def test_roles_unique(self):
self.role = Role(name='abc')
self.role.save()
rp = RolePermission(role=self.role, permission=self.perm_change)
rp.save()
rp = RolePermission(role=self.role, permission=self.perm_delete)
rp.save()
try:
rp = RolePermission(role=role, permission=self.perm_change)
rp.save()
fail('Duplicate is not detected')
except:
pass
def update_roles_permissions(
Role, Permission, RolePermission, app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs
):
if not router.allow_migrate_model(using, Role):
return
try:
Role = app_config.get_model("trusts", "Role")
except LookupError:
return
# This will hold the roles we're looking for as
# (rolename (permissions))
model_roles = {}
for klass in app_config.get_models():
if hasattr(klass._meta, "roles"):
_process_roles(Permission, model_roles, klass, klass._meta.roles, using)
elif hasattr(klass._meta, "content_roles"):
if hasattr(klass, "get_content_model"):
content_klass = klass.get_content_model()
_process_roles(Permission, model_roles, content_klass, klass._meta.content_roles, using)
# Find all the Roles and its Permission
db_roles = {}
for r in Role.objects.using(using).all():
db_roles[r.name] = set(r.permissions.all())
# Get all the diff between sets
model_rolenames = set(model_roles.keys())
db_rolenames = set(db_roles.keys())
added_rolenames = model_rolenames - db_rolenames
deleted_rolenames = db_rolenames - model_rolenames
existing_rolenames = model_rolenames.intersection(db_rolenames)
# Prepare rolepermissions for bulk op at the end
bulk_add_rolepermissions = []
q_del_rolepermissions = []
deleted_role_ids = []
# Process added roles
for rolename in added_rolenames:
r = Role(name=rolename)
r.save()
for p in model_roles[rolename]:
bulk_add_rolepermissions.append(RolePermission(managed=True, permission=p, role=r))
# Process existing roles
for rolename in existing_rolenames:
r = Role.objects.get(name=rolename)
db_permissions = db_roles[rolename]
model_permissions = model_roles[rolename]
added_permissions = set(model_permissions) - set(db_permissions)
for p in added_permissions:
bulk_add_rolepermissions.append(RolePermission(managed=True, permission=p, role=r))
deleted_permissions = set(db_permissions) - set(model_permissions)
if len(deleted_permissions):
q_del_rolepermissions.append((r, Q(managed=True, role=r, permission__in=deleted_permissions)))
# Process deleted roles
for rolename in deleted_rolenames:
r = Role.objects.get(name=rolename)
q_del_rolepermissions.append((r, Q(managed=True, role=r)))
deleted_role_ids.append(r.pk)
# Create the added role permissions
RolePermission.objects.using(using).bulk_create(bulk_add_rolepermissions)
if verbosity >= 2:
for rolepermission in bulk_add_rolepermissions:
print('Adding role(%s).rolepermission "%s"' % (rolepermission.role.name, rolepermission))
# Remove the deleted role permissions
for r, q in q_del_rolepermissions:
qs = RolePermission.objects.filter(q)
if verbosity >= 2:
if qs.count() > 0:
for rolepermission in qs.all():
print('Removing role(%s).rolepermission "%s"' % (rolepermission.role.name, rolepermission))
qs.delete()
# Remove the deleted role
qs = Role.objects.filter(pk__in=deleted_role_ids, permissions__isnull=True)
if verbosity >= 2:
if qs.count() > 0:
for role in qs.all():
print('Removing role "%s"' % (role.name))
qs.delete()
class RoleTestMixin(object):
def get_perm_codename(self, action):
return '%s_%s' % (action, self.model_name.lower())
def test_roles_in_meta(self):
self.assertIsNotNone(self.get_model_roles())
def test_roles_unique(self):
self.role = Role(name='abc')
self.role.save()
rp = RolePermission(role=self.role, permission=self.perm_change)
rp.save()
rp = RolePermission(role=self.role, permission=self.perm_delete)
rp.save()
try:
rp = RolePermission(role=role, permission=self.perm_change)
rp.save()
fail('Duplicate is not detected')
except:
pass
def test_has_perm(self):
get_or_create_root_user(self)
reload_test_users(self)
self.trust, created = Trust.objects.get_or_create_settlor_default(settlor=self.user)
call_command('update_roles_permissions')
self.content1 = self.create_content(self.trust)
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change)))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read)))
self.group.user_set.add(self.user)
self.trust.groups.add(self.group)
Role.objects.get(name='public').groups.add(self.group)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
def test_has_perm_diff_roles_on_contents(self):
self.test_has_perm()
content2 = self.create_content(self.trust)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content2))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content2))
# diff trust, same group, same role
trust3 = Trust(settlor=self.user, title='trust 3')
trust3.save()
content3 = self.create_content(trust3)
reload_test_users(self)
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
trust3.groups.add(self.group)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
# make sure trust does not affect one another
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
# diff trust, diff group, stronger role, not in group
trust4 = Trust(settlor=self.user, title='trust 4')
trust4.save()
content4 = self.create_content(trust4)
group4 = Group(name='admin group')
group4.save()
Role.objects.get(name='admin').groups.add(group4)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read), content4))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content4))
# make sure trust does not affect one another
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
def test_has_perm_diff_group_on_contents(self):
self.test_has_perm()
# same trust, diff role, in different group
group3 = Group(name='write group')
group3.save()
Role.objects.get(name='write').groups.add(group3)
self.trust.groups.add(group3)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
group3.user_set.add(self.user)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
content3 = self.create_content(self.trust)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
def test_management_command_create_roles(self):
self.assertEqual(Role.objects.count(), 0)
self.assertEqual(RolePermission.objects.count(), 0)
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 3)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 9)
rp = Role.objects.get(name='public')
ra = Role.objects.get(name='admin')
rw = Role.objects.get(name='write')
self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).count(), 2)
self.assertEqual(ra.permissions.filter(content_type__app_label=self.app_label).count(), 4)
ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('add_topic_to'))
ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('read'))
ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('add'))
ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('change'))
self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('add_topic_to')).count(), 1)
self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('add')).count(), 0)
self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('change')).count(), 0)
# Make change and ensure we add items
self.append_model_roles('read', (self.get_perm_codename('read'),))
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 4)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 10)
rr = Role.objects.get(name='read')
self.assertEqual(rr.permissions.filter(content_type__app_label=self.app_label).count(), 1)
self.assertEqual(rr.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('read')).count(), 1)
# Add
self.remove_model_roles('write')
self.append_model_roles('write', (self.get_perm_codename('change'), self.get_perm_codename('add'), self.get_perm_codename('add_topic_to'), self.get_perm_codename('read'),))
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 4)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 11)
# Remove
self.remove_model_roles('write')
self.append_model_roles('write', (self.get_perm_codename('change'), self.get_perm_codename('read'), ))
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 4)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 9)
# Remove 2
self.remove_model_roles('write')
self.remove_model_roles('read')
self.append_model_roles('write', (self.get_perm_codename('change'), ))
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 3)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 7)
# Run again
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 3)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 7)
# Add empty
self.append_model_roles('read', ())
call_command('update_roles_permissions')
rs = Role.objects.all()
self.assertEqual(rs.count(), 4)
rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label)
self.assertEqual(rp.count(), 7)
