class TestAllowAddonAuthor(TestCase): def setUp(self): self.addon = addon_factory() self.permission = AllowAddonAuthor() self.owner = user_factory() self.addon.addonuser_set.create(user=self.owner) self.request = RequestFactory().get('/') self.request.user = AnonymousUser() def test_has_permission_anonymous(self): assert not self.permission.has_permission(self.request, myview) def test_has_permission_any_authenticated_user(self): self.request.user = user_factory() assert self.request.user not in self.addon.authors.all() assert self.permission.has_permission(self.request, myview) def test_has_object_permission_owner(self): self.request.user = self.owner assert self.permission.has_object_permission(self.request, myview, self.addon) def test_has_object_permission_different_user(self): self.request.user = user_factory() assert self.request.user not in self.addon.authors.all() assert not self.permission.has_object_permission( self.request, myview, self.addon) def test_has_object_permission_anonymous(self): assert not self.permission.has_object_permission( self.request, myview, self.addon)
def setUp(self): self.addon = addon_factory() self.permission = AllowAddonAuthor() self.owner = user_factory() self.addon.addonuser_set.create(user=self.owner) self.request = RequestFactory().get('/') self.request.user = AnonymousUser()
class TestAllowAddonAuthor(TestCase): fixtures = ['base/users', 'base/addon_3615'] def setUp(self): self.addon = Addon.objects.get(pk=3615) self.permission = AllowAddonAuthor() self.owner = self.addon.authors.all()[0] self.request = RequestFactory().get('/') self.request.user = AnonymousUser() def test_has_permission_anonymous(self): assert not self.permission.has_permission(self.request, myview) def test_has_permission_any_authenticated_user(self): self.request.user = UserProfile.objects.get(pk=999) assert self.request.user not in self.addon.authors.all() assert self.permission.has_permission(self.request, myview) def test_has_object_permission_user(self): self.request.user = self.owner assert self.permission.has_object_permission(self.request, myview, self.addon) def test_has_object_permission_different_user(self): self.request.user = UserProfile.objects.get(pk=999) assert self.request.user not in self.addon.authors.all() assert not self.permission.has_object_permission( self.request, myview, self.addon) def test_has_object_permission_anonymous(self): assert not self.permission.has_object_permission( self.request, myview, self.addon)
class TestAllowAddonAuthor(TestCase): fixtures = ["base/users", "base/addon_3615"] def setUp(self): self.addon = Addon.objects.get(pk=3615) self.permission = AllowAddonAuthor() self.owner = self.addon.authors.all()[0] self.request = RequestFactory().get("/") self.request.user = AnonymousUser() def test_has_permission_anonymous(self): assert not self.permission.has_permission(self.request, myview) def test_has_permission_any_authenticated_user(self): self.request.user = UserProfile.objects.get(pk=999) assert self.request.user not in self.addon.authors.all() assert self.permission.has_permission(self.request, myview) def test_has_object_permission_user(self): self.request.user = self.owner assert self.permission.has_object_permission(self.request, myview, self.addon) def test_has_object_permission_different_user(self): self.request.user = UserProfile.objects.get(pk=999) assert self.request.user not in self.addon.authors.all() assert not self.permission.has_object_permission(self.request, myview, self.addon) def test_has_object_permission_anonymous(self): assert not self.permission.has_object_permission(self.request, myview, self.addon)
class TestAllowAddonAuthor(TestCase): def setUp(self): self.addon = addon_factory() self.permission = AllowAddonAuthor() self.owner = user_factory() self.addon.addonuser_set.create(user=self.owner) self.request = RequestFactory().get('/') self.request.user = AnonymousUser() def test_has_permission_anonymous(self): assert not self.permission.has_permission(self.request, myview) def test_has_permission_any_authenticated_user(self): self.request.user = user_factory() assert self.request.user not in self.addon.authors.all() assert self.permission.has_permission(self.request, myview) def test_has_object_permission_owner(self): self.request.user = self.owner assert self.permission.has_object_permission( self.request, myview, self.addon) def test_has_object_permission_different_user(self): self.request.user = user_factory() assert self.request.user not in self.addon.authors.all() assert not self.permission.has_object_permission( self.request, myview, self.addon) def test_has_object_permission_anonymous(self): assert not self.permission.has_object_permission( self.request, myview, self.addon)
def get_queryset(self): """Return the right base queryset depending on the situation. Note that permissions checks still apply on top of that, against the add-on as per check_object_permissions() above.""" requested = self.request.GET.get('filter') # By default we restrict to valid versions. However: # # When accessing a single version or if requesting it explicitly when # listing, admins can access all versions, including deleted ones. should_access_all_versions_included_deleted = ( (requested == 'all_with_deleted' or self.action != 'list') and self.request.user.is_authenticated() and self.request.user.is_staff) # When accessing a single version or if requesting it explicitly when # listing, reviewers and add-on authors can access all non-deleted # versions. should_access_all_versions = ( (requested == 'all' or self.action != 'list') and (AllowReviewer().has_permission(self.request, self) or AllowAddonAuthor().has_object_permission( self.request, self, self.get_addon_object()))) # Everyone can see (non deleted) beta version when they request it # explicitly. should_access_only_beta_versions = (requested == 'beta_only') if should_access_all_versions_included_deleted: self.queryset = Version.unfiltered.all() elif should_access_all_versions: self.queryset = Version.objects.all() elif should_access_only_beta_versions: self.queryset = Version.objects.filter( files__status=amo.STATUS_BETA).distinct() # Now that the base queryset has been altered, call super() to use it. qs = super(AddonVersionViewSet, self).get_queryset() # Filter with the add-on. return qs.filter(addon=self.get_addon_object())
def setUp(self): self.addon = Addon.objects.get(pk=3615) self.permission = AllowAddonAuthor() self.owner = self.addon.authors.all()[0] self.request = RequestFactory().get('/') self.request.user = AnonymousUser()
def setUp(self): self.addon = Addon.objects.get(pk=3615) self.permission = AllowAddonAuthor() self.owner = self.addon.authors.all()[0] self.request = RequestFactory().get("/") self.request.user = AnonymousUser()