def test_save(self): user_profile = UserProfile(user=User.objects.create_user( 'john', '*****@*****.**', 'johnpassword'), bio='my bio') user_profile.save() self.assertEqual(user_profile, UserProfile.objects.get(id=user_profile.id))
def register(request): """Function to register users.""" context = {} if request.method == 'POST': try: username = request.POST.get('name') email = request.POST.get('email') password1 = request.POST.get('password1') password2 = request.POST.get('password2') if password2 == password1: user = User.objects.create_user( password=password1, username=username, email=email) user_info = UserProfile(user=user, name=username, email=email) user_info.save() context = {'success': True, 'message': 'successfully saved'} context.update(csrf(request)) return render_to_response("LoginStatus.html", context) except: context = {'success': False, 'message': 'NOT saved'} context.update(csrf(request)) return render_to_response("LoginStatus.html", context) context.update(csrf(request)) return render_to_response("register.html", context)
def obj_create(self, bundle, **kwargs): #validator not being called data = bundle.data user = bundle.request.user thegroup = Group.objects.create(name=data['name']) thegroup.save() #creator of the group can edit by default assign_perm(UserProfile.get_permission_name('edit'), user, thegroup) assign_perm(UserProfile.get_permission_name('view'), user, thegroup) bundle.obj = thegroup # User always has edit permissions for group he made user.groups.add(thegroup) user.save() # Users are in the group if 'users' in data: thegroup.user_set = [] users = [User.objects.get(pk=userid) for userid in data['users']] thegroup.user_set = users if 'request_id' in data and data['request_id']: req = Request.objects.get(id=data['request_id']) assign_perm(Request.get_permission_name('view'), thegroup, req) thegroup.save() return bundle
def handle(self, *args, **options): for user in User.objects.all(): try: up = UserProfile.objects.get(user=user) except Exception as e: print "no userprofile for %s" % user.username up = UserProfile(user=user) up.save()
def test_get_announcers_and_profile(self): user = User(username='******', password='******') user.save() user_profile = UserProfile(user=user, bio='my bio') user_profile.save() programme = Programme.objects.create(name="Test programme", synopsis="This is a description", current_season=1, _runtime=60, start_date=datetime.date(2014, 1, 31)) role = Role.objects.create(person=user, programme=programme) self.assertEqual(programme, Programme.objects.get(id=programme.id)) self.assertEqual(user_profile, UserProfile.objects.get(id=user_profile.id)) self.assertEqual(user, user_profile.user) self.assertEqual(user, programme.announcers.all()[0])
def handle(self, *args, **options): excluded = ['public', 'AnonymousUser'] for user in User.objects.all(): group = Group.objects.get(name=user.username) assign_perm(UserProfile.get_permission_name('edit'), user, group) print '1 set %s %s' % (group.name, user.username) #retroactive support for editing permissions on groups #make everyone an editor of the group because we can't track who created the group for group in Group.objects.all().exclude(name__in=excluded): for user in group.user_set.all(): assign_perm(UserProfile.get_permission_name('edit'), user, group) assign_perm(UserProfile.get_permission_name('view'), user, group) print '2 set %s %s' % (group.name, user.username)
def dehydrate(self, bundle): if 'request_id' not in bundle.data.keys(): bundle.data['request_id'] = bundle.request.GET.get("request_id", None) bundle.data['toggle_to_edit'] = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if bundle.data['request_id']: checker = ObjectPermissionChecker(bundle.obj) bundle.data['toggle_to_edit'] = checker.has_perm(Request.get_permission_name('edit'), Request.objects.get(id=bundle.data['request_id'])) if not bundle.request.user.is_authenticated(): bundle.data['can_edit'] = False bundle.data['can_edit'] = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) bundle.data['type'] = 'group' for usr in bundle.data['users']: usr.data['toggle_to_edit'] = usr.obj.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) return bundle
def post(self, request): register_form = RegisterForm(request.POST) if register_form.is_valid(): user_name = request.POST.get('email', None) # 如果用户已存在,则提示错误 if UserProfile.objects.filter(email=user_name): return render(request, 'register.html', { 'register_form': register_form, 'msg': "用户已存在" }) pass_word = request.POST.get('password', None) # 实例化一个用户对象 user_profile = UserProfile() user_profile.username = user_name user_profile.email = user_name user_profile.is_active = False # 对保存到数据库的密码进行加密 user_profile.password = make_password(pass_word) user_profile.save() send_register_eamil(user_name, 'register') return render(request, 'login.html') else: return render(request, 'register.html', {'register_form': register_form})
def post(self, request): print(1) register_form = RegisterForm(request.POST) if register_form.is_valid(): print(2) user_name = request.POST.get('email') # 如果用户已存在,则提示错误信息 capt_cha = request.POST.get('captcha') if UserProfile.objects.filter(email=user_name): return render(request, 'register.html', { 'register_form': register_form, 'msg': '用户已存在' }) print(3) pass_word = request.POST.get('password') # 实例化一个user_profile对象 user_profile = UserProfile() user_profile.username = user_name user_profile.email = user_name user_profile.is_active = False # 对保存到数据库的密码加密 user_profile.password = make_password(pass_word) user_profile.save() send_register_eamil(user_name, 'register') return render(request, 'login.html') else: return render(request, 'register.html', { 'register_form': register_form, 'msg': '验证码错误' })
def post(self, request): register_form = RegisterForm(request.POST) if register_form.is_valid(): user_name = request.POST.get("email", "") pass_word = request.POST.get("password", "") exist_user = UserProfile.objects.filter( Q(username=user_name) | Q(email=user_name)) if exist_user: return render(request, "forgetpwd.html", {'msg': "用户已经存在,若是本人忘记密码,请找回密码"}) # 实例化一个user_profile对象,将前台值存入 user_profile = UserProfile() user_profile.username = user_name user_profile.email = user_name user_profile.is_active = False # 加密password进行保存 user_profile.password = make_password(pass_word) user_profile.save() send_register_email(user_name, 'register') # 给用户发送消息 user_msg = UserMessage(user=user_profile.id) user_msg.message = '欢迎注册孟哥个网站' user_msg.save() return render(request, "login.html", {'msg': "激活连接已发送,注意查收"}) else: return render(request, "register.html", {"register_form": register_form})
