def test_anonymous_get_only_owner_s_assignments(self): self.client.logout() permission_list_response = self.client.get(self.asset_permissions_list_url, format='json') self.assertEqual(permission_list_response.status_code, status.HTTP_200_OK) admin_perms = self.asset.get_perms(self.admin) results = permission_list_response.data # Get admin permissions. expected_perms = [] for admin_perm in admin_perms: if admin_perm in Asset.get_assignable_permissions(): expected_perms.append((self.admin.username, admin_perm)) expected_perms = sorted(expected_perms, key=lambda element: (element[0], element[1])) obj_perms = [] for assignment in results: object_permission = self.url_to_obj(assignment.get('url')) obj_perms.append((object_permission.user.username, object_permission.permission.codename)) obj_perms = sorted(obj_perms, key=lambda element: (element[0], element[1])) self.assertEqual(expected_perms, obj_perms)
def test_editors_see_only_self_anon_and_owner_assignments(self): self.client.login(username='******', password='******') permission_list_response = self.client.get( self.get_asset_perm_assignment_list_url(self.asset), format='json') self.assertEqual(permission_list_response.status_code, status.HTTP_200_OK) results = permission_list_response.data assignable_perms = Asset.get_assignable_permissions() expected_perms = [] for user in [ self.admin, self.someuser, # Permissions assigned to self.anotheruser must not appear get_anonymous_user(), ]: user_perms = self.asset.get_perms(user) expected_perms.extend( (user.username, perm) for perm in set(user_perms).intersection(assignable_perms)) expected_perms = sorted(expected_perms, key=lambda element: (element[0], element[1])) obj_perms = [] for assignment in results: object_permission = self.url_to_obj(assignment.get('url')) obj_perms.append(( object_permission.user.username, object_permission.permission.codename, )) obj_perms = sorted(obj_perms, key=lambda element: (element[0], element[1])) self.assertEqual(expected_perms, obj_perms)
def setUp(self): self.client.login(username='******', password='******') self.current_username = '******' self.asset = Asset.objects.filter(owner__username='******').first() self.list_url = reverse(self._get_endpoint('asset-file-list'), args=[self.asset.uid]) # TODO: change the fixture so every asset's owner has all expected # permissions? For now, call `save()` to recalculate permissions and # verify the result self.asset.save() self.assertListEqual( sorted(list(self.asset.get_perms(self.asset.owner))), sorted(list(Asset.get_assignable_permissions(False) + Asset.CALCULATED_PERMISSIONS)) )