def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
class TestAllowAppOwner(TestCase):
fixtures = fixture("user_2519", "webapp_337141")
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get("/")
self.request.user = self.anonymous
self.request.amo_user = None
def test_has_permission_anonymous(self):
eq_(self.permission.has_permission(self.request, "myview"), False)
def test_has_permission_user(self):
self.request.user = self.owner.user
self.request.amo_user = self.owner
eq_(self.permission.has_permission(self.request, "myview"), True)
def test_has_object_permission_user(self):
self.request.user = self.owner.user
self.request.amo_user = self.owner
obj = self.app
eq_(self.permission.has_object_permission(self.request, "myview", obj), True)
def test_has_object_permission_different_user(self):
self.request.user = User.objects.get(pk=2519)
self.request.amo_user = self.request.user.get_profile()
obj = self.app
eq_(self.permission.has_object_permission(self.request, "myview", obj), False)
def test_has_object_permission_anonymous(self):
obj = self.app
eq_(self.permission.has_object_permission(self.request, "myview", obj), False)
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
def update(self, request, *args, **kwargs):
"""
Allow a version's features to be updated.
"""
obj = self.get_object()
# Deny access to users who are not owners of this app.
is_owner = AllowAppOwner().has_object_permission(request, self,
obj.addon)
is_reviewer = AllowReviewerReadOnly().is_authorized(request)
if not is_owner or not is_reviewer:
self.permission_denied(request)
# Update features if they are provided.
if 'features' in request.DATA:
# Raise an exception if any invalid features are passed.
invalid = [f for f in request.DATA['features'] if f.upper() not in
APP_FEATURES.keys()]
if any(invalid):
raise ParseError('Invalid feature(s): %s' % ', '.join(invalid))
# Update the value of each feature (note: a feature not present in
# the form data is assumed to be False)
data = {}
for key, name in APP_FEATURES.items():
field_name = 'has_' + key.lower()
data[field_name] = key.lower() in request.DATA['features']
obj.features.update(**data)
del request.DATA['features']
return super(VersionViewSet, self).update(request, *args, **kwargs)
class TestAllowAppOwner(TestCase):
fixtures = fixture('user_2519', 'webapp_337141')
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
self.request.amo_user = None
def test_has_permission_anonymous(self):
eq_(self.permission.has_permission(self.request, 'myview'), False)
def test_has_permission_user(self):
self.request.user = self.owner.user
self.request.amo_user = self.owner
eq_(self.permission.has_permission(self.request, 'myview'), True)
def test_has_object_permission_user(self):
self.request.user = self.owner.user
self.request.amo_user = self.owner
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
True)
def test_has_object_permission_different_user(self):
self.request.user = User.objects.get(pk=2519)
self.request.amo_user = self.request.user.get_profile()
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
def test_has_object_permission_anonymous(self):
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
class TestAllowAppOwner(TestCase):
fixtures = fixture('user_2519', 'webapp_337141')
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
def test_has_permission_anonymous(self):
eq_(self.permission.has_permission(self.request, 'myview'), False)
def test_has_permission_user(self):
self.request.user = self.owner
self.request.user = self.owner
eq_(self.permission.has_permission(self.request, 'myview'), True)
def test_has_object_permission_user(self):
self.request.user = self.owner
self.request.user = self.owner
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
True)
def test_has_object_permission_different_user(self):
self.request.user = UserProfile.objects.get(pk=2519)
self.request.user = self.request.user
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
def test_has_object_permission_anonymous(self):
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
def check(self, request, app, account):
if AllowAppOwner().has_object_permission(request, '', app):
if account.shared or account.user.pk == request.amo_user.pk:
return True
else:
log.info('AddonPaymentAccount access %(account)s denied '
'for %(user)s: wrong user, not shared.'.format({
'account':
account.pk,
'user':
request.amo_user.pk
}))
else:
log.info('AddonPaymentAccount access %(account)s denied '
'for %(user)s: no app permission.'.format({
'account':
account.pk,
'user':
request.amo_user.pk
}))
return False
def check(self, request, free, premium):
allow = AllowAppOwner()
for app in free, premium:
if app and not allow.has_object_permission(request, '', app):
return False
return True
def check(self, request, app):
if AllowAppOwner().has_object_permission(request, '', app):
return True
return False
def check(self, request, free, premium):
allow = AllowAppOwner()
for app in free, premium:
if app and not allow.has_object_permission(request, '', app):
return False
return True