def test_permission_hash_after_modification(self):
revoke_permission(self.user, 'permission3')
perm_hash = available_perm_status(self.user)
self.assertFalse(perm_hash['permission3'])
self.assertFalse(perm_hash['permission4'])
def test_permission_hash_after_modification(self):
revoke_permission(self.user, 'permission3')
perm_hash = available_perm_status(self.user)
self.assertFalse(perm_hash['permission3'])
self.assertFalse(perm_hash['permission4'])
def test_roles_setting(self):
"""
Assert SETTINGS when a user has roles assigned to them
"""
profile = self.create_and_login_user()
Role.objects.create(
program=ProgramFactory.create(),
user=profile.user,
role=Role.DEFAULT_ROLE,
)
resp = self.client.get(DASHBOARD_URL)
js_settings = json.loads(resp.context['js_settings_json'])
assert js_settings['roles'] == [{
'program':
role.program.id,
'role':
role.role,
'permissions': [
key
for key, value in available_perm_status(profile.user).items()
if value is True
],
} for role in profile.user.role_set.all()]
def assert_available_perm_names_equals_available_perm_status(self):
perm_hash = available_perm_status(self.user)
perm_names = available_perm_names(self.user)
self.assertEqual(
set(perm_names),
set(p for p, has_perm in perm_hash.items() if has_perm))
def get(self, request, *args, **kwargs):
"""
Handle GET requests to templates using React
"""
user = request.user
roles = []
if not user.is_anonymous:
roles = [
{
'program': role.program.id,
'role': role.role,
'permissions': [perm for perm, value in available_perm_status(user).items() if value is True]
} for role in user.role_set.all()
]
js_settings = {
"gaTrackingID": settings.GA_TRACKING_ID,
"reactGaDebug": settings.REACT_GA_DEBUG,
"host": webpack_dev_server_host(request),
"edx_base_url": settings.EDXORG_BASE_URL,
"roles": roles,
"release_version": settings.VERSION,
"environment": settings.ENVIRONMENT,
"sentry_dsn": settings.SENTRY_DSN,
"search_url": reverse('search_api', kwargs={"elastic_url": ""}),
"support_email": settings.EMAIL_SUPPORT,
"user": serialize_maybe_user(request.user),
"es_page_size": settings.ELASTICSEARCH_DEFAULT_PAGE_SIZE,
"public_path": public_path(request),
"EXAMS_SSO_CLIENT_CODE": settings.EXAMS_SSO_CLIENT_CODE,
"EXAMS_SSO_URL": settings.EXAMS_SSO_URL,
"FEATURES": {
"PROGRAM_LEARNERS": settings.FEATURES.get('PROGRAM_LEARNERS_ENABLED', False),
"DISCUSSIONS_POST_UI": settings.FEATURES.get('OPEN_DISCUSSIONS_POST_UI', False),
"DISCUSSIONS_CREATE_CHANNEL_UI": settings.FEATURES.get('OPEN_DISCUSSIONS_CREATE_CHANNEL_UI', False),
"PROGRAM_RECORD_LINK": settings.FEATURES.get('PROGRAM_RECORD_LINK', False),
"ENABLE_PROGRAM_LETTER": settings.FEATURES.get('ENABLE_PROGRAM_LETTER', False),
"ENABLE_EDX_EXAMS": settings.FEATURES.get('ENABLE_EDX_EXAMS', False)
},
"open_discussions_redirect_url": settings.OPEN_DISCUSSIONS_REDIRECT_URL,
}
return render(
request,
"dashboard.html",
context={
"has_zendesk_widget": True,
"is_public": False,
"google_maps_api": False,
"js_settings_json": json.dumps(js_settings),
"ga_tracking_id": "",
}
)
def get(self, request, *args, **kwargs):
"""
Handle GET requests to templates using React
"""
user = request.user
roles = []
if not user.is_anonymous:
roles = [
{
'program': role.program.id,
'role': role.role,
'permissions': [perm for perm, value in available_perm_status(user).items() if value is True]
} for role in user.role_set.all()
]
js_settings = {
"gaTrackingID": settings.GA_TRACKING_ID,
"reactGaDebug": settings.REACT_GA_DEBUG,
"host": webpack_dev_server_host(request),
"edx_base_url": settings.EDXORG_BASE_URL,
"roles": roles,
"release_version": settings.VERSION,
"environment": settings.ENVIRONMENT,
"sentry_dsn": sentry.get_public_dsn(),
"search_url": reverse('search_api', kwargs={"elastic_url": ""}),
"support_email": settings.EMAIL_SUPPORT,
"user": serialize_maybe_user(request.user),
"es_page_size": settings.ELASTICSEARCH_DEFAULT_PAGE_SIZE,
"public_path": public_path(request),
"EXAMS_SSO_CLIENT_CODE": settings.EXAMS_SSO_CLIENT_CODE,
"EXAMS_SSO_URL": settings.EXAMS_SSO_URL,
"FEATURES": {
"PROGRAM_LEARNERS": settings.FEATURES.get('PROGRAM_LEARNERS_ENABLED', False),
"DISCUSSIONS_POST_UI": settings.FEATURES.get('OPEN_DISCUSSIONS_POST_UI', False),
"DISCUSSIONS_CREATE_CHANNEL_UI": settings.FEATURES.get('OPEN_DISCUSSIONS_CREATE_CHANNEL_UI', False),
"PROGRAM_RECORD_LINK": settings.FEATURES.get('PROGRAM_RECORD_LINK', False),
"ENABLE_PROGRAM_LETTER": settings.FEATURES.get('ENABLE_PROGRAM_LETTER', False)
},
"open_discussions_redirect_url": settings.OPEN_DISCUSSIONS_REDIRECT_URL,
}
return render(
request,
"dashboard.html",
context={
"has_zendesk_widget": True,
"is_public": False,
"google_maps_api": False,
"js_settings_json": json.dumps(js_settings),
"ga_tracking_id": "",
}
)
def test_permission_hash_multiple_groups(self):
"""
If a user has a permission in any role, that permission should show as True,
no matter what other roles dictate.