def post(self, request, *args, **kwargs): register_form = RegisterForm(request.POST) # print(request.POST.get("username",""),'\n') # print(request.POST.get("password",""),'\n') if register_form.is_valid(): user_name = request.POST.get("username", "") if UserProfile.objects.filter(email=user_name): msg = "邮箱已被注册!" register_form._errors["msg"] = register_form.error_class([msg]) return render(request, "register.html", {"register_form": register_form}) password = request.POST.get("password", "") user_profile = UserProfile() user_profile.username = user_name user_profile.email = user_name user_profile.is_active = False user_profile.password = make_password(password) user_profile.save() if send_email(user_name, "register"): return render(request, "send_success.html") else: return render(request, "send_fail.html") else: messages.info(request, "邮箱地址非法!") print(2333) return render(request, "register.html", {"register_form": register_form})
def post(self, request): register_form = RegisterForm(request.POST) if register_form.is_valid(): email = request.POST.get('email', '') pass_word = request.POST.get('password', '') if UserProfile.objects.filter(email=email): return render(request, 'register.html', { 'msg': '用户已经存在', 'register_form': register_form }) user_profile = UserProfile() user_profile.username = email user_profile.email = email user_profile.password = make_password(pass_word) user_profile.is_active = False user_profile.save() # 写入欢迎注册消息 user_message = UserMessage() user_message.user = user_profile.id user_message.message = '欢迎注册慕学在线网' user_message.save() send_register_email(email, 'register') return render(request, 'login.html') else: return render(request, 'register.html', {'register_form': register_form})
def post(self, request): register_post_form = RegisterPostForm(request.POST) if register_post_form.is_valid(): user_name = request.POST.get('mobile', '') password = request.POST.get('password', '') user = UserProfile() user.username = user_name user.mobile = user_name user.set_password(password) user.save() # 写入欢迎注册消息 user_message = UserMessage() user_message.user = user user_message.message = '欢迎注册!!!!!' user_message.save() # send_register_email(user_name, 'register') login(request, user) return HttpResponseRedirect(reverse('index')) else: register_get_form = RegisterGetForm() return render( request, 'register.html', { 'register_get_form': register_get_form, 'register_post_form': register_post_form })
def post(self, request): """注册提交""" # 校验数据 register_captcha = RegisterForm(request.POST) register_post = RegisterPostForm(request.POST) # 取出一个错误 error_val = '' error_key = '' for key, val in register_post.errors.items(): error_val = val[0] error_key = key break if not register_post.is_valid(): return render(request, 'register.html', { 'register_captcha': register_captcha, 'register_post': register_post, 'error_val': error_val, 'error_key': error_key, }) # 业务逻辑处理:注册用户 mobile = register_post.cleaned_data['mobile'] password = register_post.cleaned_data['password'] # 注册用户 user = UserProfile() user.username = mobile user.mobile = mobile user.set_password(password) user.save() # 验证通过,返回到登录页面 return redirect(reverse('users:login'))
def test_add_user_to_group(self): self.add_user_to_group(self.usertwo) self.assertEqual(self.usertwo.groups.filter(name=self.post_data['name']).count(), 1) #user who created a group has ownership over it self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('view'), self.group), True) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('view'), self.group), True) #user two didn't create the group but is part of it, usertwo shouldn't be able to add userthree to the group in this case self.get_credentials_other(self.usertwo.username) users = self.get_user_json(self.userthree) groupjson = self.groupJSON.copy() groupjson['users'].append(users) update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual(self.userthree.groups.filter(name=self.post_data['name']).count(), 0) #remove a user from the group groupjson['users'] = [self.get_user_json(self.user)] update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) self.assertEqual(self.usertwo.groups.filter(name=self.post_data['name']).count(), 0) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('view'), self.group), True) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('view'), self.group), False)
def post(self, request): register_form = RegisterForms(request.POST) if register_form.is_valid(): # 若果用户输入的创建的信息正确 那么就可以进行入库操作 email = request.POST.get('email', '') # 注册的时候 用户名重复的现象 if UserProfile.objects.filter(username=email): return render(request, "register.html", { 'register_form': register_form, 'msg': '用户名已存在' }) pass_word = request.POST.get("password", '') #在这里要进行邮箱激活验证操作 user = UserProfile() # 实例化一个user 对象 user.username = email user.is_active = False # 这里还没有激活 所以还是0 状态 user.email = email # 在这里 昵称 和 邮箱是一样的 原因就是使用了邮箱来创建用户 user.password = make_password(pass_word) # 加密操作 user.save() # 保存进数据库 send_register_email(email, "register") return render(request, "active_err.html") # return render(request,"激活链接") else: register_form_odd = RegisterForms() return render(request, "register.html", { 'register_err': register_form, 'register_form': register_form_odd })
def post(self,request): context = get_top_data(request) register_form = RegisterForm(request.POST) if register_form.is_valid(): username = request.POST.get('username','') user = UserProfile.objects.filter(username=username).all() if user: return render(request, 'register.html', {'msg': '用户 {0} 已存在'.format(username),'register_form':register_form}) email = request.POST.get('email','') password = request.POST.get('password','') surepassword = request.POST.get('surepassword','') if password != surepassword: context.update({'msg': '两次密码输入不一致','register_form':register_form}) return render(request, 'register.html', context=context) user_profile = UserProfile() user_profile.username = username user_profile.email = email user_profile.password = make_password(password) user_profile.is_active = False user_profile.save() send_register_email(email,username,'register') context.update({'email_msg': '注册邮件已发送,请注意查收.', 'register_form': register_form}) return render(request, 'register.html', context=context) context.update({'register_form':register_form}) return render(request, 'register.html',context=context)
