def test_acl_get_default(self):
for us, ano in [(False, False), (True, False), (True, True)]:
settings.MQTT_ACL_ALLOW = us
settings.MQTT_ACL_ALLOW_ANONIMOUS = ano
allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
self.assertEqual(allow, ano)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
self.assertEqual(allow, us)
settings.MQTT_ACL_ALLOW = False
settings.MQTT_ACL_ALLOW_ANONIMOUS = False
topic = Topic.objects.create(name=WILDCARD_MULTI_LEVEL)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
self.assertEqual(allow, False)
acl = ACL.objects.create(topic=topic,
acc=PROTO_MQTT_ACC_SUS,
allow=True)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
self.assertEqual(allow, False)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
self.assertEqual(allow, True)
acl.users.add(self.user_login)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
self.assertEqual(allow, False)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
self.assertEqual(allow, True)
acl.set_password('1234')
acl.save()
allow = ACL.get_default(PROTO_MQTT_ACC_SUS)
self.assertEqual(allow, False)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS, self.user_login)
self.assertEqual(allow, True)
allow = ACL.get_default(PROTO_MQTT_ACC_SUS, password='******')
self.assertEqual(allow, True)
def test_get_acl(self):
topic = Topic.objects.create(name=WILDCARD_MULTI_LEVEL)
acl = ACL.objects.create(topic=topic, acc=PROTO_MQTT_ACC_SUS, allow=True)
topic = Topic.objects.create(name='/+')
acl_plus = ACL.objects.create(topic=topic, acc=PROTO_MQTT_ACC_SUS, allow=True)
self.assertEqual(ACL.get_acl('/test', PROTO_MQTT_ACC_SUS), acl_plus)
self.assertEqual(ACL.get_acl('/test/test', PROTO_MQTT_ACC_SUS), acl)
self.assertRaises(ValueError, ACL.get_acl, object)
self.assertEqual(acl > acl_plus, True)
self.assertEqual(acl_plus < acl, True)
def has_permission(user, topic, acc=None, clientid=None):
"""
:param user: Active user
:type user: django.contrib.auth.models.User
:param topic:
:type topic: str
:param acc:
:type acc: int
:param clientid:
:type clientid: django_mqtt.models.ClientId
:return: If user have permission to access to topic
:rtype: bool
"""
allow = False
if hasattr(settings, 'MQTT_ACL_ALLOW'):
allow = settings.MQTT_ACL_ALLOW
if hasattr(settings, 'MQTT_ACL_ALLOW_ANONIMOUS'):
if user is None or user.is_anonymous:
allow = settings.MQTT_ACL_ALLOW_ANONIMOUS & allow
if not allow:
return allow
if user and not user.is_active:
return allow
acls = ACL.objects.filter(topic__name=topic)
if acc is not None and acc > 0:
if acc & PROTO_MQTT_ACC_READ == PROTO_MQTT_ACC_READ:
acls = acls.filter(readable=PROTO_MQTT_ACC_READ)
if acc & PROTO_MQTT_ACC_WRITE == PROTO_MQTT_ACC_WRITE:
acls = acls.filter(writeable=PROTO_MQTT_ACC_WRITE)
if acc & PROTO_MQTT_ACC_SUBSCRIBE == PROTO_MQTT_ACC_SUBSCRIBE:
acls = acls.filter(subscribable=PROTO_MQTT_ACC_SUBSCRIBE)
if acls.count() > 0:
acl = acls.get()
return acl.has_permission(user=user)
# TODO search best candidate
return ACL.get_default(acc, user=user)
def has_permission(user, topic, acc=None, clientid=None):
"""
:param user: Active user
:type user: django.contrib.auth.models.User
:param topic:
:type topic: str
:param acc:
:type acc: int
:param clientid:
:type clientid: django_mqtt.models.ClientId
:return: If user have permission to access to topic
:rtype: bool
"""
allow = False
if hasattr(settings, 'MQTT_ACL_ALLOW'):
allow = settings.MQTT_ACL_ALLOW
if hasattr(settings, 'MQTT_ACL_ALLOW_ANONIMOUS'):
if user is None or user.is_anonymous():
allow = settings.MQTT_ACL_ALLOW_ANONIMOUS & allow
if not allow:
return allow
if user and not user.is_active:
return allow
acls = ACL.objects.filter(topic__name=topic)
if acc not in dict(PROTO_MQTT_ACC).keys():
acc = None
if acc and acls.filter(acc=acc).exists():
acl = acls.filter(acc=acc).get()
allow = acl.has_permission(user=user)
else:
allow = ACL.get_default(acc, user=user)
# TODO search best candidate
return allow
def test_get_acl_no_candidate(self):
Topic.objects.create(name='/test')
self.assertIsNone(ACL.get_acl('/test', PROTO_MQTT_ACC_SUS))
self.assertIsNone(ACL.get_acl('/test', PROTO_MQTT_ACC_PUB))