def test_constructor(self): permission_logic = OneselfPermissionLogic() add_permission_logic(self.user1.__class__, permission_logic) self.assertTrue(isinstance(permission_logic, OneselfPermissionLogic)) self.assertEqual(permission_logic.any_permission, True) self.assertEqual(permission_logic.change_permission, True) self.assertEqual(permission_logic.delete_permission, True)
def test_constructor_with_specifing_delete_permission(self): permission_logic = CollaboratorsPermissionLogic( delete_permission=False) add_permission_logic(self.article.__class__, permission_logic) self.assertTrue( isinstance(permission_logic, CollaboratorsPermissionLogic)) self.assertEqual(permission_logic.delete_permission, False)
def test_constructor(self): permission_logic = AuthorPermissionLogic() add_permission_logic(self.article.__class__, permission_logic) self.assertTrue(isinstance(permission_logic, AuthorPermissionLogic)) self.assertEqual(permission_logic.field_name, 'author') self.assertEqual(permission_logic.any_permission, True) self.assertEqual(permission_logic.change_permission, True) self.assertEqual(permission_logic.delete_permission, True)
def test_constructor(self): permission_logic = CollaboratorsPermissionLogic() add_permission_logic(self.article.__class__, permission_logic) self.assertTrue(isinstance(permission_logic, CollaboratorsPermissionLogic)) self.assertEqual(permission_logic.field_name, 'authors') self.assertEqual(permission_logic.any_permission, True) self.assertEqual(permission_logic.change_permission, True) self.assertEqual(permission_logic.delete_permission, True)
def test_add_permission_with_any(self): """ User who is in adam, seele, nerv, children have add permission """ permission_logic = self.permission_logic_class(any_permission=True) add_permission_logic(Article, permission_logic) self._auto_test_permission('add') remove_permission_logic(Article, permission_logic)
def test_add_permission_with_any(self): """ User who is in adam, seele, nerv, children have add permission """ permission_logic = self.permission_logic_class( any_permission=True ) add_permission_logic(Article, permission_logic) self._auto_test_permission('add') remove_permission_logic(Article, permission_logic)
def test_view_permission_without_obj(self): """ Anyone have a potential to see the model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission("adam") self._test_permission("seele") self._test_permission("nerv") self._test_permission("children") self._test_permission("wille") self._test_permission("anonymous")
def test_view_permission_with_protected(self): """ Authenticated user except wille can see the protected model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam', 'protected') self._test_permission('seele', 'protected') self._test_permission('nerv', 'protected') self._test_permission('children', 'protected') self._test_permission('wille', 'protected', neg=True) self._test_permission('anonymous', 'protected', neg=True)
def test_view_permission_without_obj(self): """ Anyone have a potential to see the model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam') self._test_permission('seele') self._test_permission('nerv') self._test_permission('children') self._test_permission('wille') self._test_permission('anonymous')
def test_view_permission_with_public(self): """ Anyone can see the public model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam', 'public') self._test_permission('seele', 'public') self._test_permission('nerv', 'public') self._test_permission('children', 'public') self._test_permission('wille', 'public') self._test_permission('anonymous', 'public')
def test_view_permission_with_public(self): """ Anyone can see the public model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission("adam", "public") self._test_permission("seele", "public") self._test_permission("nerv", "public") self._test_permission("children", "public") self._test_permission("wille", "public") self._test_permission("anonymous", "public")
def test_view_permission_with_protected(self): """ Authenticated user except wille can see the protected model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission("adam", "protected") self._test_permission("seele", "protected") self._test_permission("nerv", "protected") self._test_permission("children", "protected") self._test_permission("wille", "protected", neg=True) self._test_permission("anonymous", "protected", neg=True)
