def test_auth_backend(self): registry.register(Article, TestPermissionHandler) with override_settings(AUTHENTICATION_BACKENDS=( 'django.contrib.auth.backends.ModelBackend', 'permission.backends.PermissionBackend', )): # PermissionBackend is used def is_permission_backend_used(): from django.contrib.auth import get_backends for backend in get_backends(): if isinstance(backend, PermissionBackend): return True return False self.assertTrue(is_permission_backend_used()) # the handler treat 'add', 'chage', 'delete' permissions permissions = registry._registry[Article].get_permissions() self.assertTrue('permission.add_article' in permissions) self.assertTrue('permission.change_article' in permissions) self.assertTrue('permission.delete_article' in permissions) # the registered handler is used (user1 is superuser so cannot be # used for this) self.user2.has_perm('permission.add_article') self.assertTrue(registry._registry[Article].called) # superuser have all permission with ModelBackend self.assertTrue(self.user1.has_perm('permission.add_article')) self.assertTrue(self.user1.has_perm( 'permission.change_article', self.article1 )) self.assertTrue(self.user1.has_perm( 'permission.delete_article', self.article1 )) # staff self.assertTrue(self.user2.has_perm('permission.add_article')) self.assertFalse(self.user2.has_perm( 'permission.change_article', self.article1 )) self.assertFalse(self.user2.has_perm( 'permission.delete_article', self.article1 )) # user3 have all permissions for article1 but article2 self.assertTrue(self.user3.has_perm('permission.add_article')) self.assertTrue(self.user3.has_perm( 'permission.change_article', self.article1 )) self.assertTrue(self.user3.has_perm( 'permission.delete_article', self.article1 )) self.assertFalse(self.user3.has_perm( 'permission.change_article', self.article2 )) self.assertFalse(self.user3.has_perm( 'permission.delete_article', self.article2 )) # user4 have all permissions for article2 but article1 self.assertTrue(self.user4.has_perm('permission.add_article')) self.assertFalse(self.user4.has_perm( 'permission.change_article', self.article1 )) self.assertFalse(self.user4.has_perm( 'permission.delete_article', self.article1 )) self.assertTrue(self.user4.has_perm( 'permission.change_article', self.article2 )) self.assertTrue(self.user4.has_perm( 'permission.delete_article', self.article2 )) # without AUTH backend, handler wount called with override_settings(AUTHENTICATION_BACKENDS=( 'django.contrib.auth.backends.ModelBackend', )): # PermissionBackend is not used def is_permission_backend_used(): from django.contrib.auth import get_backends for backend in get_backends(): if isinstance(backend, PermissionBackend): return True return False self.assertFalse(is_permission_backend_used()) # superuser have all permission with ModelBackend self.assertTrue(self.user1.has_perm('permission.add_article')) self.assertTrue(self.user1.has_perm( 'permission.change_article', self.article1 )) self.assertTrue(self.user1.has_perm( 'permission.delete_article', self.article1 )) # users have no permissions self.assertFalse(self.user2.has_perm('permission.add_article')) self.assertFalse(self.user2.has_perm( 'permission.change_article', self.article1 )) self.assertFalse(self.user2.has_perm( 'permission.delete_article', self.article1 )) self.assertFalse(self.user3.has_perm('permission.add_article')) self.assertFalse(self.user3.has_perm( 'permission.change_article', self.article1 )) self.assertFalse(self.user3.has_perm( 'permission.delete_article', self.article1 )) self.assertFalse(self.user3.has_perm( 'permission.change_article', self.article2 )) self.assertFalse(self.user3.has_perm( 'permission.delete_article', self.article2 )) self.assertFalse(self.user4.has_perm('permission.add_article')) self.assertFalse(self.user4.has_perm( 'permission.change_article', self.article1 )) self.assertFalse(self.user4.has_perm( 'permission.delete_article', self.article1 )) self.assertFalse(self.user4.has_perm( 'permission.change_article', self.article2 )) self.assertFalse(self.user4.has_perm( 'permission.delete_article', self.article2 ))
