def pre_register(self, model, **kwargs):
content_type = ContentType.objects.get_for_model(model)
codename = 'can_receive_notification_%s' % content_type.model
if not Permission.objects.filter(content_type=content_type, codename=codename):
permission = Permission(name = 'Can receive notification', content_type = content_type, codename = codename)
permission.save()
def add_owner_permissions():
owner_ct = ContentType.objects.get(app_label='pet', model='owner')
is_owner = Permission(name='Is Owner',
codename='is_a_owner',
content_type=owner_ct)
is_owner.save()
return is_owner
def post(self, request):
ret = {'result': 0, 'msg': None}
## ajax 请求的权限验证
if not request.user.has_perm(self.permission_required):
ret["result"] = 1
ret["msg"] = "Sorry,你没有'添加 permission 模型对象'的权限,请联系运维!"
return JsonResponse(ret)
perms_form = PermissionAddForm(request.POST)
if not perms_form.is_valid():
ret['result'] = 1
error_msg = json.loads(
perms_form.errors.as_json(escape_html=False))
ret["msg"] = '\n'.join(
[i["message"] for v in error_msg.values() for i in v])
return JsonResponse(ret)
try:
perm = Permission(**perms_form.cleaned_data)
except Exception as e:
ret['result'] = 1
ret['msg'] = e.args
else:
perm.save()
ret['msg'] = "权限创建成功"
return JsonResponse(ret)
def test_groups_permissions(self):
'''Test permissions and adding groups to users'''
g1 = Group()
g1.name = 'Salespeople'
# you must save before you add test_groups_permissions
g1.save()
g1.permissions.add(Permission.objects.get(id=1))
# prints out all available test_groups_permissions
# for p in Permission.objects.all():
# print('Codename: ' + p.codename)
# print('Name: ' + p.name)
# print('ContentType: ' + str(p.content_type))
# this is a pretty bad idea: self.u1.user_permissions.add(p)
# create a permission
p = Permission()
p.codename = 'change_product_price'
p.name = 'Change the price of a product'
p.content_type = ContentType.objects.get(id=1)
p.save()
# add permission to groups
g1.permissions.add(
Permission.objects.get(codename='change_product_price'))
g1.save()
# add user to group
self.u1.groups.add(g1)
self.u1.save()
# check to see if the group has the new permissions
self.assertTrue(self.u1.groups.filter(name='Salespeople'))
self.assertTrue(self.u1.has_perm('admin.change_product_price'))
def test_usuarios_render_form_change_pas(self):
"""
Testa renderização do formulário de troca de senha
"""
contentItem = ContentType.objects.get(app_label='acesso',model='usuario')
permission = Permission(name='Can Change Pass',content_type=contentItem,codename='change_pass_usuario')
permission.save()
permissions = Permission.objects.all().filter(content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
# Faz chamada da pagina
response = self.client.get('/acesso/usuarios/password/')
self.assertEquals(response.status_code, 200)
self.assertContains(response, 'name="new_password1"', status_code=200)
"""
Testa renderização do formulário de troca de senha
"""
dataPost = {
'new_password1' : 'testpass2',
'new_password2' : 'testpass2',
}
response = self.client.post('/acesso/usuarios/password/', dataPost)
self.assertEquals(response.status_code, 200)
def save_related (self, request, form, formsets, change):
if change:
# If any grade change occurred; the save override will take care of the removal of previous permissions associated with the previous grade
# All we have to care aboot here is saving the related objects i.e. subject with the appropriate permissions
# codename: {Level.grade}_{ClassRoom.section}_{Subject.name}
# name: {Level.grade}-{ClassRoom.section}: {Subject.name}
LEVEL = Level.objects.get (pk = request.META['HTTP_REFERER'][request.META['HTTP_REFERER'].rfind('/', 0, -1) + 1: -1]) # level object: related fields UNSAVED untill form save
if LEVEL.classroom_set.count(): # we will have to create/edit permission if a level is associated with a class room
NEW_SUBJECT_LIST = []
for SID in request.POST.getlist ("subject"): # Looping through the subject id's
NEW_SUBJECT_LIST.append (Subject.objects.get(pk = SID).name)
for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have deleted any permission that shouldn't exist anymore due to the change in the level object
for S in LEVEL.subject.all():
if S.name not in NEW_SUBJECT_LIST:
Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S.name).delete()
for CR in LEVEL.classroom_set.all(): # After finishing this loop we would have created any new permission that should be created due to the change in the level object
for S in NEW_SUBJECT_LIST:
if not Permission.objects.filter (codename = LEVEL.grade +"_"+ CR.section +"_"+ S).exists():
# Permission Structure
# codename: {Level.grade}_{ClassRoom.section}_{Subject.name}
# name: {Level.grade}-{ClassRoom.section}: {Subject.name}
NEW_P = Permission ()
NEW_P.codename = LEVEL.grade +"_"+ CR.section +"_"+ S
NEW_P.name = LEVEL.grade +"-"+ CR.section +": "+ S
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.save()
form.save()
def permission_add(module, using=None):
