Esempio n. 1
0
    def test_anonymous_has_no_permissions(self):
        """
        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
        group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})

        with mock.patch.object(self.UserModel, 'is_anonymous', True):
            self.assertEqual(backend.get_all_permissions(user), set())
            self.assertEqual(backend.get_user_permissions(user), set())
            self.assertEqual(backend.get_group_permissions(user), set())
Esempio n. 2
0
    def test_inactive_has_no_permissions(self):
        """
        #17903 -- Inactive users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
        group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})

        user.is_active = False
        user.save()

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())
Esempio n. 3
0
    def test_anonymous_has_no_permissions(self):
        """
        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user")
        group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group")
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name="test_group")
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user), set(["auth.test_user", "auth.test_group"]))
        self.assertEqual(backend.get_user_permissions(user), set(["auth.test_user", "auth.test_group"]))
        self.assertEqual(backend.get_group_permissions(user), set(["auth.test_group"]))

        user.is_anonymous = lambda: True

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())
Esempio n. 4
0
    def test_inactive_has_no_permissions(self):
        """
        #17903 -- Inactive users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test',
                                              content_type=content_type,
                                              codename='test_user')
        group_perm = Permission.objects.create(name='test2',
                                               content_type=content_type,
                                               codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_group_permissions(user),
                         {'auth.test_group'})

        user.is_active = False
        user.save()

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())
Esempio n. 5
0
    def test_anonymous_has_no_permissions(self):
        """
        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
        group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'})
        self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})

        with mock.patch.object(self.UserModel, 'is_anonymous', True):
            self.assertEqual(backend.get_all_permissions(user), set())
            self.assertEqual(backend.get_user_permissions(user), set())
            self.assertEqual(backend.get_group_permissions(user), set())
    def test_anonymous_has_no_permissions(self):
        """Anonymous users shouldn't have permissions in ModelBackend

        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().

        https://code.djangoproject.com/ticket/17903
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name="test",
                                              content_type=content_type,
                                              codename="test_user")
        group_perm = Permission.objects.create(name="test2",
                                               content_type=content_type,
                                               codename="test_group")
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name="test_group")
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(
            backend.get_all_permissions(user),
            {"auth.test_user", "auth.test_group"},
        )
        # Django 2.0 avoids cache permission problems
        # https://code.djangoproject.com/ticket/28713
        # https://github.com/django/django/pull/9242
        if DJANGO_VERSION >= (2, 0):
            self.assertEqual(backend.get_user_permissions(user),
                             {"auth.test_user"})
        else:
            self.assertEqual(
                backend.get_user_permissions(user),
                {"auth.test_user", "auth.test_group"},
            )
        self.assertEqual(backend.get_group_permissions(user),
                         {"auth.test_group"})

        # In Django 1.10, is_anonymous became a property.
        if DJANGO_VERSION >= (1, 10):
            is_anon_mock = True
        else:
            is_anon_mock = lambda s: True  # noqa: E731
        with patch.object(self.UserModel, "is_anonymous", is_anon_mock):
            self.assertEqual(backend.get_all_permissions(user), set())
            self.assertEqual(backend.get_user_permissions(user), set())
            self.assertEqual(backend.get_group_permissions(user), set())
    def test_inactive_has_no_permissions(self):
        """Inactive users shouldn't have permissions in ModelBackend

        #17903 -- Inactive users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().

        https://code.djangoproject.com/ticket/17903
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name="test",
                                              content_type=content_type,
                                              codename="test_user")
        group_perm = Permission.objects.create(name="test2",
                                               content_type=content_type,
                                               codename="test_group")
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name="test_group")
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(
            backend.get_all_permissions(user),
            {"auth.test_user", "auth.test_group"},
        )
        # Django 2.0 avoids cache permission problems
        # https://code.djangoproject.com/ticket/28713
        # https://github.com/django/django/pull/9242
        if DJANGO_VERSION >= (2, 0):
            self.assertEqual(backend.get_user_permissions(user),
                             {"auth.test_user"})
        else:
            self.assertEqual(
                backend.get_user_permissions(user),
                {"auth.test_user", "auth.test_group"},
            )
        self.assertEqual(backend.get_group_permissions(user),
                         {"auth.test_group"})

        user.is_active = False
        user.save()

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())
Esempio n. 8
0
    def get_all_permissions(self, user_obj, obj=None):
        """
        """

        if obj is None:
            return ModelBackend.get_all_permissions(self, user_obj)
        else:
            # does not handle objects that are not in the database.
            if not isinstance(obj, models.Model):
                return set()

            if not hasattr(user_obj, '_obj_perm_cache'):
                # TODO: this cache should really be bounded.
                # repoze.lru perhaps?
                user_obj._obj_perm_cache = dict()
            try:
                obj_key = self._cache_key_for_obj(obj)
                return user_obj._obj_perm_cache[obj_key]
            except KeyError:
                all_perms = [
                    '%s.%s' % p
                    for p in self._get_all_obj_perms(user_obj, obj)
                ]
                user_obj._obj_perm_cache[obj_key] = all_perms
                return all_perms
Esempio n. 9
0
    def get_all_permissions(self, user_obj):
        if not hasattr(user_obj, "_perm_cache"):
            # get built-in permissions
            user_obj._perm_cache = ModelBackend.get_all_permissions(self, user_obj)

