def test_update_view_ok_when_permitted(): user = factories.UserFactory() s1 = factories.StoreFactory(name="a") factories.StoreFactory(name="b") perms["shrubberies.view_store"] = Attribute("name", "a") perms["shrubberies.change_store"] = Attribute("name", "a") v = StoreViewSet.as_view({"patch": "partial_update"}) r = RequestFactory().patch("/", {"name": "a"}, HTTP_CONTENT_TYPE="text/json") r.user = user response = v(r, pk=s1.id) assert response.status_code == 200
def test_update_view_ok_when_permitted(): user = factories.UserFactory() s1 = factories.StoreFactory(name='a') factories.StoreFactory(name='b') perms['shrubberies.view_store'] = Attribute('name', 'a') perms['shrubberies.change_store'] = Attribute('name', 'a') v = StoreViewSet.as_view({'patch': 'partial_update'}) r = RequestFactory().patch( '/', {'name': 'a'}, HTTP_CONTENT_TYPE='text/json') r.user = user response = v(r, pk=s1.id) assert response.status_code == 200
def test_detail_view_404_when_not_permitted(): user = factories.UserFactory() factories.StoreFactory(name="a") s2 = factories.StoreFactory(name="b") perms["shrubberies.view_store"] = Attribute("name", "a") v = StoreViewSet.as_view({"get": "retrieve"}) r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json") r.user = user response = v(r, pk=s2.id) assert response.status_code == 404
def test_detail_view_404_when_not_permitted(): user = factories.UserFactory() factories.StoreFactory(name='a') s2 = factories.StoreFactory(name='b') perms['shrubberies.view_store'] = Attribute('name', 'a') v = StoreViewSet.as_view({'get': 'retrieve'}) r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json') r.user = user response = v(r, pk=s2.id) assert response.status_code == 404
def test_list_view_is_filtered(): user = factories.UserFactory() s1 = factories.StoreFactory(name="a") factories.StoreFactory(name="b") perms["shrubberies.view_store"] = Attribute("name", "a") v = StoreViewSet.as_view({"get": "list"}) r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json") r.user = user response = v(r) response.render() assert response.status_code == 200 data = json.loads(response.content.decode("utf8")) assert len(data) == 1 assert data[0]["id"] == s1.id
def test_list_view_is_filtered(): user = factories.UserFactory() s1 = factories.StoreFactory(name='a') factories.StoreFactory(name='b') perms['shrubberies.view_store'] = Attribute('name', 'a') v = StoreViewSet.as_view({'get': 'list'}) r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json') r.user = user response = v(r) response.render() print(response.content) assert response.status_code == 200 data = json.loads(response.content.decode('utf8')) assert len(data) == 1 assert data[0]['id'] == s1.id
from bridgekeeper import perms, rules from bridgekeeper.rules import Attribute, ManyRelation, Relation, in_current_groups from django.contrib.auth.models import Group # lint-amnesty, pylint: disable=unused-import from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission # Is the user active (and their email verified)? is_user_active = rules.is_authenticated & rules.is_active # Is the user global staff? is_global_staff = is_user_active & rules.is_staff # Helper rules used to define the permissions below # Does the user have at least read permission for the specified library? has_explicit_read_permission_for_library = ( ManyRelation('permission_grants', (Attribute('user', lambda user: user) | Relation('group', in_current_groups))) # We don't check 'access_level' here because all access levels grant read permission ) # Does the user have at least author permission for the specified library? has_explicit_author_permission_for_library = (ManyRelation( 'permission_grants', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & (Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))) # Does the user have admin permission for the specified library? has_explicit_admin_permission_for_library = (ManyRelation( 'permission_grants', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL)))
from django.contrib.auth.models import Group from openedx.core.djangoapps.content_libraries.models import ContentLibraryPermission # Is the user active (and their email verified)? is_user_active = rules.is_authenticated & rules.is_active # Is the user global staff? is_global_staff = is_user_active & rules.is_staff # Helper rules used to define the permissions below # Does the user have at least read permission for the specified library? has_explicit_read_permission_for_library = ( ManyRelation( 'contentlibrarypermission', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) ) # We don't check 'access_level' here because all access levels grant read permission ) # Does the user have at least author permission for the specified library? has_explicit_author_permission_for_library = ( ManyRelation( 'contentlibrarypermission', (Attribute('user', lambda user: user) | Relation('group', in_current_groups)) & ( Attribute('access_level', ContentLibraryPermission.AUTHOR_LEVEL) | Attribute('access_level', ContentLibraryPermission.ADMIN_LEVEL) ) ) ) # Does the user have admin permission for the specified library? has_explicit_admin_permission_for_library = (
from bridgekeeper import perms from bridgekeeper.rules import is_authenticated, Attribute, Relation, ManyRelation, Is from .models import Organization is_public_course = ManyRelation("organizations", "organizations", Organization, Attribute("name", matches="MITx")) perms["queries.view_course"] = is_authenticated | is_public_course