Esempio n. 1
0
class ForeignKeyTest(TestCase):
    def setUp(self):
        self.user = User.objects.create_user(
            'useruser',
            '*****@*****.**',
            'useruser')
        self.user.save()
        self.user_group = UserGroup(name='user_group')
        self.user_group.save()
        self.user_group.members.add(self.user)
        self.user_group.save()
        self.data_set1 = DataSet(name='data_set10')
        self.data_set1.save()
        self.data_set2 = DataSet(name='data_set20')
        self.data_set2.save()

        self.permission_mapper = PermissionMapper()
        self.permission_mapper.save()
        self.permission_mapper.user_group = self.user_group
        self.permission_mapper.data_set = self.data_set1
        self.permission_mapper.save()

    def test_foreignkey_works_if_no_dataset(self):
        content = Content.objects.create(name="Some content without dataset")
        foreign = (testmodels.ContentWithForeignKeyToContentWithDataset
                   .objects.create(
                       name="Whee", content_id=content.pk))

        # Raises no exception
        self.assertTrue(foreign.content)

    def test_foreignkey_works_if_dataset_with_access(self):
        content = Content.objects.create(
            name="Some content with dataset",
            data_set=self.data_set1)
        foreign = (testmodels.ContentWithForeignKeyToContentWithDataset
                   .objects.create(
                       name="Whee", content_id=content.pk))

        # Raises no exception
        self.assertTrue(foreign.content)

    def test_foreignkey_raises_if_dataset_without_access(self):
        content = Content.objects.create(
            name="Some content with dataset but no access",
            data_set=self.data_set2)
        foreign = (testmodels.ContentWithForeignKeyToContentWithDataset
                   .objects.create(
                       name="Whee", content_id=content.pk))

        self.assertRaises(
            Content.DoesNotExist, lambda: foreign.content)
Esempio n. 2
0
 def field_from_native(self, data, files, field_name, into):
     permission_mappers = []
     for pm_json in data.getlist('permission_mappers'):
         pm_data = json.loads(pm_json)
         if 'id' in pm_data:
             pm = PermissionMapper.objects.get(pk=pm_data['id'])
         else:
             pm = PermissionMapper()
         pm.permission_group = Role.objects.get(
             pk=pm_data['permission_group'])
         pm.user_group = UserGroup.objects.get(pk=pm_data['user_group'])
         permission_mappers.append(pm)
     into['permission_mappers'] = permission_mappers
Esempio n. 3
0
 def field_from_native(self, data, files, field_name, into):
     permission_mappers = []
     for pm_json in data.getlist('permission_mappers'):
         pm_data = json.loads(pm_json)
         if 'id' in pm_data:
             pm = PermissionMapper.objects.get(pk=pm_data['id'])
         else:
             pm = PermissionMapper()
         pm.permission_group = Role.objects.get(
             pk=pm_data['permission_group'])
         pm.user_group = UserGroup.objects.get(pk=pm_data['user_group'])
         permission_mappers.append(pm)
     into['permission_mappers'] = permission_mappers
Esempio n. 4
0
 def setUp(self):
     self.middleware = SecurityMiddleware()
     request_factory = RequestFactory()
     self.request = request_factory.get('/some/url')
     self.user = User.objects.create_user(
         'useruser',
         '*****@*****.**',
         'useruser')
     self.user.save()
     self.user_group = UserGroup(name='user_group')
     self.user_group.save()
     self.user_group.members.add(self.user)
     self.user_group.save()
     self.data_set1 = DataSet(name='data_set10')
     self.data_set1.save()
     self.data_set2 = DataSet(name='data_set20')
     self.data_set2.save()
     self.permission_mapper = PermissionMapper()
     self.permission_mapper.save()
     self.permission_mapper.user_group = self.user_group
     self.permission_mapper.data_set = self.data_set1
     self.permission_mapper.save()
     self.geo_content1 = GeoContent()
     self.geo_content1.save()
     self.geo_content1.data_set = self.data_set1
     self.geo_content1.save()
     self.geo_content2 = GeoContent()
     self.geo_content2.save()
     self.geo_content2.data_set = self.data_set2
     self.geo_content2.save()
     self.geo_content3 = GeoContent()
     self.geo_content3.save()
     self.geo_content3.data_set = None
     self.geo_content3.save()
Esempio n. 5
0
 def setUp(self):
     self.backend = LizardPermissionBackend()
     self.manager = User.objects.create_user(
         'managermanager',
         '*****@*****.**',
         'managermanager')
     self.manager.save()
     self.manager.is_staff = True
     self.manager.save()
     self.user_group = UserGroup()
     self.user_group.save()
     self.data_set = DataSet(name='data_set')
     self.data_set.save()
     self.content = Content()
     self.content.save()
     self.content.data_set = self.data_set
     self.content.save()
     self.permission_mapper = PermissionMapper()
     self.permission_mapper.save()
     self.permission_mapper.user_group = self.user_group
     self.permission_mapper.data_set = self.data_set
     self.permission_mapper.save()
     self.content = Content()
     self.content.save()
     self.content.data_set = self.data_set
     self.content.save()
Esempio n. 6
0
class FilteredGeoManagerTest(TestCase):

