(username='******', password='******')[0] self.setup_request() # Superuser. self.superuser = User.objects.get(username='******') # Cyder admin. self.cyder_admin = User.objects.get_or_create( username='******', password='******')[0] self.ctnr_global = Ctnr.objects.get(id=1) self.ctnr_user_cyder_admin_global = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin_global.save() # Admin. self.ctnr_admin = Ctnr(id=None, name="admin") self.ctnr_admin.save() self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=2) self.ctnr_user_admin.save() self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin.save() # User. self.ctnr_user = Ctnr(id=None, name="user") self.ctnr_user.save() self.ctnr_user_user = CtnrUser(id=None, ctnr=self.ctnr_user, user=self.test_user, level=1) self.ctnr_user_user.save() # Guest. self.ctnr_guest = Ctnr(id=None, name="guest") self.ctnr_guest.save() self.ctnr_user_guest = CtnrUser(id=None, ctnr=self.ctnr_guest, user=self.test_user, level=0) self.ctnr_user_guest.save() # Pleb. self.pleb_user = User.objects.get_or_create(username='******', password='******')[0]
def clone_perms(request, user_id): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) acting_user = request.user.get_profile() if not acting_user.has_perm(request, 2, obj_class='User'): return HttpResponse( json.dumps({ 'errors': { '__all__': 'You do not have permissions to perform ' + 'this action' } })) profile = UserProfile.objects.get(user__id=user_id) perms_qs = CtnrUser.objects.filter(user__id=user_id) if not perms_qs.exists(): perms_qs = [] users = request.POST.get('users', None) if not users: return HttpResponse( json.dumps({'errors': { '__all__': 'No users provided' }})) users = users.split(',') for user in users: user_qs = User.objects.filter(username=user) if not user_qs.exists(): user = User(username=user) user.save() else: user = user_qs.get() CtnrUser.objects.filter(user=user).delete() for perm in perms_qs: ctnr_user_qs = CtnrUser.objects.filter(user=user, ctnr=perm.ctnr) if not ctnr_user_qs.exists(): ctnr_user = CtnrUser(user=user, ctnr=perm.ctnr, level=perm.level) else: ctnr_user = ctnr_user_qs.get() ctnr_user.level = perm.level ctnr_user.save() return HttpResponse(json.dumps({'success': True}))
def add_user(request, ctnr, name): confirmation = request.POST.get('confirmation', '') level = request.POST.get('level', '') if not name: return HttpResponse(json.dumps({'error': 'Please enter a user name'})) if not level: return HttpResponse( json.dumps({'error': 'Please select an administrative level'})) if (confirmation == 'false' and not User.objects.filter(username=name).exists()): return HttpResponse( json.dumps({ 'acknowledge': 'This user is not in any other container. ' 'Are you sure you want to create this user?' })) user, _ = User.objects.get_or_create(username=name) user.save() if CtnrUser.objects.filter(user_id=user.id, ctnr_id=ctnr.id).exists(): return HttpResponse( json.dumps({'error': 'This user already exists in this container'})) CtnrUser(user_id=user.id, ctnr_id=ctnr.id, level=level).save() return HttpResponse(json.dumps({'success': True}))
def login_session(request, username): """Logs in a user and sets up the session.""" try: # Authenticate / login. user = User.objects.get(username=username) user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) except User.DoesNotExist: messages.error(request, "User %s does not exist" % (username)) return request try: # Create user profile if needed. request.user.get_profile() except UserProfile.DoesNotExist: profile = UserProfile(user=user) profile.save() try: # Assign user to default ctnr if needed. CtnrUser.objects.get(user=request.user, ctnr_id=request.user.get_profile().default_ctnr) except CtnrUser.DoesNotExist: new_default_ctnr = Ctnr.objects.get(id=2) CtnrUser(user=request.user, ctnr=new_default_ctnr, level=0).save() # Set session ctnr. default_ctnr = request.user.get_profile().default_ctnr if default_ctnr: request.session['ctnr'] = Ctnr.objects.get(id=default_ctnr.id) else: request.session['ctnr'] = Ctnr.objects.get(id=2) # Set session ctnr level. request.session['level'] = CtnrUser.objects.get(user=request.user, ctnr=default_ctnr).level try: # Set ctnr list (to switch between). global_ctnr = CtnrUser.objects.get(user=request.user, ctnr=1) if global_ctnr: request.session['ctnrs'] = ( list(Ctnr.objects.filter(Q(id=1) | Q(id=2))) + list(Ctnr.objects.exclude(Q(id=1) | Q(id=2)).order_by("name"))) except CtnrUser.DoesNotExist: # Set ctnr list (to switch between). ctnrs_user = CtnrUser.objects.filter(user=request.user) ctnrs = [ Ctnr.objects.get(id=ctnr_pk) for ctnr_pk in ctnrs_user.values_list('ctnr', flat=True) ] request.session['ctnrs'] = ctnrs return request
