def test_set_access_perms_returns_correct_diffs_1(self):
"""
Here we are concerned only with returned value of set_access_perms.
Let's test the simplest case.
1. Given New folder created by uploader
2. User tries to set one access entry for margaret
"""
node = Folder.objects.create(title="some_folder",
user=self.uploader_user)
access_diffs = set_access_perms(node, [{
'model': 'user',
'name': 'margaret',
'access_type': 'allow',
'permissions': {
'read': True,
'write': True,
'delete': True
}
}])
# only one entry AccessDiff(operation=ADD)
self.assertEqual(len(access_diffs), 1,
[str(diff) for diff in access_diffs])
self.assertEqual(access_diffs[0].operation, AccessDiff.ADD)
access = access_diffs[0].pop()
self.assertEqual("margaret", access.user.username)
self.assertEqual("allow", access.access_type)
perms = set()
perms.add("read")
perms.add("write")
perms.add("delete")
self.assertEqual(perms, access.perms_codenames())
def test_set_access_perms_returns_correct_diffs_2(self):
"""
1. New folder is created by uploader
2. New folder has margaret READ & WRITE & DELETE access (allow)
3. User tries to leave for margaret only read permission.
(it will set_access_perms only with READ flag)
"""
node = Folder.objects.create(title="some_folder",
user=self.uploader_user)
create_access(node=node,
model_type=Access.MODEL_USER,
name=self.margaret_user,
access_type=Access.ALLOW,
access_inherited=False,
permissions={
READ: True,
WRITE: True,
DELETE: True
})
access_diffs = set_access_perms(
node,
[{
'model': 'user',
'name': 'margaret',
'access_type': 'allow',
'permissions': {
'read': True, # only read flag
}
}])
# only one entry AccessDiff(operation=ADD)
self.assertEqual(len(access_diffs), 1,
[str(diff) for diff in access_diffs])
self.assertEqual(access_diffs[0].operation, AccessDiff.UPDATE)
access = access_diffs[0].pop()
self.assertEqual("margaret", access.user.username)
self.assertEqual("allow", access.access_type)
perms = set()
perms.add("read")
self.assertEqual(perms, access.perms_codenames())
def test_access_on_all_document(self):
"""
Superuser/root user creates one folder:
* for_margaret
And places there 3 documents:
* for_margaret
* doc_1
* doc_2
* doc_3
Superuser assigns read only access permission on folder
for_margaret
Expected:
Margaret can now see/view ALL 3 documents.
"""
# (f1)
for_margaret = Folder.objects.create(
title="for_margaret",
user=self.root_user
)
doc_1 = Document.objects.create_document(
title="doc_1",
file_name="doc_1.pdf",
size='36',
lang='DEU',
user=self.root_user,
page_count=4,
parent_id=for_margaret.id
)
doc_2 = Document.objects.create_document(
title="doc_2",
file_name="doc_2.pdf",
size='36',
lang='DEU',
user=self.root_user,
page_count=4,
parent_id=for_margaret.id
)
doc_3 = Document.objects.create_document(
title="doc_3",
file_name="doc_3.pdf",
size='36',
lang='DEU',
user=self.root_user,
page_count=4,
parent_id=for_margaret.id
)
for_margaret.refresh_from_db()
self.assertEqual(
for_margaret.get_children().count(),
3,
"for_margaret folder expected to have 3 child nodes"
)
access_diffs = set_access_perms(
for_margaret,
[
{
'model': 'user',
'name': self.margaret_user.username,
'access_type': 'allow',
'permissions': {
'read': True,
'write': False,
'delete': False
}
}
]
)
for_margaret.propagate_changes(
diffs_set=access_diffs,
apply_to_self=False
)
self.assertTrue(
self.margaret_user.has_perm(READ, for_margaret)
)
self.assertTrue(
self.margaret_user.has_perm(READ, doc_1)
)
self.assertTrue(
self.margaret_user.has_perm(READ, doc_2)
)
self.assertTrue(
self.margaret_user.has_perm(READ, doc_3)
)
def access(request, id):
"""
Returns json of access right for a given node
"""
try:
node = BaseTreeNode.objects.get(id=id)
except BaseTreeNode.DoesNotExist:
raise Http404("Node does not exists")
if not request.user.has_perm(Access.PERM_READ, node):
return HttpResponseForbidden()
result = []
if request.method == 'GET':
for acc in node.access_set.all():
item = {}
if acc.user:
item['name'] = acc.user.username
item['model'] = 'user'
if acc.group:
item['name'] = acc.group.name
item['model'] = 'group'
item['access_type'] = acc.access_type
item['access_inherited'] = acc.access_inherited
item['permissions'] = get_access_perms_as_hash(
node, item['model'], item['name'])
result.append(item)
if request.method == 'POST':
if request.is_ajax():
if not request.user.has_perm(Access.PERM_CHANGE_PERM, node):
return HttpResponseForbidden()
#
# json data of following format is expected:
# {
# 'add': [
# {
# 'model': 'user',
# 'name': 'margaret',
# 'access_type': 'allow',
# 'permissions': {
# 'read': true, 'write': true, 'delete': false
# }
# }
# ],
# 'delete': [
# {
# 'model': 'user',
# 'name': 'uploader',
# 'access_type': 'allow',
# 'permissions': { // does not matter,
# 'read': true
# }
# }
# ]
# }
#
access_data = json.loads(request.body)
if 'add' in access_data.keys():
access_diffs = set_access_perms(node, access_data['add'])
node.propagate_access_changes(access_diffs,
apply_to_self=False)
if 'delete' in access_data.keys():
access_diffs = delete_access_perms(node, access_data['delete'])
node.propagate_access_changes(access_diffs,
apply_to_self=False)
else: # POST but not ajax
return HttpResponseBadRequest()
return HttpResponse(json.dumps(result), content_type="application/json")