def user_permissions(request, id, user_id=None):
"""
Ajax call to update a user's permissions
@param id: id of Group
"""
editor = request.user
group = get_object_or_404(Group, id=id)
if not (editor.is_superuser or editor.has_perm('admin', group)):
return HttpResponseForbidden('You do not have sufficient privileges')
if request.method == 'POST':
form = ObjectPermissionForm(Group, request.POST)
if form.is_valid():
form.update_perms()
user = form.cleaned_data['user']
# send signal
view_edit_user.send(sender=editor, user=user, obj=group)
# return html to replace existing user row
url = reverse('group-permissions', args=[id])
return render_to_response(
"object_permissions/muddle/group/user_row.html", {
'object': group,
'user_detail': user,
'url': url
},
context_instance=RequestContext(request))
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# render a form for an existing user only
form_user = get_object_or_404(User, id=user_id)
data = {
'permissions': get_user_perms(form_user, group),
'obj': group,
'user': user_id
}
form = ObjectPermissionForm(Group, data)
return render_to_response(
"object_permissions/permissions/form.html", {
'form': form,
'obj': group,
'user_id': user_id,
'url': reverse('group-permissions', args=[group.id])
},
context_instance=RequestContext(request))
def user_permissions(request, id, user_id=None):
"""
Ajax call to update a user's permissions
@param id: id of Group
"""
editor = request.user
group = get_object_or_404(Group, id=id)
if not (editor.is_superuser or editor.has_perm("admin", group)):
return HttpResponseForbidden("You do not have sufficient privileges")
if request.method == "POST":
form = ObjectPermissionForm(Group, request.POST)
if form.is_valid():
form.update_perms()
user = form.cleaned_data["user"]
# send signal
view_edit_user.send(sender=editor, user=user, obj=group)
# return html to replace existing user row
url = reverse("group-permissions", args=[id])
return render_to_response(
"object_permissions/permissions/user_row.html",
{"object": group, "user_detail": user, "url": url},
context_instance=RequestContext(request),
)
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype="application/json")
# render a form for an existing user only
form_user = get_object_or_404(User, id=user_id)
data = {"permissions": get_user_perms(form_user, group), "obj": group, "user": user_id}
form = ObjectPermissionForm(Group, data)
return render_to_response(
"object_permissions/permissions/form.html",
{"form": form, "obj": group, "user_id": user_id, "url": reverse("group-permissions", args=[group.id])},
context_instance=RequestContext(request),
)
def user_permissions(request, id, user_id=None):
"""
Ajax call to update a user's permissions
@param id: id of Group
"""
editor = request.user
group = get_object_or_404(Group, id=id)
if not (editor.is_superuser or editor.has_perm('admin', group)):
return HttpResponseForbidden('You do not have sufficient privileges')
if request.method == 'POST':
form = ObjectPermissionForm(Group, request.POST)
if form.is_valid():
form.update_perms()
user = form.cleaned_data['user']
# send signal
view_edit_user.send(sender=editor, user=user, obj=group)
# return html to replace existing user row
url = reverse('group-permissions', args=[id])
return render_to_response(
"object_permissions/muddle/group/user_row.html",
{'object':group, 'user_detail':user, 'url':url},
context_instance=RequestContext(request))
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# render a form for an existing user only
form_user = get_object_or_404(User, id=user_id)
data = {'permissions':get_user_perms(form_user, group),
'obj':group, 'user':user_id}
form = ObjectPermissionForm(Group, data)
return render_to_response("object_permissions/permissions/form.html",
{'form':form, 'obj':group, 'user_id':user_id,
'url':reverse('group-permissions', args=[group.id])},
context_instance=RequestContext(request))
def test_view_user_permissions(self):
"""
Tests updating User's permissions
Verifies:
* anonymous user returns 403
* lack of permissions returns 403
* nonexistent cluster returns 404
* invalid user returns 404
* invalid group returns 404
* missing user and group returns error as json
* GET returns html for form
* If user/group has permissions no html is returned
* If user/group has no permissions a json response of -1 is returned
"""
args = (self.cluster.slug, self.vm.hostname, self.user1.id)
args_post = (self.cluster.slug, self.vm.hostname)
url = "/cluster/%s/%s/permissions/user/%s"
url_post = "/cluster/%s/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(self.c.login(username=self.user.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.vm.hostname,