def clone_perms(request, user_id): if not request.POST: return redirect(request.META.get('HTTP_REFERER', '')) acting_user = request.user.get_profile() if not acting_user.has_perm(request, 2, obj_class='User'): return HttpResponse(json.dumps( {'errors': {'__all__': 'You do not have permissions to perform ' + 'this action'}})) user = UserProfile.objects.get(id=user_id) perms_qs = CtnrUser.objects.filter(user__id=user_id) if not perms_qs.exists(): perms_qs = [] users = request.POST.get('users', None) if not users: return HttpResponse(json.dumps( {'errors': {'__all__': 'No users provided'}})) users = users.split(',') for user in users: user_qs = User.objects.filter(username=user) if not user_qs.exists(): user = User(username=user) user.save() else: user = user_qs.get() CtnrUser.objects.filter(user=user).delete() for perm in perms_qs: ctnr_user_qs = CtnrUser.objects.filter(user=user, ctnr=perm.ctnr) if not ctnr_user_qs.exists(): ctnr_user = CtnrUser( user=user, ctnr=perm.ctnr, level=perm.level) else: ctnr_user = ctnr_user_qs.get() ctnr_user.level = perm.level ctnr_user.save() return HttpResponse(json.dumps({'success': True}))
def setUp(self): # test user is for tests only self.test_user = User.objects.get_or_create(username='******', password='******')[0] # development user exists as fixture, has admin to all ctnrs self.dev_user = User.objects.get(username='******') # create container where user has no admin self.ctnr = Ctnr(id=None, name="no_admin") self.ctnr.save() self.ctnr_user = CtnrUser(id=None, ctnr=self.ctnr, user=self.test_user, level=0) self.ctnr_user.save() # create container where user has admin self.ctnr_admin = Ctnr(id=None, name="has_admin") self.ctnr_admin.save() self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=1) self.ctnr_user_admin.save() # create container that is meant to stay empty self.ctnr_empty = Ctnr(id=None, name="empty") self.ctnr_empty.save() self.ctnr_user_empty = CtnrUser(id=None, ctnr=self.ctnr_empty, user=self.test_user, level=1) self.ctnr_user_empty.save()
class PermissionsTest(TestCase): fixtures = ['initial_data.json'] def setUp(self): self.test_user = User.objects.get_or_create(username='******', password='******')[0] self.setup_request() # Superuser. self.superuser = User.objects.get(username='******') # Cyder admin. self.cyder_admin = User.objects.get_or_create(username='******', password='******')[0] self.ctnr_global = Ctnr.objects.get(id=1) self.ctnr_user_cyder_admin_global = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin_global.save() # Admin. self.ctnr_admin = Ctnr(id=None, name="admin") self.ctnr_admin.save() self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=2) self.ctnr_user_admin.save() self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin.save() # User. self.ctnr_user = Ctnr(id=None, name="user") self.ctnr_user.save() self.ctnr_user_user = CtnrUser(id=None, ctnr=self.ctnr_user, user=self.test_user, level=1) self.ctnr_user_user.save() # Guest. self.ctnr_guest = Ctnr(id=None, name="guest") self.ctnr_guest.save() self.ctnr_user_guest = CtnrUser(id=None, ctnr=self.ctnr_guest, user=self.test_user, level=0) self.ctnr_user_guest.save() # Pleb. self.pleb_user = User.objects.get_or_create(username='******', password='******')[0] def test_soa_perms(self): """ Test SOA perms """ self.setup_request() perm_table = { 'cyder_admin': ['all'], 'admin': ['view'], 'user': ['view'], 'guest': ['view'], } # initialize obj into ctnrs obj = SOA() obj.primary = '192.168.1.1' obj.contact = '192.168.1.1' obj.save() domain = Domain(id=None, name='foo') domain.soa = obj domain.save() self.ctnr_admin.domains.add(domain) self.ctnr_user.domains.add(domain) self.ctnr_guest.domains.add(domain) self.save_all_ctnrs() self.check_perms_each_user(obj, perm_table) def test_domain_perms(self): """ Test domain perms """ self.setup_request() perm_table = { 'cyder_admin': ['view', 'update'], 