def test_auth_backend(self):
registry.register(Article, TestPermissionHandler)
with override_settings(AUTHENTICATION_BACKENDS=(
'django.contrib.auth.backends.ModelBackend',
'permission.backends.PermissionBackend',
)):
# PermissionBackend is used
def is_permission_backend_used():
from django.contrib.auth import get_backends
for backend in get_backends():
if isinstance(backend, PermissionBackend):
return True
return False
self.assertTrue(is_permission_backend_used())
# the handler treat 'add', 'chage', 'delete' permissions
permissions = registry._registry[Article].get_permissions()
self.assertTrue('permission.add_article' in permissions)
self.assertTrue('permission.change_article' in permissions)
self.assertTrue('permission.delete_article' in permissions)
# the registered handler is used (user1 is superuser so cannot be
# used for this)
self.user2.has_perm('permission.add_article')
self.assertTrue(registry._registry[Article].called)
# superuser have all permission with ModelBackend
self.assertTrue(self.user1.has_perm('permission.add_article'))
self.assertTrue(self.user1.has_perm(
'permission.change_article', self.article1
))
self.assertTrue(self.user1.has_perm(
'permission.delete_article', self.article1
))
# staff
self.assertTrue(self.user2.has_perm('permission.add_article'))
self.assertFalse(self.user2.has_perm(
'permission.change_article', self.article1
))
self.assertFalse(self.user2.has_perm(
'permission.delete_article', self.article1
))
# user3 have all permissions for article1 but article2
self.assertTrue(self.user3.has_perm('permission.add_article'))
self.assertTrue(self.user3.has_perm(
'permission.change_article', self.article1
))
self.assertTrue(self.user3.has_perm(
'permission.delete_article', self.article1
))
self.assertFalse(self.user3.has_perm(
'permission.change_article', self.article2
))
self.assertFalse(self.user3.has_perm(
'permission.delete_article', self.article2
))
# user4 have all permissions for article2 but article1
self.assertTrue(self.user4.has_perm('permission.add_article'))
self.assertFalse(self.user4.has_perm(
'permission.change_article', self.article1
))
self.assertFalse(self.user4.has_perm(
'permission.delete_article', self.article1
))
self.assertTrue(self.user4.has_perm(
'permission.change_article', self.article2
))
self.assertTrue(self.user4.has_perm(
'permission.delete_article', self.article2
))
# without AUTH backend, handler wount called
with override_settings(AUTHENTICATION_BACKENDS=(
'django.contrib.auth.backends.ModelBackend',
)):
# PermissionBackend is not used
def is_permission_backend_used():
from django.contrib.auth import get_backends
for backend in get_backends():
if isinstance(backend, PermissionBackend):
return True
return False
self.assertFalse(is_permission_backend_used())
# superuser have all permission with ModelBackend
self.assertTrue(self.user1.has_perm('permission.add_article'))
self.assertTrue(self.user1.has_perm(
'permission.change_article', self.article1
))
self.assertTrue(self.user1.has_perm(
'permission.delete_article', self.article1
))
# users have no permissions
self.assertFalse(self.user2.has_perm('permission.add_article'))
self.assertFalse(self.user2.has_perm(
'permission.change_article', self.article1
))
self.assertFalse(self.user2.has_perm(
'permission.delete_article', self.article1
))
self.assertFalse(self.user3.has_perm('permission.add_article'))
self.assertFalse(self.user3.has_perm(
'permission.change_article', self.article1
))
self.assertFalse(self.user3.has_perm(
'permission.delete_article', self.article1
))
self.assertFalse(self.user3.has_perm(
'permission.change_article', self.article2
))
self.assertFalse(self.user3.has_perm(
'permission.delete_article', self.article2
))
self.assertFalse(self.user4.has_perm('permission.add_article'))
self.assertFalse(self.user4.has_perm(
'permission.change_article', self.article1
))
self.assertFalse(self.user4.has_perm(
'permission.delete_article', self.article1
))
self.assertFalse(self.user4.has_perm(
'permission.change_article', self.article2
))
self.assertFalse(self.user4.has_perm(
'permission.delete_article', self.article2
))
def test_has_perm_get_permissions(self):
class TestPermissionHandler2(TestPermissionHandler):
