def pre_register(self, model, **kwargs): content_type = ContentType.objects.get_for_model(model) codename = 'can_receive_notification_%s' % content_type.model if not Permission.objects.filter(content_type=content_type, codename=codename): permission = Permission(name = 'Can receive notification', content_type = content_type, codename = codename) permission.save()
def add_owner_permissions(): owner_ct = ContentType.objects.get(app_label='pet', model='owner') is_owner = Permission(name='Is Owner', codename='is_a_owner', content_type=owner_ct) is_owner.save() return is_owner
def post(self, request): ret = {'result': 0, 'msg': None} ## ajax 请求的权限验证 if not request.user.has_perm(self.permission_required): ret["result"] = 1 ret["msg"] = "Sorry,你没有'添加 permission 模型对象'的权限,请联系运维!" return JsonResponse(ret) perms_form = PermissionAddForm(request.POST) if not perms_form.is_valid(): ret['result'] = 1 error_msg = json.loads( perms_form.errors.as_json(escape_html=False)) ret["msg"] = '\n'.join( [i["message"] for v in error_msg.values() for i in v]) return JsonResponse(ret) try: perm = Permission(**perms_form.cleaned_data) except Exception as e: ret['result'] = 1 ret['msg'] = e.args else: perm.save() ret['msg'] = "权限创建成功" return JsonResponse(ret)
def test_groups_permissions(self): '''Test permissions and adding groups to users''' g1 = Group() g1.name = 'Salespeople' # you must save before you add test_groups_permissions g1.save() g1.permissions.add(Permission.objects.get(id=1)) # prints out all available test_groups_permissions # for p in Permission.objects.all(): # print('Codename: ' + p.codename) # print('Name: ' + p.name) # print('ContentType: ' + str(p.content_type)) # this is a pretty bad idea: self.u1.user_permissions.add(p) # create a permission p = Permission() p.codename = 'change_product_price' p.name = 'Change the price of a product' p.content_type = ContentType.objects.get(id=1) p.save() # add permission to groups g1.permissions.add( Permission.objects.get(codename='change_product_price')) g1.save() # add user to group self.u1.groups.add(g1) self.u1.save() # check to see if the group has the new permissions self.assertTrue(self.u1.groups.filter(name='Salespeople')) self.assertTrue(self.u1.has_perm('admin.change_product_price'))
def test_usuarios_render_form_change_pas(self): """ Testa renderização do formulário de troca de senha """ contentItem = ContentType.objects.get(app_label='acesso',model='usuario') permission = Permission(name='Can Change Pass',content_type=contentItem,codename='change_pass_usuario') permission.save() permissions = Permission.objects.all().filter(content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) # Faz chamada da pagina response = self.client.get('/acesso/usuarios/password/') self.assertEquals(response.status_code, 200) self.assertContains(response, 'name="new_password1"', status_code=200) """ Testa renderização do formulário de troca de senha """ dataPost = { 'new_password1' : 'testpass2', 'new_password2' : 'testpass2', } response = self.client.post('/acesso/usuarios/password/', dataPost) self.assertEquals(response.status_code, 200)
def save_related (self, request, form, formsets, change): if change: # If any grade change occurred; the save override will take care of the removal of previous permissions associated with the previous grade # All we have to care aboot here is saving the related objects i.e. subject with the appropriate permissions # codename: {Level.grade}_{ClassRoom.section}_{Subject.name} # name: {Level.grade}-{ClassRoom.section}: {Subject.name} LEVEL = Level.objects.get (pk = request.META['HTTP_REFERER'][request.META['HTTP_REFERER'].rfind('/', 0, -1) + 1: -1]) # level object: related fields UNSAVED untill form save if LEVEL.classroom_set.count(): # we will have to create/edit permission if a level is associated with a class room NEW_SUBJECT_LIST = [] for SID in request.POST.getlist ("subject"): # Looping through the subject id's NEW_SUBJECT_LIST.append (Subject.objects.get(pk = SID).name) for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have deleted any permission that shouldn't exist anymore due to the change in the level object for S in LEVEL.subject.all(): if S.name not in NEW_SUBJECT_LIST: Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S.name).delete() for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have created any new permission that should be created due to the change in the level object for S in NEW_SUBJECT_LIST: if not Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S).exists(): # Permission Structure # codename: {Level.grade}_{ClassRoom.section}_{Subject.name} # name: {Level.grade}-{ClassRoom.section}: {Subject.name} NEW_P = Permission () NEW_P.codename = LEVEL.grade +"_"+ CR.section +"_"+ S NEW_P.name = LEVEL.grade +"-"+ CR.section +": "+ S NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.save() form.save()
