def test_filter_by_user_perm(self):
self.trust1, created = Trust.objects.get_or_create_settlor_default(self.user)
self.trust2 = Trust(settlor=self.user, title='Title 0A', trust=Trust.objects.get_root())
self.trust2.save()
tup = TrustUserPermission(trust=self.trust2, entity=self.user, permission=Permission.objects.first())
tup.save()
self.trust3 = Trust(settlor=self.user, title='Title 0B', trust=Trust.objects.get_root())
self.trust3.save()
self.trust4 = Trust(settlor=self.user1, title='Title 1A', trust=Trust.objects.get_root())
self.trust4.save()
tup = TrustUserPermission(trust=self.trust4, entity=self.user, permission=Permission.objects.first())
tup.save()
self.trust5 = Trust(settlor=self.user1, title='Title 1B', trust=Trust.objects.get_root())
self.trust5.save()
self.group = Group(name='Group A')
self.group.save()
self.user.groups.add(self.group)
self.trust5.groups.add(self.group)
self.trust6 = Trust(settlor=self.user1, title='Title 1C', trust=Trust.objects.get_root())
self.trust6.save()
trusts = Trust.objects.filter_by_user_perm(self.user)
trust_pks = [t.pk for t in trusts]
self.assertEqual(trusts.count(), 3)
self.assertTrue(self.trust2.id in trust_pks)
self.assertTrue(self.trust4.id in trust_pks)
self.assertTrue(self.trust5.id in trust_pks)
def test_has_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root())
self.trust.save()
self.content = self.create_content(self.trust)
self.trust1 = Trust(settlor=self.user1, trust=Trust.objects.get_root())
self.trust1.save()
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
had = self.user.has_perm(self.get_perm_code(self.perm_add), self.content)
self.assertFalse(had)
trust = Trust(settlor=self.user, title='Test trusts')
trust.save()
reload_test_users(self)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
tup = TrustUserPermission(trust=self.trust, entity=self.user, permission=self.perm_change)
tup.save()
reload_test_users(self)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertTrue(had)
def create_root_trust(Trust, pk, settlor, title):
kwargs = {'id': pk, 'title': title}
if settlor is not None:
kwargs.update({'settlor_id': settlor})
trust = Trust(**kwargs)
trust.trust = trust
trust.save()
def test_change_trust(self):
self.trust1 = Trust(settlor=self.user, title='Title 0A', trust=Trust.objects.get_root())
self.trust1.save()
self.trust2 = Trust(settlor=self.user1, title='Title 1A', trust=Trust.objects.get_root())
self.trust2.save()
try:
self.trust2.trust = self.trust1
self.trust2.full_clean()
self.fail('Expected ValidationError not raised.')
except ValidationError as ve:
pass
def test_user_in_group_has_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root(), title='a title')
self.trust.save()
self.content = self.create_content(self.trust)
self.trust1 = Trust(settlor=self.user1, trust=Trust.objects.get_root())
self.trust1.save()
self.test_user_in_group_has_no_perm()
reload_test_users(self)
self.trust.groups.add(self.group)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertTrue(had)
had = self.user.has_perm(self.get_perm_code(self.perm_add), self.content)
self.assertFalse(had)
def test_trust_unique_together_title_settlor(self):
# Create `Title A` for user
self.trust = Trust(settlor=self.user, title='Title A', trust=Trust.objects.get_root())
self.trust.save()
# Create `Title A` for user1
self.trust1 = Trust(settlor=self.user1, title='Title A', trust=Trust.objects.get_root())
self.trust1.save()
# Empty string title should be allowed (reserved for settlor_default)
self.trust = Trust(settlor=self.user, title='', trust=Trust.objects.get_root())
self.trust.save()
# Create `Title A` for user, again (should fail)
try:
self.trust2 = Trust(settlor=self.user, title='Title A', trust=Trust.objects.get_root())
self.trust2.save()
self.fail('Expected IntegrityError not raised.')