def test_has_perm_get_permissions(self): class TestPermissionHandler2(TestPermissionHandler): # 'permission.add_article' is removed so the handler is not used # for treating that permission. def get_permissions(self): return set(['permission.change_article', 'permission.delete_article',]) registry.register(Article, TestPermissionHandler2) backend = PermissionBackend() # the handler treat 'chage', 'delete' permissions permissions = registry._registry[Article].get_permissions() self.assertFalse('permission.add_article' in permissions) self.assertTrue('permission.change_article' in permissions) self.assertTrue('permission.delete_article' in permissions) # anonymous user have no permission self.assertFalse(backend.has_perm(self.anonymous, 'permission.add_article')) self.assertFalse(backend.has_perm( self.anonymous, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.anonymous, 'permission.delete_article', self.article1 )) # superuser have all permission generally but in this backend, they # don't. the permissions for superuser will handled by downstream. self.assertFalse(backend.has_perm(self.user1, 'permission.add_article')) self.assertFalse(backend.has_perm( self.user1, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.user1, 'permission.delete_article', self.article1 )) # staff user self.assertFalse(backend.has_perm(self.user2, 'permission.add_article')) self.assertFalse(backend.has_perm( self.user2, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.user2, 'permission.delete_article', self.article1 )) # user3 is an author of the article1 so have all permissions # but for article2 self.assertFalse(backend.has_perm(self.user3, 'permission.add_article')) self.assertTrue(backend.has_perm( self.user3, 'permission.change_article', self.article1 )) self.assertTrue(backend.has_perm( self.user3, 'permission.delete_article', self.article1 )) self.assertFalse(backend.has_perm( self.user3, 'permission.change_article', self.article2 )) self.assertFalse(backend.has_perm( self.user3, 'permission.delete_article', self.article2 )) # user4 is an author of the article2 so have all permissions # but for article1 self.assertFalse(backend.has_perm(self.user4, 'permission.add_article')) self.assertFalse(backend.has_perm( self.user4, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.user4, 'permission.delete_article', self.article1 )) self.assertTrue(backend.has_perm( self.user4, 'permission.change_article', self.article2 )) self.assertTrue(backend.has_perm( self.user4, 'permission.delete_article', self.article2 ))
def test_has_perm(self): registry.register(Article, TestPermissionHandler) backend = PermissionBackend() # the registered handler is used backend.has_perm(self.anonymous, 'permission.add_article') self.assertTrue(registry._registry[Article].called) # the handler treat 'add', 'chage', 'delete' permissions permissions = registry._registry[Article].get_permissions() self.assertTrue('permission.add_article' in permissions) self.assertTrue('permission.change_article' in permissions) self.assertTrue('permission.delete_article' in permissions) # anonymous user have no permission self.assertFalse(backend.has_perm(self.anonymous, 'permission.add_article')) self.assertFalse(backend.has_perm( self.anonymous, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.anonymous, 'permission.delete_article', self.article1 )) # superuser have all permission generally but in this backend, they # don't. the permissions for superuser will handled by downstream. self.assertTrue(backend.has_perm(self.user1, 'permission.add_article')) self.assertFalse(backend.has_perm( self.user1, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.user1, 'permission.delete_article', self.article1 )) # staff user self.assertTrue(backend.has_perm(self.user2, 'permission.add_article')) self.assertFalse(backend.has_perm( self.user2, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.user2, 'permission.delete_article', self.article1 )) # user3 is an author of the article1 so have all permissions # but for article2 self.assertTrue(backend.has_perm(self.user3, 'permission.add_article')) self.assertTrue(backend.has_perm( self.user3, 'permission.change_article', self.article1 )) self.assertTrue(backend.has_perm( self.user3, 'permission.delete_article', self.article1 )) self.assertFalse(backend.has_perm( self.user3, 'permission.change_article', self.article2 )) self.assertFalse(backend.has_perm( self.user3, 'permission.delete_article', self.article2 )) # user4 is an author of the article2 so have all permissions # but for article1 self.assertTrue(backend.has_perm(self.user4, 'permission.add_article')) self.assertFalse(backend.has_perm( self.user4, 'permission.change_article', self.article1 )) self.assertFalse(backend.has_perm( self.user4, 'permission.delete_article', self.article1 )) self.assertTrue(backend.has_perm( self.user4, 'permission.change_article', self.article2 )) self.assertTrue(backend.has_perm( self.user4, 'permission.delete_article', self.article2 ))