# 'permission.add_article' is removed so the handler is not used
# for treating that permission.
def get_permissions(self):
return set(['permission.change_article', 'permission.delete_article',])
registry.register(Article, TestPermissionHandler2)
backend = PermissionBackend()
# the handler treat 'chage', 'delete' permissions
permissions = registry._registry[Article].get_permissions()
self.assertFalse('permission.add_article' in permissions)
self.assertTrue('permission.change_article' in permissions)
self.assertTrue('permission.delete_article' in permissions)
# anonymous user have no permission
self.assertFalse(backend.has_perm(self.anonymous, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.anonymous, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.anonymous, 'permission.delete_article', self.article1
))
# superuser have all permission generally but in this backend, they
# don't. the permissions for superuser will handled by downstream.
self.assertFalse(backend.has_perm(self.user1, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.user1, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user1, 'permission.delete_article', self.article1
))
# staff user
self.assertFalse(backend.has_perm(self.user2, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.user2, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user2, 'permission.delete_article', self.article1
))
# user3 is an author of the article1 so have all permissions
# but for article2
self.assertFalse(backend.has_perm(self.user3, 'permission.add_article'))
self.assertTrue(backend.has_perm(
self.user3, 'permission.change_article', self.article1
))
self.assertTrue(backend.has_perm(
self.user3, 'permission.delete_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user3, 'permission.change_article', self.article2
))
self.assertFalse(backend.has_perm(
self.user3, 'permission.delete_article', self.article2
))
# user4 is an author of the article2 so have all permissions
# but for article1
self.assertFalse(backend.has_perm(self.user4, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.user4, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user4, 'permission.delete_article', self.article1
))
self.assertTrue(backend.has_perm(
self.user4, 'permission.change_article', self.article2
))
self.assertTrue(backend.has_perm(
self.user4, 'permission.delete_article', self.article2
))
def test_has_perm(self):
registry.register(Article, TestPermissionHandler)
backend = PermissionBackend()
# the registered handler is used
backend.has_perm(self.anonymous, 'permission.add_article')
self.assertTrue(registry._registry[Article].called)
# the handler treat 'add', 'chage', 'delete' permissions
permissions = registry._registry[Article].get_permissions()
self.assertTrue('permission.add_article' in permissions)
self.assertTrue('permission.change_article' in permissions)
self.assertTrue('permission.delete_article' in permissions)
# anonymous user have no permission
self.assertFalse(backend.has_perm(self.anonymous, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.anonymous, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.anonymous, 'permission.delete_article', self.article1
))
# superuser have all permission generally but in this backend, they
# don't. the permissions for superuser will handled by downstream.
self.assertTrue(backend.has_perm(self.user1, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.user1, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user1, 'permission.delete_article', self.article1
))
# staff user
self.assertTrue(backend.has_perm(self.user2, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.user2, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user2, 'permission.delete_article', self.article1
))
# user3 is an author of the article1 so have all permissions
# but for article2
self.assertTrue(backend.has_perm(self.user3, 'permission.add_article'))
self.assertTrue(backend.has_perm(
self.user3, 'permission.change_article', self.article1
))
self.assertTrue(backend.has_perm(
self.user3, 'permission.delete_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user3, 'permission.change_article', self.article2
))
self.assertFalse(backend.has_perm(
self.user3, 'permission.delete_article', self.article2
))
# user4 is an author of the article2 so have all permissions
# but for article1
self.assertTrue(backend.has_perm(self.user4, 'permission.add_article'))
self.assertFalse(backend.has_perm(
self.user4, 'permission.change_article', self.article1
