def obj_perms_manage_group_view(self, request, **kwargs):
"""
Manages selected groups' permissions for current object.
"""
if not self.has_change_permission():
post_url = reverse('xadmin:index', current_app=self.admin_site.name)
return redirect(post_url)
group = get_object_or_404(Group, id=self.group_id)
obj = get_object_or_404(self.get_queryset(), pk=self.object_pk)
form_class = self.get_obj_perms_manage_group_form(request)
form = form_class(group, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
url = reverse(
'{0.admin_site.name}:guardian_permissions_group'.format(self),
args=[self.app_label, self.model_name, obj.pk, self.group_id]
)
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['group_obj'] = group
context['group_perms'] = get_group_perms(group, obj)
context['form'] = form
request.current_app = self.admin_site.name
return render(request, self.get_obj_perms_manage_group_template(), context)
def test_view_manage_group_form(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
data = {'group': self.group.name, 'submit_manage_group': 'submit'}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
redirect_url = reverse('admin:%s_%s_permissions_manage_group' %
self.obj_info, args=[self.obj.pk, self.group.id])
self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view_manage_group_form(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
data = {'group': self.group.name, 'submit_manage_group': 'submit'}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
redirect_url = reverse('admin:%s_%s_permissions_manage_group' %
self.obj_info,
args=[self.obj.pk, self.group.id])
self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view_manage_negative_user_form(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
self.user = User.objects.create(username='******', pk=-2010)
data = {'user': self.user.username, 'submit_manage_user': '******'}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
redirect_url = reverse('admin:%s_%s_permissions_manage_user' %
self.obj_info, args=[self.obj.pk, self.user.pk])
self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view_manage_negative_user_form(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
self.user = User.objects.create(username='******', pk=-2010)
data = {'user': self.user.username, 'submit_manage_user': '******'}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
redirect_url = reverse('admin:%s_%s_permissions_manage_user' %
self.obj_info,
args=[self.obj.pk, self.user.pk])
self.assertEqual(response.request['PATH_INFO'], redirect_url)
def test_view(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['object'], self.obj)
def test_view(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['object'], self.obj)
def test_view_manage_wrong_user(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions_manage_user' % self.obj_info,
kwargs={
'object_pk': self.obj.pk,
'user_id': -10
})
response = self.client.get(url)
self.assertEqual(response.status_code, 404)
def test_view_manage_group_wrong_perms(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info,
args=[self.obj.pk, self.group.id])
perms = ['change_user'] # This is not self.obj related permission
data = {'permissions': perms}
response = self.client.post(url, data, follow=True)
self.assertEqual(response.status_code, 200)
self.assertTrue('permissions' in response.context['form'].errors)
def test_view_manage_group_wrong_perms(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions_manage_group' %
self.obj_info, args=[self.obj.pk, self.group.id])
perms = ['change_user'] # This is not self.obj related permission
data = {'permissions': perms}
response = self.client.post(url, data, follow=True)
self.assertEqual(response.status_code, 200)
self.assertTrue('permissions' in response.context['form'].errors)
def test_view_manage_group_form_empty_group(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
data = {'group': '', 'submit_manage_group': 'submit'}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 0)
self.assertEqual(response.status_code, 200)
self.assertTrue('group' in response.context['group_form'].errors)
def test_view_manage_group_form_empty_group(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions' % self.obj_info,
args=[self.obj.pk])
data = {'group': '', 'submit_manage_group': 'submit'}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 0)
self.assertEqual(response.status_code, 200)
self.assertTrue('group' in response.context['group_form'].errors)
def get_context(self, context):
if isinstance(getattr(self.admin_view, 'org_obj', None), models.Model): # is update view
context.setdefault('guardian', {'button': {
'title': self.permission_button_title,
'url': reverse('{0.admin_site.name}:guardian_permissions'.format(self),
kwargs=dict(
app_label=self.opts.app_label,
model_name=self.opts.model_name,
object_pk=self.admin_view.org_obj.pk
))
}})
return context
def obj_perms_manage_group_view(self, request, object_pk, group_id):
"""
Manages selected groups' permissions for current object.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
group = get_object_or_404(Group, id=group_id)
obj = get_object_or_404(self.get_queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_group_form(request)
form = form_class(group, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
url = reverse(
'%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group.id]
)
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['group_obj'] = group
context['group_perms'] = get_group_perms(group, obj)
context['form'] = form
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_group_template(), context)
return render_to_response(self.get_obj_perms_manage_group_template(), context, RequestContext(request))
def obj_perms_manage_group_view(self, request, object_pk, group_id):
"""
Manages selected groups' permissions for current object.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
group = get_object_or_404(Group, id=group_id)
obj = get_object_or_404(self.get_queryset(request), pk=object_pk)
form_class = self.get_obj_perms_manage_group_form(request)
form = form_class(group, obj, request.POST or None)
if request.method == 'POST' and form.is_valid():
form.save_obj_perms()
msg = ugettext("Permissions saved.")
