if rest: return jobs else: return HttpResponse(json.dumps(jobs), mimetype='application/json') def recv_user_add(sender, editor, user, obj, **kwargs): """ receiver for object_permissions.signals.view_add_user, Logs action """ log_action('ADD_USER', editor, obj, user) def recv_user_remove(sender, editor, user, obj, **kwargs): """ receiver for object_permissions.signals.view_remove_user, Logs action """ log_action('REMOVE_USER', editor, obj, user) def recv_perm_edit(sender, editor, user, obj, **kwargs): """ receiver for object_permissions.signals.view_edit_user, Logs action """ log_action('MODIFY_PERMS', editor, obj, user) view_add_user.connect(recv_user_add, sender=VirtualMachine) view_remove_user.connect(recv_user_remove, sender=VirtualMachine) view_edit_user.connect(recv_perm_edit, sender=VirtualMachine)
def test_view_remove_user(self): """ Test view for adding a user: Verifies: * GET redirects user to 405 * POST with a user id remove user, returns 1 * POST without user id returns error as json * users lacking perms receive 403 * removing user not in group returns error as json * removing user that does not exist returns error as json * user loses all permissions when removed from group """ group = self.test_save() c = Client() group.user_set.add(self.user0) url = '/group/%d/user/remove/' args = group.id # anonymous user response = c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # invalid permissions self.assertTrue( c.login(username=self.user0.username, password='******')) response = c.get(url % args) self.assertEqual(403, response.status_code) response = c.post(url % args) self.assertEqual(403, response.status_code) # authorize and login grant(self.user0, 'admin', group) # invalid method response = c.get(url % args) self.assertEqual(405, response.status_code) # valid request (perm) data = {'user': self.user0.id} response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertEqual([], self.user0.get_perms(group)) # setup signal self.signal_sender = self.signal_user = self.signal_obj = None def callback(sender, user, obj, **kwargs): self.signal_sender = sender self.signal_user = user self.signal_obj = obj view_remove_user.connect(callback) # valid request (superuser) revoke(self.user0, 'admin', group) self.user0.is_superuser = True self.user0.save() group.user_set.add(self.user0) response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) # check signal fired self.assertEqual(self.signal_sender, self.user0) self.assertEqual(self.signal_user, self.user0) self.assertEqual(self.signal_obj, group) view_remove_user.disconnect(callback) # remove user again response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertNotEqual('1', response.content) # remove invalid user response = c.post(url % args, {'user': 0}) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('1', response.content)
def test_view_remove_user(self): """ Test view for adding a user: Verifies: * GET redirects user to 405 * POST with a user id remove user, returns 1 * POST without user id returns error as json * users lacking perms receive 403 * removing user not in group returns error as json * removing user that does not exist returns error as json * user loses all permissions when removed from group """ group = self.test_save() c = Client() group.user_set.add(self.user0) url = '/group/%d/user/remove/' args = group.id # anonymous user response = c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # invalid permissions self.assertTrue(c.login(username=self.user0.username, password='******')) response = c.get(url % args) self.assertEqual(403, response.status_code) response = c.post(url % args) self.assertEqual(403, response.status_code) # authorize and login grant(self.user0, 'admin', group) # invalid method response = c.get(url % args) self.assertEqual(405, response.status_code) # valid request (perm) data = {'user':self.user0.id} response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertEqual([], self.user0.get_perms(group)) # setup signal self.signal_sender = self.signal_user = self.signal_obj = None def callback(sender, user, obj, **kwargs): self.signal_sender = sender self.signal_user = user self.signal_obj = obj view_remove_user.connect(callback) # valid request (superuser) revoke(self.user0, 'admin', group) self.user0.is_superuser = True self.user0.save() group.user_set.add(self.user0) response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) # check signal fired self.assertEqual(self.signal_sender, self.user0) self.assertEqual(self.signal_user, self.user0) self.assertEqual(self.signal_obj, group) view_remove_user.disconnect(callback) # remove user again response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertNotEqual('1', response.content) # remove invalid user response = c.post(url % args, {'user':0}) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('1', response.content)
if rest: return jobs else: return HttpResponse(json.dumps(jobs), mimetype='application/json') def recv_user_add(sender, editor, user, obj, **kwargs): """ receiver for object_permissions.signals.view_add_user, Logs action """ log_action('ADD_USER', editor, obj, user) def recv_user_remove(sender, editor, user, obj, **kwargs): """ receiver for object_permissions.signals.view_remove_user, Logs action """ log_action('REMOVE_USER', editor, obj, user) def recv_perm_edit(sender, editor, user, obj, **kwargs): """ receiver for object_permissions.signals.view_edit_user, Logs action """ log_action('MODIFY_PERMS', editor, obj, user) view_add_user.connect(recv_user_add, sender=VirtualMachine) view_remove_user.connect(recv_user_remove, sender=VirtualMachine) view_edit_user.connect(recv_perm_edit, sender=VirtualMachine)