'admin': ['view', 'update'], 'user': ['view', 'update'], 'guest': ['view'], } # Initialize obj into ctnrs. obj = Domain(id=None, name='foo') obj.save() self.ctnr_admin.domains.add(obj) self.ctnr_user.domains.add(obj) self.ctnr_guest.domains.add(obj) self.save_all_ctnrs() self.check_perms_each_user(obj, perm_table) def test_domain_records_perms(self): """ Test common domain record perms (cname, mx, txt, srv, ns) """ self.setup_request() perm_table = { 'cyder_admin': ['all'], 'admin': ['all'], 'user': ['all'], 'guest': ['view'], } # Initialize objs into ctnrs. domain = Domain(id=None, name='foo') domain.save() self.ctnr_admin.domains.add(domain) self.ctnr_user.domains.add(domain) self.ctnr_guest.domains.add(domain) self.save_all_ctnrs() domain_records = [] domain_records.append(AddressRecord(domain=domain)) domain_records.append(CNAME(domain=domain)) domain_records.append(MX(domain=domain)) domain_records.append(SRV(domain=domain)) domain_records.append(TXT(domain=domain)) domain_records.append(Nameserver(domain=domain)) for obj in domain_records: self.check_perms_each_user(obj, perm_table) def setup_request(self): """ Utility function for flushing and setting up request object for testing """ self.request = HttpRequest() self.request.user = self.test_user self.request.session = SessionStore() def save_all_ctnrs(self): """ Utility function that simply saves all of the defined ctnrs Called after adding an object to each one """ self.ctnr_admin.save() self.ctnr_user.save() self.ctnr_guest.save() def check_perms_each_user(self, obj, perm_table): """ Utility function for checking permissions """ # Superuser. self.request.user = self.superuser self.request.session['ctnr'] = self.ctnr_guest self.assert_perms(obj, perm_table, 'superuser') # Cyder admin. self.request.user = self.cyder_admin self.request.session['ctnr'] = self.ctnr_admin self.assert_perms(obj, perm_table, 'cyder_admin') # Admin. self.request.user = self.test_user self.request.session['ctnr'] = self.ctnr_admin self.assert_perms(obj, perm_table, 'admin') # User. self.request.session['ctnr'] = self.ctnr_user self.assert_perms(obj, perm_table, 'user') # Guest. self.request.session['ctnr'] = self.ctnr_guest self.assert_perms(obj, perm_table, 'guest') # Pleb. self.request.user = self.pleb_user self.assert_perms(obj, perm_table, 'pleb') def assert_perms(self, obj, perm_table, user_level): """ Utility function that gets each type of permissions for an object and asserts against perm table. """ create_perm = self.request.user.get_profile().has_perm(self.request, obj, 'create') view_perm = self.request.user.get_profile().has_perm(self.request, obj, 'view') update_perm = self.request.user.get_profile().has_perm(self.request, obj, 'update') delete_perm = self.request.user.get_profile().has_perm(self.request, obj, 'delete') actual_perms = { 'all': create_perm and view_perm and update_perm and delete_perm, 'create': create_perm, 'view': view_perm, 'update': update_perm, 'delete': delete_perm, } # Superuser. actual_perms_list = [create_perm, view_perm, update_perm, delete_perm] if user_level == 'superuser': for perm in actual_perms_list: self.assertTrue(perm, "Superuser should automatically have all permissions" ) return # Pleb. if not user_level in perm_table: for actual_perm in actual_perms_list: self.assertTrue(not actual_perm, "%s should not have any permissions to %s" % (user_level, obj.__class__.__name__) ) return # Get what permissions should be from permissions table. test_perm_list = perm_table[user_level] # Generically compare actual perms to what they should be (test_perm_list). for perm_type, actual_perm in actual_perms.iteritems(): # If should have perm. if perm_type in test_perm_list: self.assertTrue(actual_perm, "%s should have %s perms to %s" % (user_level, perm_type, obj.__class__.__name__) ) # If should not have perm. elif 'all' not in test_perm_list: self.assertTrue(not actual_perm, "%s should not have %s perms to %s" % (user_level, perm_type, obj.__class__.__name__) )
from django.contrib.auth.models import User from cyder.core.ctnr.models import Ctnr, CtnrUser from cyder.cydns.domain.models import Domain ctnr = Ctnr.objects.get(id=1) domains = Domain.objects.filter(id__lte=3) for domain in domains: ctnr.domains.add(domain) user = User.objects.get(username='******') ctnr_user = CtnrUser(id=None, ctnr=ctnr, user=user, level=2) ctnr_user.save() ctnr.save()