except IntegrityError as ie:
pass
def test_unknown_content(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root())
self.trust.save()
perm = TrustModelBackend().get_group_permissions(self.user, {})
self.assertIsNotNone(perm)
self.assertIsIterable(perm)
self.assertEqual(len(perm), 0)
trusts = Trust.objects.filter_by_content(self.user)
self.assertEqual(trusts.count(), 0)
def test_user_not_in_group_has_no_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root(), title='trust 1')
self.trust.save()
self.content = self.create_content(self.trust)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
reload_test_users(self)
self.perm_change.group_set.add(self.group)
self.perm_change.save()
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
def test_has_perm_diff_roles_on_contents(self):
self.test_has_perm()
content2 = self.create_content(self.trust)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content2))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content2))
# diff trust, same group, same role
trust3 = Trust(settlor=self.user, title='trust 3')
trust3.save()
content3 = self.create_content(trust3)
reload_test_users(self)
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
trust3.groups.add(self.group)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
# make sure trust does not affect one another
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
# diff trust, diff group, stronger role, not in group
trust4 = Trust(settlor=self.user, title='trust 4')
trust4.save()
content4 = self.create_content(trust4)
group4 = Group(name='admin group')
group4.save()
Role.objects.get(name='admin').groups.add(group4)
reload_test_users(self)
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read), content4))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content4))
# make sure trust does not affect one another
self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1))
self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1))
class TrustTest(TestCase):
ROOT_PK = getattr(settings, 'TRUSTS_ROOT_PK', 1)
SETTLOR_PK = getattr(settings, 'TRUSTS_ROOT_SETTLOR', None)
def setUp(self):
super(TrustTest, self).setUp()
call_command('create_trust_root')
get_or_create_root_user(self)
create_test_users(self)
def get_perm_code(self, perm):
return '%s.%s' % (
perm.content_type.app_label, perm.codename
)
def test_root(self):
root = Trust.objects.get_root()
self.assertEqual(root.pk, self.ROOT_PK)
self.assertEqual(root.pk, root.trust.pk)
self.assertEqual(Trust.objects.filter(trust=F('id')).count(), 1)
def test_trust_unique_together_title_settlor(self):
# Create `Title A` for user
self.trust = Trust(settlor=self.user, title='Title A', trust=Trust.objects.get_root())
self.trust.save()
# Create `Title A` for user1
self.trust1 = Trust(settlor=self.user1, title='Title A', trust=Trust.objects.get_root())
self.trust1.save()
# Empty string title should be allowed (reserved for settlor_default)
self.trust = Trust(settlor=self.user, title='', trust=Trust.objects.get_root())
self.trust.save()
# Create `Title A` for user, again (should fail)
try:
self.trust2 = Trust(settlor=self.user, title='Title A', trust=Trust.objects.get_root())
self.trust2.save()
self.fail('Expected IntegrityError not raised.')
except IntegrityError as ie:
pass
def test_read_permissions_added(self):
ct = ContentType.objects.get_for_model(Trust)
self.assertIsNotNone(Permission.objects.get(
content_type=ct,
codename='%s_%s' % ('read', ct.model)
))
def test_filter_by_user_perm(self):
self.trust1, created = Trust.objects.get_or_create_settlor_default(self.user)
self.trust2 = Trust(settlor=self.user, title='Title 0A', trust=Trust.objects.get_root())
self.trust2.save()
tup = TrustUserPermission(trust=self.trust2, entity=self.user, permission=Permission.objects.first())
tup.save()
self.trust3 = Trust(settlor=self.user, title='Title 0B', trust=Trust.objects.get_root())
self.trust3.save()
self.trust4 = Trust(settlor=self.user1, title='Title 1A', trust=Trust.objects.get_root())
self.trust4.save()
tup = TrustUserPermission(trust=self.trust4, entity=self.user, permission=Permission.objects.first())
tup.save()
self.trust5 = Trust(settlor=self.user1, title='Title 1B', trust=Trust.objects.get_root())
self.trust5.save()
self.group = Group(name='Group A')
self.group.save()
self.user.groups.add(self.group)
self.trust5.groups.add(self.group)
self.trust6 = Trust(settlor=self.user1, title='Title 1C', trust=Trust.objects.get_root())
self.trust6.save()
trusts = Trust.objects.filter_by_user_perm(self.user)
trust_pks = [t.pk for t in trusts]
self.assertEqual(trusts.count(), 3)
self.assertTrue(self.trust2.id in trust_pks)
self.assertTrue(self.trust4.id in trust_pks)
self.assertTrue(self.trust5.id in trust_pks)
def test_change_trust(self):
self.trust1 = Trust(settlor=self.user, title='Title 0A', trust=Trust.objects.get_root())
self.trust1.save()
self.trust2 = Trust(settlor=self.user1, title='Title 1A', trust=Trust.objects.get_root())
self.trust2.save()
try:
self.trust2.trust = self.trust1
self.trust2.full_clean()
self.fail('Expected ValidationError not raised.')
