def grant_teacher_permissions(request, *args, **kwargs):
"""
Grant suitable permissions to teacher if he is actually one
and does not have the permission
"""
from ikwen_foulassi.foulassi.models import TEACHERS
member = request.user
obj = UserPermissionList.objects.get(user=member)
grp = Group.objects.get(name=TEACHERS)
is_teacher = grp.id in obj.group_fk_list
if is_teacher:
classroom_ct = ContentType.objects.get_for_model(Classroom)
score_ct = ContentType.objects.get_for_model(Score)
try:
perm1 = Permission.objects.get(codename='ik_manage_classroom',
content_type=classroom_ct)
except Permission.DoesNotExist:
perm1 = Permission.objects \
.create(codename='ik_manage_classroom', name='Access classroom as teacher', content_type=classroom_ct)
try:
perm2 = Permission.objects.get(codename='ik_access_scores',
content_type=score_ct)
except Permission.DoesNotExist:
perm2 = Permission.objects \
.create(codename='ik_access_scores', name='Access student scores', content_type=score_ct)
if not member.has_perm(perm1):
add_permission_to_user(perm1, member)
if not member.has_perm(perm2):
add_permission_to_user(perm2, member)
request.session['is_teacher'] = is_teacher
def test_list_collaborators(self):
"""
Lists collaborators with name containing the query 'q' and return a JSON Array of objects.
Collaborators have their field collaborates_on carrying the current service
"""
ct = ContentType.objects.all()[0]
Permission.objects.all().delete()
perm1 = Permission.objects.create(codename='ik_action1',
name="Can do action 1",
content_type=ct)
m4 = Member.objects.get(username='******')
add_permission_to_user(perm1, m4)
self.client.login(username='******', password='******')
response = self.client.get(reverse('ikwen:list_collaborators'),
{'q': 'tch'})
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.content)
self.assertEqual(len(json_response), 2)
self.assertEqual(json_response[0]['id'], '56eb6d04b37b3379b531e013')
def test_staff_router(self):
"""
Make sure STAFF_ROUTER routes to the correct view
"""
ct = ContentType.objects.get(name='template', app_label='theming')
Permission.objects.all().delete()
perm3 = Permission.objects.create(codename='ik_action3',
name="Can do action 3",
content_type=ct)
m3 = Member.objects.get(username='******')
m3.is_staff = True
m3.email_verified = True
m3.save()
add_permission_to_user(perm3, m3)
self.client.login(username='******', password='******')
response = self.client.get(reverse('ikwen:staff_router'), follow=True)
final = response.redirect_chain[-1]
location = final[0].replace('?splash=yes',
'').strip('/').split('/')[-1]
self.assertEqual(location, 'ikwen-service-2')
def test_Community_load_member_detail(self):
"""
Make sure the action is working
"""
ct = ContentType.objects.all()[0]
Permission.objects.all().delete()
perm1 = Permission.objects.create(codename='ik_action1',
name="Can do action 1",
content_type=ct)
m3 = Member.objects.get(username='******')
add_permission_to_user(perm1, m3)
self.client.login(username='******', password='******')
response = self.client.get(
reverse('ikwen:community'), {
'action': 'load_member_detail',
'member_id': '56eb6d04b37b3379b531e013'
})
self.assertEqual(response.status_code, 200)
self.assertIsNotNone(response.context['member'])
self.assertEqual(len(response.context['permission_list']), 1)
self.assertIsNotNone(response.context['profiletag_list'])
def test_set_collaborator_permissions(self):
"""
Setting collaborator's permissions clears preceding permissions and just reset them as new.
This done to avoid to append the same permission multiple times in the permissions lists.