def post(self, request): forget_form = ForgetPwdForm() banners = Banner.objects.filter(type=3).order_by("index") modify_form = ModifyPwdForm(request.POST) if modify_form.is_valid(): pwd1 = request.POST.get("password1", "") pwd2 = request.POST.get("password2", "") email = request.POST.get("email", "") active_code = request.POST.get("active_code", "") if pwd1 != pwd2: return render( request, "password_reset.html", { "email": email, "active_code": active_code, "msg": "两次输入密码不一致!" }) all_records = EmailVerifyRecord.objects.filter( code=active_code).last() if all_records.email != email: all_records.delete() return render( request, 'forgetpwd.html', { 'forget_form': forget_form, 'msg': '发生未知错误,请再次发送邮件', "banners": banners }) user = UserProfile.objects.filter(email=email).first() if user: user.set_password(pwd2) user.save() else: user_profile = UserProfile() user_profile.username = email user_profile.email = email user_profile.is_active = True user_profile.set_password(pwd2) user_profile.save() login_form = LoginForm() banners = Banner.objects.filter(type=3).order_by("index") all_records.delete() return render(request, "login.html", { 'msg': '密码成功重置', 'login_form': login_form, "banners": banners }) else: email = request.POST.get("email", "") active_code = request.POST.get("active_code", "") return render( request, "password_reset.html", { "email": email, "active_code": active_code, "modify_form": modify_form })
def check_valid_user(request, user_id): if request.user.is_anonymous(): return render_template(request, 'users/user_login.html', {'next':'%s' % request.path}) try: person = User.objects.get(pk=int(user_id)) except User.DoesNotExist: return render_template(request, 'error.html', {'message':_("User ID (%s) is not existed!") % user_id}) try: profile = person.get_profile() except: #if there is no profile record existed, then create a new record first profile = UserProfile(user=person) profile.save() if person.id != request.user.id: return render_template(request, 'error.html', {'message':_('You have no right to view the page!')})
def test_removal_from_public_index(self): """Test that a user gets removed from public index if makes profile mozillians only again. """ before = (S(UserProfile) .indexes(UserProfile.get_index(public_index=True)) .count()) profile = self.mozillian2.userprofile profile.privacy_full_name = MOZILLIANS profile.save() sleep(1) after = (S(UserProfile) .indexes(UserProfile.get_index(public_index=True)) .count()) eq_(after+1, before)
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id = groups_id) except: pass if groups_name: try: group = Group.objects.get(name = groups_name) except: pass if group and request.user.has_perm(UserProfile.get_permission_name('view'), group): return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id=groups_id) except: pass if groups_name: try: group = Group.objects.get(name=groups_name) except: pass if group and request.user.has_perm( UserProfile.get_permission_name('view'), group): return get_objects_for_group( group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) #设置一个变量、登录报错以后、让页面还停留在动态短信登陆页面 dynamic_login = True #如果短信验证码、验证成功 if login_form.is_valid(): # 没有账号可以登录 思路:先判断用户是否存在、如果存在 ...如果不存在先注册、给随机密码在登录、看以后代码 # 2、提取手机号 mobile = login_form.cleaned_data['mobile'] #提取手机号 existed_users = UserProfile.objects.filter(mobile=mobile) #如果手机号存在(用户存在) if existed_users: #把手机号给 login记录一下 user = existed_users[0] #如果手机号不存在 (用户不保存在) else: #添加用户 user = UserProfile(username=mobile) #添加用户名字 user.password = user #添加随机密码 # 3、生成随机数验证码、不怕爬虫去伪造 password = generate_random(10, 2) user.set_password(password) #保存新用户的手机号 user.mobile = mobile #保存密码 user.save() #保存用户的信息 login(request, user) #获取next next = request.GET.get('next', "") if next: # 直接跳转到http://127.0.0.1:8001/course/1/lesson/ 这个页面 return HttpResponseRedirect(next) # 跳转到主页 return HttpResponseRedirect(reverse("index")) else: #传递这个图片验证码的、表单是因为:如果短信验证码登录报错、重新实例化 验证码对象、传递到前端登陆页面、就不用刷新登陆页面 d_form = DynamicLoginForm() #如果短信验证码验证失败、会接受DynamicLoginPostForm 类的验证错误 return render( request, "login.html", { "login_form": login_form, "dynamic_login": dynamic_login, 'd_form': d_form })
def test_get_announcers_and_profile(self): user = User(username='******', password='******') user.save() user_profile = UserProfile(user=user, bio='my bio') user_profile.save() programme = Programme.objects.create(name="Test programme", synopsis="This is a description", current_season=1, _runtime=60, start_date=datetime.date( 2014, 1, 31)) role = Role.objects.create(person=user, programme=programme) self.assertEqual(programme, Programme.objects.get(id=programme.id)) self.assertEqual(user_profile, UserProfile.objects.get(id=user_profile.id)) self.assertEqual(user, user_profile.user) self.assertEqual(user, programme.announcers.all()[0])
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) dynamic_login = True if login_form.is_valid(): # 没有注册帐号依然可以登录 mobile = login_form.cleaned_data['mobile'] existed_user = UserProfile.objects.filter(mobile=mobile) if existed_user: user = existed_user[0] else: # 创建一个用户 user = UserProfile(username=mobile) password = gencrate_random(10, 2) user.set_password(password) user.mobile = mobile user.save() login(request, user) return HttpResponseRedirect(reverse('index')) else: d_form = DynamicLoginForm() # 生成图片验证码 return render( request, 'login.html', { 'login_form': login_form, 'd_form': d_form, 'dynamic_login': dynamic_login })