    def setUp(self):
        self.middleware = SecurityMiddleware()
        request_factory = RequestFactory()
        self.request = request_factory.get('/some/url')
        self.user = User.objects.create_user(
            'useruser',
            '*****@*****.**',
            'useruser')
        self.user.save()
        self.user_group = UserGroup(name='user_group')
        self.user_group.save()
        self.user_group.members.add(self.user)
        self.user_group.save()
        self.data_set1 = DataSet(name='data_set10')
        self.data_set1.save()
        self.data_set2 = DataSet(name='data_set20')
        self.data_set2.save()
        self.permission_mapper = PermissionMapper()
        self.permission_mapper.save()
        self.permission_mapper.user_group = self.user_group
        self.permission_mapper.data_set = self.data_set1
        self.permission_mapper.save()
        self.geo_content1 = GeoContent()
        self.geo_content1.save()
        self.geo_content1.data_set = self.data_set1
        self.geo_content1.save()
        self.geo_content2 = GeoContent()
        self.geo_content2.save()
        self.geo_content2.data_set = self.data_set2
        self.geo_content2.save()
        self.geo_content3 = GeoContent()
        self.geo_content3.save()
        self.geo_content3.data_set = None
        self.geo_content3.save()

    def test_geo_manager(self):
        request = Mock()
        request.user = self.user
        request.allowed_data_set_ids = set([self.data_set1.id])
        print request.allowed_data_set_ids
        geo_manager.request = request
        self.assertEqual(len(GeoContent.objects.all()), 2)
Esempio n. 7
0
 def test_data_set_append_plus_user_group_relation(self):
     self.request.user = self.user1
     self.user_group1.members.add(self.user1)
     self.user_group1.save()
     self.permission_mapper1 = PermissionMapper()
     self.permission_mapper1.save()
     self.permission_mapper1.user_group = self.user_group1
     self.permission_mapper1.data_set = self.data_set1
     self.permission_mapper1.save()
     self.request.allowed_data_set_ids = set([42])
     self.middleware.process_request(self.request)
     self.assertSetEqual(set([42, self.data_set1.id]),
                          self.request.allowed_data_set_ids)
Esempio n. 8
0
 def test_data_sets_for_member(self):
     self.request.user = self.user1
     self.user_group1.members.add(self.user1)
     self.user_group1.save()
     self.permission_mapper1 = PermissionMapper()
     self.permission_mapper1.save()
     self.permission_mapper1.user_group = self.user_group1
     self.permission_mapper1.data_set = self.data_set1
     self.permission_mapper1.save()
     self.request.user_group_ids = set([self.user_group1.id])
     # ^^^ By hand instead of via ._user_group_ids()
     self.assertSetEqual(set([self.data_set1.id]),
                         set(self.middleware._data_sets(self.request)))
Esempio n. 9
0
 def test_no_filtering(self):
     # We have a data_set link, but we don't actually want to be filtered
     # ourselves as we need to be queried to determin the data_set
     # access. Chicken-egg problem. (Which only surfaces when debugging,
     # btw.)
     data_set1 = DataSet(name='data_set1')
     data_set1.save()
     permission_mapper = PermissionMapper(name='test')
     permission_mapper.save()
     permission_mapper.data_set = data_set1
     permission_mapper.save()
     self.assertListEqual(list(PermissionMapper.objects.all()),
                          [permission_mapper])
Esempio n. 10
0
    def setUp(self):
        self.user = User.objects.create_user(
            'useruser',
            '*****@*****.**',
            'useruser')
        self.user.save()
        self.user_group = UserGroup(name='user_group')
        self.user_group.save()
        self.user_group.members.add(self.user)
        self.user_group.save()
        self.data_set1 = DataSet(name='data_set10')
        self.data_set1.save()
        self.data_set2 = DataSet(name='data_set20')
        self.data_set2.save()