'''
添加自定义权限
'''
content_type = None
try:
if not using:
content_type = ContentType.objects.get(
app_label=settings.PERMISSION_APP, model=module)
else:
content_type = ContentType.objects.using(using).get(
app_label=settings.PERMISSION_APP, model=module)
except:
content_type = ContentType(name=module,
app_label=settings.PERMISSION_APP,
model=module)
content_type.save(using=using)
for op in operations.values():
try:
perm = Permission(codename='%s_%s' % (op, module),
name='can %s %s' % (op, module),
content_type=content_type)
perm.save(using=using)
except:
pass
def test_user_permission_not_allowed(self):
permission = Permission(content_type_id=1, name='Can something',
codename='can_something')
permission.save()
response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something'))
self.assertEquals(response.status_code, 200)
self.assertEquals(json['is-allowed'], False, json)
def test_puede_obtener_grupos_junto_con_permisos(self):
user = User.objects.create_user(username='******', password='******')
grupo = Group.objects.create(name='coordinador')
tipo = ContentType.objects.get(app_label='escuelas', model='evento')
puede_crear_eventos = Permission(name='crear',
codename='evento.crear',
content_type=tipo)
puede_crear_eventos.save()
grupo.permissions.add(puede_crear_eventos)
self.client.force_authenticate(user=user)
response = self.client.get('/api/groups', format='json')
self.assertEqual(len(response.data['results']), 2)
item_1 = response.data['results'][1]
self.assertEquals(item_1["name"], "coordinador")
# Inicialmente este grupo no tiene perfil
self.assertEquals(item_1["perfiles"], [])
# Si se vincula el grupo a un perfil ...
user.perfil.group = grupo
grupo.save()
user.save()
user.perfil.save()
response = self.client.get('/api/groups', format='json')
item_1 = response.data['results'][1]
self.assertEquals(len(item_1["perfiles"]), 1)
self.assertEquals(item_1["perfiles"][0]['type'], 'perfiles')
def test_add_groups_add_permissions(self):
'''Tests adding a group to a user and add a permission to the group'''
p1 = Permission()
p1.name = 'Can Create'
p1.codename = 'can_create'
p1.content_type = ContentType.objects.get(id=1)
p1.save()
g1 = Group()
g1.name = "employee"
g1.save()
g1.permissions.add(p1)
g1.save()
p2 = Permission()
p2.name = 'Can Delete'
p2.codename = 'can_delete'
p2.content_type = ContentType.objects.get(id=1)
p2.save()
g2 = Group()
g2.name = "manager"
g2.save()
g2.permissions.add(p2)
g2.save()
self.u1.groups.add(g1)
self.u1.groups.add(g2)
self.assertTrue(self.u1.groups.filter(name="employee"))
self.assertTrue(self.u1.groups.filter(name="manager"))
self.assertTrue(self.u1.has_perm(p1.name))
self.assertTrue(self.u1.has_perm(p2.name))
def post(self, request):
"""
content_type_id = request.POST.get("content_type")
codename = request.POST.get("codename")
name = request.POST.get("name")
try:
content_type = ContentType.objects.get(pk=content_type_id)
except ContentType.DoesNotExist:
return redirect("error", next="permission_list", msg="模型不存在")
if not codename or codename.find(" ") >=0 :
return redirect("error", next="permission_list", msg="codename 不合法")
try:
Permission.objects.create(codename=codename, content_type=content_type,name=name)
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
return redirect("success", next="permission_list")
"""
permissionform = CreatePermissionForm(request.POST)
if permissionform.is_valid():
permission = Permission(**permissionform.cleaned_data)
try:
permission.save()
return redirect("success", next="permission_list")
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
else:
return redirect("error",
next="permission_list",
msg=json.dumps(permissionform.errors.as_json(),
ensure_ascii=False))
def add_kennel_permissions():
kennel_ct = ContentType.objects.get(app_label='pet', model='kennel')
is_kennel = Permission(name='Is Kennel',
codename='is_a_kennel',
content_type=kennel_ct)
is_kennel.save()
return is_kennel
def setUp(self):
self.factory = RequestFactory()
self.test_user = UserModel.objects.create_user("test_user",
"*****@*****.**",
"123456")
self.test_noscope_user = UserModel.objects.create_user(
"test_no_scope_user", "*****@*****.**", "123456")
from django.contrib.auth.models import Permission
p = Permission()
p.name = "test_user_scope"
p.content_type_id = 7
p.save()
self.test_user.user_permissions.add(p)
self.application = Application(
name="Test Application",
user=self.test_user,
client_type=Application.CLIENT_CONFIDENTIAL,
client_id="test_client_id",
authorization_grant_type=Application.GRANT_PASSWORD,
client_secret="test_client_secret",
scopes="test_app_scope1 test_app_scope2")
self.application.save()
oauth2_settings._SCOPES = ['read', 'write']
def test_usuarios_render_form_change_pas(self):
"""
Testa renderização do formulário de troca de senha
"""
contentItem = ContentType.objects.get(app_label='acesso',
model='usuario')
permission = Permission(name='Can Change Pass',
content_type=contentItem,
