def test_anonymous_has_no_permissions(self):
"""
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})
with mock.patch.object(self.UserModel, 'is_anonymous', True):
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self):
"""
#17903 -- Inactive users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})
user.is_active = False
user.save()
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self):
"""
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user")
group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group")
user.user_permissions.add(user_perm)
group = Group.objects.create(name="test_group")
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user), set(["auth.test_user", "auth.test_group"]))
self.assertEqual(backend.get_user_permissions(user), set(["auth.test_user", "auth.test_group"]))
self.assertEqual(backend.get_group_permissions(user), set(["auth.test_group"]))
user.is_anonymous = lambda: True
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self):
"""
#17903 -- Inactive users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test',
content_type=content_type,
codename='test_user')
group_perm = Permission.objects.create(name='test2',
content_type=content_type,
codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_group_permissions(user),
{'auth.test_group'})
user.is_active = False
user.save()
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self):
"""
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'})
self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})
with mock.patch.object(self.UserModel, 'is_anonymous', True):
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self):
"""Anonymous users shouldn't have permissions in ModelBackend
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
https://code.djangoproject.com/ticket/17903
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name="test",
content_type=content_type,
codename="test_user")
group_perm = Permission.objects.create(name="test2",
content_type=content_type,
codename="test_group")
user.user_permissions.add(user_perm)
group = Group.objects.create(name="test_group")
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(
backend.get_all_permissions(user),
{"auth.test_user", "auth.test_group"},
)
# Django 2.0 avoids cache permission problems
# https://code.djangoproject.com/ticket/28713
# https://github.com/django/django/pull/9242
if DJANGO_VERSION >= (2, 0):
self.assertEqual(backend.get_user_permissions(user),
{"auth.test_user"})
else:
self.assertEqual(
backend.get_user_permissions(user),
{"auth.test_user", "auth.test_group"},
)
self.assertEqual(backend.get_group_permissions(user),
{"auth.test_group"})
# In Django 1.10, is_anonymous became a property.
if DJANGO_VERSION >= (1, 10):
is_anon_mock = True
else:
is_anon_mock = lambda s: True # noqa: E731
with patch.object(self.UserModel, "is_anonymous", is_anon_mock):
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self):
"""Inactive users shouldn't have permissions in ModelBackend
#17903 -- Inactive users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
https://code.djangoproject.com/ticket/17903
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name="test",
content_type=content_type,
codename="test_user")
group_perm = Permission.objects.create(name="test2",
content_type=content_type,
codename="test_group")
user.user_permissions.add(user_perm)
group = Group.objects.create(name="test_group")
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(
backend.get_all_permissions(user),
{"auth.test_user", "auth.test_group"},
)
# Django 2.0 avoids cache permission problems
# https://code.djangoproject.com/ticket/28713
# https://github.com/django/django/pull/9242
if DJANGO_VERSION >= (2, 0):
self.assertEqual(backend.get_user_permissions(user),
{"auth.test_user"})
else:
self.assertEqual(
backend.get_user_permissions(user),
{"auth.test_user", "auth.test_group"},
)
self.assertEqual(backend.get_group_permissions(user),
{"auth.test_group"})
user.is_active = False
user.save()
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def get_all_permissions(self, user_obj, obj=None):
"""
"""
if obj is None:
return ModelBackend.get_all_permissions(self, user_obj)
else:
# does not handle objects that are not in the database.
if not isinstance(obj, models.Model):
return set()
if not hasattr(user_obj, '_obj_perm_cache'):