def permission_add(module, using=None): ''' 添加自定义权限 ''' content_type = None try: if not using: content_type = ContentType.objects.get( app_label=settings.PERMISSION_APP, model=module) else: content_type = ContentType.objects.using(using).get( app_label=settings.PERMISSION_APP, model=module) except: content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module) content_type.save(using=using) for op in operations.values(): try: perm = Permission(codename='%s_%s' % (op, module), name='can %s %s' % (op, module), content_type=content_type) perm.save(using=using) except: pass
def test_user_permission_not_allowed(self): permission = Permission(content_type_id=1, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something')) self.assertEquals(response.status_code, 200) self.assertEquals(json['is-allowed'], False, json)
def test_puede_obtener_grupos_junto_con_permisos(self): user = User.objects.create_user(username='******', password='******') grupo = Group.objects.create(name='coordinador') tipo = ContentType.objects.get(app_label='escuelas', model='evento') puede_crear_eventos = Permission(name='crear', codename='evento.crear', content_type=tipo) puede_crear_eventos.save() grupo.permissions.add(puede_crear_eventos) self.client.force_authenticate(user=user) response = self.client.get('/api/groups', format='json') self.assertEqual(len(response.data['results']), 2) item_1 = response.data['results'][1] self.assertEquals(item_1["name"], "coordinador") # Inicialmente este grupo no tiene perfil self.assertEquals(item_1["perfiles"], []) # Si se vincula el grupo a un perfil ... user.perfil.group = grupo grupo.save() user.save() user.perfil.save() response = self.client.get('/api/groups', format='json') item_1 = response.data['results'][1] self.assertEquals(len(item_1["perfiles"]), 1) self.assertEquals(item_1["perfiles"][0]['type'], 'perfiles')
def test_add_groups_add_permissions(self): '''Tests adding a group to a user and add a permission to the group''' p1 = Permission() p1.name = 'Can Create' p1.codename = 'can_create' p1.content_type = ContentType.objects.get(id=1) p1.save() g1 = Group() g1.name = "employee" g1.save() g1.permissions.add(p1) g1.save() p2 = Permission() p2.name = 'Can Delete' p2.codename = 'can_delete' p2.content_type = ContentType.objects.get(id=1) p2.save() g2 = Group() g2.name = "manager" g2.save() g2.permissions.add(p2) g2.save() self.u1.groups.add(g1) self.u1.groups.add(g2) self.assertTrue(self.u1.groups.filter(name="employee")) self.assertTrue(self.u1.groups.filter(name="manager")) self.assertTrue(self.u1.has_perm(p1.name)) self.assertTrue(self.u1.has_perm(p2.name))
def post(self, request): """ content_type_id = request.POST.get("content_type") codename = request.POST.get("codename") name = request.POST.get("name") try: content_type = ContentType.objects.get(pk=content_type_id) except ContentType.DoesNotExist: return redirect("error", next="permission_list", msg="模型不存在") if not codename or codename.find(" ") >=0 : return redirect("error", next="permission_list", msg="codename 不合法") try: Permission.objects.create(codename=codename, content_type=content_type,name=name) except Exception as e: return redirect("error", next="permission_list", msg=e.args) return redirect("success", next="permission_list") """ permissionform = CreatePermissionForm(request.POST) if permissionform.is_valid(): permission = Permission(**permissionform.cleaned_data) try: permission.save() return redirect("success", next="permission_list") except Exception as e: return redirect("error", next="permission_list", msg=e.args) else: return redirect("error", next="permission_list", msg=json.dumps(permissionform.errors.as_json(), ensure_ascii=False))
def add_kennel_permissions(): kennel_ct = ContentType.objects.get(app_label='pet', model='kennel') is_kennel = Permission(name='Is Kennel', codename='is_a_kennel', content_type=kennel_ct) is_kennel.save() return is_kennel
def setUp(self): self.factory = RequestFactory() self.test_user = UserModel.objects.create_user("test_user", "*****@*****.**", "123456") self.test_noscope_user = UserModel.objects.create_user( "test_no_scope_user", "*****@*****.**", "123456") from django.contrib.auth.models import Permission p = Permission() p.name = "test_user_scope" p.content_type_id = 7 p.save() self.test_user.user_permissions.add(p) self.application = Application( name="Test Application", user=self.test_user, client_type=Application.CLIENT_CONFIDENTIAL, client_id="test_client_id", authorization_grant_type=Application.GRANT_PASSWORD, client_secret="test_client_secret", scopes="test_app_scope1 test_app_scope2") self.application.save() oauth2_settings._SCOPES = ['read', 'write']