codename='change_pass_usuario')
permission.save()
permissions = Permission.objects.all().filter(
content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
# Faz chamada da pagina
response = self.client.get('/acesso/usuarios/password/')
self.assertEquals(response.status_code, 200)
self.assertContains(response, 'name="new_password1"', status_code=200)
"""
Testa renderização do formulário de troca de senha
"""
dataPost = {
'new_password1': 'testpass2',
'new_password2': 'testpass2',
}
response = self.client.post('/acesso/usuarios/password/', dataPost)
self.assertEquals(response.status_code, 200)
def manager_perms_add(request):
# login check start
if not request.user.is_authenticated:
return redirect('mylogin')
# login check end
perm = 0
for i in request.user.groups.all():
if i.name == "masteruser": perm = 1
if perm == 0:
error = "Access Denied"
return render(request, 'back/error.html', {'error': error})
if request.method == 'POST':
name = request.POST.get('name')
cname = request.POST.get('cname')
contenttype = ContentType.objects.get(app_label='main', model='main')
if len(Permission.objects.filter(codename=cname)) == 0:
perm = Permission(name=name,
codename=cname,
content_type=contenttype)
#permission = Permission.objects.create(codename=cname, name=name, content_type=content_type)
perm.save()
else:
error = "This Codename Used Before"
return render(request, 'back/error.html', {'error': error})
return redirect('manager_perms')
def save_model (self, request, obj, form, change):
""" Hey Hey Hey...let me see your id...or your boobs-your choice...i prefer the BOOBS unless you're OVER 18...EEEWWWWWWW """
if not request.user.is_superuser:
if not request.user.has_perm ("condor."+ Student.objects.get (pk = request.POST["student"]).class_room.grade.grade +"_"+ Student.objects.get (pk = request.POST["student"]).class_room.section +"_"+ Subject.objects.get (pk = request.POST ["subject"]).name):
messages.add_message (request, messages.ERROR, "Denied, the request you've made has content you are not authorized to add/edit. Your request has not been saved")
return None
elif request.user.has_perm ("condor."+ Student.objects.get (pk = request.POST["student"]).class_room.grade.grade +"_"+ Student.objects.get (pk = request.POST["student"]).class_room.section +"_"+ Subject.objects.get (pk = request.POST ["subject"]).name):
if not Permission.objects.filter (codename = "generate_report_card").exists():
NEW_P = Permission ()
NEW_P.codename = "generate_report_card"
NEW_P.name = "Can Generate Report Card"
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="gradereport")
NEW_P.save()
obj.save()
elif request.user.is_superuser:
if not Permission.objects.filter (codename = "generate_report_card").exists():
NEW_P = Permission ()
NEW_P.codename = "generate_report_card"
NEW_P.name = "Can Generate Report Card"
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="gradereport")
NEW_P.save()
""" we are going have to check whether or not the super user has made the right choices...i feel OLD...which takes like two lines """
if obj.subject not in obj.student.class_room.grade.subject.all():
messages.add_message (request, messages.ERROR, "Error: the subject you have selected is not given in the specified grade level, No changes have been made.")
return None
obj.save()
def _get_or_create_perm(perm):
from django.contrib.contenttypes.models import ContentType
from django.db import models
if not perm:
return None
try:
app, model, name = perm.split('.')
except ValueError:
return None
# NOTE: This check is added to support local userdb database connection.
# TODO: Ensure this is right.
m = models.get_model(app, model, only_installed=False)
if not m:
return None
try:
return Permission.objects.get_by_natural_key(name, app, model)
except Permission.DoesNotExist:
try:
ct = ContentType.objects.get_by_natural_key(app, model)
perm = Permission(name=name, content_type=ct, codename=name)
perm.save()
return perm
except ContentType.DoesNotExist:
return None
except ContentType.DoesNotExist:
return None
def test_user_permission_not_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something'))
self.assertEquals(response.status_code, 200)
self.assertEquals(json['is-allowed'], False, json)
def test_current_user_permission_not_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
response, json = self.do_get(self.user_perm % 'auth.can_something',
username=self.user.username)
self.assertEquals(response.status_code, 200)
self.assertEquals(json['permissions']['auth.can_something'], False, json)
def make_permission(modeladmin, request, queryset):
for project in queryset:
p = Permission(name=u'编辑%s锁定文本'%project.title_cn, \
content_type_id=10, codename='can_edit_lock_%s'%project.project_name)
p.save()
p = Permission(name=u'%s项目组员'%project.title_cn, \
content_type_id=11, codename='%s_member'%project.project_name)
p.save()
def create_club_admin_permission(sender, **kwargs):
print "Creating club admin permission..."