messages.success(request, msg)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
url = reverse('%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group.id])
return redirect(url)
context = self.get_obj_perms_base_context(request, obj)
context['group_obj'] = group
context['group_perms'] = get_group_perms(group, obj)
context['form'] = form
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_group_template(),
context)
return render_to_response(self.get_obj_perms_manage_group_template(),
context, RequestContext(request))
def test_view_manage_group(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions_manage_group' % self.obj_info,
args=[self.obj.pk, self.group.id])
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
choices = set([
c[0]
for c in response.context['form'].fields['permissions'].choices
])
self.assertEqual(
set([p.codename for p in get_perms_for_model(self.obj)]),
choices,
)
# Add some perms and check if changes were persisted
perms = [
'change_%s' % self.obj_info[1],
'delete_%s' % self.obj_info[1]
]
data = {'permissions': perms}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
self.assertEqual(
set(get_perms(self.group, self.obj)),
set(perms),
)
# Remove perm and check if change was persisted
perms = ['delete_%s' % self.obj_info[1]]
data = {'permissions': perms}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
self.assertEqual(
set(get_perms(self.group, self.obj)),
set(perms),
)
def test_view_manage_group(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions_manage_group' %
self.obj_info, args=[self.obj.pk, self.group.id])
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
choices = set([c[0] for c in
response.context['form'].fields['permissions'].choices])
self.assertEqual(
set([p.codename for p in get_perms_for_model(self.obj)]),
choices,
)
# Add some perms and check if changes were persisted
perms = ['change_%s' % self.obj_info[
1], 'delete_%s' % self.obj_info[1]]
data = {'permissions': perms}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
self.assertEqual(
set(get_perms(self.group, self.obj)),
set(perms),
)
# Remove perm and check if change was persisted
perms = ['delete_%s' % self.obj_info[1]]
data = {'permissions': perms}
response = self.client.post(url, data, follow=True)
self.assertEqual(len(response.redirect_chain), 1)
self.assertEqual(response.redirect_chain[0][1], 302)
self.assertEqual(
set(get_perms(self.group, self.obj)),
set(perms),
)
def obj_perms_manage_view(self, request, object_pk):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
try:
# django >= 1.7
from django.contrib.admin.utils import unquote
except ImportError:
# django < 1.7
from django.contrib.admin.util import unquote
obj = get_object_or_404(self.get_queryset(
request), pk=unquote(object_pk))
users_perms = OrderedDict(
sorted(
get_users_with_perms(obj, attach_perms=True,
with_group_users=False).items(),
key=lambda user: getattr(
user[0], get_user_model().USERNAME_FIELD)
)
)
groups_perms = OrderedDict(
sorted(
get_groups_with_perms(obj, attach_perms=True).items(),
key=lambda group: group[0].name
)
)
if request.method == 'POST' and 'submit_manage_user' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(request.POST)
group_form = self.get_obj_perms_group_select_form(request)(request.POST)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
if user_form.is_valid():
user_id = user_form.cleaned_data['user'].pk
url = reverse(
'%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user_id]
)
return redirect(url)
elif request.method == 'POST' and 'submit_manage_group' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(request.POST)
group_form = self.get_obj_perms_group_select_form(request)(request.POST)
info = (
self.admin_site.name,
self.model._meta.app_label,
get_model_name(self.model)
)
if group_form.is_valid():
group_id = group_form.cleaned_data['group'].id
url = reverse(
'%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group_id]
)
return redirect(url)
else:
user_form = self.get_obj_perms_user_select_form(request)()
group_form = self.get_obj_perms_group_select_form(request)()
context = self.get_obj_perms_base_context(request, obj)
context['users_perms'] = users_perms
context['groups_perms'] = groups_perms
context['user_form'] = user_form
context['group_form'] = group_form
# https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_template(), context)
return render_to_response(self.get_obj_perms_manage_template(), context, RequestContext(request))
def obj_perms_manage_view(self, request, object_pk):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
if not self.has_change_permission(request, None):
post_url = reverse('admin:index', current_app=self.admin_site.name)