def test_delete_permission_with_any(self): """ Adam, Seele, Nerv, Childrenはいずれかのオブジェクトの削除権限を持つ Willeは削除権限を持たない """ permission_logic = self.permission_logic_class(any_permission=True) add_permission_logic(Article, permission_logic) self._test_permission('adam', 'delete') self._test_permission('seele', 'delete') self._test_permission('nerv', 'delete') self._test_permission('children', 'delete') self._test_permission('wille', 'delete', neg=True) remove_permission_logic(Article, permission_logic)
def test_delete_permission_with_others(self): """ adam以外の全てのユーザーは他人の持っているオブジェクトに削除権限を持たない """ permission_logic = self.permission_logic_class(any_permission=True) add_permission_logic(Article, permission_logic) kwargs = {'object_permission': True, 'author': self.user} self._test_permission('adam', 'delete', **kwargs) self._test_permission('seele', 'delete', neg=True, **kwargs) self._test_permission('nerv', 'delete', neg=True, **kwargs) self._test_permission('children', 'delete', neg=True, **kwargs) self._test_permission('wille', 'delete', neg=True, **kwargs) remove_permission_logic(Article, permission_logic)
def test_view_permission_without_obj(self): """ Anyone have a potential to see the model """ from .models import PublishmentTestArticle as Article permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam') self._test_permission('seele') self._test_permission('nerv') self._test_permission('children') self._test_permission('wille') self._test_permission('anonymous')
def test_view_permission_with_draft(self): """ Nobody except the author and adam can see the draft model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam', 'draft') self._test_permission('seele', 'draft', neg=True) self._test_permission('nerv', 'draft', neg=True) self._test_permission('children', 'draft', neg=True) self._test_permission('wille', 'draft', neg=True) self._test_permission('anonymous', 'draft', neg=True) self._test_permission('author', 'draft')
def test_view_permission_with_public(self): """ Anyone can see the public model """ from .models import PublishmentTestArticle as Article permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam', 'public') self._test_permission('seele', 'public') self._test_permission('nerv', 'public') self._test_permission('children', 'public') self._test_permission('wille', 'public') self._test_permission('anonymous', 'public')
def test_view_permission_with_protected(self): """ Authenticated user except wille can see the protected model """ from .models import PublishmentTestArticle as Article permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam', 'protected') self._test_permission('seele', 'protected') self._test_permission('nerv', 'protected') self._test_permission('children', 'protected') self._test_permission('wille', 'protected', neg=True) self._test_permission('anonymous', 'protected', neg=True)
def test_view_permission_with_draft(self): """ Nobody except the author and adam can see the draft model """ permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission("adam", "draft") self._test_permission("seele", "draft", neg=True) self._test_permission("nerv", "draft", neg=True) self._test_permission("children", "draft", neg=True) self._test_permission("wille", "draft", neg=True) self._test_permission("anonymous", "draft", neg=True) self._test_permission("author", "draft")
def test_view_permission_with_draft(self): """ Nobody except the author and adam can see the draft model """ from .models import PublishmentTestArticle as Article permission_logic = PublishmentPermissionLogic() add_permission_logic(Article, permission_logic) self._test_permission('adam', 'draft') self._test_permission('seele', 'draft', neg=True) self._test_permission('nerv', 'draft', neg=True) self._test_permission('children', 'draft', neg=True) self._test_permission('wille', 'draft', neg=True) self._test_permission('anonymous', 'draft', neg=True) self._test_permission('author', 'draft')
def test_delete_permission_with_own(self): """ Adam, Seele, Nerv, Childrenは自分の持っているオブジェクトに削除権限を持つ Willeは削除権限を持たない """ permission_logic = self.permission_logic_class( any_permission=True ) add_permission_logic(Article, permission_logic) self._test_permission('adam', 'delete', object_permission=True) self._test_permission('seele', 'delete', object_permission=True) self._test_permission('nerv', 'delete', object_permission=True) self._test_permission('children', 'delete', object_permission=True) self._test_permission('wille', 'delete', neg=True, object_permission=True) remove_permission_logic(Article, permission_logic)
def test_change_permission_with_any(self): """ Adam, Seele, Nerv, Childrenはいずれかのオブジェクトの変更権限を持つ Willeは変更権限を持たない """ permission_logic = self.permission_logic_class( any_permission=True ) add_permission_logic(Article, permission_logic) self._test_permission('adam', 'change') self._test_permission('seele', 'change') self._test_permission('nerv', 'change') self._test_permission('children', 'change') self._test_permission('wille', 'change', neg=True) remove_permission_logic(Article, permission_logic)
