class TestAllowAddonAuthor(TestCase):
def setUp(self):
self.addon = addon_factory()
self.permission = AllowAddonAuthor()
self.owner = user_factory()
self.addon.addonuser_set.create(user=self.owner)
self.request = RequestFactory().get('/')
self.request.user = AnonymousUser()
def test_has_permission_anonymous(self):
assert not self.permission.has_permission(self.request, myview)
def test_has_permission_any_authenticated_user(self):
self.request.user = user_factory()
assert self.request.user not in self.addon.authors.all()
assert self.permission.has_permission(self.request, myview)
def test_has_object_permission_owner(self):
self.request.user = self.owner
assert self.permission.has_object_permission(self.request, myview,
self.addon)
def test_has_object_permission_different_user(self):
self.request.user = user_factory()
assert self.request.user not in self.addon.authors.all()
assert not self.permission.has_object_permission(
self.request, myview, self.addon)
def test_has_object_permission_anonymous(self):
assert not self.permission.has_object_permission(
self.request, myview, self.addon)
def setUp(self):
self.addon = addon_factory()
self.permission = AllowAddonAuthor()
self.owner = user_factory()
self.addon.addonuser_set.create(user=self.owner)
self.request = RequestFactory().get('/')
self.request.user = AnonymousUser()
class TestAllowAddonAuthor(TestCase):
fixtures = ['base/users', 'base/addon_3615']
def setUp(self):
self.addon = Addon.objects.get(pk=3615)
self.permission = AllowAddonAuthor()
self.owner = self.addon.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = AnonymousUser()
def test_has_permission_anonymous(self):
assert not self.permission.has_permission(self.request, myview)
def test_has_permission_any_authenticated_user(self):
self.request.user = UserProfile.objects.get(pk=999)
assert self.request.user not in self.addon.authors.all()
assert self.permission.has_permission(self.request, myview)
def test_has_object_permission_user(self):
self.request.user = self.owner
assert self.permission.has_object_permission(self.request, myview,
self.addon)
def test_has_object_permission_different_user(self):
self.request.user = UserProfile.objects.get(pk=999)
assert self.request.user not in self.addon.authors.all()
assert not self.permission.has_object_permission(
self.request, myview, self.addon)
def test_has_object_permission_anonymous(self):
assert not self.permission.has_object_permission(
self.request, myview, self.addon)
class TestAllowAddonAuthor(TestCase):
fixtures = ["base/users", "base/addon_3615"]
def setUp(self):
self.addon = Addon.objects.get(pk=3615)
self.permission = AllowAddonAuthor()
self.owner = self.addon.authors.all()[0]
self.request = RequestFactory().get("/")
self.request.user = AnonymousUser()
def test_has_permission_anonymous(self):
assert not self.permission.has_permission(self.request, myview)
def test_has_permission_any_authenticated_user(self):
self.request.user = UserProfile.objects.get(pk=999)
assert self.request.user not in self.addon.authors.all()
assert self.permission.has_permission(self.request, myview)
def test_has_object_permission_user(self):
self.request.user = self.owner
assert self.permission.has_object_permission(self.request, myview, self.addon)
def test_has_object_permission_different_user(self):
self.request.user = UserProfile.objects.get(pk=999)
assert self.request.user not in self.addon.authors.all()
assert not self.permission.has_object_permission(self.request, myview, self.addon)
def test_has_object_permission_anonymous(self):
assert not self.permission.has_object_permission(self.request, myview, self.addon)
class TestAllowAddonAuthor(TestCase):
def setUp(self):
self.addon = addon_factory()
self.permission = AllowAddonAuthor()
self.owner = user_factory()
self.addon.addonuser_set.create(user=self.owner)
self.request = RequestFactory().get('/')
self.request.user = AnonymousUser()
def test_has_permission_anonymous(self):
assert not self.permission.has_permission(self.request, myview)
def test_has_permission_any_authenticated_user(self):
self.request.user = user_factory()
assert self.request.user not in self.addon.authors.all()
assert self.permission.has_permission(self.request, myview)
def test_has_object_permission_owner(self):
self.request.user = self.owner
assert self.permission.has_object_permission(
self.request, myview, self.addon)
def test_has_object_permission_different_user(self):
self.request.user = user_factory()
assert self.request.user not in self.addon.authors.all()
assert not self.permission.has_object_permission(
self.request, myview, self.addon)
def test_has_object_permission_anonymous(self):
assert not self.permission.has_object_permission(
self.request, myview, self.addon)
def setUp(self):
self.addon = addon_factory()
self.permission = AllowAddonAuthor()
self.owner = user_factory()
self.addon.addonuser_set.create(user=self.owner)
self.request = RequestFactory().get('/')
self.request.user = AnonymousUser()
def get_queryset(self):
"""Return the right base queryset depending on the situation. Note that
permissions checks still apply on top of that, against the add-on
as per check_object_permissions() above."""
requested = self.request.GET.get('filter')
# By default we restrict to valid versions. However:
#
# When accessing a single version or if requesting it explicitly when
# listing, admins can access all versions, including deleted ones.
should_access_all_versions_included_deleted = (
(requested == 'all_with_deleted' or self.action != 'list')
and self.request.user.is_authenticated()
and self.request.user.is_staff)
# When accessing a single version or if requesting it explicitly when
# listing, reviewers and add-on authors can access all non-deleted
# versions.
should_access_all_versions = (
(requested == 'all' or self.action != 'list')
and (AllowReviewer().has_permission(self.request, self)
or AllowAddonAuthor().has_object_permission(
self.request, self, self.get_addon_object())))
# Everyone can see (non deleted) beta version when they request it
# explicitly.
should_access_only_beta_versions = (requested == 'beta_only')
if should_access_all_versions_included_deleted:
self.queryset = Version.unfiltered.all()
elif should_access_all_versions:
self.queryset = Version.objects.all()
elif should_access_only_beta_versions:
self.queryset = Version.objects.filter(
files__status=amo.STATUS_BETA).distinct()
# Now that the base queryset has been altered, call super() to use it.
qs = super(AddonVersionViewSet, self).get_queryset()
# Filter with the add-on.
return qs.filter(addon=self.get_addon_object())
def setUp(self):
self.addon = Addon.objects.get(pk=3615)
self.permission = AllowAddonAuthor()
self.owner = self.addon.authors.all()[0]
self.request = RequestFactory().get('/')
self.request.user = AnonymousUser()
def setUp(self):
self.addon = Addon.objects.get(pk=3615)
self.permission = AllowAddonAuthor()
self.owner = self.addon.authors.all()[0]
self.request = RequestFactory().get("/")
self.request.user = AnonymousUser()
