def handle(self, *args, **options): verbose = options.get("verbose", True) permissions = args ## Check if there are any assignments, optionally skip those? ## if the state is published, fix view perm XXX ## (or even better: properly define and consult workflow) for m in models.get_models(include_auto_created=True): if not issubclass(m, Content) or not type_registry.get(m.get_name()): continue for c in m.objects.all(): s = c.spoke() wf = s.workflow() state = c.state wfassignment = wf.permission_assignment.get(state) for permission in map(auth.Permission, permissions): classassignment = getattr(s, "permission_assignment", {}).get(permission) if not classassignment: continue assignments = RolePermission.assignments(c).filter(permission=permission) if assignments.count() == 0: if verbose: print c.title, s, "has no assignment for", permission for role in classassignment: RolePermission.assign(c, role, permission).save() if wfassignment and wfassignment.get(permission): s.update_perms(c, {permission: wfassignment[permission]})
def test_assign_perms_explicit(self, pp, client): t = Type1Type.create() t.save() assign_perms(t.instance, {p.view_content: (roles.owner,)}) assert RolePermission.assignments(t.instance).exists() a = RolePermission.assignments(t.instance).all()[0] assert a.role == roles.owner assert a.permission == p.view_content
def test_update_perms(self, pp, client): t = Type1Type.create() t.save() assign_perms(t.instance, {Permission("p"): (Role("r"),)}) update_perms(t.instance, {Permission("p"): (Role("r1"),)}) assert RolePermission.assignments(t.instance).count() == 1 a = RolePermission.assignments(t.instance).all()[0] assert a.role == Role("r1") assert a.permission == Permission("p")
def test_assign_perms_twice(self, pp, client): t = Type1Type.create() t.save() assign_perms(t.instance, {Permission("p1"): (Role("r1"),)}) assign_perms(t.instance, {Permission("p2"): (Role("r2"),)}) assert RolePermission.assignments(t.instance).count() == 2 a = RolePermission.assignments(t.instance).all() assert set((x.role for x in a)) == set((Role("r1"), Role("r2"))) assert set((x.permission for x in a)) == \ set((Permission("p1"), Permission("p2")))
def auth(self, handler, request, action): ## ## If post, handle/reset perm changes if request.method == "POST": existing = RolePermission.assignments(self.instance) assignments = request.POST.getlist('assignment') for e in existing: if "{0}/{1}".format(e.permission, e.role) not in assignments: e.delete() for assignment in assignments: perm, role = assignment.split('/', 1) RolePermission.assign(self.instance, Role(role), Permission(perm)).save() ctx = {'spoke':self} roles = Role.all() permissions = [] ## order roles, permissions (alphabetically?) for perm in Permission.all(): d = dict(perm=perm, roles=[]) perms_per_role = RolePermission.assignments( self.instance).filter( permission=perm.id, ).values_list('role', flat=True) r = [] for role in roles: r.append(dict(role=role, checked=role.id in perms_per_role)) d['roles'] = r permissions.append(d) ctx['roles'] = roles ctx['permissions'] = permissions return handler.template("wheelcms_axle/edit_permissions.html", **ctx)
def test_update_perms_add(self, pp, client): t = Type1Type.create() t.save() assign_perms(t.instance, {Permission("p"): (Role("r"),)}) update_perms(t.instance, {Permission("p1"): (Role("r1"),)}) rp = RolePermission.assignments(t.instance) assert rp.count() == 2 assert set((i.permission, i.role) for i in rp) == \ set(((Permission("p"), Role("r")), (Permission("p1"), Role("r1"))))
def test_assignment(self, pp, client): t = Type1Type.create() t.save() assert RolePermission.assignments(t.instance).count() == 1
def test_assignment_blank(self, pp, client): t = Type1Type.create() t.save() # import pytest; pytest.set_trace() assert not RolePermission.assignments(t.instance).exists()
def update_perms(instance, permdict): for permission, roles in permdict.iteritems(): RolePermission.clear(instance, permission) for role in roles: RolePermission.assign(instance, role, permission).save()
def assign_perms(instance, permdict): """ invoked by a signal handler upon creation: Set initial permissions """ for permission, roles in permdict.iteritems(): for role in roles: RolePermission.assign(instance, role, permission).save()