def setUp(self):
"""
:return:
"""
super(UtilsTestCase, self).setUp()
self.request_factory = RequestFactory()
self.user_model_cls = get_user_model()
def setUp(self):
"""
:return:
"""
super(UtilsTestCase, self).setUp()
self.request_factory = RequestFactory()
self.user_model_cls = get_user_model()
def memberuser(self):
"""
:return:
"""
return get_user_model().objects.get_by_natural_key("*****@*****.**")
def contributoruser(self):
"""
:return:
"""
return get_user_model().objects.get_by_natural_key("*****@*****.**")
def test__add_security_guard(self):
"""
:return:
"""
news_folder = model_fixture.models.get('news_folder_cls').objects.get(pk=1)
date_folder_cls = model_fixture.models.get('date_folder_cls')
hacs_query = date_folder_cls.objects.filter(created_by=model_fixture.superuser, created_on__year=2017).\
exclude(Q(slug='fake-slug') | ~Q(slug='2016-10-10')).filter(Q(recursive=True,
parent_container_id=news_folder.pk) & Q(acquire_parent=True))
hacs_query._add_security_guard(date_folder_cls.__hacs_base_content_type__, model_fixture.contributoruser)
sql_str = str(hacs_query.query)
"""
sql_str =
'SELECT "test_date_folder"."id", "test_date_folder"."uuid", "test_date_folder"."name",
"test_date_folder"."slug", "test_date_folder"."created_on", "test_date_folder"."created_by_id",
"test_date_folder"."modified_by_id", "test_date_folder"."modified_on", "test_date_folder"."state",
"test_date_folder"."permissions_actions_map", "test_date_folder"."roles_actions_map",
"test_date_folder"."local_roles", "test_date_folder"."owner_id", "test_date_folder"."acquired_owners",
"test_date_folder"."acquire_parent", "test_date_folder"."description", "test_date_folder"."workflow_id",
"test_date_folder"."container_content_type_id", "test_date_folder"."parent_container_id",
"test_date_folder"."recursive", "test_date_folder"."extra_info"
FROM "test_date_folder"
WHERE ("test_date_folder"."created_on" BETWEEN 2017-01-01 00:00:00+00:00 AND 2017-12-31 23:59:59.999999+00:00
AND "test_date_folder"."created_by_id" = 5
AND NOT (("test_date_folder"."slug" = fake-slug OR NOT ("test_date_folder"."slug" = 2016-10-10)))
AND "test_date_folder"."parent_container_id" = 1
AND "test_date_folder"."recursive" = True
AND "test_date_folder"."acquire_parent" = True
AND ("test_date_folder"."permissions_actions_map" -> \'object.view\' ?| [u\'hacs.PublicView\',
u\'hacs.AuthenticatedView\', u\'hacs.ViewContent\', u\'hacs.AddContent\', u\'hacs.CanListObjects\',
u\'hacs.CanTraverseContainer\']
OR "test_date_folder"."acquired_owners" @> \'"*****@*****.**"\'
OR "test_date_folder"."roles_actions_map" -> \'object.view\' ?|
(ARRAY(SELECT jsonb_array_elements_text("test_date_folder"."local_roles" -> [email protected])))
OR "test_date_folder"."owner_id" = 3))'
"""
attach_system_user()
user_permissions = model_fixture.contributoruser.get_all_permissions()
release_system_user()
for perm in user_permissions:
if perm not in sql_str:
pass
#raise AssertionError("%s permission should have inside SQL string" % perm)
# ***********************************
# Test Local Roles Works!
# Test Ownership Works!
# Test Required Permission Works!
# Security Should Respect Local roles
# ************************************
# If news item in private state then `hacs.ManageContent` permission is required
news_item_cls = model_fixture.models.get('news_item_cls')
for item in news_item_cls.objects.unrestricted():
item.state = "private"
item.save()
HACS_ACCESS_CONTROL_LOCAL.current_user = model_fixture.editoruser
results = news_item_cls.objects.all()
count = len(results)
# Any Editor has required view permission even in private state
self.assertEqual(2, count)
HACS_ACCESS_CONTROL_LOCAL.current_user = model_fixture.contributoruser
results = news_item_cls.objects.all()
# Although in private state, contributor user has no views access but in case of `[email protected]`
# she is owner of first news item and has local role editor of second news item
# ultimately should have two news items in result
count = len(results)
self.assertEqual(2, count)
HACS_ACCESS_CONTROL_LOCAL.current_user = get_user_model().objects.get_by_natural_key("*****@*****.**")
results = news_item_cls.objects.all()
count = len(results)
# In Private state contributor has no view permissions!
self.assertEqual(0, count)
attach_system_user()
# Restore to original State
for item in news_item_cls.objects.unrestricted():
item.state = "draft"
item.save()
release_system_user()
# Now Second contributor user also should have view permission
results = news_item_cls.objects.all()
count = len(results)
self.assertEqual(2, count)
def __init__(self):
""""""
self.cache = caches[getattr(settings, 'HACS_CACHE_SETTING_NAME',
HACS_CACHE_SETTING_NAME)]
self.group_cls = get_group_model()
self.user_cls = get_user_model()