class ObjectPermissionBackendTests(TestCase): fixtures = ['tests.json'] def setUp(self): self.user = User.objects.get(username='******') self.backend = ObjectPermissionBackend() def test_attrs(self): self.assertTrue(self.backend.supports_anonymous_user) self.assertTrue(self.backend.supports_object_permissions) def test_authenticate(self): self.assertEqual(self.backend.authenticate( self.user.username, self.user.password), None) def test_has_perm_noobj(self): result = self.backend.has_perm(self.user, "change_key") self.assertFalse(result) def test_has_perm_notauthed(self): user = AnonymousUser() self.assertFalse(self.backend.has_perm(user, "change_user", self.user)) def test_has_perm_wrong_app(self): self.assertRaises(WrongAppError, self.backend.has_perm, self.user, "no_app.change_user", self.user)
class RestrictiveBackend(object): """ Allows restricting permissions on per-object basis. For objects, checks object permissions first. If none found checks model permissions. Works pretty much as usual for model permissions. NOTE: Make sure this is the only authentication backend providing permissions or it won't work, since Django will ask all backends and just needs one backend to return True in order to grant the permission. If no permissions are found at all, returns the value of the USERS_LOGGED_IN_HAS_PERM setting, or False if it's not set. Set this to True if you want to allow everything that is not restricted on a per-object level, as long as the user is logged in. Remember, you can control anonymous user permissions separately. See the ANONYMOUS_USER_ID setting (from django-guardian) and the USERS_ANONYMOUS_GROUP setting. Supports ban list through the optional USERS_BANNED_GROUP setting. Note that users in this group will not have ANY permissions, regardless of what the group's permissions are set to. It is only a way to indicate which users are banned and does not behave like a regular group when it comes to permissions. Uses django-guardian internally to check object permissions and the default django.contrib.auth.backends.ModelBackend for model permissions. """ supports_object_permissions = True supports_anonymous_user = True supports_inactive_user = True _object_backend = ObjectPermissionBackend() _model_backend = ModelBackend() def authenticate(self, username=None, password=None): return None def is_banned(self, user_obj): return (BANNED_GROUP and user_obj.groups.filter(name=BANNED_GROUP).exists()) def has_perm(self, user_obj, perm, obj=None): default_has_perm = False if user_obj.is_authenticated(): default_has_perm = LOGGED_IN_HAS_PERM else: user_obj = User.objects.get(pk=ANONYMOUS_USER_ID) if not user_obj.is_active: return False if user_obj.is_superuser: return True if self.is_banned(user_obj): return False if obj and self.object_has_perms(obj): return self._object_backend.has_perm(user_obj, perm, obj) has_model_perm = self._model_backend.has_perm(user_obj, perm) return has_model_perm or default_has_perm def object_has_perms(self, obj): return ( GroupObjectPermission.objects.filter(object_pk=obj.pk).exists() or UserObjectPermission.objects.filter(object_pk=obj.pk).exists())
def check_object_permission( user: User, perm: str, obj: Model, checker_obj: Optional[ExtensibleModel] = None) -> bool: """Check whether a user has a permission on an object. You can provide a custom ``ObjectPermissionChecker`` for prefetching object permissions by annotating an extensible model with ``set_object_permission_checker``. This can be the provided object (``obj``) or a special object which is only used to get the checker class (``checker_obj``). """ if not checker_obj: checker_obj = obj if hasattr(checker_obj, "_permission_checker"): return checker_obj._permission_checker.has_perm(perm, obj) return ObjectPermissionBackend().has_perm(user, perm, obj)
class ObjectPermissionBackendTests(TestCase): def setUp(self): self.user = User.objects.create(username='******') self.backend = ObjectPermissionBackend() def test_attrs(self): self.assertTrue(self.backend.supports_anonymous_user) self.assertTrue(self.backend.supports_object_permissions) self.assertTrue(self.backend.supports_inactive_user) def test_authenticate(self): self.assertEqual( self.backend.authenticate( request={}, username=self.user.username, password=self.user.password ), None ) def test_has_perm_noobj(self): result = self.backend.has_perm(self.user, "change_contenttype") self.assertFalse(result) def test_has_perm_notauthed(self): user = AnonymousUser() self.assertFalse(self.backend.has_perm(user, "change_user", self.user)) def test_has_perm_wrong_app(self): self.assertRaises(WrongAppError, self.backend.has_perm, self.user, "no_app.change_user", self.user) def test_obj_is_not_model(self): for obj in (Group, 666, "String", [2, 1, 5, 7], {}): self.assertFalse(self.backend.has_perm(self.user, "any perm", obj)) def test_not_active_user(self): user = User.objects.create(username='******') ctype = ContentType.objects.create( model='bar', app_label='fake-for-guardian-tests') perm = 'change_contenttype' UserObjectPermission.objects.assign_perm(perm, user, ctype) self.assertTrue(self.backend.has_perm(user, perm, ctype)) user.is_active = False user.save() self.assertFalse(self.backend.has_perm(user, perm, ctype))
class ObjectPermissionBackendTests(TestCase): def setUp(self): self.user = User.objects.create(username='******') self.backend = ObjectPermissionBackend() def test_attrs(self): self.assertTrue(self.backend.supports_anonymous_user) self.assertTrue(self.backend.supports_object_permissions) self.assertTrue(self.backend.supports_inactive_user) def test_authenticate(self): self.assertEqual(self.backend.authenticate( self.user.username, self.user.password), None) def test_has_perm_noobj(self): result = self.backend.has_perm(self.user, "change_contenttype") self.assertFalse(result) def test_has_perm_notauthed(self): user = AnonymousUser() self.assertFalse(self.backend.has_perm(user, "change_user", self.user)) def test_has_perm_wrong_app(self): self.assertRaises(WrongAppError, self.backend.has_perm, self.user, "no_app.change_user", self.user) def test_obj_is_not_model(self): for obj in (Group, 666, "String", [2, 1, 5, 7], {}): self.assertFalse(self.backend.has_perm(self.user, "any perm", obj)) def test_not_active_user(self): user = User.objects.create(username='******') ctype = ContentType.objects.create(name='foo', model='bar', app_label='fake-for-guardian-tests') perm = 'change_contenttype' UserObjectPermission.objects.assign(perm, user, ctype) self.assertTrue(self.backend.has_perm(user, perm, ctype)) user.is_active = False user.save() self.assertFalse(self.backend.has_perm(user, perm, ctype))
def setUp(self): self.user = User.objects.get(username='******') self.backend = ObjectPermissionBackend()
def setUp(self): self.user = User.objects.create(username='******') self.backend = ObjectPermissionBackend()
def setUp(self): self.user = User.objects.create(username="******") self.backend = ObjectPermissionBackend()