def test_anonymous_get_only_owner_s_assignments(self):
self.client.logout()
permission_list_response = self.client.get(self.asset_permissions_list_url,
format='json')
self.assertEqual(permission_list_response.status_code, status.HTTP_200_OK)
admin_perms = self.asset.get_perms(self.admin)
results = permission_list_response.data
# Get admin permissions.
expected_perms = []
for admin_perm in admin_perms:
if admin_perm in Asset.get_assignable_permissions():
expected_perms.append((self.admin.username, admin_perm))
expected_perms = sorted(expected_perms, key=lambda element: (element[0],
element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((object_permission.user.username,
object_permission.permission.codename))
obj_perms = sorted(obj_perms, key=lambda element: (element[0],
element[1]))
self.assertEqual(expected_perms, obj_perms)
def test_editors_see_only_self_anon_and_owner_assignments(self):
self.client.login(username='******', password='******')
permission_list_response = self.client.get(
self.get_asset_perm_assignment_list_url(self.asset), format='json')
self.assertEqual(permission_list_response.status_code,
status.HTTP_200_OK)
results = permission_list_response.data
assignable_perms = Asset.get_assignable_permissions()
expected_perms = []
for user in [
self.admin,
self.someuser,
# Permissions assigned to self.anotheruser must not appear
get_anonymous_user(),
]:
user_perms = self.asset.get_perms(user)
expected_perms.extend(
(user.username, perm)
for perm in set(user_perms).intersection(assignable_perms))
expected_perms = sorted(expected_perms,
key=lambda element: (element[0], element[1]))
obj_perms = []
for assignment in results:
object_permission = self.url_to_obj(assignment.get('url'))
obj_perms.append((
object_permission.user.username,
object_permission.permission.codename,
))
obj_perms = sorted(obj_perms,
key=lambda element: (element[0], element[1]))
self.assertEqual(expected_perms, obj_perms)
def setUp(self):
self.client.login(username='******', password='******')
self.current_username = '******'
self.asset = Asset.objects.filter(owner__username='******').first()
self.list_url = reverse(self._get_endpoint('asset-file-list'), args=[self.asset.uid])
# TODO: change the fixture so every asset's owner has all expected
# permissions? For now, call `save()` to recalculate permissions and
# verify the result
self.asset.save()
self.assertListEqual(
sorted(list(self.asset.get_perms(self.asset.owner))),
sorted(list(Asset.get_assignable_permissions(False) +
Asset.CALCULATED_PERMISSIONS))
)