def test_usuarios_render_form_change_pas(self): """ Testa renderização do formulário de troca de senha """ contentItem = ContentType.objects.get(app_label='acesso', model='usuario') permission = Permission(name='Can Change Pass', content_type=contentItem, codename='change_pass_usuario') permission.save() permissions = Permission.objects.all().filter( content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) # Faz chamada da pagina response = self.client.get('/acesso/usuarios/password/') self.assertEquals(response.status_code, 200) self.assertContains(response, 'name="new_password1"', status_code=200) """ Testa renderização do formulário de troca de senha """ dataPost = { 'new_password1': 'testpass2', 'new_password2': 'testpass2', } response = self.client.post('/acesso/usuarios/password/', dataPost) self.assertEquals(response.status_code, 200)
def manager_perms_add(request): # login check start if not request.user.is_authenticated: return redirect('mylogin') # login check end perm = 0 for i in request.user.groups.all(): if i.name == "masteruser": perm = 1 if perm == 0: error = "Access Denied" return render(request, 'back/error.html', {'error': error}) if request.method == 'POST': name = request.POST.get('name') cname = request.POST.get('cname') contenttype = ContentType.objects.get(app_label='main', model='main') if len(Permission.objects.filter(codename=cname)) == 0: perm = Permission(name=name, codename=cname, content_type=contenttype) #permission = Permission.objects.create(codename=cname, name=name, content_type=content_type) perm.save() else: error = "This Codename Used Before" return render(request, 'back/error.html', {'error': error}) return redirect('manager_perms')
def save_model (self, request, obj, form, change): """ Hey Hey Hey...let me see your id...or your boobs-your choice...i prefer the BOOBS unless you're OVER 18...EEEWWWWWWW """ if not request.user.is_superuser: if not request.user.has_perm ("condor."+ Student.objects.get (pk = request.POST["student"]).class_room.grade.grade +"_"+ Student.objects.get (pk = request.POST["student"]).class_room.section +"_"+ Subject.objects.get (pk = request.POST ["subject"]).name): messages.add_message (request, messages.ERROR, "Denied, the request you've made has content you are not authorized to add/edit. Your request has not been saved") return None elif request.user.has_perm ("condor."+ Student.objects.get (pk = request.POST["student"]).class_room.grade.grade +"_"+ Student.objects.get (pk = request.POST["student"]).class_room.section +"_"+ Subject.objects.get (pk = request.POST ["subject"]).name): if not Permission.objects.filter (codename = "generate_report_card").exists(): NEW_P = Permission () NEW_P.codename = "generate_report_card" NEW_P.name = "Can Generate Report Card" NEW_P.content_type = ContentType.objects.get (app_label="condor", model="gradereport") NEW_P.save() obj.save() elif request.user.is_superuser: if not Permission.objects.filter (codename = "generate_report_card").exists(): NEW_P = Permission () NEW_P.codename = "generate_report_card" NEW_P.name = "Can Generate Report Card" NEW_P.content_type = ContentType.objects.get (app_label="condor", model="gradereport") NEW_P.save() """ we are going have to check whether or not the super user has made the right choices...i feel OLD...which takes like two lines """ if obj.subject not in obj.student.class_room.grade.subject.all(): messages.add_message (request, messages.ERROR, "Error: the subject you have selected is not given in the specified grade level, No changes have been made.") return None obj.save()
def _get_or_create_perm(perm): from django.contrib.contenttypes.models import ContentType from django.db import models if not perm: return None try: app, model, name = perm.split('.') except ValueError: return None # NOTE: This check is added to support local userdb database connection. # TODO: Ensure this is right. m = models.get_model(app, model, only_installed=False) if not m: return None try: return Permission.objects.get_by_natural_key(name, app, model) except Permission.DoesNotExist: try: ct = ContentType.objects.get_by_natural_key(app, model) perm = Permission(name=name, content_type=ct, codename=name) perm.save() return perm except ContentType.DoesNotExist: return None except ContentType.DoesNotExist: return None
def test_user_permission_not_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something')) self.assertEquals(response.status_code, 200) self.assertEquals(json['is-allowed'], False, json)
def test_current_user_permission_not_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.user_perm % 'auth.can_something', username=self.user.username) self.assertEquals(response.status_code, 200) self.assertEquals(json['permissions']['auth.can_something'], False, json)
