def test_groups_perms(self): group1 = Group.objects.create(name="group1") group2 = Group.objects.create(name="group2") group3 = Group.objects.create(name="group3") groups = [group1, group2, group3] for group in groups: self.user.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by("id")) assign_perm("auth.change_group", self.user) assign_perm("change_contenttype", self.user, ctypes[0]) assign_perm("change_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[2]) assign_perm("change_contenttype", groups[0], ctypes[3]) assign_perm("change_contenttype", groups[1], ctypes[3]) assign_perm("change_contenttype", groups[2], ctypes[4]) assign_perm("delete_contenttype", groups[0], ctypes[0]) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"]) self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4])) objects = get_objects_for_user( self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"] ) self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1])) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"]) self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4]))
def test_anonymous(self): self.user = AnonymousUser() ctypes = ContentType.objects.all() objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes) obj1 = ContentType.objects.create(model="foo", app_label="guardian-tests") assign_perm("change_contenttype", self.user, obj1) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes) self.assertEqual(set([obj1]), set(objects))
def test_anonymous(self): ctypes = ContentType.objects.all() objects = get_objects_for_user(self.contributor, ['contenttypes.change_contenttype'], ctypes) obj1 = ContentType.objects.create( model='foo', app_label='guardian-tests') assign_perm('change_contenttype', self.contributor, obj1) objects = get_objects_for_user(self.contributor, ['contenttypes.change_contenttype'], ctypes) self.assertEqual(set([obj1]), set(objects))
def test_object_based_permission_with_groups_3perms(self): group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: self.contributor.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by('id')) assign_perm('contenttypes.change_contenttype', self.contributor) assign_perm('change_contenttype', self.contributor, ctypes[0]) assign_perm('change_contenttype', self.contributor, ctypes[1]) assign_perm('delete_contenttype', self.contributor, ctypes[1]) assign_perm('delete_contenttype', self.contributor, ctypes[2]) # add_contenttype does not make sense, here just for testing purposes, # to also cover one if branch in function. assign_perm('add_contenttype', self.contributor, ctypes[1]) assign_perm('change_contenttype', groups[0], ctypes[3]) assign_perm('change_contenttype', groups[1], ctypes[3]) assign_perm('change_contenttype', groups[2], ctypes[4]) assign_perm('delete_contenttype', groups[0], ctypes[0]) assign_perm('add_contenttype', groups[0], ctypes[0]) objects = get_objects_for_user( self.contributor, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype', 'contenttypes.add_contenttype'], accept_global_perms=True) self.assertEqual( set(objects.values_list('id', flat=True)), set([ctypes[0].id, ctypes[1].id]))
def test_object_based_permission_with_groups_3perms(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: self.user.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by("id")) assign_perm("contenttypes.change_contenttype", self.user) assign_perm("change_contenttype", self.user, ctypes[0]) assign_perm("change_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[2]) # add_contenttype does not make sense, here just for testing purposes, # to also cover one if branch in function. assign_perm("add_contenttype", self.user, ctypes[1]) assign_perm("change_contenttype", groups[0], ctypes[3]) assign_perm("change_contenttype", groups[1], ctypes[3]) assign_perm("change_contenttype", groups[2], ctypes[4]) assign_perm("delete_contenttype", groups[0], ctypes[0]) assign_perm("add_contenttype", groups[0], ctypes[0]) objects = get_objects_for_user( self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype", "contenttypes.add_contenttype"], accept_global_perms=True, ) self.assertEqual(set(objects.values_list("id", flat=True)), set([ctypes[0].id, ctypes[1].id]))
def duplicate(self, contributor=None): """Duplicate (make a copy).""" duplicate = Collection.objects.get(id=self.id) duplicate.pk = None duplicate.slug = None duplicate.name = 'Copy of {}'.format(self.name) duplicate.duplicated = now() if contributor: duplicate.contributor = contributor duplicate.save(force_insert=True) assign_contributor_permissions(duplicate) # Fields to inherit from original data object. duplicate.created = self.created duplicate.save() # Duplicate collection's entities. entities = get_objects_for_user(contributor, 'view_entity', self.entity_set.all()) # pylint: disable=no-member duplicated_entities = entities.duplicate(contributor=contributor) duplicate.entity_set.add(*duplicated_entities) # Add duplicated data objects to collection. for duplicated_entity in duplicate.entity_set.all(): duplicate.data.add(*duplicated_entity.data.all()) return duplicate