def test_change_permission_with_own(self): """ Adam, Seele, Nerv, Childrenは自分の持っているオブジェクトに変更権限を持つ Willeは変更権限を持たない """ permission_logic = self.permission_logic_class( any_permission=True ) add_permission_logic(Article, permission_logic) self._test_permission('adam', 'change', object_permission=True) self._test_permission('seele', 'change', object_permission=True) self._test_permission('nerv', 'change', object_permission=True) self._test_permission('children', 'change', object_permission=True) self._test_permission('wille', 'change', neg=True, object_permission=True) remove_permission_logic(Article, permission_logic)
def setUp(self): self.handler = LogicalPermissionHandler self.user = create_user('john') self.perm1 = 'permission.add_article' self.perm2 = 'permission.change_article' self.perm3 = 'permission.delete_article' self.article = create_article('test') from permission.logics import PermissionLogic from permission import add_permission_logic self.mock_logic1 = MagicMock(spec=PermissionLogic) self.mock_logic1.has_perm = MagicMock(return_value=False) self.mock_logic2 = MagicMock(spec=PermissionLogic) self.mock_logic2.has_perm = MagicMock(return_value=False) add_permission_logic(Article, self.mock_logic1) add_permission_logic(Article, self.mock_logic2)
def test_delete_permission_with_others(self): """ adam以外の全てのユーザーは他人の持っているオブジェクトに削除権限を持たない """ permission_logic = self.permission_logic_class( any_permission=True ) add_permission_logic(Article, permission_logic) kwargs = { 'object_permission': True, 'author': self.user } self._test_permission('adam', 'delete', **kwargs) self._test_permission('seele', 'delete', neg=True, **kwargs) self._test_permission('nerv', 'delete', neg=True, **kwargs) self._test_permission('children', 'delete', neg=True, **kwargs) self._test_permission('wille', 'delete', neg=True, **kwargs) remove_permission_logic(Article, permission_logic)
from django.db.models.signals import post_delete from django.dispatch import receiver from kawaz.core.utils.signals import disable_for_loaddata @receiver(post_save, sender=Event) @disable_for_loaddata def join_organizer(**kwargs): """ 作成者を自動的に参加させるシグナルレシーバ """ created = kwargs.get('created') instance = kwargs.get('instance') if created: instance.attend(instance.organizer) from permission import add_permission_logic from permission.logics.staff import StaffPermissionLogic from .perms import EventPermissionLogic from kawaz.core.publishments.perms import PublishmentPermissionLogic add_permission_logic(Event, EventPermissionLogic()), add_permission_logic(Event, PublishmentPermissionLogic( author_field_name='organizer')), add_permission_logic(Category, StaffPermissionLogic(any_permission=True)) from .activity import EventActivityMediator from activities.registry import registry registry.register(Event, EventActivityMediator())
return AccounterQuerySet(self.model, using=self._db) class AccounterQuerySet(query.QuerySet): def contains(self, s): return self.filter(Q(alternative_names__icontains=s) | Q(name__icontains=s) | Q(sites__host__icontains=s)).distinct() class Accounter(models.Model): alternative_names = models.CharField(max_length=200) icon = models.URLField(blank=True) main_site = models.ForeignKey('Site', null=True, related_name='main_site_for') name = models.CharField(max_length=50) password_alphabet = models.PositiveSmallIntegerField(choices=ALPHABET_CHOICES) password_length = models.PositiveSmallIntegerField() objects = AccounterManager() class Site(models.Model): accounter = models.ForeignKey('Accounter', related_name='sites') host = models.URLField() class UserProfile(models.Model): user = models.OneToOneField(auth_models.User, primary_key=True, related_name='profile') data = models.TextField(blank=True) permission.add_permission_logic(auth_models.User, oneself_permission_logic.OneselfPermissionLogic())
self.service.label) @property def url(self): return self.service.url_pattern.format(username=self.username) from ..activities.profile import AccountActivityMediator registry.register(Account, AccountActivityMediator()) from permission import add_permission_logic from kawaz.core.publishments.perms import PublishmentPermissionLogic from kawaz.core.personas.perms import KawazAuthorPermissionLogic from kawaz.core.personas.perms import NervPermissionLogic add_permission_logic(Skill, NervPermissionLogic( any_permission=True )) add_permission_logic(Service, NervPermissionLogic( any_permission=True )) add_permission_logic(Account, KawazAuthorPermissionLogic( field_name='profile__user', any_permission=False, change_permission=False, delete_permission=True )) add_permission_logic(Account, PublishmentPermissionLogic( author_field_name='profile__user' )) add_permission_logic(Profile, KawazAuthorPermissionLogic( field_name='user',