club_content_type = ContentType.objects.get_for_model(Club)
if len(Permission.objects.filter(codename='full_club_admin')) == 0:
club_admin_permission = Permission(name='Full Club Admin Access',
codename='full_club_admin',
content_type=club_content_type)
club_admin_permission.save()
def new_permission(self, name, content_type_id, codename):
permission = Permission()
permission.name = name
permission.content_type_id = content_type_id
permission.codename = codename
permission.save()
return False if permission.pk is None else permission
def save (self, *args, **kwargs):
if self.id == None: # object is bein created for the first time
super (ClassRoom, self).save(*args, **kwargs) # saving object
LEVEL = self.grade.grade
SECTION = self.section
for S in self.grade.subject.all():
if not Permission.objects.filter (codename = (u""+ LEVEL +"_"+ SECTION +"_"+ S.__unicode__())).exists(): # creating...
# Permission Structure
# codename: {Level.grade}_{ClassRoom.section}_{Subject.name}
# name: {Level.grade}-{ClassRoom.section}: {Subject.name}
NEW_P = Permission ()
NEW_P.name = u""+ LEVEL +"-"+ SECTION +": "+ S.__unicode__()
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.codename = u""+ LEVEL +"_"+ SECTION +"_"+ S.__unicode__()
NEW_P.save()
NEW_P = Permission ()
NEW_P.name = u"Head Teacher of "+ self.grade.grade +"-"+ self.section
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.codename = u"H_"+ self.grade.grade +"_"+ self.section
NEW_P.save()
else: # object is being edited...
PREVIOUS_CLASSROOM = ClassRoom.objects.get (pk = self.id) # we know this exists!
PREVIOUS_GRADE = PREVIOUS_CLASSROOM.grade
super (ClassRoom, self).save(*args, **kwargs)
if self.__unicode__() != PREVIOUS_CLASSROOM.__unicode__(): # There has been change in the object, Permissions update is necessary
"""
NOTE:
- On permission, when a class is changed say from 1A to 1B or 2A: we will assume (for permission sake) 1B is a different class!
- i.e. all permissions associated with 1A will be removed, and new Permissions for 1B will be created
"""
Permission.objects.filter (codename__istartswith = PREVIOUS_GRADE.grade +"_"+ PREVIOUS_CLASSROOM.section +"_").delete() # Deleting all associated permissions with the previous class room object
Permission.objects.filter (codename = u"H_" + PREVIOUS_GRADE.grade +"_"+ PREVIOUS_CLASSROOM.section).delete()
for S in self.grade.subject.all(): # Creating permissions for the NEW class room
NEW_P = Permission()
NEW_P.codename = self.grade.grade +"_"+ self.section +"_"+ S.name
NEW_P.name = self.grade.grade +"-"+ self.section +": "+ S.name
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.save()
NEW_P = Permission ()
NEW_P.name = u"Head Teacher of "+ self.grade.grade +"-"+ self.section
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.codename = u"H_"+ self.grade.grade +"_"+ self.section
NEW_P.save()
if not Permission.objects.filter (codename = "generate_report_card").exists():
NEW_P = Permission ()
NEW_P.codename = "generate_report_card"
NEW_P.name = "Can Generate Report Card"
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.save()
def save(self, *args, **kwargs):
if not self.id and hasattr(self, "instance_permissions"):
for perm in self.instance_permissions:
p = Permission()
p.codename = "%s%s" % (perm[0], self.slug)
p.name = "%s%s" % (perm[1], self.name)
p.content_type = ContentType.objects.get_for_model(self)
p.save()
return super(PermissionMixIn, self).save(*args, **kwargs)
def test_add_groups_check_permissions(self):
for p in Permission.objects.all():
print(p.content_type.app_label + "." + p.codename)
p1 = Permission()
p1.name = 'Change product price'
p1.codename = 'change_product_price'
p1.content_type = ContentType.objects.get(id=1)
p1.save()
self.u1.user_permissions.add(p1)
def test_current_user_permission_is_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
self.user.user_permissions.add(permission)
response, json = self.do_get(self.user_perm % 'auth.can_something',
username=self.user.username)
self.assertEquals(response.status_code, 200)
self.assertEquals(json['permissions']['auth.can_something'], True, json)
def test_add_and_test_permissions(self):
p1 = Permission()
p1.name = 'Change product price'
p1.codename = 'change_product_price'
p1.content_type = ContentType.objects.get(id=101)
p1.save()
self.u3.user_permissions.add(p1)
self.assertTrue(self.u3.has_perm('account.change_product_price'))
def mutate_and_get_payload(cls, root, info, **kwargs):
name = kwargs.get('name')
content_type = kwargs.get('content_type')
codename = kwargs.get('codename')
permission = Permission(name=name,
content_type=content_type,
codename=codename)
permission.save()
return CreatePermission(permission=permission)
def test_user_permission(self):
"""Test to make sure user receive permissions correctly"""