except ValidationError as ve:
pass
class TrustContentTestMixin(ContentModel):
def assertIsIterable(self, obj, msg='Not an iterable'):
return self.assertTrue(hasattr(obj, '__iter__'))
def test_unknown_content(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root())
self.trust.save()
perm = TrustModelBackend().get_group_permissions(self.user, {})
self.assertIsNotNone(perm)
self.assertIsIterable(perm)
self.assertEqual(len(perm), 0)
trusts = Trust.objects.filter_by_content(self.user)
self.assertEqual(trusts.count(), 0)
def test_user_not_in_group_has_no_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root(), title='trust 1')
self.trust.save()
self.content = self.create_content(self.trust)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
reload_test_users(self)
self.perm_change.group_set.add(self.group)
self.perm_change.save()
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
def test_user_in_group_has_no_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root())
self.trust.save()
self.content = self.create_content(self.trust)
self.test_user_not_in_group_has_no_perm()
reload_test_users(self)
self.user.groups.add(self.group)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
def test_user_in_group_has_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root(), title='a title')
self.trust.save()
self.content = self.create_content(self.trust)
self.trust1 = Trust(settlor=self.user1, trust=Trust.objects.get_root())
self.trust1.save()
self.test_user_in_group_has_no_perm()
reload_test_users(self)
self.trust.groups.add(self.group)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertTrue(had)
had = self.user.has_perm(self.get_perm_code(self.perm_add), self.content)
self.assertFalse(had)
def test_has_perm(self):
self.trust = Trust(settlor=self.user, trust=Trust.objects.get_root())
self.trust.save()
self.content = self.create_content(self.trust)
self.trust1 = Trust(settlor=self.user1, trust=Trust.objects.get_root())
self.trust1.save()
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
had = self.user.has_perm(self.get_perm_code(self.perm_add), self.content)
self.assertFalse(had)
trust = Trust(settlor=self.user, title='Test trusts')
trust.save()
reload_test_users(self)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertFalse(had)
tup = TrustUserPermission(trust=self.trust, entity=self.user, permission=self.perm_change)
tup.save()
reload_test_users(self)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content)
self.assertTrue(had)
def test_has_perm_disallow_no_perm_content(self):
self.test_has_perm()
self.content1 = self.create_content(self.trust1)
had = self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)
self.assertFalse(had)
def test_has_perm_disallow_no_perm_perm(self):
self.test_has_perm()
had = self.user.has_perm(self.get_perm_code(self.perm_add), self.content)
self.assertFalse(had)
def test_get_or_create_default_trust(self):
trust, created = Trust.objects.get_or_create_settlor_default(self.user)
content = self.create_content(trust)
had = self.user.has_perm(self.get_perm_code(self.perm_change), content)
self.assertFalse(had)
tup = TrustUserPermission(trust=trust, entity=self.user, permission=self.perm_change)
tup.save()
reload_test_users(self)
had = self.user.has_perm(self.get_perm_code(self.perm_change), content)
self.assertTrue(had)
def test_has_perm_queryset(self):
self.test_has_perm()
self.content1 = self.create_content(self.trust)
reload_test_users(self)
content_model = self.content_model if hasattr(self, 'content_model') else self.model
qs = content_model.objects.filter(pk__in=[self.content.pk, self.content1.pk])
had = self.user.has_perm(self.get_perm_code(self.perm_change), qs)
self.assertTrue(had)
def test_mixed_trust_queryset(self):
self.test_has_perm()
self.content1 = self.create_content(self.trust1)
self.content2 = self.create_content(self.trust)
reload_test_users(self)
qs = self.model.objects.all()
had = self.user.has_perm(self.get_perm_code(self.perm_change), qs)
self.assertFalse(had)
def test_read_permissions_added(self):
ct = ContentType.objects.get_for_model(self.model)
self.assertIsNotNone(Permission.objects.get(
content_type=ct,
codename='%s_%s' % ('read', ct.model)
))
def create_content(self, trust):
self.count += 1
content = Trust(title='Test Trust as Content %s' % self.count, trust=trust)
content.save()
return content