from __future__ import absolute_import, unicode_literals from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy from wagtail.wagtailredirects.models import Redirect permission_policy = ModelPermissionPolicy(Redirect)
class TestModelPermissionPolicy(PermissionPolicyTestCase): def setUp(self): super(TestModelPermissionPolicy, self).setUp() self.policy = ModelPermissionPolicy(Image) def test_user_has_permission(self): self.assertUserPermissionMatrix([ # Superuser has permission to do everything (self.superuser, True, True, True, True), # Inactive superuser can do nothing (self.inactive_superuser, False, False, False, False), # User with 'add' permission via group can only add (self.image_adder, True, False, False, False), # User with 'add' permission via user can only add (self.oneoff_image_adder, True, False, False, False), # Inactive user with 'add' permission can do nothing (self.inactive_image_adder, False, False, False, False), # User with 'change' permission via group can only change (self.image_changer, False, True, False, False), # User with 'change' permission via user can only change (self.oneoff_image_changer, False, True, False, False), # Inactive user with 'add' permission can do nothing (self.inactive_image_changer, False, False, False, False), # User with 'delete' permission can only delete (self.oneoff_image_deleter, False, False, True, False), # User with no permissions can do nothing (self.useless_user, False, False, False, False), # Anonymous user can do nothing (self.anonymous_user, False, False, False, False), ]) def test_user_has_any_permission(self): # Superuser can do everything self.assertTrue( self.policy.user_has_any_permission(self.superuser, ['add', 'change']) ) # Inactive superuser can do nothing self.assertFalse( self.policy.user_has_any_permission(self.inactive_superuser, ['add', 'change']) ) # Only one of the permissions in the list needs to pass # in order for user_has_any_permission to return true self.assertTrue( self.policy.user_has_any_permission(self.image_adder, ['add', 'change']) ) self.assertTrue( self.policy.user_has_any_permission(self.oneoff_image_adder, ['add', 'change']) ) self.assertTrue( self.policy.user_has_any_permission(self.image_changer, ['add', 'change']) ) # User with some permission, but not the ones in the list, # should return false self.assertFalse( self.policy.user_has_any_permission(self.image_changer, ['add', 'delete']) ) # Inactive user with the appropriate permissions can do nothing self.assertFalse( self.policy.user_has_any_permission(self.inactive_image_adder, ['add', 'delete']) ) # User with no permissions can do nothing self.assertFalse( self.policy.user_has_any_permission(self.useless_user, ['add', 'change']) ) # Anonymous user can do nothing self.assertFalse( self.policy.user_has_any_permission(self.anonymous_user, ['add', 'change']) ) def test_users_with_permission(self): users_with_add_permission = self.policy.users_with_permission('add') self.assertResultSetEqual(users_with_add_permission, [ self.superuser, self.image_adder, self.oneoff_image_adder, ]) users_with_change_permission = self.policy.users_with_permission('change') self.assertResultSetEqual(users_with_change_permission, [ self.superuser, self.image_changer, self.oneoff_image_changer, ]) def test_users_with_any_permission(self): users_with_add_or_change_permission = self.policy.users_with_any_permission( ['add', 'change'] ) self.assertResultSetEqual(users_with_add_or_change_permission, [ self.superuser, self.image_adder, self.oneoff_image_adder, self.image_changer, self.oneoff_image_changer, ]) users_with_change_or_delete_permission = self.policy.users_with_any_permission( ['change', 'delete'] ) self.assertResultSetEqual(users_with_change_or_delete_permission, [ self.superuser, self.image_changer, self.oneoff_image_changer, self.oneoff_image_deleter, ]) def test_user_has_permission_for_instance(self): # Permissions for this policy are applied at the model level, # so rules for a specific instance will match rules for the # model as a whole self.assertUserInstancePermissionMatrix(self.adder_image, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.image_adder, False, False, False), (self.oneoff_image_adder, False, False, False), (self.inactive_image_adder, False, False, False), (self.image_changer, True, False, False), (self.oneoff_image_changer, True, False, False), (self.inactive_image_changer, False, False, False), (self.oneoff_image_deleter, False, True, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) def test_user_has_any_permission_for_instance(self): # Superuser can do everything self.assertTrue( self.policy.user_has_any_permission_for_instance( self.superuser, ['change', 'delete'], self.adder_image ) ) # Inactive superuser can do nothing self.assertFalse( self.policy.user_has_any_permission_for_instance( self.inactive_superuser, ['change', 'delete'], self.adder_image ) ) # Only one of the permissions in the list needs to pass # in order for user_has_any_permission to return true self.assertTrue( self.policy.user_has_any_permission_for_instance( self.image_changer, ['change', 'delete'], self.adder_image ) ) self.assertTrue( self.policy.user_has_any_permission_for_instance( self.oneoff_image_changer, ['change', 'delete'], self.adder_image ) ) # User with some permission, but not the ones in the list, # should return false self.assertFalse( self.policy.user_has_any_permission_for_instance( self.image_adder, ['change', 'delete'], self.adder_image ) ) # Inactive user with the appropriate permissions can do nothing self.assertFalse( self.policy.user_has_any_permission_for_instance( self.inactive_image_changer, ['change', 'delete'], self.adder_image ) ) # User with no permissions can do nothing self.assertFalse( self.policy.user_has_any_permission_for_instance( self.useless_user, ['change', 'delete'], self.adder_image ) ) # Anonymous user can do nothing self.assertFalse( self.policy.user_has_any_permission_for_instance( self.anonymous_user, ['change', 