p = Permission()
p.codename = 'change_product_price'
p.name = 'Change the price of a product'
p.content_type = ContentType.objects.get(id=1)
p.save()
self.u1.user_permissions.add(p)
self.assertTrue(self.u1.has_perm('admin.change_product_price'))
def _get_permission(self, obj, code, create = False):
ct = ContentType.objects.get_for_model(obj)
pe = Permission.objects.filter(codename = code, content_type = ct)
if pe:
pe = pe[0]
elif create:
pe = Permission(codename = code, content_type = ct, name = 'Can view %s' % force_str(obj._meta.verbose_name))
pe.save()
return pe
def test_puede_sustituir_a_otro_usuario(self):
# Comienza con dos usuarios
user = User.objects.create_user(username='******', password='******')
usuario_secundario = User.objects.create_user(username='******',
password='******')
# Se genera un grupo para el administrador
grupo = Group.objects.create(name='coordinador')
tipo = ContentType.objects.get(app_label='escuelas', model='evento')
puede_administrar = Permission(name='perfil.global',
codename='perfil.global',
content_type=tipo)
puede_administrar.save()
grupo.permissions.add(puede_administrar)
# Se asigna una region al perfil de usuario
region_1 = models.Region.objects.create(numero=1)
user.perfil.region = region_1
usuario_secundario.perfil.region = region_1
grupo.save()
user.perfil.group = grupo
user.save()
user.perfil.save()
usuario_secundario.perfil.save()
usuario_secundario.save()
self.client.login(username='******', password='******')
self.client.force_authenticate(user=user)
response = self.client.get('/api/mi-perfil', format='json')
self.assertEqual(response.data['username'], "test")
self.assertEqual(len(response.data['grupos']), 1,
"Tiene un solo grupo")
self.assertEqual(response.data['grupos'][0]['nombre'], 'coordinador',
"Tiene asignado el grupo coordinador")
# Accede al perfil de otro usuario correctamente
response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' %
(usuario_secundario.id),
format='json')
self.assertEqual(response.data['username'], "secundario")
self.client.logout()
# Si un usuario que no tiene permisos de administrador intenta ver el perfil de otro usuario falla, por falta de permisos
self.client.login(username='******', password='******')
self.client.force_authenticate(user=usuario_secundario)
response = self.client.get('/api/mi-perfil?perfilInspeccionado=%d' %
(user.id),
format='json')
self.assertEqual(response.status_code, 500)
def create(self,validated_data):
p=Permission()
c=ContentType.objects.get(id=7)
p.name=validated_data["name"]
p.content_type_id=c.id
p.codename=validated_data["codename"]
p.save()
return validated_data
def createProjectPermission(pDesc, pCodeName, groups):
projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL, model='project')
permission = Permission(name=pDesc, codename=pCodeName, content_type=projectContenType)
permission.save()
print 'Created permission=%s...' % permission.codename
for group in groups:
group.permissions.add(permission)
group.save()
print '...and associated to group=%s' % group.name
return permission
def create_permission(request):
new_permission=Permission()
new_permission.content_type_id=1
new_permission.codename=request.POST.get("codename")
new_permission.name=request.POST.get("permission_title")
new_permission.save()
description=request.POST.get("permission_desc")
permission_type=request.POST.get("permission_type")
new_permission.save()
PermissionService.create_permission_extend(new_permission.id,permission_type, description)
def tagPreSave(sender, instance, created, **kwargs):
if not created:
return
permission = Permission()
permission.codename = 'tag_{0}'.format(instance.name)
permission.name = 'Can add tag {0}'.format(instance.name)
permission.content_type = ContentType.objects.get_for_model(Tag)
permission.full_clean()
permission.save()
def test_add_check_user_permissions(self):
'''Check user permissions'''
p1 = Permission()
p1.name = 'Change product name'
p1.codename = 'change_product_name'
ct1 = ContentType.objects.get(id=1) #pulling an object here
p1.content_type = ct1
p1.save()
self.u1.user_permissions.add(p1)
self.u1.has_perm('change_product_name')
def save (self, *args, **kwargs):
self.first_name = self.first_name.title()
self.father_name = self.father_name.title()
super (Parent, self).save(*args, **kwargs)
if not Permission.objects.filter (codename = "send_message_p").exists():
NEW_P = Permission ()
NEW_P.codename = "send_message_p"
NEW_P.name = "Can Send Messages to Parents (Directly)"
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="parent")
NEW_P.save()
def post(self, request):
permission_form = CreatePermissionForm(request.POST)
if permission_form.is_valid():
permission = Permission(**permission_form.cleaned_data)
try:
permission.save()