self.user1.id))
self.assertEqual(404, response.status_code)
# nonexisent vm
response = self.c.get(url % (self.cluster.slug, "DOES_NOT_EXIST",
self.user1.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
grant(self.user, 'admin', self.vm)
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'object_permissions/permissions/form.html')
self.user.revoke('admin', self.vm)
# valid GET authorized user (cluster admin)
grant(self.user, 'admin', self.cluster)
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'object_permissions/permissions/form.html')
self.user.revoke('admin', self.cluster)
# valid GET authorized user (superuser)
self.user.is_superuser = True
self.user.save()
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'object_permissions/permissions/form.html')
# invalid user
response = self.c.get(url % (self.cluster.slug, self.vm.hostname, -1))
self.assertEqual(404, response.status_code)
# invalid user (POST)
self.user1.grant('power', self.vm)
data = {'permissions': ['admin'], 'user': -1, 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no user (POST)
self.user1.grant('power', self.vm)
data = {'permissions': ['admin'], 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST user has permissions
self.user1.grant('power', self.vm)
data = {'permissions': ['admin'], 'user': self.user1.id, 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'object_permissions/permissions/user_row.html')
self.assertTrue(self.user1.has_perm('admin', self.vm))
self.assertFalse(self.user1.has_perm('power', self.vm))
# valid POST user has no permissions left
data = {'permissions': [], 'user': self.user1.id, 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEqual('application/json', response['content-type'])
self.assertEqual([], get_user_perms(self.user, self.vm))
self.assertEqual('"user_88"', response.content)
def view_obj_permissions(request, class_name, obj_id=None,
user_id=None, group_id=None,
row_template='object_permissions/permissions/object_row.html'):
"""
Generic view for editing permissions on an object when the user is already.
Known. This is an admin only view since it is impossible to know the
permission scheme for the apps that are registering properties.
"""
if not request.user.is_superuser:
return HttpResponseForbidden('You are not authorized to view this page')
try:
cls = get_class(class_name)
except KeyError:
return HttpResponseNotFound('Class type does not exist')
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(cls, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=cls,
editor=request.user,
user=edited_user, obj=data['obj'])
else:
view_edit_user.send(sender=cls,
editor=request.user,
user=edited_user, obj=data['obj'])
# return html to replace existing user row
return render_to_response(row_template,
{'class_name':class_name, 'obj':data['obj'], 'persona':edited_user})
else:
# no permissions, send ajax response to remove object
view_remove_user.send(sender=cls,
editor=request.user, user=edited_user,
obj=data['obj'])
id = '"%s_%s"' % (class_name, obj_id)
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# GET - create form for editing and return as html
if obj_id:
obj = get_object_or_404(cls, pk=obj_id)
data = {'obj':obj}
if user_id:
form_user = get_object_or_404(User, id=user_id)
data['user'] = user_id
data['permissions'] = get_user_perms(form_user, obj, False)
url = reverse('user-edit-permissions',
args=(user_id, class_name, obj_id))
elif group_id:
group = get_object_or_404(Group, id=group_id)
data['group'] = group_id
data['permissions'] = get_group_perms(group, obj)
url = reverse('group-edit-permissions',
args=(group_id, class_name, obj_id))
else:
obj = None
if user_id:
get_object_or_404(User, id=user_id)
data={'user':user_id}
url = reverse('user-add-permissions',
args=(user_id, class_name))
elif group_id:
get_object_or_404(Group, id=group_id)
data={'group':group_id}
url = reverse('group-add-permissions',
args=(group_id, class_name))
form = ObjectPermissionFormNewUsers(cls, data)
return render_to_response('object_permissions/permissions/form.html',
{'form':form, 'obj':obj, 'user_id':user_id, 'group_id':group_id,
'url':url},
context_instance=RequestContext(request))
def view_permissions(request, obj, url, user_id=None, group_id=None,
user_template='object_permissions/permissions/user_row.html',
group_template='object_permissions/permissions/group_row.html'
):
"""
Update a User or Group permissions on an object. This is a generic view
intended to be used for editing permissions on any object. It must be
configured with a model and url. It may also be customized by adding custom
templates or changing the pk field.