'delete'], self.adder_image ) ) def test_instances_user_has_permission_for(self): all_images = [ self.adder_image, self.useless_image, self.anonymous_image ] no_images = [] # the set of images editable by superuser includes all images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.superuser, 'change' ), all_images ) # the set of images editable by inactive superuser includes no images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.inactive_superuser, 'change' ), no_images ) # given the relevant model permission at the group level, a user can edit all images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.image_changer, 'change' ), all_images ) # given the relevant model permission at the user level, a user can edit all images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.oneoff_image_changer, 'change' ), all_images ) # a user with no permission can edit no images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.useless_user, 'change' ), no_images ) # an inactive user with the relevant permission can edit no images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.inactive_image_changer, 'change' ), no_images ) # a user with permission, but not the matching one, can edit no images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.image_changer, 'delete' ), no_images ) # the set of images editable by anonymous user includes no images self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.anonymous_user, 'change' ), no_images ) def test_instances_user_has_any_permission_for(self): all_images = [ self.adder_image, self.useless_image, self.anonymous_image ] no_images = [] # the set of images editable by superuser includes all images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.superuser, ['change', 'delete'] ), all_images ) # the set of images editable by inactive superuser includes no images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.inactive_superuser, ['change', 'delete'] ), no_images ) # given the relevant model permission at the group level, a user can edit all images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.image_changer, ['change', 'delete'] ), all_images ) # given the relevant model permission at the user level, a user can edit all images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.oneoff_image_changer, ['change', 'delete'] ), all_images ) # a user with no permission can edit no images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.useless_user, ['change', 'delete'] ), no_images ) # an inactive user with the relevant permission can edit no images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.inactive_image_changer, ['change', 'delete'] ), no_images ) # a user with permission, but not the matching one, can edit no images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.image_adder, ['change', 'delete'] ), no_images ) # the set of images editable by anonymous user includes no images self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.anonymous_user, ['change', 'delete'] ), no_images ) def test_users_with_permission_for_instance(self): users_with_change_permission = self.policy.users_with_permission_for_instance( 'change', self.useless_image ) self.assertResultSetEqual(users_with_change_permission, [ self.superuser, self.image_changer, self.oneoff_image_changer, ]) users_with_delete_permission = self.policy.users_with_permission_for_instance( 'delete', self.useless_image ) self.assertResultSetEqual(users_with_delete_permission, [ self.superuser, self.oneoff_image_deleter, ]) def test_users_with_any_permission_for_instance(self): users_with_change_or_del_permission = self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.useless_image ) self.assertResultSetEqual(users_with_change_or_del_permission, [ self.superuser, self.image_changer, self.oneoff_image_changer, self.oneoff_image_deleter, ])
def setUp(self): super(TestModelPermissionPolicy, self).setUp() self.policy = ModelPermissionPolicy(Image)
from __future__ import absolute_import, unicode_literals from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy from wagtailreports.models import get_report_model, get_report_panel_model report_permission_policy = ModelPermissionPolicy(get_report_model()) report_panel_permission_policy = ModelPermissionPolicy( get_report_panel_model())
from __future__ import absolute_import, unicode_literals from django.contrib.auth import get_user_model from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy User = get_user_model() permission_policy = ModelPermissionPolicy(User)
from __future__ import absolute_import, unicode_literals from django.utils.translation import ugettext_lazy from wagtail.wagtailadmin.views import generic from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy from wagtailtrans.forms import LanguageForm from wagtailtrans.models import Language language_permission_policy = ModelPermissionPolicy(Language) class Index(generic.IndexView): model = Language permission_policy = language_permission_policy context_object_name = 'languages' template_name = 'wagtailtrans/languages/index.html' add_url_name = 'wagtailtrans_languages:add' page_title = ugettext_lazy("Languages") add_item_label = ugettext_lazy("Add a language") header_icon = 'folder-open-1' class Create(generic.CreateView): form_class = LanguageForm permission_policy = language_permission_policy page_title = ugettext_lazy("Add language") success_message = ugettext_lazy("Language '{0}' created.") add_url_name = 'wagtailtrans_languages:add' edit_url_name = 'wagtailtrans_languages:edit' index_url_name = 'wagtailtrans_languages:index'
from wagtail.wagtailcore.models import Collection, Site from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy site_permission_policy = ModelPermissionPolicy(Site) collection_permission_policy = ModelPermissionPolicy(Collection)
from wagtail.wagtailcore.models import Site from wagtail.wagtailcore.permission_policies import ModelPermissionPolicy site_permission_policy = ModelPermissionPolicy(Site)