return redirect('success', next='permission_list')
except Exception as e:
return redirect('error', next='permission_add', msg=e.args)
else:
return redirect('error', next='permission_add', msg=json.dumps(json.load(permission_form.errors.as_json()), ensure_ascii=False))
def test_user_is_checked_for_global_db_permission(self):
user = User(is_active=True)
user.save()
content_type = ContentType(app_label='test_app')
content_type.save()
permission = Permission(content_type=content_type,
codename='test_permission')
permission.save()
user.user_permissions.add(permission)
backend = PermissionBackend()
self.assertTrue(backend.has_perm(user, 'test_app.test_permission'))
def get_permission(self, permission_prefix, create_permission=False):
permission_codename = u"%s_%s" % (permission_prefix, self.name)
permission_description = u"%s %s instances" % (permission_prefix, self.name)
try:
permission = Permission.objects.get(codename=permission_codename)
except Permission.DoesNotExist:
content_type = ContentType.objects.get(app_label=APP_LABEL, model='qproject')
permission = Permission(codename=permission_codename, name=permission_description, content_type=content_type)
if create_permission:
permission.save()
return permission
def edit_all_permission(self, log=None):
ct = ContentType.objects.get_for_model(self)
try:
p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name())
except Permission.DoesNotExist:
p = Permission(content_type=ct, codename=self.edit_all_permission_name(),
name="Edit all data for widget %s" % self.name)
p.save()
if log is not None:
print >> log, "Created edit all permission for widget %s" % self.name
return p
def employe(request):
logger.info('function_call employe(request) ->')
if request.method == 'POST':
employe = User.objects.get(id = int(request.POST.get('id_record')))
profile = UserProfile.objects.get(user = employe)
form = EmployeForm(initial={'username': employe.username, 'email': employe.email, 'firstname': employe.first_name, 'lastname': employe.last_name,
'vacation_days': profile.vacation_days, 'min_hours': profile.min_hours, 'max_hours': profile.max_hours,
'hourly_rate': profile.hourly_rate, 'management': employe.has_perm('auth.management'), 'api': employe.is_staff})
if request.POST.get('action'):
if request.POST.get('action') == "modifie":
form = EmployeForm(request.POST)
if form.is_valid():
employe.username = form.cleaned_data['username']
employe.email = form.cleaned_data['email']
employe.first_name = form.cleaned_data['firstname']
employe.last_name = form.cleaned_data['lastname']
employe.save()
profile.vacation_days = form.cleaned_data['vacation_days']
profile.min_hours = form.cleaned_data['min_hours']
profile.max_hours = form.cleaned_data['max_hours']
profile.hourly_rate = form.cleaned_data['hourly_rate']
profile.save()
try:
permission = Permission.objects.get(codename='management')
except Exception:
permissionNew = Permission(name = "management", content_type = ContentType.objects.get(model='permission'), codename = "management")
permissionNew.save()
permission = Permission.objects.get(codename='management')
if form.cleaned_data['management'] == True:
employe.user_permissions.add(permission)
else:
employe.user_permissions.remove(permission)
if form.cleaned_data['api'] == True:
employe.is_staff = 1
employe.save()
else:
employe.is_staff = 0
employe.save()
return HttpResponseRedirect(reverse('staff'))
c = {'user':request.user, 'employe':employe, 'form':form, 'SITENAME':settings.SITENAME, 'management':request.user.has_perm('auth.management')}
c.update(csrf(request))
return render_to_response('employe.html', c, context_instance=RequestContext(request))
def create_user(self):
self.user = User.objects.create_user('test', '*****@*****.**', 'test')
self.ct = ContentType(app_label='acknowledgements')
self.ct.save()
perm = Permission(content_type=self.ct, codename='change_item')
perm.save()
self.user.user_permissions.add(perm)
perm = Permission(content_type=self.ct, codename='change_fabric')
perm.save()
self.user.user_permissions.add(perm)
self.assertTrue(self.user.has_perm('acknowledgements.change_item'))
return self.user
def permission(self, log=None):
ct = ContentType.objects.get_for_model(self)
try:
p = Permission.objects.get(content_type=ct,
codename=self.permission_name())
except Permission.DoesNotExist:
p = Permission(content_type=ct, codename=self.permission_name(),
name="upload data files for %s" % self.app)
p.save()
if log:
print >> log, "Created uploader permission for %s" % self.app
return p
def create_user(self):
self.user = User.objects.create_user('test', '*****@*****.**', 'test')
self.ct = ContentType(app_label='acknowledgements')
self.ct.save()
perm = Permission(content_type=self.ct, codename='change_item')
perm.save()
self.user.user_permissions.add(perm)
