def test_unauth_public(self):
request = self.get_request()
with self.assertNumQueries(0):
self.assertViewAllowed(self.page)
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[self.page.pk])
def test_unauth_non_access(self):
request = self.get_request()
with self.assertNumQueries(0):
self.assertViewNotAllowed(self.page)
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[])
def test_unauth_non_access(self):
request = self.get_request()
with self.assertNumQueries(0):
self.assertFalse(self.page.has_view_permission(request))
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[])
def test_unauth_public(self):
request = self.get_request()
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request))
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[self.page.pk])
def test_staff_public_staff(self):
request = self.get_request(self.get_staff_user_with_no_permissions())
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request))
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[self.page.pk])
def test_normal_basic_auth(self):
request = self.get_request(self.get_standard_user())
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request))
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[self.page.pk])
def assertGrantedVisibility(self,
all_pages,
expected_granted_pages,
username=None):
"""
helper function to check the expected_granted_pages are
not in the restricted_pages list and
all visible pages are in the expected_granted_pages
"""
# log the user in if present
user = None
if username is not None:
if get_user_model().USERNAME_FIELD == 'email':
username = username + '@LegionMarket.com'
query = dict()
query[get_user_model().USERNAME_FIELD + '__iexact'] = username
user = get_user_model().objects.get(**query)
request = self.get_request(user)
visible_page_ids = get_visible_pages(request, all_pages, self.site)
public_page_ids = Page.objects.drafts().filter(
title_set__title__in=expected_granted_pages).values_list('id',
flat=True)
self.assertEqual(len(visible_page_ids), len(expected_granted_pages))
restricted_pages = Page.objects.public().exclude(
title_set__title__in=expected_granted_pages).values_list('id',
flat=True)
self.assertNodeMemberships(visible_page_ids, restricted_pages,
public_page_ids)
def assertGrantedVisibility(self, all_pages, expected_granted_pages, username=None):
"""
helper function to check the expected_granted_pages are
not in the restricted_pages list and
all visible pages are in the expected_granted_pages
"""
# log the user in if present
user = None
if username is not None:
if get_user_model().USERNAME_FIELD == "email":
username = username + "@django-cms.org"
query = dict()
query[get_user_model().USERNAME_FIELD + "__iexact"] = username
user = get_user_model().objects.get(**query)
request = self.get_request(user)
visible_page_ids = get_visible_pages(request, all_pages, self.site)
public_page_ids = (
Page.objects.drafts().filter(title_set__title__in=expected_granted_pages).values_list("id", flat=True)
)
self.assertEqual(len(visible_page_ids), len(expected_granted_pages))
restricted_pages = (
Page.objects.public().exclude(title_set__title__in=expected_granted_pages).values_list("id", flat=True)
)
self.assertNodeMemberships(visible_page_ids, restricted_pages, public_page_ids)
def test_normal_basic_auth(self):
user = self.get_standard_user()
request = self.get_request(user)
with self.assertNumQueries(0):
self.assertViewAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_staff_basic_auth(self):
user = self.get_staff_user_with_no_permissions()
request = self.get_request(user)
with self.assertNumQueries(0):
self.assertViewAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[self.page.pk])
def test_unauthed(self):
request = self.get_request()
with self.assertNumQueries(1):
"""The queries are:
PagePermission query for the affected page (is the page restricted?)
"""
self.assertViewNotAllowed(self.page)
self.assertEqual(get_visible_pages(request, self.pages, self.page.site), [])
def test_public_pages_anonymous_norestrictions(self):
"""
All pages are visible to an anonymous user
"""
all_pages = self._setup_tree_pages()
request = self.get_request()
visible_page_ids = get_visible_pages(request, all_pages, self.site)
self.assertEqual(len(all_pages), len(visible_page_ids))
nodes = menu_pool.get_nodes(request)
self.assertEqual(len(nodes), len(all_pages))
def test_public_pages_anonymous_norestrictions(self):
"""
All pages are visible to an anonymous user
"""
all_pages = self._setup_tree_pages()
request = self.get_request()
visible_page_ids = get_visible_pages(request, all_pages, self.site)
self.assertEqual(len(all_pages), len(visible_page_ids))
nodes = menu_pool.get_nodes(request)
self.assertEqual(len(nodes), len(all_pages))
def test_page_group_permissions(self):
user = self.get_standard_user()
user.groups.add(self.group)
request = self.get_request(user)
with self.assertNumQueries(3):
self.assertTrue(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, self.pages, self.page.site),
self.expected)
def test_unauthed(self):
request = self.get_request()
with self.assertNumQueries(1):
"""The queries are:
PagePermission query for the affected page (is the page restricted?)
