def add_kennel_permissions(): kennel_ct = ContentType.objects.get(app_label='pet', model='kennel') is_kennel = Permission(name='Is Kennel', codename='is_a_kennel', content_type=kennel_ct) is_kennel.save() return is_kennel
def test_usuarios_render_form_change_pas(self): """ Testa renderização do formulário de troca de senha """ contentItem = ContentType.objects.get(app_label='acesso',model='usuario') permission = Permission(name='Can Change Pass',content_type=contentItem,codename='change_pass_usuario') permission.save() permissions = Permission.objects.all().filter(content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) # Faz chamada da pagina response = self.client.get('/acesso/usuarios/password/') self.assertEquals(response.status_code, 200) self.assertContains(response, 'name="new_password1"', status_code=200) """ Testa renderização do formulário de troca de senha """ dataPost = { 'new_password1' : 'testpass2', 'new_password2' : 'testpass2', } response = self.client.post('/acesso/usuarios/password/', dataPost) self.assertEquals(response.status_code, 200)
def setUp(self): """ Set up the environment for the test cases """ super(GroupResourceTest, self).setUp() self.username = '******' self.password = '******' self.user = User.objects.create_superuser('tester', '*****@*****.**', 'test') self.user.user_permissions.add( Permission.objects.get(codename="add_user")) self.api_client.client.login(username='******', password='******') #Create a group self.group = Group(name="God") self.group.save() #Create a permission self.ct = ContentType(name='test') self.ct.save() self.permission = Permission(name='Test', codename='test', content_type=self.ct) self.permission.save() self.group.permissions.add(self.permission)
def permission_add(module, using=None): ''' 添加自定义权限 ''' content_type = None try: if not using: content_type = ContentType.objects.get( app_label=settings.PERMISSION_APP, model=module) else: content_type = ContentType.objects.using(using).get( app_label=settings.PERMISSION_APP, model=module) except: content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module) content_type.save(using=using) for op in operations.values(): try: perm = Permission(codename='%s_%s' % (op, module), name='can %s %s' % (op, module), content_type=content_type) perm.save(using=using) except: pass
def manager_perms_add(request): # login check start if not request.user.is_authenticated: return redirect('mylogin') # login check end perm = 0 for i in request.user.groups.all(): if i.name == "masteruser": perm = 1 if perm == 0: error = "Access Denied" return render(request, 'back/error.html', {'error': error}) if request.method == 'POST': name = request.POST.get('name') cname = request.POST.get('cname') contenttype = ContentType.objects.get(app_label='main', model='main') if len(Permission.objects.filter(codename=cname)) == 0: perm = Permission(name=name, codename=cname, content_type=contenttype) #permission = Permission.objects.create(codename=cname, name=name, content_type=content_type) perm.save() else: error = "This Codename Used Before" return render(request, 'back/error.html', {'error': error}) return redirect('manager_perms')
def _get_or_create_perm(perm): from django.contrib.contenttypes.models import ContentType from django.db import models if not perm: return None try: app, model, name = perm.split('.') except ValueError: return None # NOTE: This check is added to support local userdb database connection. # TODO: Ensure this is right. m = models.get_model(app, model, only_installed=False) if not m: return None try: return Permission.objects.get_by_natural_key(name, app, model) except Permission.DoesNotExist: try: ct = ContentType.objects.get_by_natural_key(app, model) perm = Permission(name=name, content_type=ct, codename=name) perm.save() return perm except ContentType.DoesNotExist: return None except ContentType.DoesNotExist: return None
def add_owner_permissions(): owner_ct = ContentType.objects.get(app_label='pet', model='owner') is_owner = Permission(name='Is Owner', codename='is_a_owner', content_type=owner_ct) is_owner.save() return is_owner
def test_user_permission_not_allowed(self): permission = Permission(content_type_id=1, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something')) self.assertEquals(response.status_code, 200) self.assertEquals(json['is-allowed'], False, json)