# coding=utf-8 """ """ from django.db import models from kawaz.core.personas.models import Persona from kawaz.core.publishments.models import PUB_STATES class StarTestArticle(models.Model): pub_state = models.CharField("Publish status", max_length=10, choices=PUB_STATES, default="public") author = models.ForeignKey(Persona) title = models.CharField("Title", max_length=30) class Meta: app_label = "stars" permissions = (("view_startestarticle", "Can view the articles"),) from permission import add_permission_logic from kawaz.core.personas.perms import KawazAuthorPermissionLogic from kawaz.core.publishments.perms import PublishmentPermissionLogic add_permission_logic(StarTestArticle, PublishmentPermissionLogic()) add_permission_logic(StarTestArticle, KawazAuthorPermissionLogic())
'title': instance.title, 'date': instance.created_date }) )) else: pass # post_save.connect(send_published_notification, sender=New) from permission import add_permission_logic from permission.logics import AuthorPermissionLogic, StaffPermissionLogic add_permission_logic(New, AuthorPermissionLogic( field_name='author', any_permission=False, change_permission=True, delete_permission=True, )) add_permission_logic(New, StaffPermissionLogic( any_permission=False, change_permission=True, delete_permission=True, )) from django.core.cache import cache from django.db.models.signals import post_save from django.dispatch import receiver from django.contrib.sessions.models import Session
def test_has_perm_delete_without_obj_with_anonymous(self): permission_logic = AuthorPermissionLogic() add_permission_logic(self.article.__class__, permission_logic) self.assertFalse(permission_logic.has_perm(self.anonymous, self.perm3))
class Meta: ordering = ('pk', ) verbose_name = _('Screen shot') verbose_name_plural = _('Screen shots') def __str__(self): return '{}({})'.format(self.image.name, self.product.title) from permission import add_permission_logic from .perms import ProductPermissionLogic from kawaz.core.personas.perms import ChildrenPermissionLogic add_permission_logic( Product, ChildrenPermissionLogic(add_permission=True, change_permission=False, delete_permission=False)) add_permission_logic(Product, ProductPermissionLogic()) from .activity import ProductActivityMediator from activities.registry import registry registry.register(Product, ProductActivityMediator()) from .activity import ReleaseActivityMediator registry.register(PackageRelease, ReleaseActivityMediator()) registry.register(URLRelease, ReleaseActivityMediator()) from .activity import ScreenshotActivityMediator registry.register(Screenshot, ScreenshotActivityMediator())
def test_has_perm_add_with_obj_with_anonymous(self): permission_logic = OneselfPermissionLogic() add_permission_logic(self.user1.__class__, permission_logic) self.assertFalse( permission_logic.has_perm(self.anonymous, self.perm1, self.user1))
def __str__(self): return self.name #### PERMISSIONS # apply AuthorPermissionLogic and CollaboratorsPermissionLogic from permission import add_permission_logic from permission.logics import PermissionLogic, AuthorPermissionLogic # from permission.logics import CollaboratorsPermissionLogic # Authors have full permission (edit, delete etc.) to their own skills and training bits gcl_authorpermissionlogic = AuthorPermissionLogic(field_name='author', change_permission=True, delete_permission=True) add_permission_logic(Skill, gcl_authorpermissionlogic) add_permission_logic(TrainingBit, gcl_authorpermissionlogic) add_permission_logic(Project, gcl_authorpermissionlogic) add_permission_logic(Comment, gcl_authorpermissionlogic) # See: https://github.com/lambdalisue/django-permission/blob/bdd0ebefbb6638b38886a0d35d9d379cfb067bfd/src/permission/logics/author.py class AdminPermissionLogic(PermissionLogic): def has_perm(self, user, permission_str, obj): if user.is_authenticated() and user.is_admin: return True else: return False
def test_has_perm_delete_with_obj(self): permission_logic = OneselfPermissionLogic() add_permission_logic(self.user1.__class__, permission_logic) self.assertFalse( permission_logic.has_perm(self.user1, self.perm3, self.user2))
def test_has_perm_delete_with_himself(self): permission_logic = OneselfPermissionLogic() add_permission_logic(self.user1.__class__, permission_logic) self.assertTrue( permission_logic.has_perm(self.user1, self.perm3, self.user1))
