class DecoratorsTest(TestCase): fixtures = [ 'sample_admin.json', ] def setUp(self): call_command("load_current_apps") self.app = App.objects.get(name="cartoview_basic_viewer") self.app_instance = AppInstance() self.app_instance.app = self.app self.user = Profile.objects.get(username="******") self.app_instance.owner = self.user self.app_instance.title = "fake_viewer" self.app_instance.config = {} self.app_instance.abstract = "fake_viewer_abstract" self.app_instance.map_id = None self.app_instance.save() def test_can_view_app(self): func_allowed = Mock() func_allowed.__name__ = "fake_app_view" req = HttpRequest() req.user = self.user decorated = can_view_app_instance(func_allowed) decorated(req, instance_id=self.app_instance.id) self.assertTrue(func_allowed.called) func_anonymous_allowed = Mock() func_anonymous_allowed.__name__ = "fake_app_view" req.user = AnonymousUser() decorated = can_view_app_instance(func_anonymous_allowed) decorated(req, instance_id=self.app_instance.id) self.assertTrue(func_anonymous_allowed.called) func_not_allowed = Mock() func_not_allowed.__name__ = "fake_app_view" decorated = can_view_app_instance(func_not_allowed) owner_permissions = [ 'view_resourcebase', 'download_resourcebase', 'change_resourcebase_metadata', 'change_resourcebase', 'delete_resourcebase', 'change_resourcebase_permissions', 'publish_resourcebase', ] permessions = { 'users': { '{}'.format(self.user): owner_permissions, } } self.app_instance.set_permissions(permessions) try: decorated(req, instance_id=self.app_instance.id) except PermissionDenied: pass self.assertFalse(func_not_allowed.called)
def save(self, request, instance_id=None): user = request.user res_json = dict(success=False) data = json.loads(request.body) config = data.get('config', None) logger.error(config) resources = config['resources'] title = data.get('title', "") access = data.get('access', None) keywords = data.get('keywords', []) config.update(access=access, keywords=keywords) config = json.dumps(data.get('config', None)) abstract = data.get('abstract', "") if instance_id is None: instance_obj = AppInstance() instance_obj.app = App.objects.get(name=self.app_name) instance_obj.owner = user else: instance_obj = AppInstance.objects.get(pk=instance_id) user = instance_obj.owner instance_obj.title = title instance_obj.config = config instance_obj.abstract = abstract if config: maps = Map.objects.filter(id__in=[int(id) for id in resources]) if maps.count() > 0: instance_obj.map = maps[0] else: instance_obj.map = None instance_obj.save() owner_permissions = [ 'view_resourcebase', 'download_resourcebase', 'change_resourcebase_metadata', 'change_resourcebase', 'delete_resourcebase', 'change_resourcebase_permissions', 'publish_resourcebase', ] permessions = { 'users': { '{}'.format(request.user.username): owner_permissions, } } self.get_users_permissions(access, permessions, user.username) instance_obj.set_permissions(permessions) if hasattr(instance_obj, 'keywords') and keywords: new_keywords = [ k for k in keywords if k not in instance_obj.keyword_list()] instance_obj.keywords.add(*new_keywords) res_json.update(dict(success=True, id=instance_obj.id)) return HttpResponse(json.dumps(res_json), content_type="application/json")
def save(self, request, instance_id=None): user = request.user res_json = dict(success=False) data = json.loads(request.body) config = data.get('config', None) map_id = data.get('map', None) title = data.get('title', "") access = data.get('access', None) keywords = data.get('keywords', []) config.update(access=access, keywords=keywords) config = json.dumps(data.get('config', None)) abstract = data.get('abstract', "") if instance_id is None: instance_obj = AppInstance() instance_obj.app = App.objects.get(name=self.app_name) instance_obj.owner = user else: instance_obj = AppInstance.objects.get(pk=instance_id) user = instance_obj.owner instance_obj.title = title instance_obj.config = config instance_obj.abstract = abstract instance_obj.map_id = map_id instance_obj.save() owner_permissions = [ 'view_resourcebase', 'download_resourcebase', 'change_resourcebase_metadata', 'change_resourcebase', 'delete_resourcebase', 'change_resourcebase_permissions', 'publish_resourcebase', ] permessions = { 'users': { '{}'.format(request.user.username): owner_permissions, } } self.get_users_permissions(access, permessions, user.username) instance_obj.set_permissions(permessions) if hasattr(instance_obj, 'keywords') and keywords: new_keywords = [ k for k in keywords if k not in instance_obj.keyword_list() ] instance_obj.keywords.add(*new_keywords) res_json.update(dict(success=True, id=instance_obj.id)) return HttpResponse(json.dumps(res_json), content_type="application/json")