@param obj: object permissions are being set on
@param url: name of url being edited
@param user_id: ID of User being edited
@param group_id: ID of Group being edited
@param user_template: template used to render user rows
@param group_template: template used to render group rows
"""
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(obj.__class__, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user, obj=obj)
else:
view_edit_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user, obj=obj)
# return html to replace existing user row
if form_user:
return render_to_response(user_template,
{'object':obj, 'user_detail':form_user, 'url':url},
context_instance=RequestContext(request))
else:
return render_to_response(group_template,
{'object':obj, 'group':group, 'url':url},
context_instance=RequestContext(request))
else:
# no permissions, send ajax response to remove user
view_remove_user.send(sender=obj.__class__,
editor=request.user, user=edited_user,
obj=obj)
id = ('"user_%d"' if form_user else '"group_%d"')%edited_user.pk
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
if user_id:
form_user = get_object_or_404(User, id=user_id)
data = {'permissions':get_user_perms(form_user, obj, False),
'user':user_id, 'obj':obj}
elif group_id:
group = get_object_or_404(Group, id=group_id)
data = {'permissions':get_group_perms(group, obj),
'group':group_id, 'obj':obj}
else:
data = {}
form = ObjectPermissionFormNewUsers(obj.__class__, data)
return render_to_response('object_permissions/permissions/form.html',
{'form':form, 'obj':obj, 'user_id':user_id,
'group_id':group_id, 'url':url},
context_instance=RequestContext(request))
def has_perm(user, perm, comm):
return perm in get_user_perms(user, comm)
def test_view_user_permissions(self):
"""
Tests updating users permissions
Verifies:
* anonymous user returns 403
* lack of permissions returns 403
* nonexistent cluster returns 404
* invalid user returns 404
* invalid group returns 404
* missing user and group returns error as json
* GET returns html for form
* If user/group has permissions no html is returned
* If user/group has no permissions a
json response of -1 is returned
"""
args = (self.cluster.slug, self.user.id)
args_post = self.cluster.slug
url = "/cluster/%s/permissions/user/%s"
url_post = "/cluster/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(self.c.login(username=self.unauthorized.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
self.assertTrue(self.c.login(username=self.cluster_admin.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# valid GET authorized user (superuser)
self.assertTrue(self.c.login(username=self.superuser.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid user
response = self.c.get(url % (self.cluster.slug, -1))
self.assertEqual(404, response.status_code)
# invalid user (POST)
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': -1,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no user (POST)
# XXX double-grant?
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST user has permissions
# XXX triple-grant?!
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html')
self.assertTrue(self.user.has_perm('admin', self.cluster))
self.assertFalse(self.user.has_perm('create_vm', self.cluster))
# add quota to the user
user_quota = {'default': 0, 'ram': 51,
'virtual_cpus': 10, 'disk': 3000}
quota = Quota(cluster=self.cluster, user=self.user.get_profile())
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota,
self.cluster.get_quota(self.user.get_profile()))
# valid POST user has no permissions left
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual([], get_user_perms(self.user, self.cluster))
# XXX this is too hardcoded and can spuriously fail
self.assertEqual('"user_2"', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default']
)
self.assertFalse(self.user.get_profile().quotas.all().exists())