def post(self, request): ret = {'result': 0, 'msg': None} ## ajax 请求的权限验证 if not request.user.has_perm(self.permission_required): ret["result"] = 1 ret["msg"] = "Sorry,你没有'添加 permission 模型对象'的权限,请联系运维!" return JsonResponse(ret) perms_form = PermissionAddForm(request.POST) if not perms_form.is_valid(): ret['result'] = 1 error_msg = json.loads( perms_form.errors.as_json(escape_html=False)) ret["msg"] = '\n'.join( [i["message"] for v in error_msg.values() for i in v]) return JsonResponse(ret) try: perm = Permission(**perms_form.cleaned_data) except Exception as e: ret['result'] = 1 ret['msg'] = e.args else: perm.save() ret['msg'] = "权限创建成功" return JsonResponse(ret)
def test_puede_obtener_grupos_junto_con_permisos(self): user = User.objects.create_user(username='******', password='******') grupo = Group.objects.create(name='coordinador') tipo = ContentType.objects.get(app_label='escuelas', model='evento') puede_crear_eventos = Permission(name='crear', codename='evento.crear', content_type=tipo) puede_crear_eventos.save() grupo.permissions.add(puede_crear_eventos) self.client.force_authenticate(user=user) response = self.client.get('/api/groups', format='json') self.assertEqual(len(response.data['results']), 2) item_1 = response.data['results'][1] self.assertEquals(item_1["name"], "coordinador") # Inicialmente este grupo no tiene perfil self.assertEquals(item_1["perfiles"], []) # Si se vincula el grupo a un perfil ... user.perfil.group = grupo grupo.save() user.save() user.perfil.save() response = self.client.get('/api/groups', format='json') item_1 = response.data['results'][1] self.assertEquals(len(item_1["perfiles"]), 1) self.assertEquals(item_1["perfiles"][0]['type'], 'perfiles')
def post(self, request): """ content_type_id = request.POST.get("content_type") codename = request.POST.get("codename") name = request.POST.get("name") try: content_type = ContentType.objects.get(pk=content_type_id) except ContentType.DoesNotExist: return redirect("error", next="permission_list", msg="模型不存在") if not codename or codename.find(" ") >=0 : return redirect("error", next="permission_list", msg="codename 不合法") try: Permission.objects.create(codename=codename, content_type=content_type,name=name) except Exception as e: return redirect("error", next="permission_list", msg=e.args) return redirect("success", next="permission_list") """ permissionform = CreatePermissionForm(request.POST) if permissionform.is_valid(): permission = Permission(**permissionform.cleaned_data) try: permission.save() return redirect("success", next="permission_list") except Exception as e: return redirect("error", next="permission_list", msg=e.args) else: return redirect("error", next="permission_list", msg=json.dumps(permissionform.errors.as_json(), ensure_ascii=False))
def checkAndCreateModelPermissions(appName): from django.db.models.loading import get_app from django.db import models app = get_app(appName) for i in dir(app): try: a = app.__getattribute__(i) if issubclass(a, models.Model): checkAndCreateModelPermission(a) except: pass try: ct = ContentType.objects.get_for_model(Transaction) Permission(content_type=ct, codename='init_database', name='Init database').save() except: pass try: ct = ContentType.objects.get_for_model(Group) Permission(content_type=ct, codename='browse_' + Group.__name__.lower(), name='Can browse %s' % Group.__name__).save() except: pass
def test_user_permission_not_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something')) self.assertEquals(response.status_code, 200) self.assertEquals(json['is-allowed'], False, json)
def test_usuarios_render_form_change_pas(self): """ Testa renderização do formulário de troca de senha """ contentItem = ContentType.objects.get(app_label='acesso', model='usuario') permission = Permission(name='Can Change Pass', content_type=contentItem, codename='change_pass_usuario') permission.save() permissions = Permission.objects.all().filter( content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) # Faz chamada da pagina response = self.client.get('/acesso/usuarios/password/') self.assertEquals(response.status_code, 200) self.assertContains(response, 'name="new_password1"', status_code=200) """ Testa renderização do formulário de troca de senha """ dataPost = { 'new_password1': 'testpass2', 'new_password2': 'testpass2', } response = self.client.post('/acesso/usuarios/password/', dataPost) self.assertEquals(response.status_code, 200)
def pre_register(self, model, **kwargs): content_type = ContentType.objects.get_for_model(model) codename = 'can_receive_notification_%s' % content_type.model if not Permission.objects.filter(content_type=content_type, codename=codename): permission = Permission(name = 'Can receive notification', content_type = content_type, codename = codename) permission.save()