perm = Permission(content_type=self.ct, codename='change_fabric')
perm.save()
self.user.user_permissions.add(perm)
self.assertTrue(self.user.has_perm('acknowledgements.change_item'))
return self.user
def view_permisions(apps=None):
if not apps: apps = ['whs', 'lab', 'energy', 'it']
for app in apps:
for c in ContentType.objects.filter(app_label=app):
if issubclass(c.model_class(),UrlMixin):
p = Permission(codename='view_%s' % c.model, name=u'Можно просматривать %s' % c.name, content_type=c)
try:
p.validate_unique()
except ValidationError:
pass
else:
p.save()
def createProjectPermission(pDesc, pCodeName, groups):
projectContenType = ContentType.objects.get(app_label=APPLICATION_LABEL,
model='project')
permission = Permission(name=pDesc,
codename=pCodeName,
content_type=projectContenType)
permission.save()
print 'Created permission=%s...' % permission.codename
for group in groups:
group.permissions.add(permission)
group.save()
print '...and associated to group=%s' % group.name
return permission
def create_permission_if_doesnt_exist(codename, desc, content_type):
try:
permission = Permission(name=desc,
codename=codename,
content_type=content_type)
permission.save()
except IntegrityError:
print('permission {} exists'.format(codename))
permission = Permission.objects.get(codename=codename)
else:
print('created permission {}'.format(codename))
return permission
def test_render_configuracoes(self):
# Faz chamada da pagina
contentItem = ContentType.objects.get(app_label='core',model='parametro')
permission = Permission(name='Can Access Configurations',content_type=contentItem,codename='core_configurations')
permission.save()
permissions = Permission.objects.all().filter(content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
response = self.client.get('/core/configuracoes/')
self.assertEquals(response.status_code, 200)
def add_permissions(self):
#busca tabela de models
contentItem = ContentType.objects.get(app_label='oportunidade',model='oportunidade')
#busca permissoes do model
if not contentItem:
self.assertTrue(False)
customPermission = Permission(name='Dashboard',content_type=contentItem,codename='index_dashboard')
customPermission.save()
permissions = Permission.objects.filter(content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
def edit_all_permission(self, log=None):
"""
Returns the actual :model:`auth.Permission` permission object required to manually edit
all data for this widget family, creating it if it does not already exist.
"""
ct = ContentType.objects.get_for_model(self)
try:
p = Permission.objects.get(content_type=ct, codename=self.edit_all_permission_name())
except Permission.DoesNotExist:
p = Permission(content_type=ct, codename=self.edit_all_permission_name(),
name="Edit all data for widget %s" % self.name)
p.save()
if log is not None:
print >> log, "Created edit all permission for widget %s" % self.name
return p
def test_current_user_multiple_permissions(self):
can_perm = Permission(content_type_id=1, name='Can something',
codename='can_something')
can_perm.save()
self.user.user_permissions.add(can_perm)
cannot_perm = Permission(content_type_id=1, name='Cannot something',
codename='cannot_something')
cannot_perm.save()
response, json = self.do_get(self.user_perm_q,
dict(q=['foo.example', 'auth.can_something', 'auth.cannot_something']),
username=self.user.username)
self.assertEquals(response.status_code, 200)
permissions = json['permissions']
self.assertEquals(permissions['foo.example'], False, json)
self.assertEquals(permissions['auth.can_something'], True, json)
self.assertEquals(permissions['auth.cannot_something'], False, json)
def permission_add(request):
if request.method == "POST":
name = request.POST['name']
contenttype = request.POST['contenttype']
codename = request.POST['codename']
#print name,contenttype,codename
permission_to_save = Permission(
name=name,
content_type_id=contenttype,
codename=codename,
)
permission_to_save.save()
return HttpResponseRedirect('/account/manage/permission_list.html')
else:
content_types = ContentType.objects.all()
return render_to_response('perm_add.html',{'content_types':content_types},context_instance=RequestContext(request))
def test_put_change_groups(self):
"""
Tests adding a group to a user
"""
#Create groups to be added
group1 = Group(name="Testing")
group1.save()
#Create group to be removed
group2 = Group(name='Bye')
group2.save()
self.user.groups.add(group2)
#Create a permission
ct = ContentType(name='test')
ct.save()
perm = Permission(codename='test', name='test',
content_type=ct)
perm.save()
group1.permissions.add(perm)
perm = Permission(codename='removed', name='removed',
content_type=ct)
perm.save()
group2.permissions.add(perm)
#Check that user has group to be removed and the permissions of that group