def test_with_superuser_false(self): self.user.is_superuser = True ctypes = ContentType.objects.all() obj1 = ContentType.objects.create(model="foo", app_label="guardian-tests") assign_perm("change_contenttype", self.user, obj1) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes, with_superuser=False) self.assertEqual(set([obj1]), set(objects))
def test_with_superuser_false(self): ctypes = ContentType.objects.all() obj1 = ContentType.objects.create( model='foo', app_label='guardian-tests') assign_perm('change_contenttype', self.admin, obj1) objects = get_objects_for_user(self.admin, ['contenttypes.change_contenttype'], ctypes, with_superuser=False) self.assertEqual(set([obj1]), set(objects))
def test_simple(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm("change_group", self.user, group) objects = get_objects_for_user(self.user, ["auth.change_group"]) self.assertEqual(len(objects), len(groups)) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects), set(groups))
def test_any_of_multi_perms(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] assign_perm("auth.change_group", self.user, groups[0]) assign_perm("auth.delete_group", self.user, groups[2]) objects = get_objects_for_user(self.user, ["auth.change_group", "auth.delete_group"], any_perm=True) self.assertEqual(len(objects), 2) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects.values_list("name", flat=True)), set([groups[0].name, groups[2].name]))
def test_has_any_permissions(self): # We use groups as objects. group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm("change_group", self.user, group) objects = get_objects_for_user(self.user, [], Group) self.assertEqual(len(objects), len(groups)) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects), set(groups))
def test_object_based_permission_without_global_permission(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] # global permission to delete any group perm_global = "auth.delete_group" perm_obj = "auth.delete_group" assign_perm(perm_global, self.user) assign_perm(perm_obj, self.user, groups[0]) objects = get_objects_for_user(self.user, [perm_obj], accept_global_perms=False) remove_perm(perm_global, self.user) self.assertEqual(set(objects.values_list("name", flat=True)), set([groups[0].name]))
def test_multi_perms_no_groups(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm("auth.change_group", self.user, group) assign_perm("auth.delete_group", self.user, groups[1]) objects = get_objects_for_user(self.user, ["auth.change_group", "auth.delete_group"], use_groups=False) self.assertEqual(len(objects), 1) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(set(objects.values_list("name", flat=True)), set([groups[1].name]))
def _get_entities(self, user, ids): """Return entities queryset based on provided entity ids.""" queryset = get_objects_for_user(user, 'view_entity', Entity.objects.filter(id__in=ids)) actual_ids = queryset.values_list('id', flat=True) missing_ids = list(set(ids) - set(actual_ids)) if missing_ids: raise exceptions.ParseError( "Entities with the following ids not found: {}" .format(', '.join(map(str, missing_ids))) ) return queryset
def test_has_global_permission_and_object_based_permission(self): group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] # global permission to change any group perm_global = 'auth.change_group' perm_obj = 'delete_group' assign_perm(perm_global, self.contributor) assign_perm(perm_obj, self.contributor, groups[0]) objects = get_objects_for_user(self.contributor, [perm_global, perm_obj]) remove_perm(perm_global, self.contributor) self.assertEqual(set(objects.values_list('name', flat=True)), set([groups[0].name]))
def test_simple(self): group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm('change_group', self.contributor, group) objects = get_objects_for_user(self.contributor, ['auth.change_group']) self.assertEqual(len(objects), len(groups)) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual( set(objects), set(groups))
