def test_filer_ajax_upload_permissions_error(self, extra_headers={}): self.client.logout() staff_user = User.objects.create_user(username='******', password='******', email='*****@*****.**') staff_user.is_staff = True staff_user.save() self.client.login(username='******', password='******') self.assertEqual(Image.objects.count(), 0) folder = Folder.objects.create(name='foo') file_obj = django.core.files.File(open(self.filename, 'rb')) with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True): # give permissions over BAR FolderPermission.objects.create( folder=folder, user=staff_user, type=FolderPermission.THIS, can_edit=FolderPermission.DENY, can_read=FolderPermission.ALLOW, can_add_children=FolderPermission.DENY) url = reverse('admin:filer-ajax_upload', kwargs={'folder_id': folder.pk }) + '?filename={0}'.format(self.image_name) response = self.client.post( url, data=file_obj.read(), content_type='application/octet-stream', **{'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest'}) from filer.admin.clipboardadmin import NO_PERMISSIONS_FOR_FOLDER self.assertContains(response, NO_PERMISSIONS_FOR_FOLDER) self.assertEqual(Image.objects.count(), 0)
def test_filer_upload_permissions_error(self, extra_headers={}): self.client.logout() staff_user = User.objects.create_user(username='******', password='******', email='*****@*****.**') staff_user.is_staff = True staff_user.save() self.client.login(username='******', password='******') self.assertEqual(Image.objects.count(), 0) folder = Folder.objects.create(name='foo') file_obj = django.core.files.File(open(self.filename, 'rb')) with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True): # give permissions over BAR FolderPermission.objects.create( folder=folder, user=staff_user, type=FolderPermission.THIS, can_edit=FolderPermission.DENY, can_read=FolderPermission.ALLOW, can_add_children=FolderPermission.DENY) url = reverse('admin:filer-ajax_upload', kwargs={'folder_id': folder.pk}) post_data = { 'Filename': self.image_name, 'Filedata': file_obj, 'jsessionid': self.client.session.session_key } response = self.client.post(url, post_data, **extra_headers) from filer.admin.clipboardadmin import NO_PERMISSIONS_FOR_FOLDER self.assertContains(response, NO_PERMISSIONS_FOR_FOLDER) self.assertEqual(Image.objects.count(), 0)
def test_folder_ownership(self): with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True): response = self.client.get( reverse('admin:filer-directory_listing', kwargs={'folder_id': self.parent.id})) item_list = response.context['paginated_items'].object_list # user sees only 1 folder : FOO # he doesn't see BAR, BAZ and SPAM because he doesn't own them # and no permission has been given self.assertEquals( set(folder.pk for folder, folder_perms in item_list), set([self.foo_folder.pk]))
def test_with_permissions_disabled(self): with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=False): response = self.client.get( reverse('admin:filer-directory_listing', kwargs={'folder_id': self.parent.id})) item_list = response.context['paginated_items'].object_list # user sees all items: FOO, BAR, BAZ, SAMP self.assertEquals( set(folder.pk for folder, folder_perms in item_list), set([ self.foo_folder.pk, self.bar_folder.pk, self.baz_folder.pk, self.spam_file.pk ]))
def test_with_permission_given_to_folder(self): with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True): # give permissions over BAR FolderPermission.objects.create( folder=self.bar_folder, user=self.staff_user, type=FolderPermission.THIS, can_edit=FolderPermission.ALLOW, can_read=FolderPermission.ALLOW, can_add_children=FolderPermission.ALLOW) response = self.client.get( reverse('admin:filer-directory_listing', kwargs={'folder_id': self.parent.id})) item_list = response.context['paginated_items'].object_list # user sees 2 folder : FOO, BAR self.assertEquals( set(folder.pk for folder, folder_perms in item_list), set([self.foo_folder.pk, self.bar_folder.pk]))
def test_dump_load_data_content(self): """ Testing the dump / load with full dump of file content data """ with SettingsOverride(filer_settings, FILER_DUMP_PAYLOAD=True): # Initialize the test data create_folder_structure(1, 1) fileobj = self.create_filer_file(Folder.objects.all()[0]) jdata = StringIO() # Dump the current data fobj = tempfile.NamedTemporaryFile(suffix=".json", delete=False) call_command("dumpdata", "filer", stdout=jdata, indent=3) # Delete database and filesystem data and complete = os.path.join(fileobj.file.storage.location, fileobj.path) os.unlink(complete) fileobj.delete() # Dump data to json file fobj.write(jdata.getvalue().encode('utf-8')) fobj.seek(0) # Load data back call_command("loaddata", fobj.name, stdout=jdata) # Database data is restored self.assertEqual(Folder.objects.all().count(), 1) self.assertEqual(File.objects.all().count(), 1) self.assertEqual(File.objects.all()[0].original_filename, self.image_name) fileobj = File.objects.all()[0] complete = os.path.join(fileobj.file.storage.location, fileobj.path) # Filesystem data too! self.assertTrue(os.path.exists(complete))