def post(self, request, *args, **kwargs): banner = Banner.objects.all()[:3] dynamic_login = True login_form = DynamicLoginPostForm(request.POST) if login_form.is_valid(): # 没有注册帐号也能登录 mobile = login_form.cleaned_data['mobile'] exist_users = UserProfile.objects.filter(mobile_phone=mobile) if exist_users: user = exist_users[0] login(request, user) else: # 新建一个用户 user = UserProfile(username=mobile) password = str(random.randint(100000, 999999)) user.set_password(password) user.mobile_phone = mobile user.save() login(request, user) next = request.GET.get('next', '') if next: return HttpResponseRedirect(next) return HttpResponseRedirect(reverse('index')) else: captcha_form = DynamicLoginForm() return render( request, 'login.html', { 'login_form': login_form, 'captcha_form': captcha_form, 'dynamic_login': dynamic_login, "banners": banner })
def post(self, request, *args, **kwargs): dynamic_login = True # 用于标识是否为动态登陆 login_form = DynamicLoginPostForm(request.POST) if login_form.is_valid(): # 没有账号依然可以登录 mobile = login_form.cleaned_data["mobile"] # 获取code进行redis认证,判断验证码是否一致.采用利用form进行验证redis,使得代码分离性更好-> form.py # 验证用户是否存在 existed_users = UserProfile.objects.filter(mobile=mobile) if existed_users: user = existed_users[0] login(request, user) else: # 新建一个用户 user = UserProfile(username=mobile) password = generate_random(12) # 生成密码 user.set_password(password) user.mobile = mobile user.save() login(request, user) next = request.GET.get("next") if next: return redirect(next, request) # 需要通过reverse跳转到index return redirect(reverse('index'), request) else: # 为了使得验证码得以显示,所以需要获取有验证码的form传递进来,验证码的form在普通的验证码字段 d_form = DynamicLoginForm() return render( request, "login.html", { "login_form": login_form, "dynamic_login": dynamic_login, "d_form": d_form, })
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) dynamic_login = True banners = Banner.objects.all()[:3] if login_form.is_valid():#账号符合表单结构(forms中进行验证码匹配) #没有注册账号依然可以登录 email = login_form.cleaned_data["email"] existed_users = UserProfile.objects.filter(email=email)#寻找数据库中该邮箱用户 if existed_users:#如果账号存在 user = existed_users[0] else: #新建一个用户 user = UserProfile(username=email) password = generate_random(10, 2) user.set_password(password) user.email = email user.save() login(request, user)#登陆 next = request.GET.get("next", "") if next: return HttpResponseRedirect(next) return HttpResponseRedirect(reverse("index")) else: d_form = DynamicLoginForm() return render(request, "login.html", {"login_form": login_form, "d_form": d_form, "banners":banners, "dynamic_login":dynamic_login})
def post(self, request, *args, **kwargs): register_post_form = RegisterPostForm(request.POST) # 校验手机号(是否已经注册),动态验证码,密码 banners = Banner.objects.all()[:3] if register_post_form.is_valid(): # 获取手机号码和密码 mobile = register_post_form.cleaned_data['mobile'] password = register_post_form.cleaned_data['password'] # 新建一个用户 # 默认用户名=手机号 user = UserProfile(username=mobile) user.set_password(password) # 别忘记存手机号 user.mobile = mobile # 最后对新建的对象进行保存,否则不会存进数据库 user.save() # 注册成功后,跳转首页 login(request, user) return HttpResponseRedirect(reverse('index')) # 若验证失败 else: register_get_form = RegisterForm() return render( request, 'register.html', { 'register_get_form': register_get_form, 'register_post_form': register_post_form, 'banners': banners, })
def post(self, request, *args, **kwargs): # 验证用户输入是否正确 login_form = DynamicLoginPostForm(request.POST) dynamic_login = True banners = Banner.objects.all()[:3] if login_form.is_valid(): mobile = login_form.cleaned_data["mobile"] # 查询用户是否存在 existed_users = UserProfile.objects.filter(mobile=mobile) if existed_users: # 存在——获取用户信息进行登录 user = existed_users[0] else: # 用户不存在,进行注册用户 user = UserProfile(username=mobile) # 随机生成密码 password = generate_random(10, 2) # 将随机密码进行加密 user.set_password(password) user.mobile = mobile user.save() # 进行登录并跳转至首页 login(request, user) return HttpResponseRedirect(reverse("index")) else: d_form = DynamicLoginForm return render(request, "login.html", {"login_form": login_form, 'd_form': d_form, "dynamic_login": dynamic_login, "banners": banners})
def post(self, request): d_captcha_form = DynamicLoginForm() dynamic_active = False dynamic_login_form = DynamicLoginPostForm(request.POST) if dynamic_login_form.is_valid(): mobile = dynamic_login_form.cleaned_data.get('mobile') existed_users = UserProfile.objects.filter(mobile=mobile) if existed_users: user = existed_users[0] else: #新建一个用户 user = UserProfile(username=mobile) password = generate_random(10, 2) user.set_password(password) #set_password函数给指定的参数加密 user.mobile = mobile user.save() login(request, user) return redirect(reverse('front:index')) else: dynamic_active = True # print(dynamic_login_form.errors.get_json_data()) # print(dynamic_login_form.errors) content = { 'dynamic_login_form': dynamic_login_form, 'dynamic_active': dynamic_active, 'd_captcha_form': d_captcha_form, 'dynamic_login_form_errors': dynamic_login_form.errors } return render(request, 'login.html', context=content)
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) dynamic_login = True if login_form.is_valid(): # 没有账号依然可以继续登入 mobile = login_form.cleaned_data['mobile'] existed_user = UserProfile.objects.filter() if existed_user: user = existed_user[0] else: user = UserProfile(username=mobile) password = generate_random(10, 2) user.set_password(password) user.mobile = mobile user.save() login(request, user) # next = request.GET.get("next", "") return HttpResponseRedirect(reverse('index')) else: d_form = DynamicLoginForm() return render(request, "login.html", { "login_form1": login_form, "d_form": d_form, "dynamic_login": dynamic_login })
def post(self,request,*args,**kwargs): dynamic_login=True banners = Banner.objects.all()[:3] #验证手机号及手机验证码 login_form=DynamicLoginPostForm(request.POST) if login_form.is_valid(): #没有注册仍然可以使用 mobile=login_form.cleaned_data['mobile'] code=login_form.changed_data['code'] existed_user=UserProfile.objects.filter(mobile=mobile) if existed_user: user=existed_user[0] else: #新建用户 user=UserProfile(username=mobile) password = generate_random(10, 2) user.set_password(password) user.mobile=mobile user.save() login(request, user) next = request.GET.get("next", '') if next: return HttpResponseRedirect(next) return HttpResponseRedirect(reverse('index')) else: # 验证码错误 d_form=DynamicLoginForm() context = {'login_form': login_form,'dynamic_login':dynamic_login,'d_form':d_form, 'banners':banners} return render(request, 'login.html', context=context)
