def test_mixed_perms(self): codenames = [ get_user_permission_full_codename("change"), "auth.change_permission", ] self.assertRaises(MixedContentTypeError, get_objects_for_user, self.contributor, codenames)
def test_mixed_perms(self): codenames = [ get_user_permission_full_codename('change'), 'auth.change_permission', ] self.assertRaises(MixedContentTypeError, get_objects_for_group, self.group1, codenames)
def test_perms_with_mixed_apps(self): codenames = [ get_user_permission_full_codename('change'), 'contenttypes.contenttypes.change_contenttype', ] self.assertRaises(MixedContentTypeError, get_objects_for_group, self.group1, codenames)
def test_perms_with_mixed_apps(self): codenames = [ get_user_permission_full_codename("change"), "contenttypes.change_contenttype", ] self.assertRaises(MixedContentTypeError, get_objects_for_user, self.contributor, codenames)
def test_user_has_access_on_model_with_metaclass(self): """ Test to the fix issues of comparaison made via type() in the decorator. In the case of a `Model` implementing a custom metaclass, the decorator fail because type doesn't return `ModelBase` """ perm = get_user_permission_full_codename('change') class TestMeta(ModelBase): pass class ProxyUser(User): class Meta: proxy = True app_label = User._meta.app_label __metaclass__ = TestMeta joe, created = ProxyUser.objects.get_or_create(username='******') assign_perm(perm, self.user, obj=joe) request = self._get_request(self.user) @permission_required_or_403(perm, ( ProxyUser, 'username', 'username')) def dummy_view(request, username): return HttpResponse('dummy_view') response = dummy_view(request, username='******') self.assertEqual(response.status_code, 200) self.assertEqual(response.content, b'dummy_view')
def test_user_has_no_obj_perm_access(self): perm = get_user_permission_full_codename('change') joe, created = User.objects.get_or_create(username='******') request = self._get_request(self.user) @permission_required_or_403(perm, ( user_model_path, 'username', 'username')) def dummy_view(request, username): return HttpResponse('dummy_view') response = dummy_view(request, username='******') self.assertEqual(response.status_code, 403)
def test_user_has_global_perm_access_but_flag_not_set(self): perm = get_user_permission_full_codename("change") joe, created = User.objects.get_or_create(username="******") assign_perm(perm, self.user) request = self._get_request(self.user) @permission_required_or_403(perm, (user_model_path, "username", "username")) def dummy_view(request, username): return HttpResponse("dummy_view") response = dummy_view(request, username="******") self.assertEqual(response.status_code, 403)
def test_user_has_obj_access_even_if_we_also_check_for_global(self): perm = get_user_permission_full_codename("change") joe, created = User.objects.get_or_create(username="******") assign_perm(perm, self.user, obj=joe) request = self._get_request(self.user) @permission_required_or_403(perm, (user_model_path, "username", "username"), accept_global_perms=True) def dummy_view(request, username): return HttpResponse("dummy_view") response = dummy_view(request, username="******") self.assertEqual(response.status_code, 200) self.assertEqual(response.content, b"dummy_view")
def test_user_has_global_perm_access_but_flag_not_set(self): cache.clear() perm = get_user_permission_full_codename('change') joe, created = User.objects.get_or_create(username='******') assign_perm(perm, self.user) request = self._get_request(self.user) @permission_required_or_403(perm, ( user_model_path, 'username', 'username')) def dummy_view(request, username): return HttpResponse('dummy_view') response = dummy_view(request, username='******') self.assertEqual(response.status_code, 403)
def test_user_has_global_perm_access(self): perm = get_user_permission_full_codename('change') joe, created = User.objects.get_or_create(username='******') assign_perm(perm, self.user) request = self._get_request(self.user) @permission_required_or_403(perm, ( user_model_path, 'username', 'username'), accept_global_perms=True) def dummy_view(request, username): return HttpResponse('dummy_view') response = dummy_view(request, username='******') self.assertEqual(response.status_code, 200) self.assertEqual(response.content, b'dummy_view')
def test_view_method(self): perm = get_user_permission_full_codename('change') joe, created = User.objects.get_or_create(username='******') assign_perm(perm, self.user, obj=joe) request = self._get_request(self.user) class DummyClass: @permission_required_or_403( perm, (user_model_path, 'username', 'username')) def dummy_view(self, request, username): return HttpResponse('dummy_view') response = DummyClass().dummy_view(request, username='******') self.assertEqual(response.status_code, 200) self.assertEqual(response.content, b'dummy_view')
def test_model_lookup(self): request = self._get_request(self.user) perm = get_user_permission_full_codename("change") joe, created = User.objects.get_or_create(username="******") assign_perm(perm, self.user, obj=joe) models = (user_model_path, User, User.objects.filter(is_active=True)) for model in models: @permission_required_or_403(perm, (model, "username", "username")) def dummy_view(request, username): get_object_or_404(User, username=username) return HttpResponse("hello") response = dummy_view(request, username=joe.username) self.assertEqual(response.content, b"hello")
def test_no_request_argument(self): perm = get_user_permission_full_codename('change') joe, created = User.objects.get_or_create(username='******') assign_perm(perm, self.user, obj=joe) request = self._get_request(self.user) @permission_required_or_403(perm, (user_model_path, 'username', 'username')) def dummy_view(request, username): return HttpResponse('dummy_view') with self.assertRaises( TypeError, msg= "dummy_view() missing 1 required positional argument: 'request'" ): # A nice error message is thrown when request is not included dummy_view(username='******')
def test_model_lookup(self): request = self._get_request(self.user) perm = get_user_permission_full_codename('change') joe, created = User.objects.get_or_create(username='******') assign_perm(perm, self.user, obj=joe) models = ( user_model_path, User, User.objects.filter(is_active=True), ) for model in models: @permission_required_or_403(perm, (model, 'username', 'username')) def dummy_view(request, username): get_object_or_404(User, username=username) return HttpResponse('hello') response = dummy_view(request, username=joe.username) self.assertEqual(response.content, b'hello')
def test_mixed_perms(self): codenames = [get_user_permission_full_codename("change"), "auth.change_permission"] self.assertRaises(MixedContentTypeError, get_objects_for_user, self.user, codenames)
def test_perms_with_mixed_apps(self): codenames = [get_user_permission_full_codename("change"), "contenttypes.change_contenttype"] self.assertRaises(MixedContentTypeError, get_objects_for_user, self.user, codenames)