"""
self.assertFalse(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertFalse(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, self.pages, self.page.site),
[])
def test_basic_perm(self):
user = self.get_standard_user()
user.user_permissions.add(Permission.objects.get(codename='view_page'))
request = self.get_request(user)
with self.assertNumQueries(3):
"""
The queries are:
PagePermission query (is this page restricted)
Generic django permission lookup
content type lookup by permission lookup
"""
self.assertViewAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_normal_denied(self):
user = self.get_standard_user()
request = self.get_request(user)
with self.assertNumQueries(4):
"""
The queries are:
PagePermission query for the affected page (is the page restricted?)
GlobalPagePermission query for the page site
User permissions query
Content type query
"""
self.assertViewNotAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [])
def test_global_access(self):
user = self.get_standard_user()
GlobalPagePermission.objects.create(can_view=True, user=user)
request = self.get_request(user)
with self.assertNumQueries(4):
"""The queries are:
PagePermission query for the affected page (is the page restricted?)
Generic django permission lookup
content type lookup by permission lookup
GlobalPagePermission query for the page site
"""
self.assertViewAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_global_access(self):
user = self.get_standard_user()
GlobalPagePermission.objects.create(can_view=True, user=user)
request = self.get_request(user)
with self.assertNumQueries(2):
"""The queries are:
PagePermission query for the affected page (is the page restricted?)
GlobalPagePermission query for the page site
"""
self.assertTrue(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[self.page.pk])
def test_global_permission(self):
user = self.get_standard_user()
GlobalPagePermission.objects.create(can_view=True, user=user)
request = self.get_request(user)
with self.assertNumQueries(4):
"""
The queries are:
PagePermission query (is this page restricted)
Generic django permission lookup
content type lookup by permission lookup
GlobalpagePermission query for user
"""
self.assertViewAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_basic_perm_denied(self):
user = self.get_staff_user_with_no_permissions()
request = self.get_request(user)
with self.assertNumQueries(5):
"""
The queries are:
PagePermission query (is this page restricted)
GlobalpagePermission query for user
PagePermission query for this user
Generic django permission lookup
content type lookup by permission lookup
"""
self.assertViewNotAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, self.pages, self.page.site), [])
def test_normal_denied(self):
request = self.get_request(self.get_standard_user())
with self.assertNumQueries(4):
"""
The queries are:
PagePermission query for the affected page (is the page restricted?)
GlobalPagePermission query for the page site
User permissions query
Content type query
"""
self.assertFalse(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertFalse(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, [self.page], self.page.site),
[])
def test_page_group_permissions(self):
user = self.get_standard_user()
user.groups.add(self.group)
request = self.get_request(user)
with self.assertNumQueries(5):
"""
The queries are:
PagePermission query (is this page restricted)
Generic django permission lookup
content type lookup by permission lookup
GlobalpagePermission query for user
PagePermission query for user
"""
self.assertViewAllowed(self.page, user)
self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_global_permission(self):
user = self.get_standard_user()
GlobalPagePermission.objects.create(can_view=True, user=user)
request = self.get_request(user)
with self.assertNumQueries(2):
"""
The queries are:
PagePermission query (is this page restricted)
GlobalpagePermission query for user
"""
self.assertTrue(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, self.pages, self.page.site),
self.expected)
def test_basic_perm_denied(self):
request = self.get_request(self.get_staff_user_with_no_permissions())
with self.assertNumQueries(5):
"""
The queries are:
PagePermission query (is this page restricted)
GlobalpagePermission query for user
PagePermission query for this user
Generic django permission lookup
content type lookup by permission lookup
"""
self.assertFalse(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertFalse(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, self.pages, self.page.site),
[])
def test_basic_perm(self):
user = self.get_standard_user()
user.user_permissions.add(Permission.objects.get(codename='view_page'))
request = self.get_request(user)
with self.assertNumQueries(5):
"""
The queries are:
PagePermission query (is this page restricted)
GlobalpagePermission query for user
PagePermission query for this user
Generic django permission lookup
content type lookup by permission lookup
"""
self.assertTrue(self.page.has_view_permission(request))
with self.assertNumQueries(0):
self.assertTrue(self.page.has_view_permission(request)) # test cache
self.assertEqual(get_visible_pages(request, self.pages, self.page.site),
self.expected)
def get_viewable_pages(self):
site = self.get_site()
page_queryset = get_page_queryset(self.request).published()
pages = page_queryset.filter(site=site)
return get_visible_pages(self.request, pages, site)