def make_permission(modeladmin, request, queryset): for project in queryset: p = Permission(name=u'编辑%s锁定文本'%project.title_cn, \ content_type_id=10, codename='can_edit_lock_%s'%project.project_name) p.save() p = Permission(name=u'%s项目组员'%project.title_cn, \ content_type_id=11, codename='%s_member'%project.project_name) p.save()
def create_club_admin_permission(sender, **kwargs): print "Creating club admin permission..." club_content_type = ContentType.objects.get_for_model(Club) if len(Permission.objects.filter(codename='full_club_admin')) == 0: club_admin_permission = Permission(name='Full Club Admin Access', codename='full_club_admin', content_type=club_content_type) club_admin_permission.save()
def new_permission(self, name, content_type_id, codename): permission = Permission() permission.name = name permission.content_type_id = content_type_id permission.codename = codename permission.save() return False if permission.pk is None else permission
def save (self, *args, **kwargs): if self.id == None: # object is bein created for the first time super (ClassRoom, self).save(*args, **kwargs) # saving object LEVEL = self.grade.grade SECTION = self.section for S in self.grade.subject.all(): if not Permission.objects.filter (codename = (u""+ LEVEL +"_"+ SECTION +"_"+ S.__unicode__())).exists(): # creating... # Permission Structure # codename: {Level.grade}_{ClassRoom.section}_{Subject.name} # name: {Level.grade}-{ClassRoom.section}: {Subject.name} NEW_P = Permission () NEW_P.name = u""+ LEVEL +"-"+ SECTION +": "+ S.__unicode__() NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.codename = u""+ LEVEL +"_"+ SECTION +"_"+ S.__unicode__() NEW_P.save() NEW_P = Permission () NEW_P.name = u"Head Teacher of "+ self.grade.grade +"-"+ self.section NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.codename = u"H_"+ self.grade.grade +"_"+ self.section NEW_P.save() else: # object is being edited... PREVIOUS_CLASSROOM = ClassRoom.objects.get (pk = self.id) # we know this exists! PREVIOUS_GRADE = PREVIOUS_CLASSROOM.grade super (ClassRoom, self).save(*args, **kwargs) if self.__unicode__() != PREVIOUS_CLASSROOM.__unicode__(): # There has been change in the object, Permissions update is necessary """ NOTE: - On permission, when a class is changed say from 1A to 1B or 2A: we will assume (for permission sake) 1B is a different class! - i.e. all permissions associated with 1A will be removed, and new Permissions for 1B will be created """ Permission.objects.filter (codename__istartswith = PREVIOUS_GRADE.grade +"_"+ PREVIOUS_CLASSROOM.section +"_").delete() # Deleting all associated permissions with the previous class room object Permission.objects.filter (codename = u"H_" + PREVIOUS_GRADE.grade +"_"+ PREVIOUS_CLASSROOM.section).delete() for S in self.grade.subject.all(): # Creating permissions for the NEW class room NEW_P = Permission() NEW_P.codename = self.grade.grade +"_"+ self.section +"_"+ S.name NEW_P.name = self.grade.grade +"-"+ self.section +": "+ S.name NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.save() NEW_P = Permission () NEW_P.name = u"Head Teacher of "+ self.grade.grade +"-"+ self.section NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.codename = u"H_"+ self.grade.grade +"_"+ self.section NEW_P.save() if not Permission.objects.filter (codename = "generate_report_card").exists(): NEW_P = Permission () NEW_P.codename = "generate_report_card" NEW_P.name = "Can Generate Report Card" NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.save()
def save(self, *args, **kwargs): if not self.id and hasattr(self, "instance_permissions"): for perm in self.instance_permissions: p = Permission() p.codename = "%s%s" % (perm[0], self.slug) p.name = "%s%s" % (perm[1], self.name) p.content_type = ContentType.objects.get_for_model(self) p.save() return super(PermissionMixIn, self).save(*args, **kwargs)
def test_add_groups_check_permissions(self): for p in Permission.objects.all(): print(p.content_type.app_label + "." + p.codename) p1 = Permission() p1.name = 'Change product price' p1.codename = 'change_product_price' p1.content_type = ContentType.objects.get(id=1) p1.save() self.u1.user_permissions.add(p1)
def test_current_user_permission_is_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() self.user.user_permissions.add(permission) response, json = self.do_get(self.user_perm % 'auth.can_something', username=self.user.username) self.assertEquals(response.status_code, 200) self.assertEquals(json['permissions']['auth.can_something'], True, json)
def test_add_and_test_permissions(self): p1 = Permission() p1.name = 'Change product price' p1.codename = 'change_product_price' p1.content_type = ContentType.objects.get(id=101) p1.save() self.u3.user_permissions.add(p1) self.assertTrue(self.u3.has_perm('account.change_product_price'))