        self.permission_mapper = PermissionMapper()
        self.permission_mapper.save()
        self.permission_mapper.user_group = self.user_group
        self.permission_mapper.data_set = self.data_set1
        self.permission_mapper.save()
Esempio n. 11
0
 def test_partial_manager(self):
     """A manager of just some bits of test content should get in, too."""
     client = Client()
     self.assertTrue(client.login(username='******',
                                  password='******'))
     response = client.get('/admin/testcontent/content/')
     # Permission denied as we don't have user group access.
     self.assertEquals(response.status_code, 403)
     # Now add content. Still no access.
     self.user_group.members.add(self.manager)
     self.user_group.save()
     self.data_set = DataSet(name='data_set')
     self.data_set.save()
     self.permission_mapper = PermissionMapper()
     self.permission_mapper.save()
     self.permission_mapper.user_group = self.user_group
     self.permission_mapper.data_set = self.data_set
     self.permission_mapper.save()
     self.content = Content()
     self.content.save()
     self.content.data_set = self.data_set
     self.content.save()
     response = client.get('/admin/testcontent/content/')
     self.assertEquals(response.status_code, 403)
     # Just the right permission on a group that we're not connected to
     # means nothing.
     add_permission = Permission.objects.get(codename='change_content')
     group = Group()
     group.save()
     group.permissions.add(add_permission)
     group.save()
     response = client.get('/admin/testcontent/content/')
     self.assertEquals(response.status_code, 403)
     # With rights via a user group, we ought to have access.
     self.permission_mapper.permission_group = group
     self.permission_mapper.save()
     response = client.get('/admin/testcontent/content/')
     self.assertEquals(response.status_code, 200)
     # We also see something on the main admin page.
     response = client.get('/admin/')
     self.assertEquals(response.status_code, 200)
Esempio n. 12
0
class MiddlewareTest(TestCase):

    def setUp(self):
        self.middleware = SecurityMiddleware()
        request_factory = RequestFactory()
        self.request = request_factory.get('/some/url')
        self.request.session = {}  # Weird that it is needed.
        self.admin1 = User(email='*****@*****.**', username='******')
        self.admin1.save()
        self.user1 = User(email='*****@*****.**', username='******')
        self.user1.save()
        self.user2 = User(email='*****@*****.**', username='******')
        self.user2.save()
        self.user_group1 = UserGroup(name='user_group1')
        self.user_group1.save()
        self.user_group2 = UserGroup(name='user_group2')
        self.user_group2.save()
        self.data_set1 = DataSet(name='data_set1')
        self.data_set1.save()
        self.data_set2 = DataSet(name='data_set2')
        self.data_set2.save()

    def test_user_groups_for_anonymous(self):
        self.assertEquals([], self.middleware._user_group_ids(self.request))
        self.middleware.process_request(self.request)
        self.assertEquals(self.request.user_group_ids, set([]))