# TODO: this cache should really be bounded.
# repoze.lru perhaps?
user_obj._obj_perm_cache = dict()
try:
obj_key = self._cache_key_for_obj(obj)
return user_obj._obj_perm_cache[obj_key]
except KeyError:
all_perms = [
'%s.%s' % p
for p in self._get_all_obj_perms(user_obj, obj)
]
user_obj._obj_perm_cache[obj_key] = all_perms
return all_perms
def get_all_permissions(self, user_obj):
if not hasattr(user_obj, "_perm_cache"):
# get built-in permissions
user_obj._perm_cache = ModelBackend.get_all_permissions(self, user_obj)
# get permissions based on site roles
user_obj._perm_cache.update(
[
u"%s.%s" % (p.content_type.app_label, p.codename)
for sur in user_obj.siteuserrole_set.select_related().filter(site__id=settings.SITE_ID)
for p in sur.group.permissions.select_related()
]
)
# ..and category
user_obj._perm_cache.update(
[
u"%s.%s" % (p.content_type.app_label, p.codename)
for cur in user_obj.categoryuserrole_set.select_related().filter(
category__site__id=settings.SITE_ID
)
for p in sur.group.permissions.select_related()
]
)
return user_obj._perm_cache
class ElectionAuthBackend(object):
"""
Authenticate against django.contrib.auth.backends.ModelBackend AND ipauth.backend.RangeBackend
Users must pass both sets of authentication to use the system
"""
supports_anonymous_user = False
ipauth_backend = None
model_backend = None
def __init__(self):
self.ipauth_backend = RangeBackend()
self.model_backend = ModelBackend()
def authenticate(self, username=None, password=None, ip=None):
"""
Authenticate against multiple backends AND'd together
TODO: Election admin
"""
model_user = self.model_backend.authenticate(username=username, password=password)
ip_user = self.ipauth_backend.authenticate(ip=ip)
#print 'model_user', repr(model_user)
#print 'model_user groups', repr(model_user.groups.all())
#print 'ip_user', repr(ip_user)
admin_group = Group.objects.filter(name='ADMIN').all()
if admin_group.count() > 0:
admin_group = admin_group[0]
else:
admin_group = None
if not model_user:
return None
if model_user.is_superuser or model_user.is_staff: # Super admin
return model_user
if model_user.groups.count() > 0 and admin_group in model_user.groups.all(): # Election admin
return model_user
#if ip_user is None:
#print 'Your IP=%s is not in the IPAuth' % (ip, )
#return None
return model_user
def get_group_permissions(self, user_obj):
"""
Returns a set of permission strings that this user has through his/her
groups.
"""
return self.model_backend.get_group_permissions(user_obj)
def get_all_permissions(self, user_obj):
return self.model_backend.get_all_permissions(user_obj)
def has_perm(self, user_obj, perm):
return self.model_backend.has_perm(user_obj, perm)
def has_module_perms(self, user_obj, app_label):
return self.model_backend.has_module_perms(user_obj, app_label)
def get_user(self, user_id):
return self.model_backend.get_user(user_id)
def test_anonymous_has_no_permissions(self):
"""
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test',
content_type=content_type,
codename='test_user')
group_perm = Permission.objects.create(name='test2',
content_type=content_type,
codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_group_permissions(user),
{'auth.test_group'})
# In Django 1.10, is_anonymous became a property.
is_anon = self.UserModel.is_anonymous
if django.VERSION >= (1, 10):
self.UserModel.is_anonymous = True
else:
user.is_anonymous = lambda: True
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
self.UserModel.is_anonymous = is_anon
def get_all_permissions(self, user_obj, obj=None):
"""
"""
if obj is None:
return ModelBackend.get_all_permissions(self, user_obj)
else:
# does not handle objects that are not in the database.
if not isinstance(obj, models.Model):
return set()
if not hasattr(user_obj, '_obj_perm_cache'):
# TODO: this cache should really be bounded.
# repoze.lru perhaps?
user_obj._obj_perm_cache = dict()
try:
obj_key = self._cache_key_for_obj(obj)
return user_obj._obj_perm_cache[obj_key]
except KeyError:
all_perms = ['%s.%s' % p for p in self._get_all_obj_perms(user_obj, obj)]
user_obj._obj_perm_cache[obj_key] = all_perms
return all_perms
def get_all_permissions(self, user_obj):
if not hasattr(user_obj, '_perm_cache'):
# get built-in permissions
user_obj._perm_cache = ModelBackend.get_all_permissions(
self, user_obj)
# get permissions based on site roles
user_obj._perm_cache.update([
u"%s.%s" % (p.content_type.app_label, p.codename)
for sur in user_obj.siteuserrole_set.select_related().filter(
site__id=settings.SITE_ID)
for p in sur.group.permissions.select_related()
])
# ..and category
user_obj._perm_cache.update([
u"%s.%s" % (p.content_type.app_label, p.codename)
for cur in user_obj.categoryuserrole_set.select_related().
filter(category__site__id=settings.SITE_ID)
for p in sur.group.permissions.select_related()
])
return user_obj._perm_cache