def test_auth_backend(self): registry.register(Article, TestPermissionHandler) with override_settings(AUTHENTICATION_BACKENDS=( 'django.contrib.auth.backends.ModelBackend', 'permission.backends.PermissionBackend', )): # PermissionBackend is used def is_permission_backend_used(): from django.contrib.auth import get_backends for backend in get_backends(): if isinstance(backend, PermissionBackend): return True return False self.assertTrue(is_permission_backend_used()) # the handler treat 'add', 'chage', 'delete' permissions permissions = registry._registry[Article].get_permissions() self.assertTrue('permission.add_article' in permissions) self.assertTrue('permission.change_article' in permissions) self.assertTrue('permission.delete_article' in permissions) # the registered handler is used (user1 is superuser so cannot be # used for this) self.user2.has_perm('permission.add_article') self.assertTrue(registry._registry[Article].called) # superuser have all permission with ModelBackend self.assertTrue(self.user1.has_perm('permission.add_article')) self.assertTrue( self.user1.has_perm('permission.change_article', self.article1)) self.assertTrue( self.user1.has_perm('permission.delete_article', self.article1)) # staff self.assertTrue(self.user2.has_perm('permission.add_article')) self.assertFalse( self.user2.has_perm('permission.change_article', self.article1)) self.assertFalse( self.user2.has_perm('permission.delete_article', self.article1)) # user3 have all permissions for article1 but article2 self.assertTrue(self.user3.has_perm('permission.add_article')) self.assertTrue( self.user3.has_perm('permission.change_article', self.article1)) self.assertTrue( self.user3.has_perm('permission.delete_article', self.article1)) self.assertFalse( self.user3.has_perm('permission.change_article', self.article2)) self.assertFalse( self.user3.has_perm('permission.delete_article', self.article2)) # user4 have all permissions for article2 but article1 self.assertTrue(self.user4.has_perm('permission.add_article')) self.assertFalse( self.user4.has_perm('permission.change_article', self.article1)) self.assertFalse( self.user4.has_perm('permission.delete_article', self.article1)) self.assertTrue( self.user4.has_perm('permission.change_article', self.article2)) self.assertTrue( self.user4.has_perm('permission.delete_article', self.article2)) # without AUTH backend, handler wount called with override_settings(AUTHENTICATION_BACKENDS=( 'django.contrib.auth.backends.ModelBackend', )): # PermissionBackend is not used def is_permission_backend_used(): from django.contrib.auth import get_backends for backend in get_backends(): if isinstance(backend, PermissionBackend): return True return False self.assertFalse(is_permission_backend_used()) # superuser have all permission with ModelBackend self.assertTrue(self.user1.has_perm('permission.add_article')) self.assertTrue( self.user1.has_perm('permission.change_article', self.article1)) self.assertTrue( self.user1.has_perm('permission.delete_article', self.article1)) # users have no permissions self.assertFalse(self.user2.has_perm('permission.add_article')) self.assertFalse( self.user2.has_perm('permission.change_article', self.article1)) self.assertFalse( self.user2.has_perm('permission.delete_article', self.article1)) self.assertFalse(self.user3.has_perm('permission.add_article')) self.assertFalse( self.user3.has_perm('permission.change_article', self.article1)) self.assertFalse( self.user3.has_perm('permission.delete_article', self.article1)) self.assertFalse( self.user3.has_perm('permission.change_article', self.article2)) self.assertFalse( self.user3.has_perm('permission.delete_article', self.article2)) self.assertFalse(self.user4.has_perm('permission.add_article')) self.assertFalse( self.user4.has_perm('permission.change_article', self.article1)) self.assertFalse( self.user4.has_perm('permission.delete_article', self.article1)) self.assertFalse( self.user4.has_perm('permission.change_article', self.article2)) self.assertFalse( self.user4.has_perm('permission.delete_article', self.article2))