# no permissions specified - user with no quota
# XXX quadra-grant!!!
self.user.grant('create_vm', self.cluster)
self.cluster.set_quota(self.user.get_profile(), None)
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default']
)
self.assertFalse(self.user.get_profile().quotas.all().exists())
def test_view_user_permissions(self):
"""
Tests updating User's permissions
Verifies:
* anonymous user returns 403
* lack of permissions returns 403
* nonexistent cluster returns 404
* invalid user returns 404
* invalid group returns 404
* missing user and group returns error as json
* GET returns html for form
* If user/group has permissions no html is returned
* If user/group has no permissions a json
response of -1 is returned
"""
args = (self.cluster.slug, self.vm.hostname, self.user1.id)
args_post = (self.cluster.slug, self.vm.hostname)
url = "/cluster/%s/%s/permissions/user/%s"
url_post = "/cluster/%s/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
self.c.login(username=self.user.username, password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(
url % ("DOES_NOT_EXIST", self.vm.hostname, self.user1.id))
self.assertEqual(404, response.status_code)
# nonexisent vm
response = self.c.get(
url % (self.cluster.slug, "DOES_NOT_EXIST", self.user1.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
grant(self.user, 'admin', self.vm)
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
self.user.revoke('admin', self.vm)
# valid GET authorized user (cluster admin)
grant(self.user, 'admin', self.cluster)
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
self.user.revoke('admin', self.cluster)
# valid GET authorized user (superuser)
self.user.is_superuser = True
self.user.save()
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid user
response = self.c.get(url % (self.cluster.slug, self.vm.hostname, -1))
self.assertEqual(404, response.status_code)
# invalid user (POST)
self.user1.grant('power', self.vm)
data = {'permissions': ['admin'], 'user': -1, 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no user (POST)
self.user1.grant('power', self.vm)
data = {'permissions': ['admin'], 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST user has permissions
self.user1.grant('power', self.vm)
data = {
'permissions': ['admin'],
'user': self.user1.id,
'obj': self.vm.pk
}
response = self.c.post(url_post % args_post, data)
self.assertEqual('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(
response, 'object_permissions/permissions/user_row.html')
self.assertTrue(self.user1.has_perm('admin', self.vm))
self.assertFalse(self.user1.has_perm('power', self.vm))
# valid POST user has no permissions left
data = {'permissions': [], 'user': self.user1.id, 'obj': self.vm.pk}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEqual('application/json', response['content-type'])
self.assertEqual([], get_user_perms(self.user, self.vm))
self.assertEqual('"user_88"', response.content)
def test_view_user_permissions(self):
"""
Tests updating users permissions
Verifies:
* anonymous user returns 403
* lack of permissions returns 403
* nonexistent cluster returns 404
* invalid user returns 404
* invalid group returns 404
* missing user and group returns error as json
* GET returns html for form
* If user/group has permissions no html is returned
* If user/group has no permissions a json response of -1 is returned
"""
args = (self.cluster.slug, self.user.id)
args_post = self.cluster.slug
url = "/cluster/%s/permissions/user/%s"
url_post = "/cluster/%s/permissions/"
# anonymous user
response = self.c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
self.c.login(username=self.unauthorized.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(403, response.status_code)
# nonexisent cluster
response = self.c.get(url % ("DOES_NOT_EXIST", self.user.id))
self.assertEqual(404, response.status_code)
# valid GET authorized user (perm)
self.assertTrue(
self.c.login(username=self.cluster_admin.username,
password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# valid GET authorized user (superuser)
self.assertTrue(
self.c.login(username=self.superuser.username, password='******'))
response = self.c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response,
'object_permissions/permissions/form.html')
# invalid user
response = self.c.get(url % (self.cluster.slug, -1))
self.assertEqual(404, response.status_code)
# invalid user (POST)
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': -1,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# no user (POST)
# XXX double-grant?
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# valid POST user has permissions
# XXX triple-grant?!
self.user.grant('create_vm', self.cluster)
data = {
'permissions': ['admin'],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'ganeti/cluster/user_row.html')
self.assertTrue(self.user.has_perm('admin', self.cluster))
self.assertFalse(self.user.has_perm('create_vm', self.cluster))
# add quota to the user
user_quota = {
'default': 0,
'ram': 51,
'virtual_cpus': 10,
'disk': 3000
}
quota = Quota(cluster=self.cluster, user=self.user.get_profile())
quota.__dict__.update(user_quota)
quota.save()
self.assertEqual(user_quota,
self.cluster.get_quota(self.user.get_profile()))
# valid POST user has no permissions left
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url_post % args_post, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual([], get_user_perms(self.user, self.cluster))
# XXX this is too hardcoded and can spuriously fail
self.assertEqual('"user_2"', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default'])
self.assertFalse(self.user.get_profile().quotas.all().exists())
# no permissions specified - user with no quota
# XXX quadra-grant!!!
self.user.grant('create_vm', self.cluster)
self.cluster.set_quota(self.user.get_profile(), None)
data = {
'permissions': [],
'user': self.user.id,
'obj': self.cluster.pk,
}
response = self.c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('0', response.content)
# quota should be deleted (and showing default)
self.assertEqual(
1,
self.cluster.get_quota(self.user.get_profile())['default'])
self.assertFalse(self.user.get_profile().quotas.all().exists())
def view_obj_permissions(
request,
class_name,
obj_id=None,
user_id=None,
group_id=None,
row_template='object_permissions/permissions/object_row.html'):
"""
Generic view for editing permissions on an object when the user is already.
Known. This is an admin only view since it is impossible to know the
permission scheme for the apps that are registering properties.