def create_club_admin_permission(sender, **kwargs): print "Creating club admin permission..." club_content_type = ContentType.objects.get_for_model(Club) if len(Permission.objects.filter(codename='full_club_admin')) == 0: club_admin_permission = Permission(name='Full Club Admin Access', codename='full_club_admin', content_type=club_content_type) club_admin_permission.save()
def test_current_user_permission_not_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.user_perm % 'auth.can_something', username=self.user.username) self.assertEquals(response.status_code, 200) self.assertEquals(json['permissions']['auth.can_something'], False, json)
def _get_permission(self, obj, code, create = False): ct = ContentType.objects.get_for_model(obj) pe = Permission.objects.filter(codename = code, content_type = ct) if pe: pe = pe[0] elif create: pe = Permission(codename = code, content_type = ct, name = 'Can view %s' % force_str(obj._meta.verbose_name)) pe.save() return pe
def test_current_user_permission_is_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() self.user.user_permissions.add(permission) response, json = self.do_get(self.user_perm % 'auth.can_something', username=self.user.username) self.assertEquals(response.status_code, 200) self.assertEquals(json['permissions']['auth.can_something'], True, json)
def mutate_and_get_payload(cls, root, info, **kwargs): name = kwargs.get('name') content_type = kwargs.get('content_type') codename = kwargs.get('codename') permission = Permission(name=name, content_type=content_type, codename=codename) permission.save() return CreatePermission(permission=permission)
def test_puede_sustituir_a_otro_usuario(self): # Comienza con dos usuarios user = User.objects.create_user(username='******', password='******') usuario_secundario = User.objects.create_user(username='******', password='******') # Se genera un grupo para el administrador grupo = Group.objects.create(name='coordinador') tipo = ContentType.objects.get(app_label='escuelas', model='evento') puede_administrar = Permission(name='perfil.global', codename='perfil.global', content_type=tipo) puede_administrar.save() grupo.permissions.add(puede_administrar) # Se asigna una region al perfil de usuario region_1 = models.Region.objects.create(numero=1) user.perfil.region = region_1 usuario_secundario.perfil.region = region_1 grupo.save() user.perfil.group = grupo user.save() user.perfil.save() usuario_secundario.perfil.save() usuario_secundario.save() self.client.login(username='******', password='******') self.client.force_authenticate(user=user) response = self.client.get('/api/mi-perfil', format='json') self.assertEqual(response.data['username'], "test") self.assertEqual(len(response.data['grupos']), 1, "Tiene un solo grupo") self.assertEqual(response.data['grupos'][0]['nombre'], 'coordinador', "Tiene asignado el grupo coordinador") # Accede al perfil de otro usuario correctamente response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' % (usuario_secundario.id), format='json') self.assertEqual(response.data['username'], "secundario") self.client.logout() # Si un usuario que no tiene permisos de administrador intenta ver el perfil de otro usuario falla, por falta de permisos self.client.login(username='******', password='******') self.client.force_authenticate(user=usuario_secundario) response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' % (user.id), format='json') self.assertEqual(response.status_code, 500)
def createProjectPermission(pDesc, pCodeName, groups): projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL, model='project') permission = Permission(name=pDesc, codename=pCodeName, content_type=projectContenType) permission.save() print 'Created permission=%s...' % permission.codename for group in groups: group.permissions.add(permission) group.save() print '...and associated to group=%s' % group.name return permission
def setUp(self): """ Set up dependent objects """ super(ItemTest, self).setUp() self.ct = ContentType(app_label="po") self.ct.save() self.p = Permission(codename="add_purchaseorder", content_type=self.ct) self.p.save() self.p2 = Permission(codename="change_purchaseorder", content_type=self.ct) self.p2.save() #Create the user self.username = '******' self.password = '******' self.user = User.objects.create_user( self.username, '*****@*****.**', self.password) self.user.save() self.user.user_permissions.add(self.p) self.user.user_permissions.add(self.p2) self.client.login(username=self.username, password=self.password) self.supplier = Supplier(**base_supplier) self.supplier.save() self.address = Address(**base_address) self.address.contact = self.supplier self.address.save() self.contact = SupplierContact(name='test', email='*****@*****.**', telephone=1234, primary=True) self.contact.supplier = self.supplier self.contact.save() self.supply = Fabric.create(**base_fabric) #self.supply.units = "m^2" self.supply.save() self.po = PurchaseOrder() self.po.employee = self.user self.po.supplier = self.supplier self.po.terms = self.supplier.terms self.po.vat = 7 self.po.order_date = datetime.datetime(2014, 3, 2) self.po.save() self.item = Item(unit_cost=Decimal('13.55'), quantity=Decimal('10'), supply=self.supply) self.item.description = self.supply.description self.item.purchase_order = self.po self.item.save()
