def setUp(self): self.middleware = SecurityMiddleware() request_factory = RequestFactory() self.request = request_factory.get('/some/url') self.user = User.objects.create_user( 'useruser', '*****@*****.**', 'useruser') self.user.save() self.user_group = UserGroup(name='user_group') self.user_group.save() self.user_group.members.add(self.user) self.user_group.save() self.data_set1 = DataSet(name='data_set10') self.data_set1.save() self.data_set2 = DataSet(name='data_set20') self.data_set2.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set1 self.permission_mapper.save() self.geo_content1 = GeoContent() self.geo_content1.save() self.geo_content1.data_set = self.data_set1 self.geo_content1.save() self.geo_content2 = GeoContent() self.geo_content2.save() self.geo_content2.data_set = self.data_set2 self.geo_content2.save() self.geo_content3 = GeoContent() self.geo_content3.save() self.geo_content3.data_set = None self.geo_content3.save()
def test_b(self): """Test a case-sensitive call to MockQuerySet.get that fails.""" data_set = DataSet() data_set.name = 'Waternet' query_set = MockQuerySet() query_set.append(data_set) self.assertRaises(AssertionError, query_set.get, name='waternet')
def test_c(self): """Test a case-insensitive call to MockQuerySet.get that succeeds.""" data_set = DataSet() data_set.name = 'Waternet' query_set = MockQuerySet() query_set.append(data_set) found_data_set = query_set.get(name__iexact='waternet') self.assertEqual(found_data_set, data_set)
class ForeignKeyTest(TestCase): def setUp(self): self.user = User.objects.create_user( 'useruser', '*****@*****.**', 'useruser') self.user.save() self.user_group = UserGroup(name='user_group') self.user_group.save() self.user_group.members.add(self.user) self.user_group.save() self.data_set1 = DataSet(name='data_set10') self.data_set1.save() self.data_set2 = DataSet(name='data_set20') self.data_set2.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set1 self.permission_mapper.save() def test_foreignkey_works_if_no_dataset(self): content = Content.objects.create(name="Some content without dataset") foreign = (testmodels.ContentWithForeignKeyToContentWithDataset .objects.create( name="Whee", content_id=content.pk)) # Raises no exception self.assertTrue(foreign.content) def test_foreignkey_works_if_dataset_with_access(self): content = Content.objects.create( name="Some content with dataset", data_set=self.data_set1) foreign = (testmodels.ContentWithForeignKeyToContentWithDataset .objects.create( name="Whee", content_id=content.pk)) # Raises no exception self.assertTrue(foreign.content) def test_foreignkey_raises_if_dataset_without_access(self): content = Content.objects.create( name="Some content with dataset but no access", data_set=self.data_set2) foreign = (testmodels.ContentWithForeignKeyToContentWithDataset .objects.create( name="Whee", content_id=content.pk)) self.assertRaises( Content.DoesNotExist, lambda: foreign.content)
def test_no_filtering(self): # We have a data_set link, but we don't actually want to be filtered # ourselves as we need to be queried to determin the data_set # access. Chicken-egg problem. (Which only surfaces when debugging, # btw.) data_set1 = DataSet(name='data_set1') data_set1.save() permission_mapper = PermissionMapper(name='test') permission_mapper.save() permission_mapper.data_set = data_set1 permission_mapper.save() self.assertListEqual(list(PermissionMapper.objects.all()), [permission_mapper])
def setUp(self): self.backend = LizardPermissionBackend() self.manager = User.objects.create_user( 'managermanager', '*****@*****.**', 'managermanager') self.manager.save() self.manager.is_staff = True self.manager.save() self.user_group = UserGroup() self.user_group.save() self.data_set = DataSet(name='data_set') self.data_set.save() self.content = Content() self.content.save() self.content.data_set = self.data_set self.content.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set self.permission_mapper.save() self.content = Content() self.content.save() self.content.data_set = self.data_set self.content.save()
class FilteredGeoManagerTest(TestCase): def setUp(self): self.middleware = SecurityMiddleware() request_factory = RequestFactory() self.request = request_factory.get('/some/url') self.user = User.objects.create_user( 'useruser', '*****@*****.**', 'useruser') self.user.save() self.user_group = UserGroup(name='user_group') self.user_group.save() self.user_group.members.add(self.user) self.user_group.save() self.data_set1 = DataSet(name='data_set10') self.data_set1.save() self.data_set2 = DataSet(name='data_set20') self.data_set2.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set1 self.permission_mapper.save() self.geo_content1 = GeoContent() self.geo_content1.save() self.geo_content1.data_set = self.data_set1 self.geo_content1.save() self.geo_content2 = GeoContent() self.geo_content2.save() self.geo_content2.data_set = self.data_set2 self.geo_content2.save() self.geo_content3 = GeoContent() self.geo_content3.save() self.geo_content3.data_set = None self.geo_content3.save() def test_geo_manager(self): request = Mock() request.user = self.user request.allowed_data_set_ids = set([self.data_set1.id]) print request.allowed_data_set_ids geo_manager.request = request self.assertEqual(len(GeoContent.objects.all()), 2)