def save(request, instance_id=None, app_name=APP_NAME): res_json = dict(success=False) data = json.loads(request.body) map_id = data.get('map', None) title = data.get('title', "") config = data.get('config', None) access = data.get('access', None) config.update(access=access) config = json.dumps(data.get('config', None)) abstract = data.get('abstract', "") keywords = data.get('keywords', []) if instance_id is None: instance_obj = AppInstance() instance_obj.app = App.objects.get(name=app_name) instance_obj.owner = request.user else: instance_obj = AppInstance.objects.get(pk=instance_id) instance_obj.title = title instance_obj.config = config instance_obj.abstract = abstract instance_obj.map_id = map_id instance_obj.save() owner_permissions = [ 'view_resourcebase', 'download_resourcebase', 'change_resourcebase_metadata', 'change_resourcebase', 'delete_resourcebase', 'change_resourcebase_permissions', 'publish_resourcebase', ] if access == "private": permessions = { 'users': { '{}'.format(request.user): owner_permissions, } } else: permessions = { 'users': { '{}'.format(request.user): owner_permissions, 'AnonymousUser': [ 'view_resourcebase', ], } } # set permissions so that no one can view this appinstance other than # the user instance_obj.set_permissions(permessions) # update the instance keywords if hasattr(instance_obj, 'keywords'): for k in keywords: if k not in instance_obj.keyword_list(): instance_obj.keywords.add(k) res_json.update(dict(success=True, id=instance_obj.id)) return HttpResponse(json.dumps(res_json), content_type="application/json")
def save(self, request, instance_id=None): res_json = dict(success=False) data = json.loads(request.body) config = data.get('config', None) base64_image = config.get('logo', None) if base64_image: logo = base64_image.get('base64', None) encoded_image = generate_thumbnails(logo) config['logo']['base64'] = encoded_image map_id = data.get('map', None) title = data.get('title', "") access = data.get('access', None) keywords = data.get('keywords', []) config.update(access=access, keywords=keywords) config = json.dumps(data.get('config', None)) abstract = data.get('abstract', "") if instance_id is None: instance_obj = AppInstance() instance_obj.app = App.objects.get(name=self.app_name) instance_obj.owner = request.user else: instance_obj = AppInstance.objects.get(pk=instance_id) instance_obj.title = title instance_obj.config = config instance_obj.abstract = abstract instance_obj.map_id = map_id instance_obj.save() owner_permissions = [ 'view_resourcebase', 'download_resourcebase', 'change_resourcebase_metadata', 'change_resourcebase', 'delete_resourcebase', 'change_resourcebase_permissions', 'publish_resourcebase', ] # access limited to specific users users_permissions = {'{}'.format(request.user): owner_permissions} for user in access: if isinstance(user, dict) and \ user.get('value', None) != request.user.username: users_permissions.update( {user.get('value', None): [ 'view_resourcebase', ]}) permessions = {'users': users_permissions} # set permissions so that no one can view this appinstance other than # the user instance_obj.set_permissions(permessions) # update the instance keywords if hasattr(instance_obj, 'keywords') and keywords: for k in keywords: if k.get('value', None) not in instance_obj.keyword_list(): instance_obj.keywords.add(k.get('value', None)) res_json.update(dict(success=True, id=instance_obj.id)) return HttpResponse(json.dumps(res_json), content_type="application/json")