def get_permission(self, permission_prefix, create_permission=False): permission_codename = u"%s_%s" % (permission_prefix, self.name) permission_description = u"%s %s instances" % (permission_prefix, self.name) try: permission = Permission.objects.get(codename=permission_codename) except Permission.DoesNotExist: content_type = ContentType.objects.get(app_label=APP_LABEL, model='qproject') permission = Permission(codename=permission_codename, name=permission_description, content_type=content_type) if create_permission: permission.save() return permission
def test_user_is_checked_for_global_db_permission(self): user = User(is_active=True) user.save() content_type = ContentType(app_label='test_app') content_type.save() permission = Permission(content_type=content_type, codename='test_permission') permission.save() user.user_permissions.add(permission) backend = PermissionBackend() self.assertTrue(backend.has_perm(user, 'test_app.test_permission'))
def edit_all_permission(self, log=None): ct = ContentType.objects.get_for_model(self) try: p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name()) except Permission.DoesNotExist: p = Permission(content_type=ct, codename=self.edit_all_permission_name(), name="Edit all data for widget %s" % self.name) p.save() if log is not None: print >> log, "Created edit all permission for widget %s" % self.name return p
def test_create_permissions(self): '''Test creating and adding permissions''' self.p = Permission() self.p.codename = 'change_product_price' self.p.name = 'Change the price of a product' self.p.content_type = ContentType.objects.get(id=1) self.p.save() self.assertTrue(self.p.codename, 'change_product_price') self.u1.user_permissions.add(self.p) self.assertEquals(self.u1.has_perm('admin.change_product_price'), True)
def __new__(cls, name, bases, attrs): module = attrs.pop('__module__') parents = [b for b in bases if isinstance(b, ProfilePermissonBase)] if parents: fields = [] for obj_name, obj in attrs.items(): if isinstance(obj, models.Field): fields.append(obj_name) Permission.add_to_class(obj_name, obj) return super(ProfilePermissonBase, cls).__new__(cls, name, bases, attrs)
def post(self, request): permission_form = CreatePermissionForm(request.POST) if permission_form.is_valid(): permission = Permission(**permission_form.cleaned_data) try: permission.save() return redirect('success', next='permission_list') except Exception as e: return redirect('error', next='permission_add', msg=e.args) else: return redirect('error', next='permission_add', msg=json.dumps(json.load(permission_form.errors.as_json()), ensure_ascii=False))
def employe(request): logger.info('function_call employe(request) ->') if request.method == 'POST': employe = User.objects.get(id = int(request.POST.get('id_record'))) profile = UserProfile.objects.get(user = employe) form = EmployeForm(initial={'username': employe.username, 'email': employe.email, 'firstname': employe.first_name, 'lastname': employe.last_name, 'vacation_days': profile.vacation_days, 'min_hours': profile.min_hours, 'max_hours': profile.max_hours, 'hourly_rate': profile.hourly_rate, 'management': employe.has_perm('auth.management'), 'api': employe.is_staff}) if request.POST.get('action'): if request.POST.get('action') == "modifie": form = EmployeForm(request.POST) if form.is_valid(): employe.username = form.cleaned_data['username'] employe.email = form.cleaned_data['email'] employe.first_name = form.cleaned_data['firstname'] employe.last_name = form.cleaned_data['lastname'] employe.save() profile.vacation_days = form.cleaned_data['vacation_days'] profile.min_hours = form.cleaned_data['min_hours'] profile.max_hours = form.cleaned_data['max_hours'] profile.hourly_rate = form.cleaned_data['hourly_rate'] profile.save() try: permission = Permission.objects.get(codename='management') except Exception: permissionNew = Permission(name = "management", content_type = ContentType.objects.get(model='permission'), codename = "management") permissionNew.save() permission = Permission.objects.get(codename='management') if form.cleaned_data['management'] == True: employe.user_permissions.add(permission) else: employe.user_permissions.remove(permission) if form.cleaned_data['api'] == True: employe.is_staff = 1 employe.save() else: employe.is_staff = 0 employe.save() return HttpResponseRedirect(reverse('staff')) c = {'user':request.user, 'employe':employe, 'form':form, 'SITENAME':settings.SITENAME, 'management':request.user.has_perm('auth.management')} c.update(csrf(request)) return render_to_response('employe.html', c, context_instance=RequestContext(request))