def setUp(self): self.middleware = SecurityMiddleware() request_factory = RequestFactory() self.request = request_factory.get('/some/url') self.request.session = {} # Weird that it is needed. self.admin1 = User(email='*****@*****.**', username='******') self.admin1.save() self.user1 = User(email='*****@*****.**', username='******') self.user1.save() self.user2 = User(email='*****@*****.**', username='******') self.user2.save() self.user_group1 = UserGroup(name='user_group1') self.user_group1.save() self.user_group2 = UserGroup(name='user_group2') self.user_group2.save() self.data_set1 = DataSet(name='data_set1') self.data_set1.save() self.data_set2 = DataSet(name='data_set2') self.data_set2.save()
def setUp(self): self.user = User.objects.create_user( 'useruser', '*****@*****.**', 'useruser') self.user.save() self.user_group = UserGroup(name='user_group') self.user_group.save() self.user_group.members.add(self.user) self.user_group.save() self.data_set1 = DataSet(name='data_set10') self.data_set1.save() self.data_set2 = DataSet(name='data_set20') self.data_set2.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set1 self.permission_mapper.save()
def test_partial_manager(self): """A manager of just some bits of test content should get in, too.""" client = Client() self.assertTrue(client.login(username='******', password='******')) response = client.get('/admin/testcontent/content/') # Permission denied as we don't have user group access. self.assertEquals(response.status_code, 403) # Now add content. Still no access. self.user_group.members.add(self.manager) self.user_group.save() self.data_set = DataSet(name='data_set') self.data_set.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set self.permission_mapper.save() self.content = Content() self.content.save() self.content.data_set = self.data_set self.content.save() response = client.get('/admin/testcontent/content/') self.assertEquals(response.status_code, 403) # Just the right permission on a group that we're not connected to # means nothing. add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) group.save() response = client.get('/admin/testcontent/content/') self.assertEquals(response.status_code, 403) # With rights via a user group, we ought to have access. self.permission_mapper.permission_group = group self.permission_mapper.save() response = client.get('/admin/testcontent/content/') self.assertEquals(response.status_code, 200) # We also see something on the main admin page. response = client.get('/admin/') self.assertEquals(response.status_code, 200)
def DataSet(self): data_set = DataSet() data_set.save = lambda d=data_set: self.data_sets.append(d) return data_set
class MiddlewareTest(TestCase): def setUp(self): self.middleware = SecurityMiddleware() request_factory = RequestFactory() self.request = request_factory.get('/some/url') self.request.session = {} # Weird that it is needed. self.admin1 = User(email='*****@*****.**', username='******') self.admin1.save() self.user1 = User(email='*****@*****.**', username='******') self.user1.save() self.user2 = User(email='*****@*****.**', username='******') self.user2.save() self.user_group1 = UserGroup(name='user_group1') self.user_group1.save() self.user_group2 = UserGroup(name='user_group2') self.user_group2.save() self.data_set1 = DataSet(name='data_set1') self.data_set1.save() self.data_set2 = DataSet(name='data_set2') self.data_set2.save() def test_user_groups_for_anonymous(self): self.assertEquals([], self.middleware._user_group_ids(self.request)) self.middleware.process_request(self.request) self.assertEquals(self.request.user_group_ids, set([])) def test_data_sets_for_anonymous(self): self.assertListEqual( [], list(self.middleware._data_sets(self.request))) self.middleware.process_request(self.request) self.assertEquals(self.request.allowed_data_set_ids, set([])) def test_user_groups_for_non_member(self): self.request.user = self.user1 self.assertListEqual( [], list(self.middleware._user_group_ids(self.request))) def test_user_groups_for_member(self): self.request.user = self.user1 self.user_group1.members.add(self.user1) self.user_group1.save() self.assertListEqual( [self.user_group1.id], list(self.middleware._user_group_ids(self.request))) def test_user_groups_append(self): self.request.user = self.user1 self.user_group1.members.add(self.user1) self.user_group1.save() self.request.user_group_ids = set([42]) self.middleware.process_request(self.request) self.assertSetEqual(set([42, self.user_group1.id]), self.request.user_group_ids) def test_data_sets_for_non_member(self): self.request.user_group_ids = set([]) self.assertListEqual([], list(self.middleware._data_sets(self.request))) def test_data_sets_for_member(self): self.request.user = self.user1 self.user_group1.members.add(self.user1) self.user_group1.save() self.permission_mapper1 = PermissionMapper() self.permission_mapper1.save() self.permission_mapper1.user_group = self.user_group1 self.permission_mapper1.data_set = self.data_set1 self.permission_mapper1.save() self.request.user_group_ids = set([self.user_group1.id]) # ^^^ By hand instead of via ._user_group_ids() self.assertSetEqual(set([self.data_set1.id]), set(self.middleware._data_sets(self.request))) def test_data_set_append_plus_user_group_relation(self): self.request.user = self.user1 self.user_group1.members.add(self.user1) self.user_group1.save() self.permission_mapper1 = PermissionMapper() self.permission_mapper1.save() self.permission_mapper1.user_group = self.user_group1 self.permission_mapper1.data_set = self.data_set1 self.permission_mapper1.save() self.request.allowed_data_set_ids = set([42]) self.middleware.process_request(self.request) self.assertSetEqual(set([42, self.data_set1.id]), self.request.allowed_data_set_ids)