def mutate_and_get_payload(cls, root, info, **kwargs): name = kwargs.get('name') content_type = kwargs.get('content_type') codename = kwargs.get('codename') permission = Permission(name=name, content_type=content_type, codename=codename) permission.save() return CreatePermission(permission=permission)
def test_user_permission(self): """Test to make sure user receive permissions correctly""" p = Permission() p.codename = 'change_product_price' p.name = 'Change the price of a product' p.content_type = ContentType.objects.get(id=1) p.save() self.u1.user_permissions.add(p) self.assertTrue(self.u1.has_perm('admin.change_product_price'))
def _get_permission(self, obj, code, create = False): ct = ContentType.objects.get_for_model(obj) pe = Permission.objects.filter(codename = code, content_type = ct) if pe: pe = pe[0] elif create: pe = Permission(codename = code, content_type = ct, name = 'Can view %s' % force_str(obj._meta.verbose_name)) pe.save() return pe
def test_puede_sustituir_a_otro_usuario(self): # Comienza con dos usuarios user = User.objects.create_user(username='******', password='******') usuario_secundario = User.objects.create_user(username='******', password='******') # Se genera un grupo para el administrador grupo = Group.objects.create(name='coordinador') tipo = ContentType.objects.get(app_label='escuelas', model='evento') puede_administrar = Permission(name='perfil.global', codename='perfil.global', content_type=tipo) puede_administrar.save() grupo.permissions.add(puede_administrar) # Se asigna una region al perfil de usuario region_1 = models.Region.objects.create(numero=1) user.perfil.region = region_1 usuario_secundario.perfil.region = region_1 grupo.save() user.perfil.group = grupo user.save() user.perfil.save() usuario_secundario.perfil.save() usuario_secundario.save() self.client.login(username='******', password='******') self.client.force_authenticate(user=user) response = self.client.get('/api/mi-perfil', format='json') self.assertEqual(response.data['username'], "test") self.assertEqual(len(response.data['grupos']), 1, "Tiene un solo grupo") self.assertEqual(response.data['grupos'][0]['nombre'], 'coordinador', "Tiene asignado el grupo coordinador") # Accede al perfil de otro usuario correctamente response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' % (usuario_secundario.id), format='json') self.assertEqual(response.data['username'], "secundario") self.client.logout() # Si un usuario que no tiene permisos de administrador intenta ver el perfil de otro usuario falla, por falta de permisos self.client.login(username='******', password='******') self.client.force_authenticate(user=usuario_secundario) response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' % (user.id), format='json') self.assertEqual(response.status_code, 500)
def create(self,validated_data): p=Permission() c=ContentType.objects.get(id=7) p.name=validated_data["name"] p.content_type_id=c.id p.codename=validated_data["codename"] p.save() return validated_data
def createProjectPermission(pDesc, pCodeName, groups): projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL, model='project') permission = Permission(name=pDesc, codename=pCodeName, content_type=projectContenType) permission.save() print 'Created permission=%s...' % permission.codename for group in groups: group.permissions.add(permission) group.save() print '...and associated to group=%s' % group.name return permission
def create_permission(request): new_permission=Permission() new_permission.content_type_id=1 new_permission.codename=request.POST.get("codename") new_permission.name=request.POST.get("permission_title") new_permission.save() description=request.POST.get("permission_desc") permission_type=request.POST.get("permission_type") new_permission.save() PermissionService.create_permission_extend(new_permission.id,permission_type, description)
def tagPreSave(sender, instance, created, **kwargs): if not created: return permission = Permission() permission.codename = 'tag_{0}'.format(instance.name) permission.name = 'Can add tag {0}'.format(instance.name) permission.content_type = ContentType.objects.get_for_model(Tag) permission.full_clean() permission.save()
def test_add_check_user_permissions(self): '''Check user permissions''' p1 = Permission() p1.name = 'Change product name' p1.codename = 'change_product_name' ct1 = ContentType.objects.get(id=1) #pulling an object here p1.content_type = ct1 p1.save() self.u1.user_permissions.add(p1) self.u1.has_perm('change_product_name')
def save (self, *args, **kwargs): self.first_name = self.first_name.title() self.father_name = self.father_name.title() super (Parent, self).save(*args, **kwargs) if not Permission.objects.filter (codename = "send_message_p").exists(): NEW_P = Permission () NEW_P.codename = "send_message_p" NEW_P.name = "Can Send Messages to Parents (Directly)" NEW_P.content_type = ContentType.objects.get (app_label="condor", model="parent") NEW_P.save()