def edit_user(request, username, action): acting_user = User.objects.get(id=request.session['_auth_user_id']) if acting_user.is_superuser is False: return HttpResponse(json.dumps( {'errors': {'__all__': 'You do not have superuser permissions'}})) if acting_user.username == username: return HttpResponse(json.dumps( {'errors': {'__all__': 'You do not have permission to perform ' + 'this action'}})) if action == 'Create': user, _ = User.objects.get_or_create(username=username) if _ is False: return HttpResponse(json.dumps( {'errors': {'__all__': 'A user with that username already ' + 'exists'}})) user.save() else: try: user = User.objects.get(username=username) if action == 'Promote': user.is_superuser = True user.save() try: ctnruser = CtnrUser.objects.get( user_id=user.id, ctnr_id=Ctnr.objects.get(name='global').id) ctnruser.level = 0 ctnruser.full_clean() ctnruser.save() except CtnrUser.DoesNotExist: ctnruser = CtnrUser( user_id=user.id, ctnr_id=Ctnr.objects.get(name='global').id, level=0) ctnruser.full_clean() ctnruser.save() elif action == 'Demote': user.is_superuser = False user.save() elif action == 'Delete': ctnrs = CtnrUser.objects.filter(user_id=user.id) for ctnr in ctnrs: ctnr.delete() user.delete() else: return HttpResponse(json.dumps( {'errors': {'__all__': 'Unknown action'}})) except: return HttpResponse(json.dumps( {'errors': {'__all__': 'An error occurred'}})) return HttpResponse(json.dumps({'success': True}))
def login_session(request, username): """Logs in a user and sets up the session.""" try: # Authenticate / login. user = User.objects.get(username=username) user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) except User.DoesNotExist: if not settings.TESTING: messages.error(request, "User %s does not exist" % (username)) return request try: # Create user profile if needed. request.user.get_profile() except UserProfile.DoesNotExist: profile = UserProfile(user=user) profile.save() try: # Assign user to default ctnr if needed. CtnrUser.objects.get(user=request.user, ctnr_id=request.user.get_profile().default_ctnr) except CtnrUser.DoesNotExist: new_default_ctnr = Ctnr.objects.get(id=2) if not CtnrUser.objects.filter( user=request.user, ctnr=new_default_ctnr).exists(): CtnrUser(user=request.user, ctnr=new_default_ctnr, level=0).save() # Set session ctnr. default_ctnr = request.user.get_profile().default_ctnr if default_ctnr: request.session['ctnr'] = Ctnr.objects.get(id=default_ctnr.id) else: request.session['ctnr'] = Ctnr.objects.get(id=2) if request.session['ctnr'].name == "default": default_ctnr = Ctnr.objects.get(name="global") request.session['ctnr'] = default_ctnr # Set session ctnr level. try: level = CtnrUser.objects.get(user=request.user, ctnr=default_ctnr).level except CtnrUser.DoesNotExist: level = LEVEL_GUEST request.session['level'] = level try: CtnrUser.objects.get(user=request.user, ctnr=1) ctnrs = Ctnr.objects.order_by("name") except CtnrUser.DoesNotExist: # Set ctnr list (to switch between). ctnrs_user = CtnrUser.objects.filter(user=request.user) ctnrs = ctnrs_user.values_list('ctnr', flat=True) ctnrs = Ctnr.objects.filter(id__in=ctnrs).order_by('name') global_ctnr = Ctnr.objects.get(id=1) ctnrs = ctnrs.exclude(Q(id=2) | Q(id=1)) ctnrs = [global_ctnr] + list(ctnrs) request.session['ctnrs'] = ctnrs return request
class PermissionsTest(TestCase): fixtures = ['core/users.json'] def setUp(self): self.test_user = User.objects.create(username='******') self.setup_request() # Superuser. self.superuser = User.objects.get(username='******') # Cyder admin. self.cyder_admin = User.objects.create(username='******') self.ctnr_global = Ctnr.objects.get(id=1) self.ctnr_user_cyder_admin_global = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin_global.save() # Admin. self.ctnr_admin = Ctnr(id=None, name="admin") self.ctnr_admin.save() self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=2) self.ctnr_user_admin.save() self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.cyder_admin, level=2) self.ctnr_user_cyder_admin.save() # User. self.ctnr_user = Ctnr(id=None, name="user") self.ctnr_user.save() self.ctnr_user_user = CtnrUser(id=None, ctnr=self.ctnr_user, user=self.test_user, level=1) self.ctnr_user_user.save() # Guest. self.ctnr_guest = Ctnr(id=None, name="guest") self.ctnr_guest.save() self.ctnr_user_guest = CtnrUser(id=None, ctnr=self.ctnr_guest, user=self.test_user, level=0) self.ctnr_user_guest.save() # Pleb. self.pleb_user = User.objects.create(username='******') def test_soa_perms(self): """ Test SOA perms """ self.setup_request() perm_table = { 'cyder_admin': ['all'], 'admin': [cy.ACTION_VIEW], 'user': [cy.ACTION_VIEW], 'guest': [cy.ACTION_VIEW], } # initialize obj into ctnrs obj = SOA() obj.primary = '192.168.1.1' obj.contact = '192.168.1.1' obj.save() domain = Domain(id=None, name='foo') domain.soa = obj domain.save() self.ctnr_admin.domains.add(domain) self.ctnr_user.domains.add(domain) self.ctnr_guest.domains.add(domain) self.save_all_ctnrs() self.check_perms_each_user(obj, perm_table) def test_domain_perms(self): """ Test domain perms """ self.setup_request() perm_table = { 'cyder_admin': [cy.ACTION_VIEW, cy.ACTION_UPDATE], 'admin': [cy.ACTION_VIEW, cy.ACTION_UPDATE], 'user': [cy.ACTION_VIEW, cy.ACTION_UPDATE], 'guest': [cy.ACTION_VIEW], } # Initialize obj into ctnrs. obj = Domain(id=None, name='foo') obj.save() self.ctnr_admin.domains.add(obj) self.ctnr_user.domains.add(obj) self.ctnr_guest.domains.add(obj) self.save_all_ctnrs() self.check_perms_each_user(obj, perm_table) def test_domain_records_perms(self): """ Test common domain record perms (cname, mx, txt, srv, ns) """ self.setup_request() perm_table = { 'cyder_admin': ['all'], 'admin': ['all'], 'user': ['all'], 'guest': [cy.ACTION_VIEW], } # Initialize objs into ctnrs. domain = Domain(id=None, name='foo') domain.save() self.ctnr_admin.domains.add(domain) self.ctnr_user.domains.add(domain) self.ctnr_guest.domains.add(domain) self.save_all_ctnrs() domain_records = [] domain_records.append(AddressRecord(domain=domain)) domain_records.append(CNAME(domain=domain)) domain_records.append(MX(domain=domain)) domain_records.append(SRV(domain=domain)) domain_records.append(TXT(domain=domain)) domain_records.append(Nameserver(domain=domain)) for obj in domain_records: self.check_perms_each_user(obj, perm_table) def setup_request(self): """ Utility function for flushing and setting up request object for testing """ self.request = HttpRequest() self.request.user = self.test_user self.request.session = SessionStore() def save_all_ctnrs(self): """ Utility function that simply saves all of the defined ctnrs Called after adding an object to each one """ self.ctnr_admin.save() self.ctnr_user.save() self.ctnr_guest.save() def check_perms_each_user(self, obj, perm_table): """ Utility function for checking permissions """ # Superuser. self.request.user = self.superuser self.request.session['ctnr'] = self.ctnr_guest self.assert_perms(obj, perm_table, 'superuser') # Cyder admin. self.request.user = self.cyder_admin self.request.session['ctnr'] = self.ctnr_admin self.assert_perms(obj, perm_table, 'cyder_admin') # Admin. self.request.user = self.test_user self.request.session['ctnr'] = self.ctnr_admin self.assert_perms(obj, perm_table, 'admin') # User. self.request.session['ctnr'] = self.ctnr_user self.assert_perms(obj, perm_table, 'user') # Guest. self.request.session['ctnr'] = self.ctnr_guest self.assert_perms(obj, perm_table, 'guest') # Pleb. self.request.user = self.pleb_user self.assert_perms(obj, perm_table, 'pleb') def assert_perms(self, obj, perm_table, user_level): """ Utility function that gets each type of permissions for an object and asserts against perm table. """ create_perm = self.request.user.get_profile().has_perm( self.request, cy.ACTION_CREATE, obj=obj) view_perm = self.request.user.get_profile().has_perm(self.request, cy.ACTION_VIEW, obj=obj) update_perm = self.request.user.get_profile().has_perm( self.request, cy.ACTION_UPDATE, obj=obj) delete_perm = self.request.user.get_profile().has_perm( self.request, cy.ACTION_DELETE, obj=obj) actual_perms = { 'all': create_perm and view_perm and update_perm and delete_perm, cy.ACTION_CREATE: create_perm, cy.ACTION_VIEW: view_perm, cy.ACTION_UPDATE: update_perm, cy.ACTION_DELETE: delete_perm, } # Superuser. actual_perms_list = [create_perm, view_perm, update_perm, delete_perm] if user_level == 'superuser': for perm in actual_perms_list: self.assertTrue(perm, "Superuser should have all permissions") return # Pleb. if not user_level in perm_table: for actual_perm in actual_perms_list: self.assertTrue( not actual_perm, "%s should not have any permissions to %s" % (user_level, obj.