def test_dumps_and_loads_with_other_instance(self): dumps = self.qserializer.dumps(self.q1) self.assertEqual(dumps, self.dumps) qserializer2 = QSerializer(base64=True) loads = qserializer2.loads(dumps) self.assertEqual(qserializer2.serialize(loads), qserializer2.serialize(self.q1))
def setUp(self): self.q1 = Q(Q(field1__contains="test") | Q(rel1__field2__exact="test2") & Q(Q(field3="test3") | Q(field3__range=(datetime.datetime(2005, 1, 1), datetime.datetime(2005, 3, 31))))) self.qserializer = QSerializer(base64=True) self.dumps = self.qserializer.dumps(self.q1)
def setUp(self): self.filterperm = FilterPermission() self.request = HttpRequest() self.me = User.objects.create(username="******", password='******') self.userok = User.objects.create(username="******", password='******') self.not_admin = User.objects.create(username="******", password='******') self.wrong = User.objects.create(username="******", password='******') self.admin = User.objects.create_superuser(username="******", password="******", email="") self.user_ct = ContentType.objects.get_by_natural_key("auth", "user") self.q = Q(Q(username='******') | Q(username='******')) self.qserializer = QSerializer(base64=True) self.myfilter = self.qserializer.dumps(self.q) self.fpm = FilterPermissionModel.objects.create(user=self.me, content_type=self.user_ct, filter=self.myfilter) self.request.user = self.me
def has_object_permission(self, request, view, obj): """ check filter permissions """ user = request.user if not user.is_superuser and not user.is_anonymous: valid = False try: ct = ContentType.objects.get_for_model(obj) fpm = FilterPermissionModel.objects.get(user=user, content_type=ct) myq = QSerializer(base64=True).loads(fpm.filter) try: myobj = obj.__class__.objects.filter(myq).distinct().get( pk=obj.pk) if myobj: valid = True except ObjectDoesNotExist: valid = False except ObjectDoesNotExist: valid = True finally: return valid else: return True
class TestQSerializer(TestCase): """ test the q serializer """ def setUp(self): self.q1 = Q(Q(field1__contains="test") | Q(rel1__field2__exact="test2") & Q(Q(field3="test3") | Q(field3__range=(datetime.datetime(2005, 1, 1), datetime.datetime(2005, 3, 31))))) self.qserializer = QSerializer(base64=True) self.dumps = self.qserializer.dumps(self.q1) def test_dumps(self): dumps = self.qserializer.dumps(self.q1) self.assertEqual(dumps, self.dumps) def test_loads(self): loads = self.qserializer.loads(self.dumps) self.assertEqual(self.qserializer.serialize(loads), self.qserializer.serialize(self.q1)) def test_dumps_and_loads_with_other_instance(self): dumps = self.qserializer.dumps(self.q1) self.assertEqual(dumps, self.dumps) qserializer2 = QSerializer(base64=True) loads = qserializer2.loads(dumps) self.assertEqual(qserializer2.serialize(loads), qserializer2.serialize(self.q1))
def filter_queryset(self, request, queryset, view): user = request.user if not user.is_superuser and not user.is_anonymous and isinstance(queryset, QuerySet): try: model = queryset.model ct = ContentType.objects.get_for_model(model) fpm = FilterPermissionModel.objects.get(user=user, content_type=ct) myfilter = QSerializer(base64=True).loads(fpm.filter) except ObjectDoesNotExist: myfilter = Q() return queryset.filter(myfilter) else: return queryset
class TestFilterPermissionFilter(TestCase): """ test filter """ def setUp(self): self.filterperm = FilterPermission() self.me = User.objects.create(username="******", password='******') self.userok = User.objects.create(username="******", password='******') self.not_admin = User.objects.create(username="******", password='******') self.wrong = User.objects.create(username="******", password='******') self.admin = User.objects.create_superuser(username="******", password="******", email="") self.user_ct = ContentType.objects.get_by_natural_key("auth", "user") self.q = Q(Q(username='******') | Q(username='******')) self.qserializer = QSerializer(base64=True) self.myfilter = self.qserializer.dumps(self.q) self.fpm = FilterPermissionModel.objects.create(user=self.me, content_type=self.user_ct, filter=self.myfilter) self.request = HttpRequest() self.request.user = self.me self.queryset = User.objects.all() self.filterbackend = FilterPermissionBackend() def test_manager_valid(self): filter = self.filterbackend.filter_queryset(self.request, self.queryset, None) self.assertEqual(len(filter.all()), 2) self.assertEqual(filter.get(username='******'), self.userok) def test_manager_not_valid(self): filter = self.filterbackend.filter_queryset(self.request, self.queryset, None) self.assertEqual(len(filter.all()), 2) with self.assertRaises(User.DoesNotExist): filter.get(username='******') def test_superuser(self): self.request.user = self.admin filter = self.filterbackend.filter_queryset(self.request, self.queryset, None) self.assertEqual(len(filter.all()), 5) def test_no_filter(self): self.request.user = self.not_admin filter = self.filterbackend.filter_queryset(self.request, self.queryset, None) self.assertEqual(len(filter.all()), 5)
class TestFilterPermissionModel(TestCase): """ test the filter permissions model """ def setUp(self): self.me = User.objects.create(username="******", password='******') self.q = Q(Q(username='******') | Q(username='******')) self.qserializer = QSerializer(base64=True) self.myfilter = self.qserializer.dumps(self.q) self.user_ct = ContentType.objects.get_by_natural_key("auth", "user") def test_create(self): fp = FilterPermissionModel.objects.create(user=self.me, content_type=self.user_ct, filter=self.myfilter) self.assertEqual(fp.user.username, 'morgan') self.assertEqual(fp.content_type.name, 'user') self.assertEqual(fp.filter, self.myfilter)
class TestFilterPermission(TestCase): """ test filter permission """ def setUp(self): self.filterperm = FilterPermission() self.request = HttpRequest() self.me = User.objects.create(username="******", password='******') self.userok = User.objects.create(username="******", password='******') self.not_admin = User.objects.create(username="******", password='******') self.wrong = User.objects.create(username="******", password='******') self.admin = User.objects.create_superuser(username="******", password="******", email="") self.user_ct = ContentType.objects.get_by_natural_key("auth", "user") self.q = Q(Q(username='******') | Q(username='******')) self.qserializer = QSerializer(base64=True) self.myfilter = self.qserializer.dumps(self.q) self.fpm = FilterPermissionModel.objects.create(user=self.me, content_type=self.user_ct, filter=self.myfilter) self.request.user = self.me def test_superuser(self): self.request.user = self.admin res = self.filterperm.has_object_permission(self.request, None, None) self.assertTrue(res) def test_no_filter(self): self.request.user = self.not_admin res = self.filterperm.has_object_permission(self.request, None, self.userok) self.assertTrue(res) res = self.filterperm.has_object_permission(self.request, None, self.wrong) self.assertTrue(res) def test_obj_valid(self): res = self.filterperm.has_object_permission(self.request, None, self.userok) self.assertTrue(res) def test_obj_not_valid(self): res = self.filterperm.has_object_permission(self.request, None, self.wrong) self.assertFalse(res)
def setUp(self): self.me = User.objects.create(username="******", password='******') self.q = Q(Q(username='******') | Q(username='******')) self.qserializer = QSerializer(base64=True) self.myfilter = self.qserializer.dumps(self.q) self.user_ct = ContentType.objects.get_by_natural_key("auth", "user")