def get(self, object_type, object_id, access_type):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id, self.current_org)
has_access = AccessPermission.exists(obj, access_type, self.current_user)
return {'response': has_access}
def test_creates_permission_if_the_user_is_an_owner(self):
query = self.factory.create_query()
other_user = self.factory.create_user()
data = {"access_type": ACCESS_TYPE_MODIFY, "user_id": other_user.id}
rv = self.make_request("post", "/api/queries/{}/acl".format(query.id), user=query.user, data=data)
self.assertEqual(200, rv.status_code)
self.assertTrue(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_creates_permission_if_the_user_is_an_owner(self):
query = self.factory.create_query()
other_user = self.factory.create_user()
data = {
'access_type': ACCESS_TYPE_MODIFY,
'user_id': other_user.id
}
rv = self.make_request('post', '/api/queries/{}/acl'.format(query.id), user=query.user, data=data)
self.assertEqual(200, rv.status_code)
self.assertTrue(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_removes_permission(self):
query = self.factory.create_query()
user = self.factory.user
other_user = self.factory.create_user()
data = {"access_type": ACCESS_TYPE_MODIFY, "user_id": other_user.id}
AccessPermission.grant(obj=query, access_type=ACCESS_TYPE_MODIFY, grantor=self.factory.user, grantee=other_user)
rv = self.make_request("delete", "/api/queries/{}/acl".format(query.id), user=user, data=data)
self.assertEqual(rv.status_code, 200)
self.assertFalse(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_removes_permission_created_by_another_user(self):
query = self.factory.create_query()
other_user = self.factory.create_user()
data = {
'access_type': ACCESS_TYPE_MODIFY,
'user_id': other_user.id
}
AccessPermission.grant(obj=query, access_type=ACCESS_TYPE_MODIFY, grantor=self.factory.user, grantee=other_user)
rv = self.make_request('delete', '/api/queries/{}/acl'.format(query.id), user=self.factory.create_admin(),
data=data)
self.assertEqual(rv.status_code, 200)
self.assertFalse(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_removes_permission(self):
query = self.factory.create_query()
user = self.factory.user
other_user = self.factory.create_user()
data = {"access_type": ACCESS_TYPE_MODIFY, "user_id": other_user.id}
AccessPermission.grant(
obj=query,
access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=other_user,
)
rv = self.make_request("delete",
"/api/queries/{}/acl".format(query.id),
user=user,
data=data)
self.assertEqual(rv.status_code, 200)
self.assertFalse(
AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
