def test_check_permission_wrong_format(self): check_permission(self.superuser, "no_dot_in_string") # superuser can do everything ;) with self.assertRaises(PermissionDenied) as cm: check_permission(self.staff_user, "no_dot_in_string") self.assert_exception_startswith(cm, "Wrong permission string format")
def test_check_permission_wrong_codename(self): check_permission(self.superuser, "auth.wrong") # superuser can do everything ;) with self.assertRaises(PermissionDenied) as cm: check_permission(self.staff_user, "auth.wrong") self.assert_exception_startswith(cm, "Codename 'wrong' from permission 'auth.wrong' doesn't exists!" )
def test_check_permission_wrong_app_label(self): check_permission(self.superuser, "wrong.foobar") # superuser can do everything ;) with self.assertRaises(PermissionDenied) as cm: check_permission(self.staff_user, "wrong.foobar") self.assert_exception_startswith(cm, "App label 'wrong' from permission 'wrong.foobar' doesn't exists!" )
def test_superuser_check(self): self.assertEqual( check_permission(self.normal_user, "foo.bar", raise_exception=False), False) self.assertEqual(has_perm(self.normal_user, "foo.bar"), False) self.assertEqual( check_permission(self.superuser, "foo.bar", raise_exception=False), True) self.assertEqual(has_perm(self.superuser, "foo.bar"), True)
def test_check_permission(self): with LoggingBuffer(name=None, level=logging.ERROR) as log: with self.assertRaises(PermissionDenied): check_permission(self.normal_user, "foo.bar2", raise_exception=True) log_messages = log.get_messages() print(log_messages) self.assertEqual( log_messages, 'ERROR:django_tools.permissions:User "normal test user"' ' has not permission "foo.bar2" -> raise PermissionDenied!')
def test_superuser_check(self): self.assertTrue( check_permission( self.superuser, permission="superuser check ignores this completely!", ) )
def test_check_permission_existing(self): self.assertTrue( check_permission( self.staff_user, "django_tools_test_app.extra_permission", ) )
def has_object_permission(user, opts, action, raise_exception=True): """ Check if user has "<app_name>.<action>_<model_name>" opts is <model_instance>._meta """ codename = get_permission_codename(action, opts) if codename == "can_publish_page": # FIXME: Django CMS code name doesn't has the prefix "can_" ! # TODO: Remove "can_" from own permissions to unify it. # see also: publisher.models.PublisherStateModel#object_permission_name # https://github.com/wearehoods/django-ya-model-publisher/issues/8 codename = "publish_page" perm_name = "%s.%s" % ( opts.app_label, codename ) try: has_permission = check_permission(user, perm_name, raise_exception) except PermissionDenied: # get_permission() will raise helpfull errors if format is wrong # or if the permission doesn't exists get_permission_by_string(perm_name) raise if not has_permission: get_permission_by_string(perm_name) return has_permission
def has_can_publish_permission(cls, user, raise_exception=True): """ user permission to: * (un-)publish a object directly * accept/reject a (un-)publish request """ permission_name = cls.extra_permission_name(action=constants.PERMISSION_CAN_PUBLISH) return check_permission(user, permission_name, raise_exception)
def check_object_permission(self, user, action, raise_exception=True): """ e.g.: <app-label>.<action>_<model-name> TODO: Use only permission checks against self.content_type everywhere if possible! """ permission_name = self.object_permission_name(action) return check_permission(user, permission_name, raise_exception)
def test_check_permission_error_without_exception(self): self.assertFalse( check_permission( self.normal_user, "django_tools_test_app.extra_permission", raise_exception=False ) )
def test_add_permissions(self): self.assertEqual( check_permission(self.normal_user, PERMISSION_NAME, raise_exception=False), False) # permissions = self.get_all_permissions(self.normal_user) # self.assertEqual(permissions, "X") permissions = ((LimitToUsergroupsTestModel, "publish"), ) add_permissions(permission_obj=self.group, permissions=permissions) # log_group_permissions(self.group) # log_user_permissions(self.normal_user) user = self.refresh_user(self.normal_user) # log_user_permissions(user) self.assertEqual( check_permission(user, "django_tools_test_app.publish", raise_exception=False), True) self.assertEqual(user.get_all_permissions(), {'django_tools_test_app.publish'})
def has_extra_permission_permission(cls, user, raise_exception=True): permission = cls.extra_permission_name(action="extra_permission") return check_permission(user, permission, raise_exception)
def test_check_permission_error_with_exception(self): with self.assertRaises(PermissionDenied) as cm: check_permission(self.normal_user, "django_tools_test_app.extra_permission") self.assertFalse(hasattr(cm, "args")) # No error message