__class__.__name__)) return # Get what permissions should be from permissions table. test_perm_list = perm_table[user_level] # Generically compare actual perms to what they should be # (test_perm_list). for perm_type, actual_perm in actual_perms.iteritems(): # If should have perm. if perm_type in test_perm_list: self.assertTrue( actual_perm, "%s should have %s perms to %s" % (user_level, perm_type, obj.__class__.__name__)) # If should not have perm. elif 'all' not in test_perm_list: self.assertTrue( not actual_perm, "%s should not have %s perms to %s" % (user_level, perm_type, obj.__class__.__name__))
class CtnrPermissionsTest(TestCase): fixtures = ['initial_data.json'] def setUp(self): # test user is for tests only self.test_user = User.objects.get_or_create(username='******', password='******')[0] # development user exists as fixture, has admin to all ctnrs self.dev_user = User.objects.get(username='******') # create container where user has no admin self.ctnr = Ctnr(id=None, name="no_admin") self.ctnr.save() self.ctnr_user = CtnrUser(id=None, ctnr=self.ctnr, user=self.test_user, level=0) self.ctnr_user.save() # create container where user has admin self.ctnr_admin = Ctnr(id=None, name="has_admin") self.ctnr_admin.save() self.ctnr_user_admin = CtnrUser(id=None, ctnr=self.ctnr_admin, user=self.test_user, level=1) self.ctnr_user_admin.save() # create container that is meant to stay empty self.ctnr_empty = Ctnr(id=None, name="empty") self.ctnr_empty.save() self.ctnr_user_empty = CtnrUser(id=None, ctnr=self.ctnr_empty, user=self.test_user, level=1) self.ctnr_user_empty.save() def test_session_has_ctnr_dev(self): """ Test middleware sets session ctnr on log in Precondition: no session container Postcondition: session container """ request = HttpRequest() request.user = AnonymousUser() request.session = SessionStore() dev_middleware = DevAuthenticationMiddleware() dev_middleware.process_request(request) self.assertTrue('ctnr' in request.session) def test_ctnr_domain(self): """ Test being in ctnr /w domain gives appropriate perms Precondition: domain in ctnr Postcondition: has full perm to domain if admin, read only if not """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create domain, add domain to ctnr domain = Domain(id=None, name='foo') domain.save() self.ctnr.domains.add(domain) self.ctnr.save() self.ctnr_admin.domains.add(domain) self.ctnr_admin.save() # checks where user is not admin has_perm = self.test_user.get_profile().has_perm(request, domain, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, domain, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session['ctnr'] = self.ctnr_admin has_perm = self.test_user.get_profile().has_perm(request, domain, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, domain, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session['ctnr'] = self.ctnr_empty has_perm = self.test_user.get_profile().has_perm(request, domain, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, domain, write=True) self.assertFalse(has_perm, 'user should not have write access') def test_ctnr_reverse_domain(self): """ Test being in ctnr /w rdomain gives appropriate perms Precondition: rdomain in ctnr Postcondition: full perm if admin, read only if not """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create reverse domain, add reverse domain to ctnr rdomain = ReverseDomain(id=None, name='128') rdomain.save() self.ctnr.reverse_domains.add(rdomain) self.ctnr.save() self.ctnr_admin.reverse_domains.add(rdomain) self.ctnr_admin.save() # checks where user is not admin has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session = {'ctnr': self.ctnr_admin} has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session = {'ctnr': self.ctnr_empty} has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, rdomain, write=True) self.assertFalse(has_perm, 'user should not have write access') def test_ctnr_domain_records(self): """ Test being in ctnr /w common domain records gives appropriate perms common domain records: cname, mx, txt, srv """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create