def post(self, request): permission_form = CreatePermissionForm(request.POST) if permission_form.is_valid(): permission = Permission(**permission_form.cleaned_data) try: permission.save() return redirect('success', next='permission_list') except Exception as e: return redirect('error', next='permission_add', msg=e.args) else: return redirect('error', next='permission_add', msg=json.dumps(json.load(permission_form.errors.as_json()), ensure_ascii=False))
def test_user_is_checked_for_global_db_permission(self): user = User(is_active=True) user.save() content_type = ContentType(app_label='test_app') content_type.save() permission = Permission(content_type=content_type, codename='test_permission') permission.save() user.user_permissions.add(permission) backend = PermissionBackend() self.assertTrue(backend.has_perm(user, 'test_app.test_permission'))
def get_permission(self, permission_prefix, create_permission=False): permission_codename = u"%s_%s" % (permission_prefix, self.name) permission_description = u"%s %s instances" % (permission_prefix, self.name) try: permission = Permission.objects.get(codename=permission_codename) except Permission.DoesNotExist: content_type = ContentType.objects.get(app_label=APP_LABEL, model='qproject') permission = Permission(codename=permission_codename, name=permission_description, content_type=content_type) if create_permission: permission.save() return permission
def edit_all_permission(self, log=None): ct = ContentType.objects.get_for_model(self) try: p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name()) except Permission.DoesNotExist: p = Permission(content_type=ct, codename=self.edit_all_permission_name(), name="Edit all data for widget %s" % self.name) p.save() if log is not None: print >> log, "Created edit all permission for widget %s" % self.name return p
def employe(request): logger.info('function_call employe(request) ->') if request.method == 'POST': employe = User.objects.get(id = int(request.POST.get('id_record'))) profile = UserProfile.objects.get(user = employe) form = EmployeForm(initial={'username': employe.username, 'email': employe.email, 'firstname': employe.first_name, 'lastname': employe.last_name, 'vacation_days': profile.vacation_days, 'min_hours': profile.min_hours, 'max_hours': profile.max_hours, 'hourly_rate': profile.hourly_rate, 'management': employe.has_perm('auth.management'), 'api': employe.is_staff}) if request.POST.get('action'): if request.POST.get('action') == "modifie": form = EmployeForm(request.POST) if form.is_valid(): employe.username = form.cleaned_data['username'] employe.email = form.cleaned_data['email'] employe.first_name = form.cleaned_data['firstname'] employe.last_name = form.cleaned_data['lastname'] employe.save() profile.vacation_days = form.cleaned_data['vacation_days'] profile.min_hours = form.cleaned_data['min_hours'] profile.max_hours = form.cleaned_data['max_hours'] profile.hourly_rate = form.cleaned_data['hourly_rate'] profile.save() try: permission = Permission.objects.get(codename='management') except Exception: permissionNew = Permission(name = "management", content_type = ContentType.objects.get(model='permission'), codename = "management") permissionNew.save() permission = Permission.objects.get(codename='management') if form.cleaned_data['management'] == True: employe.user_permissions.add(permission) else: employe.user_permissions.remove(permission) if form.cleaned_data['api'] == True: employe.is_staff = 1 employe.save() else: employe.is_staff = 0 employe.save() return HttpResponseRedirect(reverse('staff')) c = {'user':request.user, 'employe':employe, 'form':form, 'SITENAME':settings.SITENAME, 'management':request.user.has_perm('auth.management')} c.update(csrf(request)) return render_to_response('employe.html', c, context_instance=RequestContext(request))
def create_user(self): self.user = User.objects.create_user('test', '*****@*****.**', 'test') self.ct = ContentType(app_label='acknowledgements') self.ct.save() perm = Permission(content_type=self.ct, codename='change_item') perm.save() self.user.user_permissions.add(perm) perm = Permission(content_type=self.ct, codename='change_fabric') perm.save() self.user.user_permissions.add(perm) self.assertTrue(self.user.has_perm('acknowledgements.change_item')) return self.user
def permission(self, log=None): ct = ContentType.objects.get_for_model(self) try: p = Permission.objects.get(content_type=ct, codename=self.permission_name()) except Permission.DoesNotExist: p = Permission(content_type=ct, codename=self.permission_name(), name="upload data files for %s" % self.app) p.save() if log: print >> log, "Created uploader permission for %s" % self.app return p