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) dynamic_login = True banners = Banner.objects.all()[:3] if login_form.is_valid(): mobile = login_form.cleaned_data['mobile'] existed_users = UserProfile.objects.filter(mobile=mobile) if existed_users: user = existed_users[0] else: user = UserProfile(username=mobile) password = generate_random(10, 2) user.set_password(password) user.mobile = mobile user.save() login(request, user) next = request.GET.get('next', '') if next: return HttpResponseRedirect(next) return HttpResponseRedirect(reverse('index')) else: d_form = DynamicLoginForm() return render( request, 'login.html', { 'login_form': login_form, 'd_form': d_form, 'dynamic_login': dynamic_login, 'banners': banners })
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) dynamic_login = True banners = Banner.objects.all()[:3] if login_form.is_valid(): # 没有注册账号依然可以登录 mobile = login_form.cleaned_data['mobile'] # code = login_form.cleaned_data['code'] existed_users = UserProfile.objects.filter(mobile=mobile) if existed_users: user = existed_users[0] else: # 创建一个用户 user = UserProfile(username=mobile) password = generate_random(10, 2) user.set_password(password) user.mobile = mobile user.save() login(request, user) next = request.GET.get("next", "") if next: return HttpResponseRedirect(next) return HttpResponseRedirect(reverse("index")) else: d_form = DynamicLoginForm() return render(request, 'login.html', {"login_form": login_form, "d_form": d_form, "dynamic_login": dynamic_login, "banners":banners})
def post(self, request, *args, **kwargs): login_form = DynamicLoginPostForm(request.POST) dynamic_login = True if login_form.is_valid(): #没有注册账号依然可以登陆 mobile = login_form.cleaned_data["mobile"] # code = login_form.cleaned_data["code"] existed_users = UserProfile.objects.filter(mobile=mobile) if existed_users: user = existed_users[0] else: #新建用户 user = UserProfile(username=mobile) password = generate_random(10, 2) user.set_password(password) user.mobile = mobile user.save() login(request, user) return HttpResponseRedirect(reverse("index")) else: d_form = DynamicLoginForm() return render( request, "login.html", { "login_form": login_form, "d_form": d_form, "dynamic_login": dynamic_login })
def change_avatar(request): # Handle file upload if request.method == 'POST': form = DocumentForm(request.POST, request.FILES) if form.is_valid(): profile = UserProfile(user = request.user, avatar= request.FILES['avatar']) profile.save() # Redirect to the document list after POST return HttpResponseRedirect(reverse('users:avatar')) else: form = DocumentForm() # a empty user = get_object_or_404(User, pk = request.user.id) # Render list page with the documents and the form return render_to_response('users/setting.html', {'user': user, 'form': form}, context_instance = RequestContext(request))
def search(request): num_pages = 0 limit = None nonvouched_only = False picture_only = False people = [] show_pagination = False form = forms.SearchForm(request.GET) groups = None curated_groups = None if form.is_valid(): query = form.cleaned_data.get('q', u'') limit = form.cleaned_data['limit'] vouched = False if form.cleaned_data['nonvouched_only'] else None profilepic = True if form.cleaned_data['picture_only'] else None page = request.GET.get('page', 1) curated_groups = Group.get_curated() # If nothing has been entered don't load any searches. if not (not query and vouched is None and profilepic is None): profiles = UserProfile.search(query, vouched=vouched, photo=profilepic) groups = Group.search(query) paginator = Paginator(profiles, limit) try: people = paginator.page(page) except PageNotAnInteger: people = paginator.page(1) except EmptyPage: people = paginator.page(paginator.num_pages) if len(profiles) == 1 and not groups: return redirect(reverse('profile', args=[people[0].user.username])) if paginator.count > forms.PAGINATION_LIMIT: show_pagination = True num_pages = len(people.paginator.page_range) d = dict(people=people, form=form, limit=limit, nonvouched_only=nonvouched_only, picture_only=picture_only, show_pagination=show_pagination, num_pages=num_pages, groups=groups, curated_groups=curated_groups) if request.is_ajax(): return render(request, 'search_ajax.html', d) return render(request, 'phonebook/search.html', d)
def register(request): if request.user.is_authenticated(): # They already have an account; don't let them register again return render_to_response('user/register.html', {'has_account': True}, context_instance=RequestContext(request)) manipulator = RegistrationForm() if request.POST: new_data = request.POST.copy() errors = manipulator.get_validation_errors(new_data) if not errors: # Save the user manipulator.do_html2python(new_data) new_user = manipulator.save(new_data) # Build the activation key for their account salt = sha.new(str(random.random())).hexdigest()[:5] activation_key = sha.new(salt+new_user.username).hexdigest() key_expires = datetime.datetime.today() + datetime.timedelta(2) # Create and save their profile new_profile = UserProfile(user=new_user, activation_key=activation_key, key_expires=key_expires) new_profile.save() # Send an email with the confirmation link email_subject = 'Your new example.com account confirmation' email_body = """Hello, %s, and thanks for signing up for an \ example.com account!\n\nTo activate your account, click this link within 48 \ hours:\n\nhttp://example.com/accounts/confirm/%s""" % ( new_user.username, new_profile.activation_key) send_mail(email_subject, email_body, '*****@*****.**', [new_user.email]) return render_to_response('user/register.html', {'created': True}, context_instance=RequestContext(request)) else: return render_to_response('user/register.html', {'errors': errors}, context_instance=RequestContext(request)) else: errors = new_data = {} form = manipulator return render_to_response('user/register.html', {'form': form}, context_instance=RequestContext(request))