def test_unicode(self): non_ascii_data_set = DataSet(name='täääst') non_ascii_data_set.save() id = non_ascii_data_set.id data_set_from_django = DataSet.objects.get(pk=id) self.assertTrue(unicode(data_set_from_django))
class PermissionBackendTest(TestCase): def setUp(self): self.backend = LizardPermissionBackend() self.manager = User.objects.create_user( 'managermanager', '*****@*****.**', 'managermanager') self.manager.save() self.manager.is_staff = True self.manager.save() self.user_group = UserGroup() self.user_group.save() self.data_set = DataSet(name='data_set') self.data_set.save() self.content = Content() self.content.save() self.content.data_set = self.data_set self.content.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set self.permission_mapper.save() self.content = Content() self.content.save() self.content.data_set = self.data_set self.content.save() def test_no_authentication(self): self.assertEquals(None, self.backend.authenticate()) def test_security_module_perms(self): """Usergroup managers need specific access to our module in de admin. """ self.assertFalse( self.backend.has_module_perms(self.manager, 'lizard_security')) self.user_group.managers.add(self.manager) self.user_group.save() self.assertTrue( self.backend.has_module_perms(self.manager, 'lizard_security')) def test_has_perm_only_objects(self): self.assertFalse(self.backend.has_perm('dont care', 'none.can_exist')) def test_has_perm(self): add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) group.save() self.permission_mapper.permission_group = group self.permission_mapper.save() self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) # If we belong to the right group, we *do* have access. with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [self.data_set.id] self.assertTrue(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) def test_has_perm_with_implicit_view_perm(self): with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [self.data_set.id] self.assertTrue(self.backend.has_perm( self.manager, 'lizard_security.can_view_lizard_data', self.content)) def test_has_perm_with_unset_dataset(self): # And now without a dataset. add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) group.save() self.permission_mapper.permission_group = group self.permission_mapper.save() self.permission_mapper.data_set = None self.permission_mapper.save() self.content = Content() self.content.save() self.content.data_set = None self.content.save() self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) # If we belong to the right group, we *do* have access. with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [] self.assertTrue(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content))
class AdminInterfaceTests(TestCase): def setUp(self): self.admin = User.objects.create_user( 'adminadmin', '*****@*****.**', 'adminadmin') self.admin.save() self.admin.is_superuser = True self.admin.is_staff = True self.admin.save() self.manager = User.objects.create_user( 'managermanager', '*****@*****.**', 'managermanager') self.manager.save() self.manager.is_staff = True self.manager.save() self.user_group = UserGroup() self.user_group.save() def test_smoke(self): """Looking as admin at the admin pages should not crash them :-)""" client = Client() self.assertTrue(client.login(username='******', password='******')) response = client.get('/admin/') self.assertEquals(response.status_code, 200) response = client.get('/admin/lizard_security/dataset/') self.assertEquals(response.status_code, 200) response = client.get('/admin/lizard_security/permissionmapper/') self.assertEquals(response.status_code, 200) response = client.get('/admin/lizard_security/usergroup/') self.assertEquals(response.status_code, 200) def test_partial_manager(self): """A manager of just some bits of test content should get in, too.""" client = Client() self.assertTrue(client.login(username='******', password='******')) response = client.get('/admin/testcontent/content/') # Permission denied as we don't have user group access. self.assertEquals(response.status_code, 403) # Now add content. Still no access. self.user_group.members.add(self.manager) self.user_group.save() self.data_set = DataSet(name='data_set') self.data_set.save() self.permission_mapper = PermissionMapper() self.permission_mapper.save() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set self.permission_mapper.save() self.content = Content() self.content.save() self.content.data_set = self.data_set self.content.save() response = client.get('/admin/testcontent/content/') self.assertEquals(response.status_code, 403) # Just the right permission on a group that we're not connected to # means nothing. add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) group.save() response = client.get('/admin/testcontent/content/') self.assertEquals(response.status_code, 403) # With rights via a user group, we ought to have access. self.permission_mapper.permission_group = group self.permission_mapper.save() response = client.get('/admin/testcontent/content/') self.assertEquals(response.status_code, 200) # We also see something on the main admin page. response = client.get('/admin/') self.assertEquals(response.status_code, 200)