def view_permisions(apps=None): if not apps: apps = ['whs', 'lab', 'energy', 'it'] for app in apps: for c in ContentType.objects.filter(app_label=app): if issubclass(c.model_class(),UrlMixin): p = Permission(codename='view_%s' % c.model, name=u'Можно просматривать %s' % c.name, content_type=c) try: p.validate_unique() except ValidationError: pass else: p.save()
def permission(self, log=None): ct = ContentType.objects.get_for_model(self) try: p = Permission.objects.get(content_type=ct, codename=self.permission_name()) except Permission.DoesNotExist: p = Permission(content_type=ct, codename=self.permission_name(), name="upload data files for %s" % self.app) p.save() if log: print >> log, "Created uploader permission for %s" % self.app return p
def setUp(self): self.product_type = Product_Type() self.user = Dojo_User() self.group = Group() self.permission_a = Permission() self.permission_a.codename = 'a' self.permission_b = Permission() self.permission_b.codename = 'b' self.permission_c = Permission() self.permission_c.codename = 'c'
def test_render_configuracoes(self): # Faz chamada da pagina contentItem = ContentType.objects.get(app_label='core',model='parametro') permission = Permission(name='Can Access Configurations',content_type=contentItem,codename='core_configurations') permission.save() permissions = Permission.objects.all().filter(content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) response = self.client.get('/core/configuracoes/') self.assertEquals(response.status_code, 200)
def create_permission_if_doesnt_exist(codename, desc, content_type): try: permission = Permission(name=desc, codename=codename, content_type=content_type) permission.save() except IntegrityError: print('permission {} exists'.format(codename)) permission = Permission.objects.get(codename=codename) else: print('created permission {}'.format(codename)) return permission
def tagPreSave(sender, instance, created, **kwargs): if not created: return permission = Permission() permission.codename = 'tag_{0}'.format(instance.name) permission.name = 'Can add tag {0}'.format(instance.name) permission.content_type = ContentType.objects.get_for_model(Tag) permission.full_clean() permission.save()
def create_permission(request): new_permission=Permission() new_permission.content_type_id=1 new_permission.codename=request.POST.get("codename") new_permission.name=request.POST.get("permission_title") new_permission.save() description=request.POST.get("permission_desc") permission_type=request.POST.get("permission_type") new_permission.save() PermissionService.create_permission_extend(new_permission.id,permission_type, description)
def setUp(self): """ Set up dependent objects """ super(ItemTest, self).setUp() self.ct = ContentType(app_label="po") self.ct.save() self.p = Permission(codename="add_purchaseorder", content_type=self.ct) self.p.save() self.p2 = Permission(codename="change_purchaseorder", content_type=self.ct) self.p2.save() #Create the user self.username = '******' self.password = '******' self.user = User.objects.create_user(self.username, '*****@*****.**', self.password) self.user.save() self.user.user_permissions.add(self.p) self.user.user_permissions.add(self.p2) self.client.login(username=self.username, password=self.password) self.supplier = Supplier(**base_supplier) self.supplier.save() self.address = Address(**base_address) self.address.contact = self.supplier self.address.save() self.contact = SupplierContact(name='test', email='*****@*****.**', telephone=1234, primary=True) self.contact.supplier = self.supplier self.contact.save() self.supply = Fabric.create(**base_fabric) #self.supply.units = "m^2" self.supply.save() self.po = PurchaseOrder() self.po.employee = self.user self.po.supplier = self.supplier self.po.terms = self.supplier.terms self.po.vat = 7 self.po.order_date = datetime.datetime(2014, 3, 2) self.po.save() self.item = Item(unit_cost=Decimal('13.55'), quantity=Decimal('10'), supply=self.supply) self.item.description = self.supply.description self.item.purchase_order = self.po self.item.save()