def test_has_perm_get_permissions(self): class TestPermissionHandler2(TestPermissionHandler): # 'permission.add_article' is removed so the handler is not used # for treating that permission. def get_permissions(self): return set([ 'permission.change_article', 'permission.delete_article', ]) registry.register(Article, TestPermissionHandler2) backend = PermissionBackend() # the handler treat 'chage', 'delete' permissions permissions = registry._registry[Article].get_permissions() self.assertFalse('permission.add_article' in permissions) self.assertTrue('permission.change_article' in permissions) self.assertTrue('permission.delete_article' in permissions) # anonymous user have no permission self.assertFalse( backend.has_perm(self.anonymous, 'permission.add_article')) self.assertFalse( backend.has_perm(self.anonymous, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.anonymous, 'permission.delete_article', self.article1)) # superuser have all permission generally but in this backend, they # don't. the permissions for superuser will handled by downstream. self.assertFalse(backend.has_perm(self.user1, 'permission.add_article')) self.assertFalse( backend.has_perm(self.user1, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.user1, 'permission.delete_article', self.article1)) # staff user self.assertFalse(backend.has_perm(self.user2, 'permission.add_article')) self.assertFalse( backend.has_perm(self.user2, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.user2, 'permission.delete_article', self.article1)) # user3 is an author of the article1 so have all permissions # but for article2 self.assertFalse(backend.has_perm(self.user3, 'permission.add_article')) self.assertTrue( backend.has_perm(self.user3, 'permission.change_article', self.article1)) self.assertTrue( backend.has_perm(self.user3, 'permission.delete_article', self.article1)) self.assertFalse( backend.has_perm(self.user3, 'permission.change_article', self.article2)) self.assertFalse( backend.has_perm(self.user3, 'permission.delete_article', self.article2)) # user4 is an author of the article2 so have all permissions # but for article1 self.assertFalse(backend.has_perm(self.user4, 'permission.add_article')) self.assertFalse( backend.has_perm(self.user4, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.user4, 'permission.delete_article', self.article1)) self.assertTrue( backend.has_perm(self.user4, 'permission.change_article', self.article2)) self.assertTrue( backend.has_perm(self.user4, 'permission.delete_article', self.article2))
def test_has_perm(self): registry.register(Article, TestPermissionHandler) backend = PermissionBackend() # the registered handler is used backend.has_perm(self.anonymous, 'permission.add_article') self.assertTrue(registry._registry[Article].called) # the handler treat 'add', 'chage', 'delete' permissions permissions = registry._registry[Article].get_permissions() self.assertTrue('permission.add_article' in permissions) self.assertTrue('permission.change_article' in permissions) self.assertTrue('permission.delete_article' in permissions) # anonymous user have no permission self.assertFalse( backend.has_perm(self.anonymous, 'permission.add_article')) self.assertFalse( backend.has_perm(self.anonymous, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.anonymous, 'permission.delete_article', self.article1)) # superuser have all permission generally but in this backend, they # don't. the permissions for superuser will handled by downstream. self.assertTrue(backend.has_perm(self.user1, 'permission.add_article')) self.assertFalse( backend.has_perm(self.user1, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.user1, 'permission.delete_article', self.article1)) # staff user self.assertTrue(backend.has_perm(self.user2, 'permission.add_article')) self.assertFalse( backend.has_perm(self.user2, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.user2, 'permission.delete_article', self.article1)) # user3 is an author of the article1 so have all permissions # but for article2 self.assertTrue(backend.has_perm(self.user3, 'permission.add_article')) self.assertTrue( backend.has_perm(self.user3, 'permission.change_article', self.article1)) self.assertTrue( backend.has_perm(self.user3, 'permission.delete_article', self.article1)) self.assertFalse( backend.has_perm(self.user3, 'permission.change_article', self.article2)) self.assertFalse( backend.has_perm(self.user3, 'permission.delete_article', self.article2)) # user4 is an author of the article2 so have all permissions # but for article1 self.assertTrue(backend.has_perm(self.user4, 'permission.add_article')) self.assertFalse( backend.has_perm(self.user4, 'permission.change_article', self.article1)) self.assertFalse( backend.has_perm(self.user4, 'permission.delete_article', self.article1)) self.assertTrue( backend.has_perm(self.user4, 'permission.change_article', self.article2)) self.assertTrue( backend.has_perm(self.user4, 'permission.delete_article', self.article2))