def create_user(self): self.user = User.objects.create_user('test', '*****@*****.**', 'test') self.ct = ContentType(app_label='acknowledgements') self.ct.save() perm = Permission(content_type=self.ct, codename='change_item') perm.save() self.user.user_permissions.add(perm) perm = Permission(content_type=self.ct, codename='change_fabric') perm.save() self.user.user_permissions.add(perm) self.assertTrue(self.user.has_perm('acknowledgements.change_item')) return self.user
def view_permisions(apps=None): if not apps: apps = ['whs', 'lab', 'energy', 'it'] for app in apps: for c in ContentType.objects.filter(app_label=app): if issubclass(c.model_class(),UrlMixin): p = Permission(codename='view_%s' % c.model, name=u'Можно просматривать %s' % c.name, content_type=c) try: p.validate_unique() except ValidationError: pass else: p.save()
def createProjectPermission(pDesc, pCodeName, groups): projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL, model='project') permission = Permission(name=pDesc, codename=pCodeName, content_type=projectContenType) permission.save() print 'Created permission=%s...' % permission.codename for group in groups: group.permissions.add(permission) group.save() print '...and associated to group=%s' % group.name return permission
def create_permission_if_doesnt_exist(codename, desc, content_type): try: permission = Permission(name=desc, codename=codename, content_type=content_type) permission.save() except IntegrityError: print('permission {} exists'.format(codename)) permission = Permission.objects.get(codename=codename) else: print('created permission {}'.format(codename)) return permission
def test_render_configuracoes(self): # Faz chamada da pagina contentItem = ContentType.objects.get(app_label='core',model='parametro') permission = Permission(name='Can Access Configurations',content_type=contentItem,codename='core_configurations') permission.save() permissions = Permission.objects.all().filter(content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) response = self.client.get('/core/configuracoes/') self.assertEquals(response.status_code, 200)
def add_permissions(self): #busca tabela de models contentItem = ContentType.objects.get(app_label='oportunidade',model='oportunidade') #busca permissoes do model if not contentItem: self.assertTrue(False) customPermission = Permission(name='Dashboard',content_type=contentItem,codename='index_dashboard') customPermission.save() permissions = Permission.objects.filter(content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission)
def edit_all_permission(self, log=None): """ Returns the actual :model:`auth.Permission` permission object required to manually edit all data for this widget family, creating it if it does not already exist. """ ct = ContentType.objects.get_for_model(self) try: p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name()) except Permission.DoesNotExist: p = Permission(content_type=ct, codename=self.edit_all_permission_name(), name="Edit all data for widget %s" % self.name) p.save() if log is not None: print >> log, "Created edit all permission for widget %s" % self.name return p
def test_current_user_multiple_permissions(self): can_perm = Permission(content_type_id=1, name='Can something', codename='can_something') can_perm.save() self.user.user_permissions.add(can_perm) cannot_perm = Permission(content_type_id=1, name='Cannot something', codename='cannot_something') cannot_perm.save() response, json = self.do_get(self.user_perm_q, dict(q=['foo.example', 'auth.can_something', 'auth.cannot_something']), username=self.user.username) self.assertEquals(response.status_code, 200) permissions = json['permissions'] self.assertEquals(permissions['foo.example'], False, json) self.assertEquals(permissions['auth.can_something'], True, json) self.assertEquals(permissions['auth.cannot_something'], False, json)
def permission_add(request): if request.method == "POST": name = request.POST['name'] contenttype = request.POST['contenttype'] codename = request.POST['codename'] #print name,contenttype,codename permission_to_save = Permission( name=name, content_type_id=contenttype, codename=codename, ) permission_to_save.save() return HttpResponseRedirect('/account/manage/permission_list.html') else: content_types = ContentType.objects.all() return render_to_response('perm_add.html',{'content_types':content_types},context_instance=RequestContext(request))
