def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
class TestAllowAppOwner(TestCase):
fixtures = fixture('user_2519', 'webapp_337141')
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
def test_has_permission_anonymous(self):
eq_(self.permission.has_permission(self.request, 'myview'), False)
def test_has_permission_user(self):
self.request.user = self.owner
self.request.user = self.owner
eq_(self.permission.has_permission(self.request, 'myview'), True)
def test_has_object_permission_user(self):
self.request.user = self.owner
self.request.user = self.owner
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
True)
def test_has_object_permission_different_user(self):
self.request.user = UserProfile.objects.get(pk=2519)
self.request.user = self.request.user
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
def test_has_object_permission_anonymous(self):
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
class TestAllowAppOwner(TestCase):
fixtures = fixture('user_2519', 'webapp_337141')
def setUp(self):
self.app = Webapp.objects.get(pk=337141)
self.permission = AllowAppOwner()
self.anonymous = AnonymousUser()
self.owner = self.app.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = self.anonymous
def test_has_permission_anonymous(self):
eq_(self.permission.has_permission(self.request, 'myview'), False)
def test_has_permission_user(self):
self.request.user = self.owner
self.request.user = self.owner
eq_(self.permission.has_permission(self.request, 'myview'), True)
def test_has_object_permission_user(self):
self.request.user = self.owner
self.request.user = self.owner
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
True)
def test_has_object_permission_different_user(self):
self.request.user = UserProfile.objects.get(pk=2519)
self.request.user = self.request.user
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
def test_has_object_permission_anonymous(self):
obj = self.app
eq_(self.permission.has_object_permission(self.request, 'myview', obj),
False)
def check(self, request, app, account):
if AllowAppOwner().has_object_permission(request, '', app):
if account.shared or account.user.pk == request.user.pk:
return True
else:
log.info('AddonPaymentAccount access %(account)s denied '
'for %(user)s: wrong user, not shared.'.format({
'account':
account.pk,
'user':
request.user.pk
}))
else:
log.info('AddonPaymentAccount access %(account)s denied '
'for %(user)s: no app permission.'.format({
'account':
account.pk,
'user':
request.user.pk
}))
return False
def check(self, request, free, premium):
allow = AllowAppOwner()
for app in free, premium:
if app and not allow.has_object_permission(request, '', app):
return False
return True
def check(self, request, free, premium):
allow = AllowAppOwner()
for app in free, premium:
if app and not allow.has_object_permission(request, '', app):
return False
return True