def search(request): num_pages = 0 limit = None people = [] show_pagination = False form = forms.SearchForm(request.GET) groups = None curated_groups = None if form.is_valid(): query = form.cleaned_data.get('q', u'') limit = form.cleaned_data['limit'] include_non_vouched = form.cleaned_data['include_non_vouched'] page = request.GET.get('page', 1) curated_groups = Group.get_curated() public = not (request.user.is_authenticated() and request.user.userprofile.is_vouched) profiles = UserProfile.search(query, public=public, include_non_vouched=include_non_vouched) if not public: groups = Group.search(query) paginator = Paginator(profiles, limit) try: people = paginator.page(page) except PageNotAnInteger: people = paginator.page(1) except EmptyPage: people = paginator.page(paginator.num_pages) if profiles.count() == 1 and not groups: return redirect(reverse('profile', args=[people[0].user.username])) if paginator.count > forms.PAGINATION_LIMIT: show_pagination = True num_pages = len(people.paginator.page_range) d = dict(people=people, form=form, limit=limit, show_pagination=show_pagination, num_pages=num_pages, groups=groups, curated_groups=curated_groups) if request.is_ajax(): return render(request, 'search_ajax.html', d) return render(request, 'phonebook/search.html', d)
def search(request): num_pages = 0 limit = None people = [] show_pagination = False form = forms.SearchForm(request.GET) groups = None curated_groups = None if form.is_valid(): query = form.cleaned_data.get("q", u"") limit = form.cleaned_data["limit"] include_non_vouched = form.cleaned_data["include_non_vouched"] page = request.GET.get("page", 1) curated_groups = Group.get_curated() profiles = UserProfile.search(query, include_non_vouched=include_non_vouched) groups = Group.search(query) paginator = Paginator(profiles, limit) try: people = paginator.page(page) except PageNotAnInteger: people = paginator.page(1) except EmptyPage: people = paginator.page(paginator.num_pages) if profiles.count() == 1 and not groups: return redirect(reverse("profile", args=[people[0].user.username])) if paginator.count > forms.PAGINATION_LIMIT: show_pagination = True num_pages = len(people.paginator.page_range) d = dict( people=people, form=form, limit=limit, show_pagination=show_pagination, num_pages=num_pages, groups=groups, curated_groups=curated_groups, ) if request.is_ajax(): return render(request, "search_ajax.html", d) return render(request, "phonebook/search.html", d)
def test_empty_query_search(self): """Make sure the search method works with an empty query.""" assert UserProfile.search('').count()
def handle(self, *args, **options): users = [ User.objects.get(username='******'), #User.objects.get(username='******'), #User.objects.get(username='******'), #User.objects.get(username='******') ] up = UserProfile.objects.get(user=users[0]) up.tags.add(ncaa_tag_name) up.tags.add(coach_tag_name) for user in users: assign_perm(UserProfile.get_permission_name('edit'), user, ncaa_group) assign_perm(UserProfile.get_permission_name('view'), user, ncaa_group) assign_perm(UserProfile.get_permission_name('edit'), user, coach_group) assign_perm(UserProfile.get_permission_name('view'), user, coach_group) #Request.objects.all().delete() ncaa_text_to_use = """ Pursuant to the %s, I am requesting the following documents:<br/><br/>\ The equity/revenue-and-expenses report completed by the athletic department for the \ National Collegiate Athletic Association for the 2014 fiscal year. This report is a \ multi-page document that had to be submitted to the NCAA by Jan. 15, 2015. \ It contains 38 revenue and expense categories, followed by specific breakdowns of \ each of those categories, by sport and gender. I am requesting the full report, \ including the detail tables and the Statement of Revenues and Expenses that appear at the end of the report. <br/><br/>\ PLEASE NOTE: The NCAA report is different than the equity report that is sent to the\ U.S. Department of Education for Title IX compliance. <br/><br/>\ %s """ coach_text_to_use = """ Pursuant to %s, I am requesting the following documents:<br/><br/>\ The current contracts for %s. If a contract is under negotiation, \ please forward the current contract but let me know that a new contract may be forthcoming. \ If there is no contact for one or both, please forward the letter(s) of intent or other \ document(s) outlining each employee's conditions of employment \ -- including bonus structure -- and/or a current statement of salary. <br/><br/>\ %s """ fname = settings.SITE_ROOT + "/apps/requests/data/NCAA-pio.csv" #with codecs.open(fname, 'w', encoding="utf-8") as f: # resp = requests.get("https://docs.google.com/spreadsheets/d/1kccaiCCYIHOTEvpUWQiKs51v6K2TNRX7-NN6l1WtzyM/pub?output=csv") # f.write(resp.text) reader = list(UnicodeReader(open(fname, 'rb'))) #create contacts header = reader[0] for idx, row in enumerate(reader[1:]): user = users[0] up = UserProfile.objects.get(user=user) state = row[header.index('STATE')] agency_name = row[header.index("UNIVERSITY")] pio = row[header.index("PIO OFFICER")] email = row[header.index("PIO Email")] phone = row[header.index("PIO Phone")] sid_pio = row[header.index("SID ")] sid_email = row[header.index("SID Email")] sid_phone = row[header.index("SID Phone")] is_power = (row[header.index("Power Conference")] == 'TRUE') is_private = (row[header.index("Is Private")] == 'TRUE') if not is_private and state != '' and email != 'N/A' and pio != 'N/A' and agency_name != '': govt = get_or_create_us_govt(state, 'state') fname = pio.split(" ")[0] lname = pio.split(" ")[-1] middle = '' #alter table `contacts_contact` convert to character set utf8 collate utf8_general_ci; #alter table `agency_agency` convert to character set utf8 collate utf8_general_ci; #alter table `requests_request` convert to character set utf8 collate utf8_general_ci; try: agency, acreated = Agency.objects.get_or_create(name=agency_name, government=govt) except Exception as e: print e print "If more than one agency was returned, pick one!" import pdb;pdb.set_trace() try: contact, ccreated = agency.contacts.get_or_create(first_name=fname, middle_name=middle, last_name=lname) except Exception as e: print e print "If more than one contact was returned, pick one!" import pdb;pdb.set_trace() sid_contact = None if phone != 'N/A': contact.add_phone(phone) contact.add_email(email) #agency.contacts.add(contact) if sid_pio != 'N/A' and sid_email != 'N/A': fname = sid_pio.split(" ")[0] lname = sid_pio.split(" ")[-1] sid_contact, ccreated = Contact.objects.get_or_create(first_name=fname, middle_name='', last_name=lname) sid_contact.add_title("SID") sid_contact.add_email(sid_email) if sid_phone != 'N/A': sid_contact.add_phone(sid_phone) agency.contacts.add(sid_contact) contacts = [contact] if sid_contact is not None: contacts = [contact, sid_contact] agency.save() #logger.info('agency %s %s contact %s %s %s %s' % (agency_name, acreated, fname, middle, lname, ccreated)) law_texts = [] for l in govt.statutes.all(): law_texts.append('%s' % (l.short_title,)) misc_graf = """ Please advise me in advance of the estimated charges associated with fulfilling \ this request.