def setUp(self):
self.backend = LizardPermissionBackend()
self.manager = User.objects.create_user(
'managermanager',
'*****@*****.**',
'managermanager')
self.manager.save()
self.manager.is_staff = True
self.manager.save()
self.user_group = UserGroup()
self.user_group.save()
self.data_set = DataSet(name='data_set')
self.data_set.save()
self.content = Content()
self.content.save()
self.content.data_set = self.data_set
self.content.save()
self.permission_mapper = PermissionMapper()
self.permission_mapper.save()
self.permission_mapper.user_group = self.user_group
self.permission_mapper.data_set = self.data_set
self.permission_mapper.save()
self.content = Content()
self.content.save()
self.content.data_set = self.data_set
self.content.save()
def test_partial_manager(self):
"""A manager of just some bits of test content should get in, too."""
client = Client()
self.assertTrue(client.login(username='******',
password='******'))
response = client.get('/admin/testcontent/content/')
# Permission denied as we don't have user group access.
self.assertEquals(response.status_code, 403)
# Now add content. Still no access.
self.user_group.members.add(self.manager)
self.user_group.save()
self.data_set = DataSet(name='data_set')
self.data_set.save()
self.permission_mapper = PermissionMapper()
self.permission_mapper.save()
self.permission_mapper.user_group = self.user_group
self.permission_mapper.data_set = self.data_set
self.permission_mapper.save()
self.content = Content()
self.content.save()
self.content.data_set = self.data_set
self.content.save()
response = client.get('/admin/testcontent/content/')
self.assertEquals(response.status_code, 403)
# Just the right permission on a group that we're not connected to
# means nothing.
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
group.save()
response = client.get('/admin/testcontent/content/')
self.assertEquals(response.status_code, 403)
# With rights via a user group, we ought to have access.
self.permission_mapper.permission_group = group
self.permission_mapper.save()
response = client.get('/admin/testcontent/content/')
self.assertEquals(response.status_code, 200)
# We also see something on the main admin page.
response = client.get('/admin/')
self.assertEquals(response.status_code, 200)
def test_has_perm_with_unset_dataset(self):
# And now without a dataset.
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
group.save()
self.permission_mapper.permission_group = group
self.permission_mapper.save()
self.permission_mapper.data_set = None
self.permission_mapper.save()
self.content = Content()
self.content.save()
self.content.data_set = None
self.content.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
# If we belong to the right group, we *do* have access.
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = []
self.assertTrue(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
class PermissionBackendTest(TestCase):
def setUp(self):
self.backend = LizardPermissionBackend()
self.manager = User.objects.create_user(
'managermanager',
'*****@*****.**',
'managermanager')
self.manager.save()
self.manager.is_staff = True
self.manager.save()
self.user_group = UserGroup()
self.user_group.save()
self.data_set = DataSet(name='data_set')
self.data_set.save()
self.content = Content()
self.content.save()
self.content.data_set = self.data_set
self.content.save()
self.permission_mapper = PermissionMapper()
self.permission_mapper.save()
self.permission_mapper.user_group = self.user_group
self.permission_mapper.data_set = self.data_set
self.permission_mapper.save()
self.content = Content()
self.content.save()
self.content.data_set = self.data_set
self.content.save()
def test_no_authentication(self):
self.assertEquals(None, self.backend.authenticate())
def test_security_module_perms(self):
"""Usergroup managers need specific access to our module in de admin.
"""
self.assertFalse(
self.backend.has_module_perms(self.manager, 'lizard_security'))
self.user_group.managers.add(self.manager)
self.user_group.save()
self.assertTrue(
self.backend.has_module_perms(self.manager, 'lizard_security'))
def test_has_perm_only_objects(self):
self.assertFalse(self.backend.has_perm('dont care', 'none.can_exist'))
def test_has_perm(self):
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
group.save()
self.permission_mapper.permission_group = group
self.permission_mapper.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
# If we belong to the right group, we *do* have access.
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = [self.data_set.id]
self.assertTrue(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
def test_has_perm_with_implicit_view_perm(self):
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = [self.data_set.id]
self.assertTrue(self.backend.has_perm(
self.manager,
'lizard_security.can_view_lizard_data',
self.content))
def test_has_perm_with_unset_dataset(self):
# And now without a dataset.
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
group.save()
self.permission_mapper.permission_group = group
self.permission_mapper.save()
self.permission_mapper.data_set = None
self.permission_mapper.save()
self.content = Content()
self.content.save()
self.content.data_set = None
self.content.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
# If we belong to the right group, we *do* have access.
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = []
self.assertTrue(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
class AdminInterfaceTests(TestCase):
def setUp(self):
self.admin = User.objects.create_user(
'adminadmin',
'*****@*****.**',
'adminadmin')
self.admin.save()
self.admin.is_superuser = True
self.admin.is_staff = True
self.admin.save()
self.manager = User.objects.create_user(
'managermanager',
'*****@*****.**',
'managermanager')
self.manager.save()
self.manager.is_staff = True
self.manager.save()
self.user_group = UserGroup()
self.user_group.save()
def test_smoke(self):
"""Looking as admin at the admin pages should not crash them :-)"""
client = Client()
self.assertTrue(client.login(username='******',
password='******'))
response = client.get('/admin/')
self.assertEquals(response.status_code, 200)
response = client.get('/admin/lizard_security/dataset/')
self.assertEquals(response.status_code, 200)
response = client.get('/admin/lizard_security/permissionmapper/')
self.assertEquals(response.status_code, 200)
response = client.get('/admin/lizard_security/usergroup/')
self.assertEquals(response.status_code, 200)
def test_partial_manager(self):
"""A manager of just some bits of test content should get in, too."""
client = Client()
self.assertTrue(client.login(username='******',
password='******'))
response = client.get('/admin/testcontent/content/')
# Permission denied as we don't have user group access.
self.assertEquals(response.status_code, 403)
# Now add content. Still no access.
self.user_group.members.add(self.manager)
self.user_group.save()
self.data_set = DataSet(name='data_set')
self.data_set.save()
self.permission_mapper = PermissionMapper()
self.permission_mapper.save()
self.permission_mapper.user_group = self.user_group
self.permission_mapper.data_set = self.data_set
self.permission_mapper.save()
self.content = Content()
self.content.save()
self.content.data_set = self.data_set
self.content.save()
response = client.get('/admin/testcontent/content/')
self.assertEquals(response.status_code, 403)
# Just the right permission on a group that we're not connected to
# means nothing.
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
group.save()
response = client.get('/admin/testcontent/content/')
self.assertEquals(response.status_code, 403)
# With rights via a user group, we ought to have access.
self.permission_mapper.permission_group = group
self.permission_mapper.save()
response = client.get('/admin/testcontent/content/')
self.assertEquals(response.status_code, 200)
# We also see something on the main admin page.
response = client.get('/admin/')
self.assertEquals(response.status_code, 200)
