def test_group_role(self): assign_role("role2", self.group) self.assertTrue(self.user.has_perm("core.view_remote")) self.assertFalse(self.user.has_perm("core.view_remote", self.remote)) self.assertEqual(self.user.get_all_permissions(), {"core.view_remote"}) self.assertEqual(self.user.get_all_permissions(self.remote), set()) remove_role("role2", self.group)
def test_user_role(self): assign_role("role1", self.user) self.assertTrue(self.user.has_perm("core.view_repository")) self.assertFalse(self.user.has_perm("core.view_repository", self.repository)) self.assertEqual(self.user.get_all_permissions(), {"core.view_repository"}) self.assertEqual(self.user.get_all_permissions(self.repository), set()) remove_role("role1", self.user)
def add_roles_for_object_creator(self, roles): """ Adds object-level roles for the user creating the newly created object. If the ``django_currentuser.middleware.get_current_authenticated_user`` returns None because the API client did not provide authentication credentials, *no* permissions are added and this passes silently. This allows endpoints which create objects and do not require authorization to execute without error. Args: roles (list or str): One or more roles to be added at the object-level for the user. This can either be a single role as a string, or list of role names. """ from pulpcore.app.role_util import assign_role roles = _ensure_iterable(roles) current_user = get_current_authenticated_user() if current_user: for role in roles: assign_role(role, current_user, self)
def test_combination_role(self): assign_role("role1", self.user, self.repository) assign_role("role2", self.group) self.assertEqual(self.user.get_all_permissions(), {"core.view_remote"}) self.assertEqual(self.user.get_all_permissions(self.repository), {"view_repository"}) self.assertEqual(self.user.get_all_permissions(self.remote), set()) self.assertEqual( set( get_objects_for_user(self.user, "core.view_repository", Repository.objects.all()).values_list( "pk", flat=True)), {self.repository.pk}, ) self.assertEqual( set( get_objects_for_user(self.user, "core.view_remote", Remote.objects.all()).values_list( "pk", flat=True)), {self.remote.pk, self.remote2.pk}, ) remove_role("role2", self.group)
def add_roles_for_groups(self, roles, groups): """ Adds object-level roles for one or more groups for this newly created object. Args: roles (str or list): One or more object-level roles to be added for the groups. This can either be a single role as a string, or list of role names. groups (str or list): One or more groups who will receive object-level roles. This can either be a single group name as a string or a list of group names. Raises: ObjectDoesNotExist: If any of the groups do not exist. """ from pulpcore.app.role_util import assign_role roles = _ensure_iterable(roles) groups = _ensure_iterable(groups) for group_name in groups: group = Group.objects.get(name=group_name) for role in roles: assign_role(role, group, self)
def add_roles_for_users(self, roles, users): """ Adds object-level roles for one or more users for this newly created object. Args: roles (str or list): One or more roles to be added at object-level for the users. This can either be a single role as a string, or a list of role names. users (str or list): One or more users who will receive object-level roles. This can either be a single username as a string or a list of usernames. Raises: ObjectDoesNotExist: If any of the users do not exist. """ from pulpcore.app.role_util import assign_role roles = _ensure_iterable(roles) users = _ensure_iterable(users) for username in users: user = get_user_model().objects.get(username=username) for role in roles: assign_role(role, user, self)