</br></br>In the interest of expediency, and to minimize the research\ and/or duplication burden on your staff, please send records electronically if possible.\ If this is not possible, please notify me by phone at %s before sending to the address listed below. """ % (up.phone) misc_graf += '<br/></br>Sincerly,<br/><br/>%s<br/>%s<br/>%s<br/>%s' % (user.first_name + ' ' + user.last_name, up.mailing_address, up.mailing_city + ', ' + up.mailing_state + ' ' + up.mailing_zip, up.phone) if not is_power: fields_to_use = { 'author': user, 'title': 'NCAA Report - %s' % agency_name, 'free_edit_body': ncaa_text_to_use % (' and '.join(law_texts), misc_graf), 'private': True, 'text': ncaa_text_to_use } therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = contacts therequest.government = govt therequest.agency = agency therequest.tags.add(ncaa_tag_name) therequest.save() assign_perm(Request.get_permission_name('view'), ncaa_group, therequest) #assign_perm(Request.get_permission_name('edit'), thegroup, therequest) coaches = [ 'Football Coach', 'Offensive Coord.', 'Defensive Coord.', "Men's BB Coach", "Women's BB Coach" ] coaches_str = [] for coach in coaches: val = row[header.index(coach)].strip() if val != 'N/A' and val != '': coaches_str.append("%s (%s)" % (val, coach)) print val fields_to_use = { 'author': user, 'title': 'Coach Contracts - %s' % agency_name, 'free_edit_body': coach_text_to_use % (' and '.join(law_texts), ', '.join(coaches_str), misc_graf), 'private': True, 'text': coach_text_to_use } therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = contacts therequest.government = govt therequest.agency = agency therequest.tags.add(coach_tag_name) therequest.save() assign_perm(Request.get_permission_name('view'), coach_group, therequest)
def test_save(self): user_profile = UserProfile(user=User.objects.create_user('john', '*****@*****.**', 'johnpassword'), bio='my bio') user_profile.save() self.assertEqual(user_profile, UserProfile.objects.get(id=user_profile.id))
def obj_update(self, bundle, **kwargs): data = bundle.data user = bundle.request.user bundle.obj = Group.objects.get(id=data['id']) if 'data' in data.keys(): #if 'action' in data['data'].keys() and data['data']['action'] == 'chown': #we are associating, disassociating... assuming the USER is taking action here if 'request_id' in data.keys() and data['request_id']: req = Request.objects.get(id=data['request_id']) if 'action' in data['data'].keys() and req.author == bundle.request.user: if data['data']['action'] == 'associate': assign_perm(Request.get_permission_name('view'), bundle.obj, req) bundle.data['data']['result'] = 'associated' elif data['data']['action'] == 'disassociate': remove_perm(Request.get_permission_name('view'), bundle.obj, req) remove_perm(Request.get_permission_name('edit'), bundle.obj, req) bundle.data['data']['result'] = 'disassociated' elif data['data']['action'] == 'change-access': #right now we are toggling between view and edit checker = ObjectPermissionChecker(bundle.obj) if checker.has_perm(Request.get_permission_name('view'), req) and not checker.has_perm(Request.get_permission_name('edit'), req): assign_perm(Request.get_permission_name('edit'), bundle.obj, req) elif user.has_perm(Request.get_permission_name('edit'), req): remove_perm(Request.get_permission_name('edit'), bundle.obj, req) else: raise ImmediateHttpResponse(HttpForbidden("We couldn't determine the appropriate permissions to assign. Sorry.")) else: logger.info("%s tried to remove users from request %s owned by %s" % (bundle.request.user, req, req.author)) raise ImmediateHttpResponse(HttpBadRequest("It appears you don't have permission to change that user or group's permission.")) else: can_edit = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if not can_edit: raise ImmediateHttpResponse(HttpForbidden("It doesn't appear you can edit this group.")) if 'action' in data['data'].keys() and data['data']['action'] == 'rename': bundle.obj.name = data['name'] bundle.obj.save() if 'action' in data['data'].keys() and data['data']['action'] == 'chown' and 'user_id' in data['data'].keys() and data['data']['user_id']: #change user permission on a group object other_user = User.objects.get(id=data['data']['user_id']) o_can_edit = other_user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if o_can_edit: #toggled to view remove_perm(UserProfile.get_permission_name('edit'), other_user, bundle.obj) else: #toggled to edit assign_perm(UserProfile.get_permission_name('edit'), other_user, bundle.obj) else: ''' NOTE about group permissions The creator of the requst is the only one who can share a request with other users and groups Otherwise the request could be shared with any number of people ''' can_edit = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if not can_edit: raise ImmediateHttpResponse(HttpForbidden("It doesn't appear you can edit this group.")) #we are adding or removing users to the group on the group page users = set([User.objects.get(pk=user['id']) for user in data['users']]) existing_users = set([usr for usr in bundle.obj.user_set.all()]) to_remove = existing_users - users #need to remove and set permissions here for usr in to_remove: remove_perm(UserProfile.get_permission_name('edit'), usr, bundle.obj) remove_perm(UserProfile.get_permission_name('view'), usr, bundle.obj) for usr in users: #users can view but not edit by default assign_perm(UserProfile.get_permission_name('view'), usr, bundle.obj) bundle.obj.user_set = users bundle.obj.save() data.pop('data', None) data.pop('request_id', None) return bundle
