def test_has_perm_without_mappers(self):
# Without any permission mappers created for this user
self.content = Content()
self.other_data_set = DataSet.objects.create(name='other_data_set')
self.content.data_set = self.other_data_set
self.content.save()
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = []
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
def setUp(self):
self.backend = LizardPermissionBackend()
self.manager = User.objects.create_user(
'managermanager',
'*****@*****.**',
'managermanager')
self.manager.is_staff = True
self.manager.save()
self.user_group = UserGroup()
self.user_group.save()
self.data_set = DataSet.objects.create(name='data_set')
self.content = Content()
self.content.data_set = self.data_set
self.content.save()
self.permission_mapper = PermissionMapper()
self.permission_mapper.user_group = self.user_group
self.permission_mapper.data_set = self.data_set
self.permission_mapper.save()
self.content = Content()
self.content.data_set = self.data_set
self.content.save()
def test_has_perm_with_no_dataset(self):
# And now with an object that has no dataset attribute
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
self.permission_mapper.permission_group = group
self.permission_mapper.data_set = None
self.permission_mapper.save()
self.content = ContentWithoutDataset()
self.content.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
class PermissionBackendTest(TestCase):
def setUp(self):
self.backend = LizardPermissionBackend()
self.manager = User.objects.create_user(
'managermanager',
'*****@*****.**',
'managermanager')
self.manager.is_staff = True
self.manager.save()
self.user_group = UserGroup()
self.user_group.save()
self.data_set = DataSet.objects.create(name='data_set')
self.content = Content()
self.content.data_set = self.data_set
self.content.save()
self.permission_mapper = PermissionMapper()
self.permission_mapper.user_group = self.user_group
self.permission_mapper.data_set = self.data_set
self.permission_mapper.save()
self.content = Content()
self.content.data_set = self.data_set
self.content.save()
def test_no_authentication(self):
self.assertEquals(None, self.backend.authenticate())
def test_security_module_perms(self):
"""Usergroup managers need specific access to our module in de admin.
"""
self.assertFalse(
self.backend.has_module_perms(self.manager, 'lizard_security'))
self.user_group.managers.add(self.manager)
self.user_group.save()
self.assertTrue(
self.backend.has_module_perms(self.manager, 'lizard_security'))
def test_has_perm_only_objects(self):
self.assertFalse(self.backend.has_perm('dont care', 'none.can_exist'))
def test_has_perm(self):
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
self.permission_mapper.permission_group = group
self.permission_mapper.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
# If we belong to the right group, we *do* have access.
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = [self.data_set.id]
self.assertTrue(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
def test_has_perm_with_implicit_view_perm(self):
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = [self.data_set.id]
self.assertTrue(self.backend.has_perm(
self.manager,
'lizard_security.can_view_lizard_data',
self.content))
def test_has_perm_without_mappers(self):
# Without any permission mappers created for this user
self.content = Content()
self.other_data_set = DataSet.objects.create(name='other_data_set')
self.content.data_set = self.other_data_set
self.content.save()
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = []
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
def test_has_perm_with_unset_dataset(self):
# And now with dataset is None
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
self.permission_mapper.permission_group = group
self.permission_mapper.data_set = None
self.permission_mapper.save()
self.content.data_set = None
self.content.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
# If we belong to the right group, we *do* have access.
with patch('lizard_security.backends.request') as request:
request.user_group_ids = [self.user_group.id]
request.allowed_data_set_ids = []
self.assertTrue(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
def test_has_perm_with_no_dataset(self):
# And now with an object that has no dataset attribute
add_permission = Permission.objects.get(codename='change_content')
group = Group()
group.save()
group.permissions.add(add_permission)
self.permission_mapper.permission_group = group
self.permission_mapper.data_set = None
self.permission_mapper.save()
self.content = ContentWithoutDataset()
self.content.save()
self.assertFalse(self.backend.has_perm(
self.manager, 'testcontent.change_content', self.content))
