def test_relation_types_definition_index_variable(self): book = BookFixture(Book, generate_m2m={'authors': (2, 2)}).create_one() get_nodeset_for_queryset(Store.objects.filter(pk=book.pk), sync=True) user = User.objects.filter( pk__in=book.authors.values('user')).latest('pk') perm = Permission.objects.get(content_type__app_label='auth', codename='change_user') access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(User), relation_types=[{ 'AUTHOR': None }, { 'BOOK': None }, { '{0:AUTHORS}': None }, { 'USER': None }]) access_rule.permissions.add(perm) user.user_permissions.add(perm) objects = utils.get_objects_for_user(user, 'auth.change_user') self.assertEqual({user}, set(objects)) self.assertNotEqual(User.objects.count(), objects.count())
def test_any_permissions(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perms = Permission.objects.filter( content_type__app_label='auth', codename__in=['add_group', 'change_group']) access_rule.permissions.add(*perms) self.user1.user_permissions.add(*perms) self.user1.groups.add(*groups) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.delete_group'], any_perm=False) self.assertEqual(set(), set(objects)) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.delete_group'], any_perm=True) self.assertEqual(set(groups), set(objects))
def test_multiple_permissions_to_check_use_groups(self): self.group.permissions.add( Permission.objects.get(content_type__app_label='auth', codename='add_group')) self.user1.user_permissions.add( Permission.objects.get(content_type__app_label='auth', codename='change_group')) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) access_rule.permissions.add(*Permission.objects.filter( content_type__app_label='auth', codename__in=['add_group', 'change_group'])) self.user1.groups.add(self.group) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.change_group'], use_groups=True) self.assertEqual(set(self.user1.groups.all()), set(objects)) self.user1.groups.remove(self.group) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.change_group'], use_groups=False) self.assertEqual(set(), set(objects))
def test_multiple_permissions_to_check_requires_staff(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), requires_staff=True, relation_types=[{ 'GROUPS': None }]) perms = Permission.objects.filter( content_type__app_label='auth', codename__in=['add_group', 'delete_group']) access_rule.permissions.add(*perms) self.user1.user_permissions.add(*perms) self.user1.groups.add(*groups) self.user1.is_staff = True get_node_for_object(self.user1).sync( ) # Sync node in order to write `is_staff` property objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.delete_group']) self.assertEqual(set(groups), set(objects)) self.user2.user_permissions.add(*perms) self.user2.groups.add(*groups) self.assertFalse(self.user2.is_staff) objects = utils.get_objects_for_user( self.user2, ['auth.add_group', 'auth.delete_group']) self.assertEqual(set(), set(objects))
def test_with_superuser_false(self): BookFixture(Book, follow_fk=True, generate_m2m={ 'authors': (1, 1) }).create(count=2) user = User.objects.latest('pk') user.is_superuser = True # `with_superuser=False` requires defined access rules - should yield no results! self.assertEqual( set(Book.objects.none()), set( utils.get_objects_for_user(user, ['testapp.change_book'], Book.objects.all(), with_superuser=False))) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(user), ctype_target=utils.get_content_type(Book), relation_types=[{ 'AUTHOR': None }, { 'BOOK': None }]) perm = Permission.objects.get(content_type__app_label='testapp', codename='change_book') access_rule.permissions.add(perm) user.user_permissions.add(perm) objects = utils.get_objects_for_user(user, ['testapp.change_book'], Book.objects.all(), with_superuser=False) self.assertEqual(set(user.author.book_set.all()), set(objects))
def test_check_permissions_app_label_single(self): perm = 'testapp.add_book' book = BookFixture(Book).create_one() self.assertEqual(utils.check_permissions_app_label(perm), (utils.get_content_type(book), {'add_book'})) self.assertEqual(utils.check_permissions_app_label(perm), (utils.get_content_type(Book), {'add_book'}))
def setUp(self): Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) class GroupSerializer(ModelSerializer): class Meta: model = Group fields = '__all__' class GroupViewSet(ModelViewSet): queryset = Group.objects.all() serializer_class = GroupSerializer permission_classes = [DjangoObjectPermissions] filter_backends = [ChemoPermissionsFilter] self.user = User.objects.create_user(username='******', password='******') self.perm = Permission.objects.create( content_type=get_content_type(Group), name='Can view group', codename='view_group') self.access_rule = AccessRule.objects.create( ctype_source=get_content_type(User), ctype_target=get_content_type(Group), is_active=True, relation_types=[{ 'GROUPS': None }]) self.view = GroupViewSet self.patched_settings = modify_settings( AUTHENTICATION_BACKENDS={'append': self.backend}) self.patched_settings.enable()
def test_field_is_json_serializable(self): instance = AccessRule.objects.create( ctype_source=get_content_type(USER_MODEL), ctype_target=get_content_type(USER_MODEL), relation_types=[{ 'GROUPS': None }]) json = serializers.serialize('json', [instance]) self.assertIsJSON(json)