self.assertEqual(self.user.groups.count(), 1)
self.assertEqual(self.user.groups.all()[0].name, 'Bye')
#Test the api and response
resp = self.client.put('/api/v1/user/1/', format='json',
data={'username':'******',
'email': '*****@*****.**',
'first_name': 'Charlie',
'last_name': 'P',
'groups': [{'id': 1, 'name': 'Testing'}]})
self.assertEqual(resp.status_code, 200)
self.assertEqual(self.user.groups.count(), 1)
self.assertEqual(self.user.groups.all()[0].name, 'Testing')
#Tests the returned data
user = resp.data
self.assertEqual(len(user['groups']), 1)
self.assertIn('id', user['groups'][0])
self.assertIn('name', user['groups'][0])
def check_plugin_permissions():
"""
Add custom can_use_plugin_* permissions for registered plugins
"""
logger.endGroup()
logger.setGroup('permissions', 'check custom permissions for registered plugins')
# Get permission content_type from existing can_submit_jobs permission
p = Permission.objects.filter(codename = 'can_submit_jobs')[0]
ct = p.content_type
for plugin in manager.plugins:
perm_name = 'can_use_plugin_' + plugin.id
p = Permission.objects.filter(codename = perm_name)
if p:
logger.log("Permission %s found" % perm_name)
else:
np = Permission(name = ("Can use %s plugin" % plugin.description)[:50], content_type = ct, codename = perm_name)
np.save()
logger.log("Added %s permission" % perm_name)
def test_has_perm(self):
userObject = User.objects.create_user('testuser', '*****@*****.**', 'test')
basic, _ = Group.objects.get_or_create(name='account_basic')
userObject.groups.add(basic)
userObject.save()
self.assertFalse(has_perm(userObject, Group.objects, 'projects.can_view'))
userObjectTwo = User.objects.create_user('testuser2', '*****@*****.**', 'test')
premium, _ = Group.objects.get_or_create(name='account_premium')
userObjectTwo.groups.add(premium)
userObjectTwo.save()
project_ct = ContentType.objects.get(app_label='projects', model='Project')
can_view = Permission(name='Test Permssion', codename='test_perm', content_type=project_ct)
can_view.save()
premium.permissions.add(can_view)
self.assertTrue(has_perm(userObjectTwo, Group.objects, 'projects.test_perm'))
def permission_add(module, using=None):
'''
添加自定义权限
'''
content_type = None
try:
if not using:
content_type = ContentType.objects.get(app_label=settings.PERMISSION_APP, model=module)
else:
content_type = ContentType.objects.using(using).get(app_label=settings.PERMISSION_APP, model=module)
except:
content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module)
content_type.save(using=using)
for op in operations.values():
try:
perm = Permission(codename='%s_%s'%(op,module),name='can %s %s'%(op,module),content_type=content_type)
perm.save(using=using)
except:
pass
def save(self, force_insert=False, force_update=False, using=None,
update_fields=None):
try:
content_type = ContentType.objects.get(app_label="frontend", model="Article", name="文章板块权限")
except:
content_type = ContentType(app_label="frontend", model="Article", name="文章板块权限")
content_type.save()
translate = {"add": "添加", "delete": "删除", "change": "修改"}
for permission in ["add", "delete", "change"]:
try:
codename = permission + "_" + self.codename + "_articles"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的文章"
codename = permission + "_" + self.codename + "_articles"
p = Permission(name=name, content_type=content_type, codename=codename)
p.save()
if self.order == None:
self.order = self.id
result = super(MainMenu, self).save()
return result
def save (self, *args, **kwargs):
PREVIOUS_LEVEL = None
if self.id != None: # Testing whether or not the object is being edited or being created
PREVIOUS_LEVEL = Level.objects.get (pk = self.id)
super (Level, self).save(*args, **kwargs)
if PREVIOUS_LEVEL != None: # If we know the object is being edited, we have to test whether or not the object is affiliated with permissions if true permission updates necessary
if self.grade != PREVIOUS_LEVEL.grade: # if change in grade occurred, we have to remove all permissions associated with the previous grade level
Permission.objects.filter (codename__istartswith = PREVIOUS_LEVEL.grade +"_").delete() # Deleted all associated permissions with the previous grade
if self.classroom_set.count(): # Testing whether or not the edited level object is associated with class room, if so NEW permission set is necessary
for CR in self.classroom_set.all():
for S in self.subject.all():
# Permission Structure
# codename: {Level.grade}_{ClassRoom.section}_{Subject.name}
# name: {Level.grade}-{ClassRoom.section}: {Subject.name}
NEW_P = Permission()
NEW_P.codename = self.grade +"_"+ CR.section +"_"+ S.name
NEW_P.name = self.grade +"-"+ CR.section +": "+ S.name
NEW_P.content_type = ContentType.objects.get (app_label="condor", model="classroom")
NEW_P.save()