def test_put_change_groups(self): """ Tests adding a group to a user """ #Create groups to be added group1 = Group(name="Testing") group1.save() #Create group to be removed group2 = Group(name='Bye') group2.save() self.user.groups.add(group2) #Create a permission ct = ContentType(name='test') ct.save() perm = Permission(codename='test', name='test', content_type=ct) perm.save() group1.permissions.add(perm) perm = Permission(codename='removed', name='removed', content_type=ct) perm.save() group2.permissions.add(perm) #Check that user has group to be removed and the permissions of that group self.assertEqual(self.user.groups.count(), 1) self.assertEqual(self.user.groups.all()[0].name, 'Bye') #Test the api and response resp = self.client.put('/api/v1/user/1/', format='json', data={'username':'******', 'email': '*****@*****.**', 'first_name': 'Charlie', 'last_name': 'P', 'groups': [{'id': 1, 'name': 'Testing'}]}) self.assertEqual(resp.status_code, 200) self.assertEqual(self.user.groups.count(), 1) self.assertEqual(self.user.groups.all()[0].name, 'Testing') #Tests the returned data user = resp.data self.assertEqual(len(user['groups']), 1) self.assertIn('id', user['groups'][0]) self.assertIn('name', user['groups'][0])
def check_plugin_permissions(): """ Add custom can_use_plugin_* permissions for registered plugins """ logger.endGroup() logger.setGroup('permissions', 'check custom permissions for registered plugins') # Get permission content_type from existing can_submit_jobs permission p = Permission.objects.filter(codename = 'can_submit_jobs')[0] ct = p.content_type for plugin in manager.plugins: perm_name = 'can_use_plugin_' + plugin.id p = Permission.objects.filter(codename = perm_name) if p: logger.log("Permission %s found" % perm_name) else: np = Permission(name = ("Can use %s plugin" % plugin.description)[:50], content_type = ct, codename = perm_name) np.save() logger.log("Added %s permission" % perm_name)
def test_has_perm(self): userObject = User.objects.create_user('testuser', '*****@*****.**', 'test') basic, _ = Group.objects.get_or_create(name='account_basic') userObject.groups.add(basic) userObject.save() self.assertFalse(has_perm(userObject, Group.objects, 'projects.can_view')) userObjectTwo = User.objects.create_user('testuser2', '*****@*****.**', 'test') premium, _ = Group.objects.get_or_create(name='account_premium') userObjectTwo.groups.add(premium) userObjectTwo.save() project_ct = ContentType.objects.get(app_label='projects', model='Project') can_view = Permission(name='Test Permssion', codename='test_perm', content_type=project_ct) can_view.save() premium.permissions.add(can_view) self.assertTrue(has_perm(userObjectTwo, Group.objects, 'projects.test_perm'))
def permission_add(module, using=None): ''' 添加自定义权限 ''' content_type = None try: if not using: content_type = ContentType.objects.get(app_label=settings.PERMISSION_APP, model=module) else: content_type = ContentType.objects.using(using).get(app_label=settings.PERMISSION_APP, model=module) except: content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module) content_type.save(using=using) for op in operations.values(): try: perm = Permission(codename='%s_%s'%(op,module),name='can %s %s'%(op,module),content_type=content_type) perm.save(using=using) except: pass
def save(self, force_insert=False, force_update=False, using=None, update_fields=None): try: content_type = ContentType.objects.get(app_label="frontend", model="Article", name="文章板块权限") except: content_type = ContentType(app_label="frontend", model="Article", name="文章板块权限") content_type.save() translate = {"add": "添加", "delete": "删除", "change": "修改"} for permission in ["add", "delete", "change"]: try: codename = permission + "_" + self.codename + "_articles" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的文章" codename = permission + "_" + self.codename + "_articles" p = Permission(name=name, content_type=content_type, codename=codename) p.save() if self.order == None: self.order = self.id result = super(MainMenu, self).save() return result
def save (self, *args, **kwargs): PREVIOUS_LEVEL = None if self.id != None: # Testing whether or not the object is being edited or being created PREVIOUS_LEVEL = Level.objects.get (pk = self.id) super (Level, self).save(*args, **kwargs) if PREVIOUS_LEVEL != None: # If we know the object is being edited, we have to test whether or not the object is affiliated with permissions if true permission updates necessary if self.grade != PREVIOUS_LEVEL.grade: # if change in grade occurred, we have to remove all permissions associated with the previous grade level Permission.objects.filter (codename__istartswith = PREVIOUS_LEVEL.grade +"_").delete() # Deleted all associated permissions with the previous grade if self.classroom_set.count(): # Testing whether or not the edited level object is associated with class room, if so NEW permission set is necessary for CR in self.classroom_set.all(): for S in self.subject.all(): # Permission Structure # codename: {Level.grade}_{ClassRoom.section}_{Subject.name} # name: {Level.grade}-{ClassRoom.section}: {Subject.name} NEW_P = Permission() NEW_P.codename = self.grade +"_"+ CR.section +"_"+ S.name NEW_P.name = self.grade +"-"+ CR.section +": "+ S.name NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.save()