def test_viewers_see_only_their_own_assignments_and_owner_s(self):
# Checks if can see all permissions
self.client.login(username='******', password='******')
permission_list_response = self.client.get(
self.collection_permissions_list_url, format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
admin_perms = self.collection.get_perms(self.admin)
anotheruser_perms = self.collection.get_perms(self.anotheruser)
results = permission_list_response.data
# `anotheruser` can only see the owner's permissions `self.admin` and
# `anotheruser`'s permissions. Should not see `someuser`s ones.
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Collection.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
for anotheruser_perm in anotheruser_perms:
if anotheruser_perm in Collection.get_assignable_permissions():
expected_perms.append(
(self.anotheruser.username, anotheruser_perm))
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)
def test_editors_see_only_self_anon_and_owner_assignments(self):
self.client.login(username='******', password='******')
permission_list_response = self.client.get(
self.collection_permissions_list_url, format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
admin_perms = self.collection.get_perms(self.admin)
someuser_perms = self.collection.get_perms(self.someuser)
anotheruser_perms = self.collection.get_perms(self.anotheruser)
results = permission_list_response.data
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Collection.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
for someuser_perm in someuser_perms:
if someuser_perm in Collection.get_assignable_permissions():
expected_perms.append((self.someuser.username, someuser_perm))
# Permissions assigned to self.anotheruser must not appear
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)
def test_anonymous_get_only_owner_s_assignments(self):
self.client.logout()
self.collection.assign_perm(get_anonymous_user(), PERM_VIEW_COLLECTION)
permission_list_response = self.client.get(
self.collection_permissions_list_url, format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
admin_perms = self.collection.get_perms(self.admin)
results = permission_list_response.data
# As an editor of the collection. `someuser` should see all.
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Collection.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)
def test_bulk_assign_permissions(self):
# TODO Improve this test
permission_list_response = self.client.get(self.collection_permissions_list_url,
format='json')
self.assertEqual(permission_list_response.status_code, status.HTTP_200_OK)
total = len(permission_list_response.data)
# Add number of permissions added with 'view_collection'
total += len(Collection.get_implied_perms(PERM_VIEW_COLLECTION)) + 1
# Add number of permissions added with 'change_collection'
total += len(Collection.get_implied_perms(PERM_CHANGE_COLLECTION)) + 1
response = self._logged_user_gives_permissions([
('someuser', PERM_VIEW_COLLECTION),
('someuser', PERM_VIEW_COLLECTION), # Add a duplicate which should not count
('anotheruser', PERM_CHANGE_COLLECTION)
])
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), total)