            # get permissions based on site roles
            user_obj._perm_cache.update(
                [
                    u"%s.%s" % (p.content_type.app_label, p.codename)
                    for sur in user_obj.siteuserrole_set.select_related().filter(site__id=settings.SITE_ID)
                    for p in sur.group.permissions.select_related()
                ]
            )

            # ..and category
            user_obj._perm_cache.update(
                [
                    u"%s.%s" % (p.content_type.app_label, p.codename)
                    for cur in user_obj.categoryuserrole_set.select_related().filter(
                        category__site__id=settings.SITE_ID
                    )
                    for p in sur.group.permissions.select_related()
                ]
            )

        return user_obj._perm_cache
Esempio n. 10
0
class ElectionAuthBackend(object):
    """
    Authenticate against django.contrib.auth.backends.ModelBackend AND ipauth.backend.RangeBackend
    Users must pass both sets of authentication to use the system
    """
    supports_anonymous_user = False
    ipauth_backend = None
    model_backend = None

    def __init__(self):
        self.ipauth_backend = RangeBackend()
        self.model_backend = ModelBackend()
    
    def authenticate(self, username=None, password=None, ip=None):
        """
        Authenticate against multiple backends AND'd together
        TODO: Election admin
        """
        model_user = self.model_backend.authenticate(username=username, password=password)
        ip_user = self.ipauth_backend.authenticate(ip=ip)        
        #print 'model_user', repr(model_user)
        #print 'model_user groups', repr(model_user.groups.all())
        #print 'ip_user', repr(ip_user)
        admin_group = Group.objects.filter(name='ADMIN').all()
        if admin_group.count() > 0:
          admin_group = admin_group[0]
        else:
          admin_group = None

        if not model_user:
            return None
        if model_user.is_superuser or model_user.is_staff: # Super admin
            return model_user
        if model_user.groups.count() > 0 and admin_group in model_user.groups.all(): # Election admin
            return model_user
        #if ip_user is None:
            #print 'Your IP=%s is not in the IPAuth' % (ip, )
            #return None
        return model_user

    def get_group_permissions(self, user_obj):
        """
        Returns a set of permission strings that this user has through his/her
        groups.
        """
        return self.model_backend.get_group_permissions(user_obj)

    def get_all_permissions(self, user_obj):
        return self.model_backend.get_all_permissions(user_obj)

    def has_perm(self, user_obj, perm):
        return self.model_backend.has_perm(user_obj, perm)

    def has_module_perms(self, user_obj, app_label):
        return self.model_backend.has_module_perms(user_obj, app_label)

    def get_user(self, user_id):
        return self.model_backend.get_user(user_id)
Esempio n. 11
0
    def test_anonymous_has_no_permissions(self):
        """
        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test',
                                              content_type=content_type,
                                              codename='test_user')
        group_perm = Permission.objects.create(name='test2',
                                               content_type=content_type,
                                               codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_group_permissions(user),
                         {'auth.test_group'})

        # In Django 1.10, is_anonymous became a property.
        is_anon = self.UserModel.is_anonymous
        if django.VERSION >= (1, 10):
            self.UserModel.is_anonymous = True
        else:
            user.is_anonymous = lambda: True

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())

        self.UserModel.is_anonymous = is_anon
Esempio n. 12
0
 def get_all_permissions(self, user_obj, obj=None):
     """
     """
     if obj is None:
         return ModelBackend.get_all_permissions(self, user_obj)
     else:
         # does not handle objects that are not in the database.
         if not isinstance(obj, models.Model):
             return set()
         
         if not hasattr(user_obj, '_obj_perm_cache'):
             # TODO: this cache should really be bounded.
             # repoze.lru perhaps?
             user_obj._obj_perm_cache = dict()
         try:
             obj_key = self._cache_key_for_obj(obj)
             return user_obj._obj_perm_cache[obj_key]
         except KeyError:
             all_perms = ['%s.%s' % p for p in self._get_all_obj_perms(user_obj, obj)]
             user_obj._obj_perm_cache[obj_key] = all_perms
             return all_perms
Esempio n. 13
0
    def get_all_permissions(self, user_obj):
        if not hasattr(user_obj, '_perm_cache'):
            # get built-in permissions
            user_obj._perm_cache = ModelBackend.get_all_permissions(
                self, user_obj)

            # get permissions based on site roles
            user_obj._perm_cache.update([
                u"%s.%s" % (p.content_type.app_label, p.codename)
                for sur in user_obj.siteuserrole_set.select_related().filter(
                    site__id=settings.SITE_ID)
                for p in sur.group.permissions.select_related()
            ])

            # ..and category
            user_obj._perm_cache.update([
                u"%s.%s" % (p.content_type.app_label, p.codename)
                for cur in user_obj.categoryuserrole_set.select_related().
                filter(category__site__id=settings.SITE_ID)
                for p in sur.group.permissions.select_related()
            ])

        return user_obj._perm_cache