def add_permissions(self): #busca tabela de models contentItem = ContentType.objects.get(app_label='oportunidade',model='oportunidade') #busca permissoes do model if not contentItem: self.assertTrue(False) customPermission = Permission(name='Dashboard',content_type=contentItem,codename='index_dashboard') customPermission.save() permissions = Permission.objects.filter(content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission)
def save(request): """ :param request: :return: """ name = request.POST.get('name', '') key = request.POST.get('key', '') module = request.POST.get('module', '') if module: content_type = ContentType.objects.get(id=int(module)) perm = Permission(name=name, codename=key, content_type=content_type) perm.save() return HttpResponseRedirect("/sys/account/perm")
def show_urls(urllist, depth=0): urls = [] # show_urls(urls.urlpatterns) for entry in urllist: urls.append(entry) perm = Permission(name=entry.name, codename=entry.pattern.regex.pattern, content_type_id=7) if Permission.objects.filter(name=entry.name).count() == 0: perm.save() if hasattr(entry, 'url_patterns'): show_urls(entry.url_patterns, depth + 1) return urls
def edit_all_permission(self, log=None): """ Returns the actual :model:`auth.Permission` permission object required to manually edit all data for this widget family, creating it if it does not already exist. """ ct = ContentType.objects.get_for_model(self) try: p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name()) except Permission.DoesNotExist: p = Permission(content_type=ct, codename=self.edit_all_permission_name(), name="Edit all data for widget %s" % self.name) p.save() if log is not None: print >> log, "Created edit all permission for widget %s" % self.name return p
def permission_add(request): if request.method == "POST": name = request.POST['name'] contenttype = request.POST['contenttype'] codename = request.POST['codename'] #print name,contenttype,codename permission_to_save = Permission( name=name, content_type_id=contenttype, codename=codename, ) permission_to_save.save() return HttpResponseRedirect('/account/manage/permission_list.html') else: content_types = ContentType.objects.all() return render_to_response('perm_add.html',{'content_types':content_types},context_instance=RequestContext(request))
def post(self, request): ##使用Form类处理前端输入的内容 permissionform = CreatePermissionForm(request.POST) if permissionform.is_valid(): permission = Permission(**permissionform.cleaned_data) try: permission.save() return redirect("success", next="permission_list") except Exception as e: return redirect("error", next="permission_list", msg=e.args) else: return redirect("error", next="permission_list", msg=json.dumps(json.loads( permissionform.errors.as_json()), ensure_ascii=False))
def get_missing_permissions_for_app_config(app_config): """ Return missing permissions for a given app config """ # get existing contenttypes ctypes = get_all_contenttypes_for_app_config(app_config) if not ctypes: return [] # get all permissions that should exist searched_perms = get_searched_permissions(ctypes) if not searched_perms: return [] # get existing permissions all_perms = get_all_permissions([ctype for ctype, klass in ctypes]) # build missing permissions perms = [ Permission(codename=codename, name=name, content_type=ct) for ct, (codename, name) in searched_perms if (ct.pk, codename) not in all_perms ] return perms
def save(self, force_insert=False, force_update=False, using=None, update_fields=None): try: content_type1 = ContentType.objects.get(app_label="frontend", model="Article", name="文章板块权限") except: content_type1 = ContentType(app_label="frontend", model="Article", name="文章板块权限") content_type1.save() try: content_type2 = ContentType.objects.get(app_label="frontend", model="Slider", name="幻灯片推送权限") except: content_type2 = ContentType(app_label="frontend", model="Slider", name="幻灯片推送权限") content_type2.save() try: content_type3 = ContentType.objects.get(app_label="frontend", model="Activity", name="活动发布权限") except: content_type3 = ContentType(app_label="frontend", model="Activity", name="活动发布权限") content_type3.save() translate = {"add": "添加", "delete": "删除", "change": "修改"} for permission in ["add", "delete", "change"]: try: codename = permission + "_" + self.codename + "_articles" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的文章" codename = permission + "_" + self.codename + "_articles" p = Permission(name=name, content_type=content_type1, codename=codename) p.save() try: codename = permission + "_" + self.codename + "_sliders" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的幻灯片" codename = permission + "_" + self.codename + "_sliders" p = Permission(name=name, content_type=content_type2, codename=codename) p.save() try: codename = permission + "_" + self.codename + "_activities" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的活动" codename = permission + "_" + self.codename + "_activities" p = Permission(name=name, content_type=content_type3, codename=codename) p.save() if self.order == None: self.order = self.id result = super(SecondaryMenu, self).save() return result