"""
if not request.user.is_superuser:
return HttpResponseForbidden(
'You are not authorized to view this page')
try:
cls = get_class(class_name)
except KeyError:
return HttpResponseNotFound('Class type does not exist')
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(cls, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=cls,
editor=request.user,
user=edited_user,
obj=data['obj'])
else:
view_edit_user.send(sender=cls,
editor=request.user,
user=edited_user,
obj=data['obj'])
# return html to replace existing user row
return render_to_response(
row_template, {
'class_name': class_name,
'obj': data['obj'],
'persona': edited_user
})
else:
# no permissions, send ajax response to remove object
view_remove_user.send(sender=cls,
editor=request.user,
user=edited_user,
obj=data['obj'])
id = '"%s_%s"' % (class_name, obj_id)
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
# GET - create form for editing and return as html
if obj_id:
obj = get_object_or_404(cls, pk=obj_id)
data = {'obj': obj}
if user_id:
form_user = get_object_or_404(User, id=user_id)
data['user'] = user_id
data['permissions'] = get_user_perms(form_user, obj, False)
url = reverse('user-edit-permissions',
args=(user_id, class_name, obj_id))
elif group_id:
group = get_object_or_404(Group, id=group_id)
data['group'] = group_id
data['permissions'] = get_group_perms(group, obj)
url = reverse('group-edit-permissions',
args=(group_id, class_name, obj_id))
else:
obj = None
if user_id:
get_object_or_404(User, id=user_id)
data = {'user': user_id}
url = reverse('user-add-permissions', args=(user_id, class_name))
elif group_id:
get_object_or_404(Group, id=group_id)
data = {'group': group_id}
url = reverse('group-add-permissions', args=(group_id, class_name))
form = ObjectPermissionFormNewUsers(cls, data)
return render_to_response('object_permissions/permissions/form.html', {
'form': form,
'obj': obj,
'user_id': user_id,
'group_id': group_id,
'url': url
},
context_instance=RequestContext(request))
def view_permissions(
request,
obj,
url,
user_id=None,
group_id=None,
user_template='object_permissions/permissions/user_row.html',
group_template='object_permissions/permissions/group_row.html'):
"""
Update a User or Group permissions on an object. This is a generic view
intended to be used for editing permissions on any object. It must be
configured with a model and url. It may also be customized by adding custom
templates or changing the pk field.
@param obj: object permissions are being set on
@param url: name of url being edited
@param user_id: ID of User being edited
@param group_id: ID of Group being edited
@param user_template: template used to render user rows
@param group_template: template used to render group rows
"""
if request.method == 'POST':
form = ObjectPermissionFormNewUsers(obj.__class__, request.POST)
if form.is_valid():
data = form.cleaned_data
form_user = form.cleaned_data['user']
group = form.cleaned_data['group']
edited_user = form_user if form_user else group
if form.update_perms():
# send correct signal based on new or edited user
if data['new']:
view_add_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user,
obj=obj)
else:
view_edit_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user,
obj=obj)
# return html to replace existing user row
if form_user:
return render_to_response(
user_template, {
'object': obj,
'user_detail': form_user,
'url': url
},
context_instance=RequestContext(request))
else:
return render_to_response(
group_template, {
'object': obj,
'group': group,
'url': url
},
context_instance=RequestContext(request))
else:
# no permissions, send ajax response to remove user
view_remove_user.send(sender=obj.__class__,
editor=request.user,
user=edited_user,
obj=obj)
id = ('"user_%d"'
if form_user else '"group_%d"') % edited_user.pk
return HttpResponse(id, mimetype='application/json')
# error in form return ajax response
content = json.dumps(form.errors)
return HttpResponse(content, mimetype='application/json')
if user_id:
form_user = get_object_or_404(User, id=user_id)
data = {
'permissions': get_user_perms(form_user, obj, False),
'user': user_id,
'obj': obj
}
elif group_id:
group = get_object_or_404(Group, id=group_id)
data = {
'permissions': get_group_perms(group, obj),
'group': group_id,
'obj': obj
}
else:
data = {}
form = ObjectPermissionFormNewUsers(obj.__class__, data)
return render_to_response('object_permissions/permissions/form.html', {
'form': form,
'obj': obj,
'user_id': user_id,
'group_id': group_id,
'url': url
},
context_instance=RequestContext(request))
def has_perm(user, perm, proj):
return perm in get_user_perms(user, proj)
