Exemplo n.º 1
0
 def test_util_has_perm_or_owns_sanity(self):
     """Sanity check for access.has_perm_or_owns."""
     me = User.objects.get(pk=118533)
     my_t = Thread.objects.filter(creator=me)[0]
     other_t = Thread.objects.exclude(creator=me)[0]
     perm = 'forums_forum.thread_edit_forum'
     allowed = access.has_perm_or_owns(me, perm, my_t, self.forum_1)
     eq_(allowed, True)
     allowed = access.has_perm_or_owns(me, perm, other_t, self.forum_1)
     eq_(allowed, False)
Exemplo n.º 2
0
 def test_util_has_perm_or_owns_sanity(self):
     """Sanity check for access.has_perm_or_owns."""
     from kitsune.forums.tests import thread
     me = user(save=True)
     my_t = thread(creator=me, save=True)
     other_t = thread(save=True)
     perm = 'forums_forum.thread_edit_forum'
     allowed = access.has_perm_or_owns(me, perm, my_t, my_t.forum)
     eq_(allowed, True)
     allowed = access.has_perm_or_owns(me, perm, other_t, other_t.forum)
     eq_(allowed, False)
Exemplo n.º 3
0
 def test_util_has_perm_or_owns_sanity(self):
     """Sanity check for access.has_perm_or_owns."""
     from kitsune.forums.tests import thread
     me = user(save=True)
     my_t = thread(creator=me, save=True)
     other_t = thread(save=True)
     perm = 'forums_forum.thread_edit_forum'
     allowed = access.has_perm_or_owns(me, perm, my_t, my_t.forum)
     eq_(allowed, True)
     allowed = access.has_perm_or_owns(me, perm, other_t, other_t.forum)
     eq_(allowed, False)
Exemplo n.º 4
0
 def test_util_has_perm_or_owns_sanity(self):
     """Sanity check for access.has_perm_or_owns."""
     from kitsune.forums.tests import ThreadFactory
     me = UserFactory()
     my_t = ThreadFactory(creator=me)
     other_t = ThreadFactory()
     perm = 'forums_forum.thread_edit_forum'
     allowed = access.has_perm_or_owns(me, perm, my_t, my_t.forum)
     eq_(allowed, True)
     allowed = access.has_perm_or_owns(me, perm, other_t, other_t.forum)
     eq_(allowed, False)
Exemplo n.º 5
0
    def test_util_has_perm_or_owns_sanity(self):
        """Sanity check for access.has_perm_or_owns."""
        from kitsune.forums.tests import ThreadFactory

        me = UserFactory()
        my_t = ThreadFactory(creator=me)
        other_t = ThreadFactory()
        perm = "forums_forum.thread_edit_forum"
        allowed = access.has_perm_or_owns(me, perm, my_t, my_t.forum)
        eq_(allowed, True)
        allowed = access.has_perm_or_owns(me, perm, other_t, other_t.forum)
        eq_(allowed, False)
Exemplo n.º 6
0
def has_perm_or_owns(context, perm, obj, perm_obj, field_name='creator'):
    """
    Check if the user has a permission or owns the object.

    Ownership is determined by comparing perm_obj.field_name to the user in
    context.
    """
    user = context['request'].user
    if user.is_anonymous():
        return False
    return access.has_perm_or_owns(user, perm, obj, perm_obj, field_name)
Exemplo n.º 7
0
        def _wrapped_view(request, *args, **kwargs):
            # based on authority/decorators.py
            user = request.user
            if user.is_authenticated():
                obj = _resolve_lookup(obj_lookup, kwargs)
                perm_obj = _resolve_lookup(perm_obj_lookup, kwargs)
                granted = access.has_perm_or_owns(user, perm, obj, perm_obj, owner_attr)
                if granted or user.has_perm(perm):
                    return view_func(request, *args, **kwargs)

            # In all other cases, permission denied
            return HttpResponseForbidden()
Exemplo n.º 8
0
        def _wrapped_view(request, *args, **kwargs):
            # based on authority/decorators.py
            user = request.user
            if user.is_authenticated():
                obj = _resolve_lookup(obj_lookup, kwargs)
                perm_obj = _resolve_lookup(perm_obj_lookup, kwargs)
                granted = access.has_perm_or_owns(user, perm, obj, perm_obj,
                                                  owner_attr)
                if granted or user.has_perm(perm):
                    return view_func(request, *args, **kwargs)

            # In all other cases, permission denied
            return HttpResponseForbidden()