Note that adding permissions to a Member automatically sets him as staff
"""
ct = ContentType.objects.all()[0]
Permission.objects.all().delete()
perm1 = Permission.objects.create(codename='ik_action1',
name="Can do action 1",
content_type=ct)
perm2 = Permission.objects.create(codename='ik_action2',
name="Can do action 2",
content_type=ct)
perm3 = Permission.objects.create(codename='ik_action3',
name="Can do action 3",
content_type=ct)
perm4 = Permission.objects.create(codename='ik_action4',
name="Can do action 4",
content_type=ct)
m3 = Member.objects.get(username='******')
add_permission_to_user(perm1, m3)
add_permission_to_user(perm2, m3)
self.client.login(username='******', password='******')
response = self.client.get(
reverse('ikwen:set_collaborator_permissions'), {
'member_id': m3.id,
'permission_ids': perm3.id + ',' + perm4.id
})
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.content)
self.assertTrue(json_response['success'])
m3 = Member.objects.get(username='******')
obj = UserPermissionList.objects.get(user=m3)
self.assertIn(perm3.id, obj.permission_fk_list)
self.assertIn(perm4.id, obj.permission_fk_list)
self.assertTrue(m3.is_staff)
def test_move_member_to_group(self):
"""
Moving member to a group sets permission_list and group_fk_list accordingly
"""
call_command('loaddata', 'ikwen_members.yaml', database='umbrella')
ct = ContentType.objects.all()[0]
Permission.objects.all().delete()
perm1 = Permission.objects.create(codename='ik_action1',
name="Can do action 1",
content_type=ct)
m3 = Member.objects.get(username='******')
add_permission_to_user(perm1, m3)
self.client.login(username='******', password='******')
response = self.client.get(reverse('ikwen:move_member_to_group'), {
'member_id': m3.id,
'group_id': '5804b37b3379b531e01eb6d1'
})
self.assertEqual(response.status_code, 200)
obj = UserPermissionList.objects.get(user=m3)
self.assertListEqual(obj.permission_list, [])
self.assertListEqual(obj.permission_fk_list, [])
self.assertListEqual(obj.group_fk_list, ['5804b37b3379b531e01eb6d1'])
m3_umbrella = Member.objects.using('umbrella').get(username='******')
self.assertIn('5804b37b3379b531e01eb6d1', m3_umbrella.group_fk_list)
def assign(perm, user_or_group, obj=None):
"""
Assigns permission to user/group and object pair.
:param perm: proper permission for given ``obj``, as string (in format:
``app_label.codename`` or ``codename``). If ``obj`` is not given, must
be in format ``app_label.codename``.
:param user_or_group: instance of ``User``, ``AnonymousUser`` or ``Group``;
passing any other object would raise
``guardian.exceptions.NotUserNorGroup`` exception
:param obj: persisted Django's ``Model`` instance or ``None`` if assigning
global permission. Default is ``None``.
We can assign permission for ``Model`` instance for specific user:
>>> from django.contrib.sites.models import Site
>>> from django.contrib.auth.models import User, Group
>>> from guardian.shortcuts import assign
>>> site = Site.objects.get_current()
>>> user = User.objects.create(username='******')
>>> assign("change_site", user, site)
<UserObjectPermission: example.com | joe | change_site>
>>> user.has_perm("change_site", site)
True
... or we can assign permission for group:
>>> group = Group.objects.create(name='joe-group')
>>> user.groups.add(group)
>>> assign("delete_site", group, site)
<GroupObjectPermission: example.com | joe-group | delete_site>
>>> user.has_perm("delete_site", site)
True
**Global permissions**
This function may also be used to assign standard, *global* permissions if
``obj`` parameter is omitted. Added Permission would be returned in that
case:
>>> assign("sites.change_site", user)
<Permission: sites | site | Can change site>
"""
user, group = get_identity(user_or_group)
# If obj is None we try to operate on global permissions
if obj is None:
try:
app_label, codename = perm.split('.', 1)
except ValueError:
raise ValueError("For global permissions, first argument must be in"
" format: 'app_label.codename' (is %r)" % perm)
ctype = ContentType.objects.get(app_label=app_label)
perm = Permission.objects.get(content_type=ctype,
codename=codename)
if user:
add_permission_to_user(perm, user)
return perm
if group:
add_permission_to_group(perm, group)
return perm
perm = perm.split('.')[-1]
if user:
return UserObjectPermission.objects.assign(perm, user, obj)
if group:
return GroupObjectPermission.objects.assign(perm, group, obj)