def test_has_global_permission_and_object_based_permission_any_perm(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] # global permission to change any group perm_global = "auth.change_group" # object based permission to change only a specific group perm_obj = "auth.delete_group" assign_perm(perm_global, self.user) assign_perm(perm_obj, self.user, groups[0]) objects = get_objects_for_user(self.user, [perm_global, perm_obj], any_perm=True, accept_global_perms=True) remove_perm(perm_global, self.user) self.assertEqual(set(objects), set(Group.objects.all()))
def test_has_global_permission_only(self): group_names = ["group1", "group2", "group3"] for name in group_names: Group.objects.create(name=name) # global permission to change any group perm = "auth.change_group" assign_perm(perm, self.user) objects = get_objects_for_user(self.user, perm) remove_perm(perm, self.user) self.assertEqual(set(objects), set(Group.objects.all()))
def test_any_of_multi_perms(self): group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] assign_perm('auth.change_group', self.contributor, groups[0]) assign_perm('auth.delete_group', self.contributor, groups[2]) objects = get_objects_for_user(self.contributor, ['auth.change_group', 'auth.delete_group'], any_perm=True) self.assertEqual(len(objects), 2) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual( set(objects.values_list('name', flat=True)), set([groups[0].name, groups[2].name]))
def test_groups_perms(self): group1 = Group.objects.create(name='group1') group2 = Group.objects.create(name='group2') group3 = Group.objects.create(name='group3') groups = [group1, group2, group3] for group in groups: self.contributor.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by('id')) assign_perm('auth.change_group', self.contributor) assign_perm('change_contenttype', self.contributor, ctypes[0]) assign_perm('change_contenttype', self.contributor, ctypes[1]) assign_perm('delete_contenttype', self.contributor, ctypes[1]) assign_perm('delete_contenttype', self.contributor, ctypes[2]) assign_perm('change_contenttype', groups[0], ctypes[3]) assign_perm('change_contenttype', groups[1], ctypes[3]) assign_perm('change_contenttype', groups[2], ctypes[4]) assign_perm('delete_contenttype', groups[0], ctypes[0]) objects = get_objects_for_user(self.contributor, ['contenttypes.change_contenttype']) self.assertEqual( set(objects.values_list('id', flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4])) objects = get_objects_for_user(self.contributor, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype']) self.assertEqual( set(objects.values_list('id', flat=True)), set(ctypes[i].id for i in [0, 1])) objects = get_objects_for_user(self.contributor, ['contenttypes.change_contenttype']) self.assertEqual( set(objects.values_list('id', flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4]))
def test_has_global_permission_only(self): group_names = ['group1', 'group2', 'group3'] for name in group_names: Group.objects.create(name=name) # global permission to change any group perm = 'auth.change_group' assign_perm(perm, self.contributor) objects = get_objects_for_user(self.contributor, perm) remove_perm(perm, self.contributor) self.assertEqual(set(objects), set(Group.objects.all()))
def test_multi_perms_no_groups(self): group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: assign_perm('auth.change_group', self.contributor, group) assign_perm('auth.delete_group', self.contributor, groups[1]) objects = get_objects_for_user(self.contributor, ['auth.change_group', 'auth.delete_group'], use_groups=False) self.assertEqual(len(objects), 1) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual( set(objects.values_list('name', flat=True)), set([groups[1].name]))
def duplicate(self, contributor=None, inherit_collections=False): """Duplicate (make a copy).""" duplicate = Entity.objects.get(id=self.id) duplicate.pk = None duplicate.slug = None duplicate.name = 'Copy of {}'.format(self.name) duplicate.duplicated = now() if contributor: duplicate.contributor = contributor duplicate.save(force_insert=True) assign_contributor_permissions(duplicate) # Override fields that are automatically set on create. duplicate.created = self.created duplicate.save() # Duplicate entity's data objects. data = get_objects_for_user(contributor, 'view_data', self.data.all()) # pylint: disable=no-member duplicated_data = data.duplicate(contributor) duplicate.data.add(*duplicated_data) if inherit_collections: collections = get_objects_for_user( contributor, 'add_collection', self.collections.all() # pylint: disable=no-member ) for collection in collections: collection.entity_set.add(duplicate) copy_permissions(collection, duplicate) collection.data.add(*duplicated_data) for datum in duplicated_data: copy_permissions(collection, datum) return duplicate