def test_constructor_with_specifying_delete_permission(self): permission_logic = OneselfPermissionLogic(delete_permission=False) add_permission_logic(self.user1.__class__, permission_logic) self.assertTrue(isinstance(permission_logic, OneselfPermissionLogic)) self.assertEqual(permission_logic.delete_permission, False)
def test_has_perm_change_with_himself_non_any(self): permission_logic = OneselfPermissionLogic(any_permission=False) add_permission_logic(self.user1.__class__, permission_logic) self.assertTrue( permission_logic.has_perm(self.user1, self.perm2, self.user1))
'day': published_at.day, 'pk': self.pk }) return ('blogs_entry_update', (), { 'author': self.author.username, 'pk': self.pk }) from permission import add_permission_logic from kawaz.core.publishments.perms import PublishmentPermissionLogic from kawaz.core.personas.perms import ChildrenPermissionLogic from kawaz.core.personas.perms import KawazAuthorPermissionLogic add_permission_logic(Category, KawazAuthorPermissionLogic( field_name='author', any_permission=True )) add_permission_logic(Category, ChildrenPermissionLogic( add_permission=True )) add_permission_logic(Entry, KawazAuthorPermissionLogic( field_name='author', any_permission=True, )) add_permission_logic(Entry, PublishmentPermissionLogic()) from .activity import EntryActivityMediator registry.register(Entry, EntryActivityMediator())
def test_has_perm_change_with_obj(self): permission_logic = AuthorPermissionLogic() add_permission_logic(self.article.__class__, permission_logic) self.assertFalse( permission_logic.has_perm(self.user1, self.perm2, self.article))
def test_has_perm_delete_with_himself_non_any_no_delete(self): permission_logic = OneselfPermissionLogic(any_permission=False, delete_permission=False) add_permission_logic(self.user1.__class__, permission_logic) self.assertFalse( permission_logic.has_perm(self.user1, self.perm3, self.user1))
def test_has_perm_delete_without_obj(self): permission_logic = AuthorPermissionLogic() add_permission_logic(self.article.__class__, permission_logic) self.assertTrue(permission_logic.has_perm(self.user1, self.perm3))
# coding=utf-8 """ """ from kawaz.core.personas.models import Persona from django.db import models class CommentTestArticle(models.Model): text = models.CharField('text', max_length=30) author = models.ForeignKey(Persona) class Meta: app_label = 'comments' from permission import add_permission_logic from kawaz.core.personas.perms import KawazAuthorPermissionLogic add_permission_logic(CommentTestArticle, KawazAuthorPermissionLogic())
ordering = ('created_at',) verbose_name = _('Star') verbose_name_plural = _('Stars') permissions = ( ('view_star', 'Can view the Star'), ) def __str__(self): return str(self.content_object) @property def tooltip_text(self): """ ツールチップに表示させる内容を取り出します Example: 井の中かわず 井の中かわず「ゲーム作りました」 """ if self.quote: return _("%(nickname)s '%(quote)s'") % { 'nickname': self.author.nickname, 'quote': self.quote } return self.author.nickname from permission import add_permission_logic from .perms import StarPermissionLogic add_permission_logic(Star, StarPermissionLogic())
def test_has_perm_change_without_obj(self): permission_logic = OneselfPermissionLogic() add_permission_logic(self.user1.__class__, permission_logic) self.assertTrue(permission_logic.has_perm(self.user1, self.perm2))
def test_has_perm_delete_without_obj_with_anonymous(self): permission_logic = OneselfPermissionLogic() add_permission_logic(self.user1.__class__, permission_logic) self.assertFalse(permission_logic.has_perm(self.anonymous, self.perm3))
プロジェクト作成時に自動的に管理者をプロジェクトに参加させるシグナル処理 """ created = kwargs.get('created') instance = kwargs.get('instance') if instance.pub_state != 'draft' and not instance.administrator in instance.members.all(): instance.join(instance.administrator) from permission import add_permission_logic from kawaz.core.personas.perms import KawazAuthorPermissionLogic from permission.logics import CollaboratorsPermissionLogic from kawaz.core.publishments.perms import PublishmentPermissionLogic from .perms import ProjectPermissionLogic add_permission_logic(Project, KawazAuthorPermissionLogic( field_name='administrator', change_permission=True, delete_permission=True )) add_permission_logic(Project, CollaboratorsPermissionLogic( field_name='members', change_permission=True, delete_permission=False )) add_permission_logic(Project, ProjectPermissionLogic()) add_permission_logic(Project, PublishmentPermissionLogic( author_field_name='administrator' )) from .activity import ProjectActivityMediator from activities.registry import registry registry.register(Project, ProjectActivityMediator())