def test_editors_see_only_self_anon_and_owner_assignments(self):
self.client.login(username='******', password='******')
permission_list_response = self.client.get(
self.collection_permissions_list_url, format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
admin_perms = self.collection.get_perms(self.admin)
someuser_perms = self.collection.get_perms(self.someuser)
anotheruser_perms = self.collection.get_perms(self.anotheruser)
results = permission_list_response.data
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Collection.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
for someuser_perm in someuser_perms:
if someuser_perm in Collection.get_assignable_permissions():
expected_perms.append((self.someuser.username, someuser_perm))
# Permissions assigned to self.anotheruser must not appear
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)
def test_viewers_see_only_their_own_assignments_and_owner_s(self):
# Checks if can see all permissions
self.client.login(username='******', password='******')
permission_list_response = self.client.get(
self.collection_permissions_list_url, format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
admin_perms = self.collection.get_perms(self.admin)
anotheruser_perms = self.collection.get_perms(self.anotheruser)
results = permission_list_response.data
# `anotheruser` can only see the owner's permissions `self.admin` and
# `anotheruser`'s permissions. Should not see `someuser`s ones.
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Collection.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
for anotheruser_perm in anotheruser_perms:
if anotheruser_perm in Collection.get_assignable_permissions():
expected_perms.append(
(self.anotheruser.username, anotheruser_perm))
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)
def test_anonymous_get_only_owner_s_assignments(self):
self.client.logout()
self.collection.assign_perm(get_anonymous_user(), PERM_VIEW_COLLECTION)
permission_list_response = self.client.get(
self.collection_permissions_list_url, format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
admin_perms = self.collection.get_perms(self.admin)
results = permission_list_response.data
# As an editor of the collection. `someuser` should see all.
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Collection.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)