def test_roles_init_new_repo_2(self):
"""
Groups and permissions created by the repo creations
"""
repo = Repository.objects.create(
name=self.repo_name,
description=self.repo_desc,
created_by=self.user
)
admin = Group.objects.get(name=self.group_admin)
curator = Group.objects.get(name=self.group_curator)
author = Group.objects.get(name=self.group_author)
checker_admin = ObjectPermissionChecker(admin)
self.assertListEqual(
sorted(checker_admin.get_perms(repo)),
sorted(RepoPermission.administrator_permissions())
)
checker_curator = ObjectPermissionChecker(curator)
self.assertListEqual(
sorted(checker_curator.get_perms(repo)),
sorted(RepoPermission.curator_permissions())
)
checker_author = ObjectPermissionChecker(author)
self.assertListEqual(
sorted(checker_author.get_perms(repo)),
sorted(RepoPermission.author_permissions())
)
def test_sync_permissions(self):
"""
test the syncpermission
"""
repo = create_repo(self.repo_name, self.repo_desc, self.user.id)
# Get default permissions before wiping.
admin = Group.objects.get(name=self.group_admin)
self.check_group_permission(
repo,
admin,
RepoPermission.administrator_permissions()
)
with patch.object(utils, 'roles_init_new_repo') as mock_method:
mock_method.return_value = None
utils.sync_groups_permissions()
# Get default permissions after wiping.
self.check_group_permission(
repo,
admin,
[]
)
# Restore permissions the first call of sync_groups_permissions
# will not do anything because the permissions have been already wiped.
utils.sync_groups_permissions()
self.check_group_permission(
repo,
admin,
RepoPermission.administrator_permissions()
)
def test_repo_permissions(self):
"""
Checks repo permissions
"""
view_repo = ('view_repo', 'Permission to view the repository')
import_course = ('import_course',
'Permission to import course in repository')
manage_taxonomy = ('manage_taxonomy',
'Permission to manage repository taxonomy')
add_edit_metadata = ('add_edit_metadata',
'Permission to add or edit metadata')
manage_repo_users = ('manage_repo_users',
'Permission manage users for the repository')
self.assertEqual(RepoPermission.view_repo, view_repo)
self.assertEqual(RepoPermission.import_course, import_course)
self.assertEqual(RepoPermission.manage_taxonomy, manage_taxonomy)
self.assertEqual(RepoPermission.add_edit_metadata, add_edit_metadata)
self.assertEqual(RepoPermission.manage_repo_users, manage_repo_users)
self.assertListEqual(RepoPermission.administrator_permissions(), [
view_repo[0], import_course[0], manage_taxonomy[0],
add_edit_metadata[0], manage_repo_users[0]
])
self.assertListEqual(RepoPermission.curator_permissions(), [
view_repo[0], import_course[0], manage_taxonomy[0],
add_edit_metadata[0]
])
self.assertListEqual(RepoPermission.author_permissions(),
[view_repo[0], add_edit_metadata[0]])
def test_repo_permissions(self):
"""
Checks repo permissions
"""
view_repo = ('view_repo', 'Permission to view the repository')
import_course = ('import_course',
'Permission to import course in repository')
manage_taxonomy = ('manage_taxonomy',
'Permission to manage repository taxonomy')
add_edit_metadata = ('add_edit_metadata',
'Permission to add or edit metadata')
manage_repo_users = ('manage_repo_users',
'Permission manage users for the repository')
self.assertEqual(
RepoPermission.view_repo,
view_repo
)
self.assertEqual(
RepoPermission.import_course,
import_course
)
self.assertEqual(
RepoPermission.manage_taxonomy,
manage_taxonomy
)
self.assertEqual(
RepoPermission.add_edit_metadata,
add_edit_metadata
)
self.assertEqual(
RepoPermission.manage_repo_users,
manage_repo_users
)
self.assertListEqual(
RepoPermission.administrator_permissions(),
[
view_repo[0],
import_course[0],
manage_taxonomy[0],
add_edit_metadata[0],
manage_repo_users[0]
]
)
self.assertListEqual(
RepoPermission.curator_permissions(),
[
view_repo[0],
import_course[0],
manage_taxonomy[0],
add_edit_metadata[0]
]
)
self.assertListEqual(
RepoPermission.author_permissions(),
[
view_repo[0],
add_edit_metadata[0]
]
)
def roles_init_new_repo(repo):
"""
Create new groups for the repository.