))
self.assertFalse(backend.has_perm(
self.user4, 'permission.delete_article', self.article1
))
self.assertTrue(backend.has_perm(
self.user4, 'permission.change_article', self.article2
))
self.assertTrue(backend.has_perm(
self.user4, 'permission.delete_article', self.article2
))
def test_auth_backend(self):
registry.register(Article, TestPermissionHandler)
with override_settings(AUTHENTICATION_BACKENDS=(
'django.contrib.auth.backends.ModelBackend',
'permission.backends.PermissionBackend',
)):
# PermissionBackend is used
def is_permission_backend_used():
from django.contrib.auth import get_backends
for backend in get_backends():
if isinstance(backend, PermissionBackend):
return True
return False
self.assertTrue(is_permission_backend_used())
# the handler treat 'add', 'chage', 'delete' permissions
permissions = registry._registry[Article].get_permissions()
self.assertTrue('permission.add_article' in permissions)
self.assertTrue('permission.change_article' in permissions)
self.assertTrue('permission.delete_article' in permissions)
# the registered handler is used (user1 is superuser so cannot be
# used for this)
self.user2.has_perm('permission.add_article')
self.assertTrue(registry._registry[Article].called)
# superuser have all permission with ModelBackend
self.assertTrue(self.user1.has_perm('permission.add_article'))
self.assertTrue(
self.user1.has_perm('permission.change_article',
self.article1))
self.assertTrue(
self.user1.has_perm('permission.delete_article',
self.article1))
# staff
self.assertTrue(self.user2.has_perm('permission.add_article'))
self.assertFalse(
self.user2.has_perm('permission.change_article',
self.article1))
self.assertFalse(
self.user2.has_perm('permission.delete_article',
self.article1))
# user3 have all permissions for article1 but article2
self.assertTrue(self.user3.has_perm('permission.add_article'))
self.assertTrue(
self.user3.has_perm('permission.change_article',
self.article1))
self.assertTrue(
self.user3.has_perm('permission.delete_article',
self.article1))
self.assertFalse(
self.user3.has_perm('permission.change_article',
self.article2))
self.assertFalse(
self.user3.has_perm('permission.delete_article',
self.article2))
# user4 have all permissions for article2 but article1
self.assertTrue(self.user4.has_perm('permission.add_article'))
self.assertFalse(
self.user4.has_perm('permission.change_article',
self.article1))
self.assertFalse(
self.user4.has_perm('permission.delete_article',
self.article1))
self.assertTrue(
self.user4.has_perm('permission.change_article',
self.article2))
self.assertTrue(
self.user4.has_perm('permission.delete_article',
self.article2))
# without AUTH backend, handler wount called
with override_settings(AUTHENTICATION_BACKENDS=(
'django.contrib.auth.backends.ModelBackend', )):
# PermissionBackend is not used
def is_permission_backend_used():
from django.contrib.auth import get_backends
for backend in get_backends():
if isinstance(backend, PermissionBackend):
return True
return False
self.assertFalse(is_permission_backend_used())
# superuser have all permission with ModelBackend
self.assertTrue(self.user1.has_perm('permission.add_article'))
self.assertTrue(
self.user1.has_perm('permission.change_article',
self.article1))
self.assertTrue(
self.user1.has_perm('permission.delete_article',
self.article1))
# users have no permissions
self.assertFalse(self.user2.has_perm('permission.add_article'))
self.assertFalse(
self.user2.has_perm('permission.change_article',
self.article1))
self.assertFalse(
self.user2.has_perm('permission.delete_article',
self.article1))
self.assertFalse(self.user3.has_perm('permission.add_article'))
self.assertFalse(
self.user3.has_perm('permission.change_article',
self.article1))
self.assertFalse(
self.user3.has_perm('permission.delete_article',
self.article1))
self.assertFalse(
self.user3.has_perm('permission.change_article',
self.article2))
self.assertFalse(
self.user3.has_perm('permission.delete_article',
self.article2))
self.assertFalse(self.user4.has_perm('permission.add_article'))
self.assertFalse(
self.user4.has_perm('permission.change_article',
self.article1))
self.assertFalse(
self.user4.has_perm('permission.delete_article',
self.article1))
self.assertFalse(
self.user4.has_perm('permission.change_article',
self.article2))
self.assertFalse(
self.user4.has_perm('permission.delete_article',
self.article2))
def test_has_perm_get_permissions(self):
class TestPermissionHandler2(TestPermissionHandler):