def filter_queryset(self, request, queryset, view): """Filter permissions queryset.""" user = request.user app_label = queryset.model._meta.app_label # pylint: disable=protected-access model_name = queryset.model._meta.model_name # pylint: disable=protected-access kwargs = {} if model_name == 'storage': model_name = 'data' kwargs['perms_filter'] = 'data__pk__in' permission = '{}.view_{}'.format(app_label, model_name) return get_objects_for_user(user, permission, queryset, **kwargs)
def duplicate(self, request, *args, **kwargs): """Duplicate (make copy of) ``Collection`` models.""" if not request.user.is_authenticated: raise exceptions.NotFound ids = self.get_ids(request.data) queryset = get_objects_for_user(request.user, 'view_collection', Collection.objects.filter(id__in=ids)) actual_ids = queryset.values_list('id', flat=True) missing_ids = list(set(ids) - set(actual_ids)) if missing_ids: raise exceptions.ParseError( "Collections with the following ids not found: {}".format(', '.join(map(str, missing_ids))) ) duplicated = queryset.duplicate(contributor=request.user) serializer = self.get_serializer(duplicated, many=True) return Response(serializer.data)
def perform_get_or_create(self, request, *args, **kwargs): """Perform "get_or_create" - return existing object if found.""" serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) process = serializer.validated_data.get('process') process_input = request.data.get('input', {}) fill_with_defaults(process_input, process.input_schema) checksum = get_data_checksum(process_input, process.slug, process.version) data_qs = Data.objects.filter( checksum=checksum, process__persistence__in=[Process.PERSISTENCE_CACHED, Process.PERSISTENCE_TEMP], ) data_qs = get_objects_for_user(request.user, 'view_data', data_qs) if data_qs.exists(): data = data_qs.order_by('created').last() serializer = self.get_serializer(data) return Response(serializer.data)
def test_object_based_permission_with_groups_2perms(self): group_names = ["group1", "group2", "group3"] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: self.user.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by("id")) assign_perm("contenttypes.change_contenttype", self.user) assign_perm("change_contenttype", self.user, ctypes[0]) assign_perm("change_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[2]) assign_perm("change_contenttype", groups[0], ctypes[3]) assign_perm("change_contenttype", groups[1], ctypes[3]) assign_perm("change_contenttype", groups[2], ctypes[4]) assign_perm("delete_contenttype", groups[0], ctypes[0]) objects = get_objects_for_user( self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"], accept_global_perms=True ) self.assertEqual(set(objects.values_list("id", flat=True)), set([ctypes[0].id, ctypes[1].id, ctypes[2].id]))
def handle_get_process_requirements( self, message: Message[int], manager: "Processor") -> Response[dict]: """Return the requirements for the process with the given id.""" process_id = message.message_data filtered_process = get_objects_for_user( manager.contributor, get_full_perm("view", Process), Process.objects.filter(pk=process_id), ) process_requirements, process_slug = filtered_process.values_list( "requirements", "slug").get() resources = process_requirements.get("resources", {}) # Get limit defaults and overrides. limit_defaults = getattr(settings, "FLOW_PROCESS_RESOURCE_DEFAULTS", {}) limit_overrides = getattr(settings, "FLOW_PROCESS_RESOURCE_OVERRIDES", {}) limits = {} limits["cores"] = int(resources.get("cores", 1)) max_cores = getattr(settings, "FLOW_PROCESS_MAX_CORES", None) if max_cores: limits["cores"] = min(limits["cores"], max_cores) memory = limit_overrides.get("memory", {}).get(process_slug, None) if memory is None: memory = int( resources.get( "memory", # If no memory resource is configured, check settings. limit_defaults.get("memory", 4096), )) limits["memory"] = memory process_requirements["resources"] = limits return message.respond_ok(process_requirements)
def duplicate(self, contributor=None, inherit_collection=False): """Duplicate (make a copy).""" duplicate = Entity.objects.get(id=self.id) duplicate.pk = None duplicate.slug = None duplicate.name = 'Copy of {}'.format(self.name) duplicate.duplicated = now() if contributor: duplicate.contributor = contributor duplicate.collection = None if inherit_collection: if not contributor.has_perm('add_collection', self.collection): raise ValidationError( "You do not have add permission on collection {}.".format( self.collection)) duplicate.collection = self.collection duplicate.save(force_insert=True) assign_contributor_permissions(duplicate) # Override fields that are automatically set on create. duplicate.created = self.created duplicate.save() # Duplicate entity's data objects. data = get_objects_for_user(contributor, 'view_data', self.data.all()) # pylint: disable=no-member duplicated_data = data.duplicate(contributor, inherit_collection=inherit_collection) duplicate.data.add(*duplicated_data) # Permissions assign_contributor_permissions(duplicate) copy_permissions(duplicate.collection, duplicate) return duplicate