def participant_profile(request,username,user_profile_form): message = "Your form has the following errors <br />\n" alert_message = "The form has errors. Error details are at the top of the registration form" login_success = "no" user_profile_form = UserProfileForm(deserialize_form(user_profile_form)) forms_successfully_validated = 0 # validating user_profile_form if user_profile_form.is_valid(): forms_successfully_validated = 1 else: for field in user_profile_form: for error in field.errors: message=message+field.html_name+" : "+error+"<br />\n" new_user.first_name=user_form.cleaned_data['first_name'] new_user.last_name=user_form.cleaned_data['last_name'] new_user.email=user_form.cleaned_data['email'] new_user.save() new_user_profile=UserProfile() new_user_profile.gender= user_profile_form.cleaned_data['gender'] new_user_profile.dob= user_profile_form.cleaned_data['dob'] new_user_profile.mobile_number= user_profile_form.cleaned_data['mobile_number'] new_user_profile.branch= user_profile_form.cleaned_data['branch'] new_user_profile.college= user_profile_form.cleaned_data['college'] new_user_profile.college_roll= user_profile_form.cleaned_data['college_roll'] new_user_profile.school_student= user_profile_form.cleaned_data['school_student'] new_user_profile.want_accomodation= user_profile_form.cleaned_data['want_accomodation'] new_user_profile.user=new_user new_user_profile.save() #the next 3 lines creates a blank erp_profile for this user since other pages and features cannot be accessed without an erp_profile. but not needed actually # erp_prof=ERPProfile() # erp_prof.user=new_user # erp_prof.save() if forms_successfully_validated == 1: alert_message="Registered successfully. Now please login" else: alert_message="The form has errors. Error details are at the top of the registration form" return simplejson.dumps({'message': message,'alert_message':alert_message})
strat = load_strategy(backend=backend) backend = strat.backend #try: # user = backend.do_auth(access_token=access_token) #except: # return HttpResponse('Unauthorized', status=401) user = backend.do_auth(access_token=access_token) print user try: userprofile = user.profile upid=userprofile.id except Exception, e: # Create and save a userprofile userprofile = UserProfile(user=user) userprofile.save() try: token=Token.objects.create(user=user) except Exception, e: pass token=Token.objects.get(user=user).key data = { 'username' : user.username, 'userid' : user.id, 'token' : token, 'userprofileid' : userprofile.id, 'email' : user.email, } data = json.dumps(data) return HttpResponse(data, mimetype="application/json")
def handle(self, *args, **options): letter_responses = {} if len(args) < 1: print "Please provide ID of Google Spreadsheet" return -1 idd = args[0] resp = requests.get("https://docs.google.com/spreadsheets/d/%s/pub?output=csv" % idd) reader = list(csv.reader(resp.content.split('\n'), delimiter=',')) header = reader[0] for row in reader[1:-1]: #get user, contact and agency user = User.objects.get(username=row[header.index('username')]) user_profile = UserProfile.objects.get(user=user) govt = get_or_create_us_govt(row[header.index("state")], 'state') agency, acreated = Agency.objects.get_or_create(name=row[header.index("agency")], government=govt) contact, ccreated = agency.contacts.get_or_create( first_name=row[header.index("contact.first.name")], middle_name=row[header.index("contact.middle.name")], last_name=row[header.index("contact.last.name")]) if row[header.index("contact.email")] != "": contact.add_email(row[header.index("contact.email")]) if row[header.index("contact.phone")] != "": contact.add_phone(row[header.index("contact.phone")]) #set up group and tags group, created = Group.objects.get_or_create(name=row[header.index("group")]) assign_perm(UserProfile.get_permission_name('edit'), user, group) assign_perm(UserProfile.get_permission_name('view'), user, group) user.groups.add(group) user_profile.tags.add(row[header.index("tag")]) #assemble law text law_texts = [] for l in govt.statutes.all(): law_texts.append('%s' % (l.short_title,)) law_text = ' and '.join(law_texts) #get the letter template letter_url = row[header.index("letter.url")] letter_template = '' if letter_url in letter_responses.keys(): letter_template = letter_responses[letter_url] else: letter_resp = requests.get(letter_url) letter_template = letter_resp.content letter_responses[letter_url] = letter_template #render the template context = Context({ 'contact': contact, 'user_profile': user_profile, 'user': user, 'law_text': law_text }) template = Template(letter_template) letter = template.render(context) #create the request fields_to_use = { 'author': user, 'title': row[header.index("request.title")], 'free_edit_body': letter, 'private': True if row[header.index("request.private")] == "TRUE" else False, 'text': letter#silly distinction leftover from old days but fill it in } #delete all requests that look like the one i'm about to make so we don't have duplicates floating around Request.objects.filter(author=user, title=row[header.index("request.title")]).delete() #create the request therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = [contact] therequest.government = govt therequest.agency = agency therequest.tags.add(row[header.index("tag")]) therequest.save() #assing permissions to the request assign_perm(Request.get_permission_name('view'), group, therequest) assign_perm(Request.get_permission_name('edit'), group, therequest) if row[header.index("request.send")] == "TRUE": therequest.send() print "SENT request %s" % row[header.index("request.title")] else: print "STAGED request %s" % row[header.index("request.title")]
def test_change_user_group_perms(self): self.add_user_to_group(self.usertwo) self.assertEqual(self.usertwo.groups.filter(name=self.post_data['name']).count(), 1) groupjson = self.groupJSON.copy() groupjson['data'] = {'action': 'chown', 'user_id': self.usertwo.id} update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) groupjson = self.groupJSON.copy() groupjson['data'] = {'action': 'chown', 'user_id': self.userthree.id} #attempt to grant permissions without using an editor user update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.userthree.username)) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) #grant permissions using an editor user update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) #take away edit permissions update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True)