    def test_data_sets_for_anonymous(self):
        self.assertListEqual(
            [],
            list(self.middleware._data_sets(self.request)))
        self.middleware.process_request(self.request)
        self.assertEquals(self.request.allowed_data_set_ids, set([]))

    def test_user_groups_for_non_member(self):
        self.request.user = self.user1
        self.assertListEqual(
            [],
            list(self.middleware._user_group_ids(self.request)))

    def test_user_groups_for_member(self):
        self.request.user = self.user1
        self.user_group1.members.add(self.user1)
        self.user_group1.save()
        self.assertListEqual(
            [self.user_group1.id],
            list(self.middleware._user_group_ids(self.request)))

    def test_user_groups_append(self):
        self.request.user = self.user1
        self.user_group1.members.add(self.user1)
        self.user_group1.save()
        self.request.user_group_ids = set([42])
        self.middleware.process_request(self.request)
        self.assertSetEqual(set([42, self.user_group1.id]),
                            self.request.user_group_ids)

    def test_data_sets_for_non_member(self):
        self.request.user_group_ids = set([])
        self.assertListEqual([],
                             list(self.middleware._data_sets(self.request)))

    def test_data_sets_for_member(self):
        self.request.user = self.user1
        self.user_group1.members.add(self.user1)
        self.user_group1.save()
        self.permission_mapper1 = PermissionMapper()
        self.permission_mapper1.save()
        self.permission_mapper1.user_group = self.user_group1
        self.permission_mapper1.data_set = self.data_set1
        self.permission_mapper1.save()
        self.request.user_group_ids = set([self.user_group1.id])
        # ^^^ By hand instead of via ._user_group_ids()
        self.assertSetEqual(set([self.data_set1.id]),
                            set(self.middleware._data_sets(self.request)))

    def test_data_set_append_plus_user_group_relation(self):
        self.request.user = self.user1
        self.user_group1.members.add(self.user1)
        self.user_group1.save()
        self.permission_mapper1 = PermissionMapper()
        self.permission_mapper1.save()
        self.permission_mapper1.user_group = self.user_group1
        self.permission_mapper1.data_set = self.data_set1
        self.permission_mapper1.save()
        self.request.allowed_data_set_ids = set([42])
        self.middleware.process_request(self.request)
        self.assertSetEqual(set([42, self.data_set1.id]),
                             self.request.allowed_data_set_ids)
Esempio n. 13
0
class PermissionBackendTest(TestCase):

    def setUp(self):
        self.backend = LizardPermissionBackend()
        self.manager = User.objects.create_user(
            'managermanager',
            '*****@*****.**',
            'managermanager')
        self.manager.save()
        self.manager.is_staff = True
        self.manager.save()
        self.user_group = UserGroup()
        self.user_group.save()
        self.data_set = DataSet(name='data_set')
        self.data_set.save()
        self.content = Content()
        self.content.save()
        self.content.data_set = self.data_set
        self.content.save()
        self.permission_mapper = PermissionMapper()
        self.permission_mapper.save()
        self.permission_mapper.user_group = self.user_group
        self.permission_mapper.data_set = self.data_set
        self.permission_mapper.save()
        self.content = Content()
        self.content.save()
        self.content.data_set = self.data_set
        self.content.save()

    def test_no_authentication(self):
        self.assertEquals(None, self.backend.authenticate())

    def test_security_module_perms(self):
        """Usergroup managers need specific access to our module in de admin.
        """
        self.assertFalse(
            self.backend.has_module_perms(self.manager, 'lizard_security'))
        self.user_group.managers.add(self.manager)
        self.user_group.save()
        self.assertTrue(
            self.backend.has_module_perms(self.manager, 'lizard_security'))

    def test_has_perm_only_objects(self):
        self.assertFalse(self.backend.has_perm('dont care', 'none.can_exist'))