def perform_get_or_create(self, request, *args, **kwargs): """Perform "get_or_create" - return existing object if found.""" self.define_contributor(request) serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) process = serializer.validated_data.get("process") process_input = request.data.get("input", {}) fill_with_defaults(process_input, process.input_schema) checksum = get_data_checksum(process_input, process.slug, process.version) data_qs = Data.objects.filter( checksum=checksum, process__persistence__in=[ Process.PERSISTENCE_CACHED, Process.PERSISTENCE_TEMP, ], ) data_qs = get_objects_for_user(request.user, "view_data", data_qs) if data_qs.exists(): data = data_qs.order_by("created").last() serializer = self.get_serializer(data) return Response(serializer.data)
def test_object_based_permission_with_groups_2perms(self): group_names = ['group1', 'group2', 'group3'] groups = [Group.objects.create(name=name) for name in group_names] for group in groups: self.contributor.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by('id')) assign_perm('contenttypes.change_contenttype', self.contributor) assign_perm('change_contenttype', self.contributor, ctypes[0]) assign_perm('change_contenttype', self.contributor, ctypes[1]) assign_perm('delete_contenttype', self.contributor, ctypes[1]) assign_perm('delete_contenttype', self.contributor, ctypes[2]) assign_perm('change_contenttype', groups[0], ctypes[3]) assign_perm('change_contenttype', groups[1], ctypes[3]) assign_perm('change_contenttype', groups[2], ctypes[4]) assign_perm('delete_contenttype', groups[0], ctypes[0]) objects = get_objects_for_user(self.contributor, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], accept_global_perms=True) self.assertEqual( set(objects.values_list('id', flat=True)), set([ctypes[0].id, ctypes[1].id, ctypes[2].id]))
def _filter_queryset(self, perms, queryset): """Filter object objects by permissions of user in request.""" user = self.request.user if self.request else AnonymousUser() return get_objects_for_user(user, perms, queryset)
def test_klass_as_manager(self): assign_perm("auth.change_group", self.contributor, self.group) objects = get_objects_for_user(self.contributor, ["auth.change_group"], Group.objects) self.assertEqual([obj.name for obj in objects], [self.group.name])
def test_short_codenames_with_klass(self): assign_perm('contenttypes.change_contenttype', self.contributor, self.ctype) objects = get_objects_for_user(self.contributor, ['change_contenttype'], ContentType) self.assertEqual([obj.name for obj in objects], [self.ctype.name])
def create(self, request, *args, **kwargs): """Create a resource.""" collections = request.data.get('collections', []) # check that user has permissions on all collections that Data # object will be added to for collection_id in collections: try: collection = Collection.objects.get(pk=collection_id) except Collection.DoesNotExist: return Response({'collections': ['Invalid pk "{}" - object does not exist.'.format(collection_id)]}, status=status.HTTP_400_BAD_REQUEST) if not request.user.has_perm('add_collection', obj=collection): if request.user.is_authenticated(): raise exceptions.PermissionDenied else: raise exceptions.NotFound # translate processe's slug to id process_slug = request.data.get('process', None) process_query = Process.objects.filter(slug=process_slug).order_by('version') if not process_query.exists(): # XXX: security - is it ok to reveal which processes (don't) exist? return Response({'process': ['Invalid process slug "{}" - object does not exist.'.format(process_slug)]}, status=status.HTTP_400_BAD_REQUEST) process = process_query.last() request.data['process'] = process.pk # check that user has permission on the process if not request.user.has_perm('view_process', obj=process): if request.user.is_authenticated(): raise exceptions.PermissionDenied else: raise exceptions.NotFound # perform "get_or_create" if requested - return existing object # if found if kwargs.pop('get_or_create', False): process_input = request.data.get('input', {}) # use default values if they are not given for field_schema, fields, path in iterate_schema(process_input, process.input_schema): if 'default' in field_schema and field_schema['name'] not in fields: dict_dot(process_input, path, field_schema['default']) checksum = get_data_checksum(process_input, process.slug, process.version) data_qs = Data.objects.filter( checksum=checksum, process__persistence__in=[Process.PERSISTENCE_CACHED, Process.PERSISTENCE_TEMP], ) data_qs = get_objects_for_user(request.user, 'view_data', data_qs) if data_qs.exists(): data = data_qs.order_by('created').last() serializer = self.get_serializer(data) return Response(serializer.data) # create the objects resp = super(ResolweCreateDataModelMixin, self).create(request, *args, **kwargs) # run manager manager.communicate() return resp