def test_has_perm(self): userObject = User.objects.create_user('testuser', '*****@*****.**', 'test') basic, _ = Group.objects.get_or_create(name='account_basic') userObject.groups.add(basic) userObject.save() self.assertFalse(has_perm(userObject, Group.objects, 'projects.can_view')) userObjectTwo = User.objects.create_user('testuser2', '*****@*****.**', 'test') premium, _ = Group.objects.get_or_create(name='account_premium') userObjectTwo.groups.add(premium) userObjectTwo.save() project_ct = ContentType.objects.get(app_label='projects', model='Project') can_view = Permission(name='Test Permssion', codename='test_perm', content_type=project_ct) can_view.save() premium.permissions.add(can_view) self.assertTrue(has_perm(userObjectTwo, Group.objects, 'projects.test_perm'))
def check_plugin_permissions(): """ Add custom can_use_plugin_* permissions for registered plugins """ logger.endGroup() logger.setGroup('permissions', 'check custom permissions for registered plugins') # Get permission content_type from existing can_submit_jobs permission p = Permission.objects.filter(codename = 'can_submit_jobs')[0] ct = p.content_type for plugin in manager.plugins: perm_name = 'can_use_plugin_' + plugin.id p = Permission.objects.filter(codename = perm_name) if p: logger.log("Permission %s found" % perm_name) else: np = Permission(name = ("Can use %s plugin" % plugin.description)[:50], content_type = ct, codename = perm_name) np.save() logger.log("Added %s permission" % perm_name)
def permission_add(module, using=None): ''' 添加自定义权限 ''' content_type = None try: if not using: content_type = ContentType.objects.get(app_label=settings.PERMISSION_APP, model=module) else: content_type = ContentType.objects.using(using).get(app_label=settings.PERMISSION_APP, model=module) except: content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module) content_type.save(using=using) for op in operations.values(): try: perm = Permission(codename='%s_%s'%(op,module),name='can %s %s'%(op,module),content_type=content_type) perm.save(using=using) except: pass
def save_related (self, request, form, formsets, change): if change: # If any grade change occurred; the save override will take care of the removal of previous permissions associated with the previous grade # All we have to care aboot here is saving the related objects i.e. subject with the appropriate permissions # codename: {Level.grade}_{ClassRoom.section}_{Subject.name} # name: {Level.grade}-{ClassRoom.section}: {Subject.name} LEVEL = Level.objects.get (pk = request.META['HTTP_REFERER'][request.META['HTTP_REFERER'].rfind('/', 0, -1) + 1: -1]) # level object: related fields UNSAVED untill form save if LEVEL.classroom_set.count(): # we will have to create/edit permission if a level is associated with a class room NEW_SUBJECT_LIST = [] for SID in request.POST.getlist ("subject"): # Looping through the subject id's NEW_SUBJECT_LIST.append (Subject.objects.get(pk = SID).name) for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have deleted any permission that shouldn't exist anymore due to the change in the level object for S in LEVEL.subject.all(): if S.name not in NEW_SUBJECT_LIST: Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S.name).delete() for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have created any new permission that should be created due to the change in the level object for S in NEW_SUBJECT_LIST: if not Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S).exists(): # Permission Structure # codename: {Level.grade}_{ClassRoom.section}_{Subject.name} # name: {Level.grade}-{ClassRoom.section}: {Subject.name} NEW_P = Permission () NEW_P.codename = LEVEL.grade +"_"+ CR.section +"_"+ S NEW_P.name = LEVEL.grade +"-"+ CR.section +": "+ S NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom") NEW_P.save() form.save()
