def test_mixed_perms(self):
codenames = [
get_user_permission_full_codename("change"),
"auth.change_permission",
]
self.assertRaises(MixedContentTypeError, get_objects_for_user,
self.contributor, codenames)
def test_mixed_perms(self):
codenames = [
get_user_permission_full_codename('change'),
'auth.change_permission',
]
self.assertRaises(MixedContentTypeError, get_objects_for_group,
self.group1, codenames)
def test_perms_with_mixed_apps(self):
codenames = [
get_user_permission_full_codename('change'),
'contenttypes.contenttypes.change_contenttype',
]
self.assertRaises(MixedContentTypeError, get_objects_for_group,
self.group1, codenames)
def test_mixed_perms(self):
codenames = [
get_user_permission_full_codename('change'),
'auth.change_permission',
]
self.assertRaises(MixedContentTypeError, get_objects_for_group,
self.group1, codenames)
def test_perms_with_mixed_apps(self):
codenames = [
get_user_permission_full_codename("change"),
"contenttypes.change_contenttype",
]
self.assertRaises(MixedContentTypeError, get_objects_for_user,
self.contributor, codenames)
def test_user_has_access_on_model_with_metaclass(self):
"""
Test to the fix issues of comparaison made via type()
in the decorator. In the case of a `Model` implementing
a custom metaclass, the decorator fail because type
doesn't return `ModelBase`
"""
perm = get_user_permission_full_codename('change')
class TestMeta(ModelBase):
pass
class ProxyUser(User):
class Meta:
proxy = True
app_label = User._meta.app_label
__metaclass__ = TestMeta
joe, created = ProxyUser.objects.get_or_create(username='******')
assign_perm(perm, self.user, obj=joe)
request = self._get_request(self.user)
@permission_required_or_403(perm, (
ProxyUser, 'username', 'username'))
def dummy_view(request, username):
return HttpResponse('dummy_view')
response = dummy_view(request, username='******')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, b'dummy_view')
def test_perms_with_mixed_apps(self):
codenames = [
get_user_permission_full_codename('change'),
'contenttypes.contenttypes.change_contenttype',
]
self.assertRaises(MixedContentTypeError, get_objects_for_group,
self.group1, codenames)
def test_user_has_no_obj_perm_access(self):
perm = get_user_permission_full_codename('change')
joe, created = User.objects.get_or_create(username='******')
request = self._get_request(self.user)
@permission_required_or_403(perm, (
user_model_path, 'username', 'username'))
def dummy_view(request, username):
return HttpResponse('dummy_view')
response = dummy_view(request, username='******')
self.assertEqual(response.status_code, 403)
def test_user_has_global_perm_access_but_flag_not_set(self):
perm = get_user_permission_full_codename("change")
joe, created = User.objects.get_or_create(username="******")
assign_perm(perm, self.user)
request = self._get_request(self.user)
@permission_required_or_403(perm, (user_model_path, "username", "username"))
def dummy_view(request, username):
return HttpResponse("dummy_view")
response = dummy_view(request, username="******")
self.assertEqual(response.status_code, 403)
def test_user_has_obj_access_even_if_we_also_check_for_global(self):
perm = get_user_permission_full_codename("change")
joe, created = User.objects.get_or_create(username="******")
assign_perm(perm, self.user, obj=joe)
request = self._get_request(self.user)
@permission_required_or_403(perm, (user_model_path, "username", "username"), accept_global_perms=True)
def dummy_view(request, username):
return HttpResponse("dummy_view")
response = dummy_view(request, username="******")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, b"dummy_view")
def test_user_has_global_perm_access_but_flag_not_set(self):
cache.clear()
perm = get_user_permission_full_codename('change')
joe, created = User.objects.get_or_create(username='******')
assign_perm(perm, self.user)
request = self._get_request(self.user)
@permission_required_or_403(perm, (
user_model_path, 'username', 'username'))
def dummy_view(request, username):
return HttpResponse('dummy_view')
response = dummy_view(request, username='******')
self.assertEqual(response.status_code, 403)
def test_user_has_global_perm_access(self):
perm = get_user_permission_full_codename('change')
joe, created = User.objects.get_or_create(username='******')
assign_perm(perm, self.user)
request = self._get_request(self.user)
@permission_required_or_403(perm, (
user_model_path, 'username', 'username'), accept_global_perms=True)
def dummy_view(request, username):
return HttpResponse('dummy_view')
response = dummy_view(request, username='******')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, b'dummy_view')
def test_view_method(self):
perm = get_user_permission_full_codename('change')
joe, created = User.objects.get_or_create(username='******')
assign_perm(perm, self.user, obj=joe)
request = self._get_request(self.user)
class DummyClass:
@permission_required_or_403(
perm, (user_model_path, 'username', 'username'))
def dummy_view(self, request, username):
return HttpResponse('dummy_view')
response = DummyClass().dummy_view(request, username='******')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.content, b'dummy_view')
def test_model_lookup(self):
request = self._get_request(self.user)
perm = get_user_permission_full_codename("change")
joe, created = User.objects.get_or_create(username="******")
assign_perm(perm, self.user, obj=joe)
models = (user_model_path, User, User.objects.filter(is_active=True))
for model in models:
@permission_required_or_403(perm, (model, "username", "username"))
def dummy_view(request, username):
get_object_or_404(User, username=username)
return HttpResponse("hello")
response = dummy_view(request, username=joe.username)
self.assertEqual(response.content, b"hello")
def test_no_request_argument(self):
perm = get_user_permission_full_codename('change')
joe, created = User.objects.get_or_create(username='******')
assign_perm(perm, self.user, obj=joe)
request = self._get_request(self.user)
@permission_required_or_403(perm,
(user_model_path, 'username', 'username'))
def dummy_view(request, username):
return HttpResponse('dummy_view')
with self.assertRaises(
TypeError,
msg=
"dummy_view() missing 1 required positional argument: 'request'"
):
# A nice error message is thrown when request is not included
dummy_view(username='******')
def test_model_lookup(self):
request = self._get_request(self.user)
perm = get_user_permission_full_codename('change')
joe, created = User.objects.get_or_create(username='******')
assign_perm(perm, self.user, obj=joe)
models = (
user_model_path,
User,
User.objects.filter(is_active=True),
)
for model in models:
@permission_required_or_403(perm, (model, 'username', 'username'))
def dummy_view(request, username):
get_object_or_404(User, username=username)
return HttpResponse('hello')
response = dummy_view(request, username=joe.username)
self.assertEqual(response.content, b'hello')
def test_mixed_perms(self):
codenames = [get_user_permission_full_codename("change"), "auth.change_permission"]
self.assertRaises(MixedContentTypeError, get_objects_for_user, self.user, codenames)
def test_perms_with_mixed_apps(self):
codenames = [get_user_permission_full_codename("change"), "contenttypes.change_contenttype"]
self.assertRaises(MixedContentTypeError, get_objects_for_user, self.user, codenames)