It assumes that there are only 3 types of users:
- administrator
- curator
- author
Args:
repo (learningresources.models.Repository): repository used to create
groups and assign permissions to them
Returns:
None
"""
with transaction.atomic():
administrator_group, _ = Group.objects.get_or_create(
name=GroupTypes.REPO_ADMINISTRATOR.format(repo.slug)
)
curator_group, _ = Group.objects.get_or_create(
name=GroupTypes.REPO_CURATOR.format(repo.slug)
)
author_group, _ = Group.objects.get_or_create(
name=GroupTypes.REPO_AUTHOR.format(repo.slug)
)
with transaction.atomic():
# administrator permissions
for permission in RepoPermission.administrator_permissions():
try:
Permission.objects.get(codename=permission)
assign_perm(permission, administrator_group, repo)
except Permission.DoesNotExist:
pass
# curator permissions
for permission in RepoPermission.curator_permissions():
try:
Permission.objects.get(codename=permission)
assign_perm(permission, curator_group, repo)
except Permission.DoesNotExist:
pass
# author permissions
for permission in RepoPermission.author_permissions():
try:
Permission.objects.get(codename=permission)
assign_perm(permission, author_group, repo)
except Permission.DoesNotExist:
pass
def roles_init_new_repo(repo):
"""
Create new groups for the repository.
It assumes that there are only 3 types of users:
- administrator
- curator
- author
Args:
repo (learningresources.models.Repository): repository used to create
groups and assign permissions to them
Returns:
None
"""
with transaction.atomic():
administrator_group, _ = Group.objects.get_or_create(
name=GroupTypes.REPO_ADMINISTRATOR.format(repo.slug))
curator_group, _ = Group.objects.get_or_create(
name=GroupTypes.REPO_CURATOR.format(repo.slug))
author_group, _ = Group.objects.get_or_create(
name=GroupTypes.REPO_AUTHOR.format(repo.slug))
with transaction.atomic():
# administrator permissions
for permission in RepoPermission.administrator_permissions():
try:
Permission.objects.get(codename=permission)
assign_perm(permission, administrator_group, repo)
except Permission.DoesNotExist:
pass
# curator permissions
for permission in RepoPermission.curator_permissions():
try:
Permission.objects.get(codename=permission)
assign_perm(permission, curator_group, repo)
except Permission.DoesNotExist:
pass
# author permissions
for permission in RepoPermission.author_permissions():
try:
Permission.objects.get(codename=permission)
assign_perm(permission, author_group, repo)
except Permission.DoesNotExist:
pass
def test_sync_permissions(self):
"""
test the syncpermission
"""
repo = create_repo(self.repo_name, self.repo_desc, self.user.id)
# Get default permissions before wiping.
admin = Group.objects.get(name=self.group_admin)
self.check_group_permission(repo, admin, RepoPermission.administrator_permissions())
with patch.object(utils, "roles_init_new_repo") as mock_method:
mock_method.return_value = None
utils.sync_groups_permissions()
# Get default permissions after wiping.
self.check_group_permission(repo, admin, [])
# Restore permissions the first call of sync_groups_permissions
# will not do anything because the permissions have been already wiped.
utils.sync_groups_permissions()
self.check_group_permission(repo, admin, RepoPermission.administrator_permissions())
def test_clear_permissions(self):
"""
Test for roles_clear_repo_permissions
"""
self.assertListEqual(
sorted(get_perms(self.user, self.repo)),
sorted(RepoPermission.administrator_permissions())
)
api.roles_clear_repo_permissions(self.repo)
self.assertListEqual(
get_perms(self.user, self.repo),
[]
)