def save(self, force_insert=False, force_update=False, using=None, update_fields=None): try: content_type = ContentType.objects.get(app_label="frontend", model="Article", name="文章板块权限") except: content_type = ContentType(app_label="frontend", model="Article", name="文章板块权限") content_type.save() translate = {"add": "添加", "delete": "删除", "change": "修改"} for permission in ["add", "delete", "change"]: try: codename = permission + "_" + self.codename + "_articles" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的文章" codename = permission + "_" + self.codename + "_articles" p = Permission(name=name, content_type=content_type, codename=codename) p.save() if self.order == None: self.order = self.id result = super(MainMenu, self).save() return result
def make_permission(modeladmin, request, queryset): for project in queryset: p = Permission(name=u'编辑%s锁定文本'%project.title_cn, \ content_type_id=10, codename='can_edit_lock_%s'%project.project_name) p.save() p = Permission(name=u'%s项目组员'%project.title_cn, \ content_type_id=11, codename='%s_member'%project.project_name) p.save()
def handle(self, *args, **options): self.stdout.write("Check if \"Forum.forum_admin\" permission exists.") content_type = ContentType.objects.get_for_model(Forum) perm = Permission(codename='forum_admin',name='Is Forum global administrator',content_type=content_type) try: perm = Permission.objects.get(codename=perm.codename, name=perm.name, content_type=perm.content_type) self.stdout.write("Already exists. No need to create it.") except: self.stdout.write("Create \"Forum.forum_admin\" permission.") perm.save() self.stdout.write("Check if \"Forum Admins\" group exists.") group = Group(name="Forum Admins") try: Group.objects.get(name="Forum Admins") self.stdout.write("Already exists. No need to create it.") except: self.stdout.write("Create \"Forum Admins\" group.") group.save() group.permissions.add(perm) self.stdout.write("Check if Main Forum exists.") try: Forum.objects.get(id=0) self.stdout.write("Already exists. No need to create it.") except: f_name = raw_input("Main Forum name (if empty it'll be 'Main Forum'):") if f_name == "": f_name = "Main Forum" self.stdout.write("Create Main Forum.") f = Forum(name=f_name, local_id=0) f.save() self.stdout.write("Done.")
def save(self, *args, **kwargs): if not self.id and hasattr(self, "instance_permissions"): for perm in self.instance_permissions: p = Permission() p.codename = "%s%s" % (perm[0], self.slug) p.name = "%s%s" % (perm[1], self.name) p.content_type = ContentType.objects.get_for_model(self) p.save() return super(PermissionMixIn, self).save(*args, **kwargs)
def setUp(self): self.factory = RequestFactory() self.test_user = UserModel.objects.create_user("test_user", "*****@*****.**", "123456") self.test_noscope_user = UserModel.objects.create_user("test_no_scope_user", "*****@*****.**", "123456") from django.contrib.auth.models import Permission p = Permission() p.name = "test_user_scope" p.content_type_id = 7 p.save() self.test_user.user_permissions.add(p) self.application = Application( name="Test Application", user=self.test_user, client_type=Application.CLIENT_CONFIDENTIAL, client_id="test_client_id", authorization_grant_type=Application.GRANT_PASSWORD, client_secret="test_client_secret", scopes="test_app_scope1 test_app_scope2" ) self.application.save() oauth2_settings._SCOPES = ['read', 'write']
def save (self, *args, **kwargs): self.first_name = self.first_name.title() self.father_name = self.father_name.title() super (Parent, self).save(*args, **kwargs) if not Permission.objects.filter (codename = "send_message_p").exists(): NEW_P = Permission () NEW_P.codename = "send_message_p" NEW_P.name = "Can Send Messages to Parents (Directly)" NEW_P.content_type = ContentType.objects.get (app_label="condor", model="parent") NEW_P.save()
def create_user(self): self.user = User.objects.create_user('test', '*****@*****.**', 'test') self.ct = ContentType(app_label='acknowledgements') self.ct.save() perm = Permission(content_type=self.ct, codename='change_item') perm.save() self.user.user_permissions.add(perm) perm = Permission(content_type=self.ct, codename='change_fabric') perm.save() self.user.user_permissions.add(perm) self.assertTrue(self.user.has_perm('acknowledgements.change_item')) return self.user
def filter_data_by_user_and_perm(query_set, user, perm): ''' API 目前暂无地方调用 根据用户user的角色和权限对记录集query_set进行过滤,返回其中用户具有perm权限的记录集 ''' model=query_set.model ct=ContentType.objects.get_for_model(model) if isinstance(perm, Permission): p=perm else: p=Permission.get(content_type=ct, codename=perm) q=models.Q(pk__in=[]) for ur in user_role.objects.filter(user=user): #检查该用户的所有角色 if p in ur.role.permissions.all(): f=model_owner_rel(ur.role.object_type.model, model) #得到该角色对应的对象数据查询条件 if f: q|=models.Q(**{f:ur.object_id}) return query_set.filter(q)