Exemplo n.º 1
0
 def test_anonymous_restricted_device_by_non_view_permission(self):
     guy_fawkes = AnonymousUser()
     auth = PermissionAuth(guy_fawkes)
     GroupDevicePermission.objects.assign_perm(
         "change_device", self.group, self.device
     )
     self.assertTrue(auth.has_perm("lava_scheduler_app.view_device", self.device))
Exemplo n.º 2
0
 def test_get_group_perms(self):
     # Test group permission queries.
     auth = PermissionAuth(self.user)
     GroupDevicePermission.objects.assign_perm("change_device", self.group,
                                               self.device)
     permissions = auth.get_group_perms(self.device)
     self.assertEqual(permissions,
                      {"change_device", "view_device", "submit_to_device"})
Exemplo n.º 3
0
 def test_anonymous_restricted_device_type(self):
     guy_fawkes = AnonymousUser()
     auth = PermissionAuth(guy_fawkes)
     GroupDeviceTypePermission.objects.assign_perm(
         "view_devicetype", self.group, self.device_type
     )
     self.assertFalse(
         auth.has_perm("lava_scheduler_app.view_devicetype", self.device_type)
     )
Exemplo n.º 4
0
    def test_not_active_user(self):
        user = User.objects.create(username="******")
        user.groups.add(self.group)
        GroupDevicePermission.objects.assign_perm(
            "admin_device", self.group, self.device
        )

        check = PermissionAuth(user)
        self.assertTrue(check.has_perm("lava_scheduler_app.admin_device", self.device))
        user.is_active = False
        self.assertFalse(check.has_perm("lava_scheduler_app.admin_device", self.device))
Exemplo n.º 5
0
    def get_all_permissions(self, user, obj=None):
        """
        Returns a set of permissions that the given user has for object.
        """
        if not obj:
            return super().get_all_permissions(user, None)
        if not is_object_supported(obj):
            return set()

        auth = PermissionAuth(user)
        return auth.get_perms(obj)
Exemplo n.º 6
0
 def test_superuser(self):
     user = User.objects.create(username="******", is_superuser=True)
     auth = PermissionAuth(user)
     content_type = ContentType.objects.get_for_model(self.device)
     perms = set(
         chain(*Permission.objects.filter(
             content_type=content_type).values_list("codename")))
     self.assertEqual(perms, auth.get_perms(self.device))
     for perm in perms:
         self.assertTrue(
             auth.has_perm("%s.%s" % (content_type.app_label, perm),
                           self.device))
Exemplo n.º 7
0
 def test_not_active_superuser(self):
     user = User.objects.create(username="******",
                                is_superuser=True,
                                is_active=False)
     check = PermissionAuth(user)
     content_type = ContentType.objects.get_for_model(self.device)
     perms = sorted(
         chain(*Permission.objects.filter(
             content_type=content_type).values_list("codename")))
     self.assertEqual(check.get_perms(self.device), [])
     for perm in perms:
         self.assertFalse(
             check.has_perm("%s.%s" % (content_type.app_label, perm),
                            self.device))
Exemplo n.º 8
0
    def test_get_perms(self):
        device1 = self.factory.make_device(
            device_type=self.device_type, hostname="qemu-tmp-01"
        )
        device2 = self.factory.make_device(
            device_type=self.device_type, hostname="qemu-tmp-02"
        )

        assign_perms = {device1: ("change_device",), device2: ("view_device",)}

        auth = PermissionAuth(self.user)

        for obj, perms in assign_perms.items():
            for perm in perms:
                GroupDevicePermission.objects.assign_perm(perm, self.group, obj)
            self.assertTrue(set(perms).issubset(auth.get_perms(obj)))
Exemplo n.º 9
0
 def test_has_perm_unsupported_model(self):
     # Unsupported permission codename will raise PermissionNameError.
     user = self.factory.make_user()
     auth = PermissionAuth(user)
     with TestCase.assertRaises(self, PermissionNameError):
         GroupDevicePermission.objects.assign_perm("change_group",
                                                   self.group, self.device)
Exemplo n.º 10
0
    def has_perm(self, user, perm, obj=None):
        """
        Returns True if given user has particular permission for the object.
        If no object is given, False is returned.
        """
        if not is_object_supported(obj):
            return False

        app_label, _ = perm.split(".", maxsplit=1)
        if app_label != obj._meta.app_label:
            raise ValueError("Passed perm has wrong app label: '%s'" %
                             app_label)

        # Global permissions test. The django backend doesn't handle well
        # has_perm call when obj is not None so we have to do the check here
        # as well (https://github.com/django/django/blob/master/django/contrib/auth/backends.py#L104)
        if perm in super().get_all_permissions(user, None):
            return True

        auth = PermissionAuth(user)
        return auth.has_perm(perm, obj)
Exemplo n.º 11
0
 def test_anonymous_unrestricted_device_type(self):
     guy_fawkes = AnonymousUser()
     auth = PermissionAuth(guy_fawkes)
     self.assertTrue(
         auth.has_perm("lava_scheduler_app.view_devicetype", self.device_type)
     )