    def test_has_perm(self):
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        group.save()
        self.permission_mapper.permission_group = group
        self.permission_mapper.save()
        self.assertFalse(self.backend.has_perm(
                self.manager, 'testcontent.change_content', self.content))
        # If we belong to the right group, we *do* have access.
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = [self.data_set.id]
            self.assertTrue(self.backend.has_perm(
                    self.manager, 'testcontent.change_content', self.content))

    def test_has_perm_with_implicit_view_perm(self):
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = [self.data_set.id]
            self.assertTrue(self.backend.has_perm(
                    self.manager,
                    'lizard_security.can_view_lizard_data',
                    self.content))

    def test_has_perm_with_unset_dataset(self):
        # And now without a dataset.
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        group.save()
        self.permission_mapper.permission_group = group
        self.permission_mapper.save()
        self.permission_mapper.data_set = None
        self.permission_mapper.save()
        self.content = Content()
        self.content.save()
        self.content.data_set = None
        self.content.save()
        self.assertFalse(self.backend.has_perm(
                self.manager, 'testcontent.change_content', self.content))
        # If we belong to the right group, we *do* have access.
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = []
            self.assertTrue(self.backend.has_perm(
                    self.manager, 'testcontent.change_content', self.content))
Esempio n. 14
0
class AdminInterfaceTests(TestCase):

    def setUp(self):
        self.admin = User.objects.create_user(
            'adminadmin',
            '*****@*****.**',
            'adminadmin')
        self.admin.save()
        self.admin.is_superuser = True
        self.admin.is_staff = True
        self.admin.save()
        self.manager = User.objects.create_user(
            'managermanager',
            '*****@*****.**',
            'managermanager')
        self.manager.save()
        self.manager.is_staff = True
        self.manager.save()
        self.user_group = UserGroup()
        self.user_group.save()

    def test_smoke(self):
        """Looking as admin at the admin pages should not crash them :-)"""
        client = Client()
        self.assertTrue(client.login(username='******',
                                     password='******'))
        response = client.get('/admin/')
        self.assertEquals(response.status_code, 200)
        response = client.get('/admin/lizard_security/dataset/')
        self.assertEquals(response.status_code, 200)
        response = client.get('/admin/lizard_security/permissionmapper/')
        self.assertEquals(response.status_code, 200)
        response = client.get('/admin/lizard_security/usergroup/')
        self.assertEquals(response.status_code, 200)

    def test_partial_manager(self):
        """A manager of just some bits of test content should get in, too."""
        client = Client()
        self.assertTrue(client.login(username='******',
                                     password='******'))
        response = client.get('/admin/testcontent/content/')
        # Permission denied as we don't have user group access.
        self.assertEquals(response.status_code, 403)
        # Now add content. Still no access.
        self.user_group.members.add(self.manager)
        self.user_group.save()
        self.data_set = DataSet(name='data_set')
        self.data_set.save()
        self.permission_mapper = PermissionMapper()
        self.permission_mapper.save()
        self.permission_mapper.user_group = self.user_group
        self.permission_mapper.data_set = self.data_set
        self.permission_mapper.save()
        self.content = Content()
        self.content.save()
        self.content.data_set = self.data_set
        self.content.save()
        response = client.get('/admin/testcontent/content/')
        self.assertEquals(response.status_code, 403)
        # Just the right permission on a group that we're not connected to
        # means nothing.
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        group.save()
        response = client.get('/admin/testcontent/content/')
        self.assertEquals(response.status_code, 403)
        # With rights via a user group, we ought to have access.
        self.permission_mapper.permission_group = group
        self.permission_mapper.save()
        response = client.get('/admin/testcontent/content/')
        self.assertEquals(response.status_code, 200)
        # We also see something on the main admin page.
        response = client.get('/admin/')
        self.assertEquals(response.status_code, 200)
Esempio n. 15
0
 def test_smoke(self):
     permission_mapper = PermissionMapper(name='test')
     permission_mapper.save()
     self.assertTrue(permission_mapper)
     self.assertTrue(unicode(permission_mapper))