def test_has_perm_without_mappers(self): # Without any permission mappers created for this user self.content = Content() self.other_data_set = DataSet.objects.create(name='other_data_set') self.content.data_set = self.other_data_set self.content.save() with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [] self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content))
def setUp(self): self.backend = LizardPermissionBackend() self.manager = User.objects.create_user( 'managermanager', '*****@*****.**', 'managermanager') self.manager.is_staff = True self.manager.save() self.user_group = UserGroup() self.user_group.save() self.data_set = DataSet.objects.create(name='data_set') self.content = Content() self.content.data_set = self.data_set self.content.save() self.permission_mapper = PermissionMapper() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set self.permission_mapper.save() self.content = Content() self.content.data_set = self.data_set self.content.save()
def test_has_perm_with_no_dataset(self): # And now with an object that has no dataset attribute add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) self.permission_mapper.permission_group = group self.permission_mapper.data_set = None self.permission_mapper.save() self.content = ContentWithoutDataset() self.content.save() self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content))
class PermissionBackendTest(TestCase): def setUp(self): self.backend = LizardPermissionBackend() self.manager = User.objects.create_user( 'managermanager', '*****@*****.**', 'managermanager') self.manager.is_staff = True self.manager.save() self.user_group = UserGroup() self.user_group.save() self.data_set = DataSet.objects.create(name='data_set') self.content = Content() self.content.data_set = self.data_set self.content.save() self.permission_mapper = PermissionMapper() self.permission_mapper.user_group = self.user_group self.permission_mapper.data_set = self.data_set self.permission_mapper.save() self.content = Content() self.content.data_set = self.data_set self.content.save() def test_no_authentication(self): self.assertEquals(None, self.backend.authenticate()) def test_security_module_perms(self): """Usergroup managers need specific access to our module in de admin. """ self.assertFalse( self.backend.has_module_perms(self.manager, 'lizard_security')) self.user_group.managers.add(self.manager) self.user_group.save() self.assertTrue( self.backend.has_module_perms(self.manager, 'lizard_security')) def test_has_perm_only_objects(self): self.assertFalse(self.backend.has_perm('dont care', 'none.can_exist')) def test_has_perm(self): add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) self.permission_mapper.permission_group = group self.permission_mapper.save() self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) # If we belong to the right group, we *do* have access. with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [self.data_set.id] self.assertTrue(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) def test_has_perm_with_implicit_view_perm(self): with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [self.data_set.id] self.assertTrue(self.backend.has_perm( self.manager, 'lizard_security.can_view_lizard_data', self.content)) def test_has_perm_without_mappers(self): # Without any permission mappers created for this user self.content = Content() self.other_data_set = DataSet.objects.create(name='other_data_set') self.content.data_set = self.other_data_set self.content.save() with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [] self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) def test_has_perm_with_unset_dataset(self): # And now with dataset is None add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) self.permission_mapper.permission_group = group self.permission_mapper.data_set = None self.permission_mapper.save() self.content.data_set = None self.content.save() self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) # If we belong to the right group, we *do* have access. with patch('lizard_security.backends.request') as request: request.user_group_ids = [self.user_group.id] request.allowed_data_set_ids = [] self.assertTrue(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content)) def test_has_perm_with_no_dataset(self): # And now with an object that has no dataset attribute add_permission = Permission.objects.get(codename='change_content') group = Group() group.save() group.permissions.add(add_permission) self.permission_mapper.permission_group = group self.permission_mapper.data_set = None self.permission_mapper.save() self.content = ContentWithoutDataset() self.content.save() self.assertFalse(self.backend.has_perm( self.manager, 'testcontent.change_content', self.content))