return redirect(post_url)
try:
# django >= 1.7
from django.contrib.admin.utils import unquote
except ImportError:
# django < 1.7
from django.contrib.admin.util import unquote
obj = get_object_or_404(self.get_queryset(request),
pk=unquote(object_pk))
users_perms = OrderedDict(
sorted(get_users_with_perms(obj,
attach_perms=True,
with_group_users=False).items(),
key=lambda user: getattr(user[0],
get_user_model().USERNAME_FIELD)))
groups_perms = OrderedDict(
sorted(get_groups_with_perms(obj, attach_perms=True).items(),
key=lambda group: group[0].name))
if request.method == 'POST' and 'submit_manage_user' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(
request.POST)
group_form = self.get_obj_perms_group_select_form(request)(
request.POST)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
if user_form.is_valid():
user_id = user_form.cleaned_data['user'].pk
url = reverse('%s:%s_%s_permissions_manage_user' % info,
args=[obj.pk, user_id])
return redirect(url)
elif request.method == 'POST' and 'submit_manage_group' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(
request.POST)
group_form = self.get_obj_perms_group_select_form(request)(
request.POST)
info = (self.admin_site.name, self.model._meta.app_label,
get_model_name(self.model))
if group_form.is_valid():
group_id = group_form.cleaned_data['group'].id
url = reverse('%s:%s_%s_permissions_manage_group' % info,
args=[obj.pk, group_id])
return redirect(url)
else:
user_form = self.get_obj_perms_user_select_form(request)()
group_form = self.get_obj_perms_group_select_form(request)()
context = self.get_obj_perms_base_context(request, obj)
context['users_perms'] = users_perms
context['groups_perms'] = groups_perms
context['user_form'] = user_form
context['group_form'] = group_form
# https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b
request.current_app = self.admin_site.name
if django.VERSION >= (1, 10):
return render(request, self.get_obj_perms_manage_template(),
context)
return render_to_response(self.get_obj_perms_manage_template(),
context, RequestContext(request))
def test_view_manage_wrong_user(self):
self._login_superuser()
url = reverse('admin:%s_%s_permissions_manage_user' % self.obj_info,
kwargs={'object_pk': self.obj.pk, 'user_id': -10})
response = self.client.get(url)
self.assertEqual(response.status_code, 404)
def obj_perms_manage_view(self, request, **kwargs):
"""
Main object permissions view. Presents all users and groups with any
object permissions for the current model *instance*. Users or groups
without object permissions for related *instance* would **not** be
shown. In order to add or manage user or group one should use links or
forms presented within the page.
"""
current_app = self.admin_site.name
if not self.has_change_permission():
post_url = reverse('xadmin:index', current_app=current_app)
return redirect(post_url)
obj = get_object_or_404(self.get_queryset(), pk=unquote(self.object_pk))
users_perms = OrderedDict(
sorted(
get_users_with_perms(obj, attach_perms=True, with_group_users=False).items(),
key=lambda user: getattr(user[0], User.USERNAME_FIELD)
)
)
groups_perms = OrderedDict(
sorted(
get_groups_with_perms(obj, attach_perms=True).items(),
key=lambda group: group[0].name
)
)
if request.method == 'POST' and 'submit_manage_user' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(request.POST)
group_form = self.get_obj_perms_group_select_form(request)(request.POST)
if user_form.is_valid():
user_id = user_form.cleaned_data['user'].pk
url = reverse(
'{0.admin_site.name}:guardian_permissions_user'.format(self),
args=[self.app_label, self.model_name, obj.pk, user_id]
)
return redirect(url)
elif request.method == 'POST' and 'submit_manage_group' in request.POST:
user_form = self.get_obj_perms_user_select_form(request)(request.POST)
group_form = self.get_obj_perms_group_select_form(request)(request.POST)
if group_form.is_valid():
group_id = group_form.cleaned_data['group'].id
url = reverse(
'{0.admin_site.name}:guardian_permissions_group'.format(self),
args=[self.app_label, self.model_name, obj.pk, group_id]
)
return redirect(url)
else:
user_form = self.get_obj_perms_user_select_form(request)()
group_form = self.get_obj_perms_group_select_form(request)()
context = self.get_obj_perms_base_context(request, obj)
context['users_perms'] = users_perms
context['groups_perms'] = groups_perms
context['user_form'] = user_form
context['group_form'] = group_form
# https://github.com/django/django/commit/cf1f36bb6eb34fafe6c224003ad585a647f6117b
request.current_app = current_app
return render(request, self.get_obj_perms_manage_template(), context)
def get_absolute_url(self):
return reverse('articles:details', kwargs={'slug': self.slug})