def filter_objects(self, user: UserClass, queryset: QuerySet, data: Data) -> QuerySet: """Filter the objects for the given user.""" permission_name = get_full_perm("view", queryset.model) return get_objects_for_user(user, permission_name, queryset)
def _filter_queryset(self, perms, queryset): """Filter object objects by permissions of user in request.""" user = self.request.user if self.request else AnonymousUser() return get_objects_for_user(user, perms, queryset)
def test_ensure_returns_queryset(self): objects = get_objects_for_user(self.contributor, ['auth.change_group']) self.assertTrue(isinstance(objects, QuerySet))
def test_klass_as_queryset(self): assign_perm('auth.change_group', self.contributor, self.group) objects = get_objects_for_user(self.contributor, ['auth.change_group'], Group.objects.all()) self.assertEqual([obj.name for obj in objects], [self.group.name])
def test_perms_single(self): perm = 'auth.change_group' assign_perm(perm, self.contributor, self.group) self.assertEqual(set(get_objects_for_user(self.contributor, perm)), set(get_objects_for_user(self.contributor, [perm])))
def test_empty_perms_sequence(self): objects = get_objects_for_user(self.contributor, [], Group.objects.all()) self.assertEqual(set(objects), set())
def test_superuser(self): ctypes = ContentType.objects.all() objects = get_objects_for_user(self.admin, ['contenttypes.change_contenttype'], ctypes) self.assertEqual(set(ctypes), set(objects))
def create(self, request, *args, **kwargs): """Create a resource.""" collections = request.data.get('collections', []) # check that user has permissions on all collections that Data # object will be added to for collection_id in collections: try: collection = Collection.objects.get(pk=collection_id) except Collection.DoesNotExist: return Response( { 'collections': [ 'Invalid pk "{}" - object does not exist.'.format( collection_id) ] }, status=status.HTTP_400_BAD_REQUEST) if not request.user.has_perm('add_collection', obj=collection): if request.user.has_perm('view_collection', obj=collection): raise exceptions.PermissionDenied( "You don't have `ADD` permission on collection (id: {})." .format(collection_id)) else: raise exceptions.NotFound( "Collection not found (id: {}).".format(collection_id)) # translate processe's slug to id process_slug = request.data.get('process', None) process_query = Process.objects.filter(slug=process_slug) process_query = get_objects_for_user(request.user, 'view_process', process_query) try: process = process_query.latest() except Process.DoesNotExist: return Response( { 'process': [ 'Invalid process slug "{}" - object does not exist.'. format(process_slug) ] }, status=status.HTTP_400_BAD_REQUEST) request.data['process'] = process.pk # perform "get_or_create" if requested - return existing object # if found if kwargs.pop('get_or_create', False): process_input = request.data.get('input', {}) # use default values if they are not given for field_schema, fields, path in iterate_schema( process_input, process.input_schema): if 'default' in field_schema and field_schema[ 'name'] not in fields: dict_dot(process_input, path, field_schema['default']) checksum = get_data_checksum(process_input, process.slug, process.version) data_qs = Data.objects.filter( checksum=checksum, process__persistence__in=[ Process.PERSISTENCE_CACHED, Process.PERSISTENCE_TEMP ], ) data_qs = get_objects_for_user(request.user, 'view_data', data_qs) if data_qs.exists(): data = data_qs.order_by('created').last() serializer = self.get_serializer(data) return Response(serializer.data) # create the objects resp = super(DataViewSet, self).create(request, *args, **kwargs) # run manager manager.communicate() return resp
def test_short_codenames_with_klass(self): assign_perm("contenttypes.change_contenttype", self.user, self.ctype) objects = get_objects_for_user(self.user, ["change_contenttype"], ContentType) self.assertEqual([obj.name for obj in objects], [self.ctype.name])