def test_check_permissions_app_label_sequence(self): perms = ['testapp.add_book', 'testapp.change_book'] book = BookFixture(Book).create_one() ctype, codenames = utils.check_permissions_app_label(perms) self.assertEqual(ctype, utils.get_content_type(book)) self.assertEqual(sorted(codenames), ['add_book', 'change_book'])
def test_single_perm(self): access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Book), relation_types=[{ 'AUTHOR': None }, { 'BOOK': None }]) perm = Permission.objects.get(content_type__app_label='testapp', codename='view_book') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) users = utils.get_users_with_perms(obj=self.book, permissions='view_book') self.assertEqual(set(users), {self.user1})
def test_checker_has_perm_authorized_user(self): author = AuthorFixture(Author).create_one() user = author.user perm = Permission.objects.get( content_type=utils.get_content_type(author), codename='change_author') access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(user), ctype_target=utils.get_content_type(author), relation_types=[{ 'AUTHOR': None }]) user.user_permissions.add(perm) access_rule.permissions.add(perm) checker = utils.GraphPermissionChecker(user) self.assertTrue(checker.has_perm(perm.codename, author))
def test_klass_as_queryset(self): access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perm = Permission.objects.get(content_type__app_label='auth', codename='change_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(self.group) objects = utils.get_objects_for_user(self.user1, ['auth.change_group'], Group.objects.all()) self.assertEqual([obj.name for obj in objects], [self.group.name])
def test_single_permission_to_check(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perm = Permission.objects.get(content_type__app_label='auth', codename='change_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(*groups) objects = utils.get_objects_for_user(self.user1, 'auth.change_group') self.assertEqual(len(groups), len(objects)) self.assertEqual(set(groups), set(objects))
def post_process_instance(self, instance, commit): Tag.objects.get_or_create(content_type=get_content_type(instance), object_pk=instance.pk, defaults={ 'tag': random.choice( ('sci-fi', 'drama', 'fantasy', 'romance', 'self help', 'satire')) }) return instance
def test_multiple_perms(self): access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Book), relation_types=[{ 'AUTHOR': None }, { 'BOOK': None }]) perms = Permission.objects.filter( content_type__app_label='testapp', codename__in=['view_book', 'change_book']) access_rule.permissions.add(*perms) self.user1.user_permissions.add(*perms) self.user2.user_permissions.add( perms.get(codename='change_book')) # Should not be in result set users = utils.get_users_with_perms( obj=self.book, permissions=['change_book', 'view_book']) self.assertEqual(set(users), {self.user1})
def test_extra_perms_single(self): group = Group.objects.create(name='a group') access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) access_rule.permissions.add( Permission.objects.get(content_type__app_label='auth', codename='add_group')) self.user1.groups.add(group) objects = utils.get_objects_for_user(self.user1, 'auth.add_group') self.assertEqual(set(), set(objects)) objects = utils.get_objects_for_user(self.user1, 'auth.add_group', extra_perms='auth.add_group') self.assertEqual({group}, set(objects))
def test_checker_has_perm_authorized_group(self): group = Group.objects.create(name='test group') user = User.objects.create_user(username='******', password='******') perm = Permission.objects.get( content_type=utils.get_content_type(user), codename='change_user') access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(group), ctype_target=utils.get_content_type(user), relation_types=[{ 'USER_SET': None }]) user.groups.add(group) group.permissions.add(perm) access_rule.permissions.add(perm) checker = utils.GraphPermissionChecker(group) # self.assertTrue(checker.has_perm(perm.codename, user)) self.assertRaises(NotImplementedError, checker.has_perm, perm.codename, user)
def test_permissions_single(self): access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perm = Permission.objects.get(content_type__app_label='auth', codename='change_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(self.group) self.assertEqual( set(self.user1.groups.all()), set(utils.get_objects_for_user(self.user1, 'auth.change_group'))) self.assertEqual( set(self.user1.groups.all()), set(utils.get_objects_for_user(self.user1, ['auth.change_group'])))
def test_relation_types_target_props(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': { 'name': 'group1' } }]) perm = Permission.objects.get(content_type__app_label='auth', codename='add_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(*groups) objects = utils.get_objects_for_user(self.user1, 'auth.add_group') self.assertEqual({Group.objects.get(name='group1')}, set(objects))
def test_get_content_type_from_class(self): self.assertEqual(utils.get_content_type(User), ContentType.objects.get_for_model(User))
def test_get_content_type_from_instance(self): user = User.objects.create_user(username='******', password='******') self.assertEqual(utils.get_content_type(user), ContentType.objects.get_for_model(User))