"""
ShoRole1.assign_role_to_user(self.user)
ShoRole4.assign_role_to_user(self.user)
perm_hash = available_perm_status(self.user)
self.assertTrue(perm_hash['permission1'])
self.assertTrue(perm_hash['permission2'])
self.assertTrue(perm_hash['permission3'])
self.assertFalse(perm_hash['permission4'])
def test_permission_hash_multiple_groups(self):
"""
If a user has a permission in any role, that permission should show as True,
no matter what other roles dictate.
"""
ShoRole1.assign_role_to_user(self.user)
ShoRole4.assign_role_to_user(self.user)
perm_hash = available_perm_status(self.user)
self.assertTrue(perm_hash['permission1'])
self.assertTrue(perm_hash['permission2'])
self.assertTrue(perm_hash['permission3'])
self.assertFalse(perm_hash['permission4'])
def my_view(request, *args, **kwargs):
members = Member.objects.all()
# content = {}
# content['userdetail'] = member
from rolepermissions.checkers import has_permission
from django.contrib.auth.models import User
from ecommerce.roles import Doctor
from rolepermissions.permissions import available_perm_status
from rolepermissions.checkers import has_object_permission
user1 = User.objects.get(id=2)
permissions = available_perm_status(user1)
print(permissions)
if has_permission(user1, 'nurse'):
print('access granted')
else:
print('access not granted')
if has_object_permission('access_clinic', user1, user1):
print('access granted')
from guardian.shortcuts import get_perms
from guardian.shortcuts import assign_perm
from guardian.shortcuts import get_perms
from django.shortcuts import render
from django.template import RequestContext
from ecommer.models import Project
from guardian.shortcuts import get_objects_for_user
joe=User.objects.get(username='******')
post=Post.objects.get(id=1)
# print(joe.has_perm('post_add', post))
assign_perm('post_add', joe, post)
projects = get_objects_for_user(request.user, 'ecommer.post_add')
print(joe.has_perm('post_add', post))
# if 'post_add' in get_perms(joe, post):
# projects = get_objects_for_user(request.user, 'ecommer.post_add')
# print(projects)
# print('access granted')
# else:
# print('access denied')
return render(request, 'ecommer/user_dashboard.html', {'projects': projects})
def dispatch(self, request, *args, **kwargs):
user = self.request.user
can_create = False
if user.is_superuser:
can_create = True
else:
user_permissions = available_perm_status(user)
permissions = [
'update_robot',
'update_libraries',
'update_product'
]
for perm in permissions:
if perm in user_permissions and not can_create:
can_create = True
if can_create:
return super(EditSourceView, self).dispatch(request, *args, **kwargs)
else:
messages.warning(request, "You don't have permission for this action")
return HttpResponseRedirect(self.get_success_url())
def test_roles_setting(self):
"""
Assert SETTINGS when a user has roles assigned to them
"""
profile = self.create_and_login_user()
Role.objects.create(
program=ProgramFactory.create(),
user=profile.user,
role=Role.DEFAULT_ROLE,
)
resp = self.client.get(DASHBOARD_URL)
js_settings = json.loads(resp.context['js_settings_json'])
assert js_settings['roles'] == [
{
'program': role.program.id,
'role': role.role,
'permissions': [key for key, value in available_perm_status(profile.user).items() if value is True],
} for role in profile.user.role_set.all()
]
def _get_adjusted_true_permissions(cls, user):
"""
Get all true permissions for a user excluding ones that
have been explicitly revoked.
"""
from rolepermissions.permissions import available_perm_status
default_true_permissions = set()
user_permission_states = available_perm_status(user)
adjusted_true_permissions = set()
# Grab the default true permissions from each of the user's roles
for role in get_user_roles(user):
default_true_permissions.update(role.get_default_true_permissions())
# For each of those default true permissions, only keep ones
# that haven't been explicitly revoked
for permission in default_true_permissions:
if user_permission_states[permission.codename]:
adjusted_true_permissions.add(permission)
return adjusted_true_permissions
def _get_adjusted_true_permissions(cls, user):
"""
Get all true permissions for a user excluding ones that
have been explicitly revoked.
"""
from rolepermissions.permissions import available_perm_status
default_true_permissions = set()
user_permission_states = available_perm_status(user)
adjusted_true_permissions = set()
# Grab the default true permissions from each of the user's roles
for role in get_user_roles(user):
default_true_permissions.update(
role.get_default_true_permissions())
# For each of those default true permissions, only keep ones
# that haven't been explicitly revoked
for permission in default_true_permissions:
if user_permission_states[permission.codename]:
adjusted_true_permissions.add(permission)
return adjusted_true_permissions
def get_permissions(self):
return available_perm_status(self)
def test_permission_hash(self):
perm_hash = available_perm_status(self.user)
self.assertTrue(perm_hash['permission3'])
self.assertFalse(perm_hash['permission4'])
def test_permission_hash(self):
perm_hash = available_perm_status(self.user)
self.assertTrue(perm_hash['permission3'])
self.assertFalse(perm_hash['permission4'])
def assert_available_perm_names_equals_available_perm_status(self):
perm_hash = available_perm_status(self.user)
perm_names = available_perm_names(self.user)
self.assertEqual( set(perm_names), set(p for p, has_perm in perm_hash.items() if has_perm) )
def has_permission(user, permission_name):
"""Check if a user has a given permission."""
if user and user.is_superuser:
return True
return available_perm_status(user).get(permission_name, False)