# 'permission.add_article' is removed so the handler is not used
# for treating that permission.
def get_permissions(self):
return set([
'permission.change_article',
'permission.delete_article',
])
registry.register(Article, TestPermissionHandler2)
backend = PermissionBackend()
# the handler treat 'chage', 'delete' permissions
permissions = registry._registry[Article].get_permissions()
self.assertFalse('permission.add_article' in permissions)
self.assertTrue('permission.change_article' in permissions)
self.assertTrue('permission.delete_article' in permissions)
# anonymous user have no permission
self.assertFalse(
backend.has_perm(self.anonymous, 'permission.add_article'))
self.assertFalse(
backend.has_perm(self.anonymous, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.anonymous, 'permission.delete_article',
self.article1))
# superuser have all permission generally but in this backend, they
# don't. the permissions for superuser will handled by downstream.
self.assertFalse(backend.has_perm(self.user1,
'permission.add_article'))
self.assertFalse(
backend.has_perm(self.user1, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user1, 'permission.delete_article',
self.article1))
# staff user
self.assertFalse(backend.has_perm(self.user2,
'permission.add_article'))
self.assertFalse(
backend.has_perm(self.user2, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user2, 'permission.delete_article',
self.article1))
# user3 is an author of the article1 so have all permissions
# but for article2
self.assertFalse(backend.has_perm(self.user3,
'permission.add_article'))
self.assertTrue(
backend.has_perm(self.user3, 'permission.change_article',
self.article1))
self.assertTrue(
backend.has_perm(self.user3, 'permission.delete_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user3, 'permission.change_article',
self.article2))
self.assertFalse(
backend.has_perm(self.user3, 'permission.delete_article',
self.article2))
# user4 is an author of the article2 so have all permissions
# but for article1
self.assertFalse(backend.has_perm(self.user4,
'permission.add_article'))
self.assertFalse(
backend.has_perm(self.user4, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user4, 'permission.delete_article',
self.article1))
self.assertTrue(
backend.has_perm(self.user4, 'permission.change_article',
self.article2))
self.assertTrue(
backend.has_perm(self.user4, 'permission.delete_article',
self.article2))
def test_has_perm(self):
registry.register(Article, TestPermissionHandler)
backend = PermissionBackend()
# the registered handler is used
backend.has_perm(self.anonymous, 'permission.add_article')
self.assertTrue(registry._registry[Article].called)
# the handler treat 'add', 'chage', 'delete' permissions
permissions = registry._registry[Article].get_permissions()
self.assertTrue('permission.add_article' in permissions)
self.assertTrue('permission.change_article' in permissions)
self.assertTrue('permission.delete_article' in permissions)
# anonymous user have no permission
self.assertFalse(
backend.has_perm(self.anonymous, 'permission.add_article'))
self.assertFalse(
backend.has_perm(self.anonymous, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.anonymous, 'permission.delete_article',
self.article1))
# superuser have all permission generally but in this backend, they
# don't. the permissions for superuser will handled by downstream.
self.assertTrue(backend.has_perm(self.user1, 'permission.add_article'))
self.assertFalse(
backend.has_perm(self.user1, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user1, 'permission.delete_article',
self.article1))
# staff user
self.assertTrue(backend.has_perm(self.user2, 'permission.add_article'))
self.assertFalse(
backend.has_perm(self.user2, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user2, 'permission.delete_article',
self.article1))
# user3 is an author of the article1 so have all permissions
# but for article2
self.assertTrue(backend.has_perm(self.user3, 'permission.add_article'))
self.assertTrue(
backend.has_perm(self.user3, 'permission.change_article',
self.article1))
self.assertTrue(
backend.has_perm(self.user3, 'permission.delete_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user3, 'permission.change_article',
self.article2))
self.assertFalse(
backend.has_perm(self.user3, 'permission.delete_article',
self.article2))
# user4 is an author of the article2 so have all permissions
# but for article1
self.assertTrue(backend.has_perm(self.user4, 'permission.add_article'))
self.assertFalse(
backend.has_perm(self.user4, 'permission.change_article',
self.article1))
self.assertFalse(
backend.has_perm(self.user4, 'permission.delete_article',
self.article1))
self.assertTrue(
backend.has_perm(self.user4, 'permission.change_article',
self.article2))
self.assertTrue(
backend.has_perm(self.user4, 'permission.delete_article',
self.article2))