domain, add domain to ctnr domain = Domain(id=None, name='foo') domain.save() self.ctnr.domains.add(domain) self.ctnr.save() self.ctnr_admin.domains.add(domain) self.ctnr_admin.save() domain_records = [] domain_records.append(AddressRecord(domain=domain)) domain_records.append(CNAME(domain=domain)) domain_records.append(MX(domain=domain)) domain_records.append(Nameserver(domain=domain)) domain_records.append(SRV(domain=domain)) domain_records.append(TXT(domain=domain)) for record in domain_records: # checks where user is not admin request.session = {'ctnr': self.ctnr} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session = {'ctnr': self.ctnr_admin} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session = {'ctnr': self.ctnr_empty} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertFalse(has_perm, 'user should not have write access') def test_ctnr_rdomain_records(self): """ Test being in ctnr /w common domain records gives appropriate perms common domain records: cname, mx, txt, srv """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create domain, add domain to ctnr rdomain = ReverseDomain(id=None, name='128') rdomain.save() self.ctnr.reverse_domains.add(rdomain) self.ctnr.save() self.ctnr_admin.reverse_domains.add(rdomain) self.ctnr_admin.save() rdomain_records = [] rdomain_records.append(PTR(reverse_domain=rdomain)) rdomain_records.append(ReverseNameserver(reverse_domain=rdomain)) for record in rdomain_records: # checks where user is not admin request.session = {'ctnr': self.ctnr} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session = {'ctnr': self.ctnr_admin} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session = {'ctnr': self.ctnr_empty} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertFalse(has_perm, 'user should not have write access') def test_ctnr_rdomain_records(self): """ Test being in ctnr /w common domain records gives appropriate perms common domain records: cname, mx, txt, srv """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create domain, add domain to ctnr rdomain = ReverseDomain(id=None, name='128') rdomain.save() self.ctnr.reverse_domains.add(rdomain) self.ctnr.save() self.ctnr_admin.reverse_domains.add(rdomain) self.ctnr_admin.save() rdomain_records = [] rdomain_records.append(PTR(reverse_domain=rdomain)) rdomain_records.append(ReverseNameserver(reverse_domain=rdomain)) for record in rdomain_records: # checks where user is not admin request.session = {'ctnr': self.ctnr} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session = {'ctnr': self.ctnr_admin} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session = {'ctnr': self.ctnr_empty} has_perm = self.test_user.get_profile().has_perm(request, record, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, record, write=True) self.assertFalse(has_perm, 'user should not have write access') def test_ctnr_soa(self): """ Test being in ctnr /w soa record gives appropriate perms """ request = HttpRequest() request.user = self.test_user request.session = SessionStore() request.session['ctnr'] = self.ctnr # create domain with soa, add domain to ctnr soa = SOA() soa.primary = '192.168.1.1' soa.contact = '192.168.1.1' soa.save() domain = Domain(id=None, name='foo') domain.soa = soa domain.save() self.ctnr.domains.add(domain) self.ctnr.save() self.ctnr_admin.domains.add(domain) self.ctnr_admin.save() # checks where user is not admin has_perm = self.test_user.get_profile().has_perm(request, soa, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, soa, write=True) self.assertFalse(has_perm, 'user should not have write access') # checks where user is admin request.session = {'ctnr': self.ctnr_admin} has_perm = self.test_user.get_profile().has_perm(request, soa, write=False) self.assertTrue(has_perm, 'user should have read access') has_perm = self.test_user.get_profile().has_perm(request, soa, write=True) self.assertTrue(has_perm, 'user should have write access') # checks where obj not in ctnr request.session = {'ctnr': self.ctnr_empty} has_perm = self.test_user.get_profile().has_perm(request, soa, write=False) self.assertFalse(has_perm, 'user should not have read access') has_perm = self.test_user.get_profile().has_perm(request, soa, write=True) self.assertFalse(has_perm, 'user should not have write access')