def has_permission(self, request, view):
from ..users.roles import AppPermissions
# Allow list to all
if request.method in ['GET']:
return True
# Superuser can manage all the objects
if request.user.is_authenticated and request.user.is_superuser:
return True
if request.method in permissions.SAFE_METHODS:
return has_permission(request.user,
AppPermissions.view_book_review)
# 'POST' method creation
if request.method == 'POST':
return has_permission(request.user,
AppPermissions.create_book_review)
# 'PUT/PATCH' method update
if request.method in ['PUT', 'PATCH']:
return has_permission(request.user,
AppPermissions.edit_book_review)
# Deleting Books
if request.method == 'DELETE' and has_permission(
request.user, AppPermissions.delete_book_rating):
return True
parent_permission = super(CanManageBookReview,
self).has_permission(request, view)
if not parent_permission:
return False
return False
def has_object_permission(self, request, view, obj):
from ..users.roles import AppPermissions
"""
Manages only permissions for editing and deleting the objects
"""
# Allow get to all
if request.method in ['GET']:
return True
# Superuser can manage all the objects
if request.user.is_authenticated and request.user.is_superuser:
return True
# 'PUT' method, editing the rental items
if request.method in ['PUT', 'PATCH'] and has_permission(
request.user, AppPermissions.edit_book_review):
return True
# 'PUT' method, editing the rental items
# Let user have access to a single object
if request.method in permissions.SAFE_METHODS:
return True
# Deleting rental items
if request.method == 'DELETE' and has_permission(
request.user, AppPermissions.delete_book_review):
return True
parent_permission = super(CanManageBookReview,
self).has_permission(request, view)
if not parent_permission:
return False
return True
def get_permissions(self, user):
return {
'can_submit_book':
has_permission(user, AppPermissions.submit_books),
'can_submit_audio':
has_permission(user, AppPermissions.submit_audio),
'can_create_chatroom':
has_permission(user, AppPermissions.create_chat_room),
}
def UserEditView(request, userid=None):
form = None
user = None
passForm = None
rolesForm = None
if userid == None:
user = request.user
elif has_permission(request.user,
p.EDIT_USERS) or request.user.id == userid:
try:
user = User.objects.get(id=userid)
except ObjectDoesNotExist as e:
raise Http404("User Does Not Exist")
else:
raise PermissionDenied(
"You do not have permission to edit/view this user")
if has_permission(request.user, p.EDIT_USERS):
roles = []
for x in get_user_roles(user):
roles.append(x.display_name)
rolesForm = RolesForm({'roles': roles})
form = UserForm(user=request.user, instance=user)
passForm = PasswordChangeForm(user)
if request.method == "POST":
if 'user-submit' in request.POST:
form = UserForm(user=request.user,
data=request.POST or None,
files=request.FILES or None,
instance=user)
if form.is_valid():
form.save()
if 'password-change' in request.POST:
passForm = PasswordChangeForm(user, request.POST or None)
if passForm.is_valid():
passForm.save()
update_session_auth_hash(request, user)
if 'change-role' in request.POST:
rolesForm = RolesForm(request.POST or None)
if rolesForm.is_valid():
User().change_user_role(user, rolesForm.cleaned_data['roles'])
return render(
request, "dashboard/edit-user.html", {
'form': form,
'user_context': user,
'passform': passForm,
'rolesForm': rolesForm
})
def profile(request, account_slug):
account = get_object_or_404(Account.objects.active(), slug=account_slug)
can_modify_profile = (request.user == account or has_permission(request.user, "modify_profile"))
user_group_form = StaffUserGroupForm(request.POST or None, request.FILES or None)
if request.user.is_authenticated:
if user_group_form.is_valid() and has_permission(request.user, "change_user_group"):
group = user_group_form.cleaned_data['group']
clear_roles(account)
assign_role(account, group)
if group in ['administrator','moderator','janitor']:
account.is_staff = True
account.save()
has_comment_priv = request.user.has_priv("can_comment")
can_change_group = has_permission(request.user, "change_user_group")
else:
has_comment_priv = False
can_change_group = False
if request.method == "POST":
newCommentTextarea = request.POST.get("newCommentTextarea")
aboutUserTextarea = request.POST.get("aboutUserTextarea")
if not request.user.is_authenticated:
return redirect('account:login')
elif newCommentTextarea and has_comment_priv: # Comment creating
comment_content = newCommentTextarea
Comment.objects.create(content=comment_content, author=request.user, content_object=account)
return redirect('booru:profile', account_slug=account.slug)
elif aboutUserTextarea and can_modify_profile: # About myself editing
account.about = aboutUserTextarea
account.save()
return redirect('booru:profile', account_slug=account.slug)
# TODO: I don't remember if I can safely pass account as
# an parameter to the render.
favorites = Post.objects.filter(favorites__account=account)[:5]
context = {
'account' : account,
'recent_favorites' : favorites,
'recent_uploads' : account.get_posts().not_deleted().order_by('-id'),
'deleted_posts' : account.get_posts().deleted(),
'can_modify_profile': request.user.is_authenticated and can_modify_profile,
'can_comment': has_comment_priv,
'user_group_form': user_group_form,
'can_change_group': can_change_group
}
return render(request, 'booru/account/profile.html', context)
def get(self,request):
self.permission_classes = [IsAuthenticated]
self.check_permissions(request)
if has_permission(request.user, 'is_worker'):
serializer = WorkerSerializer(request.user.worker)
return Response(serializer.data,status=status.HTTP_200_OK)
elif has_permission(request.user, 'is_client'):
serializer = ClientSerializer(request.user.client)
return Response(serializer.data,status=status.HTTP_200_OK)
serializer = UserProfileSerializer(request.user)
return Response({'user':serializer.data},status=status.HTTP_200_OK)
def access_content(role, user, content: Content) -> bool:
if role == Member:
return True
module_slug = content.module_slug()
if module_slug in _LEAD_MODULES and has_permission(user,
watch_lead_modules):
return True
if module_slug in _CLIENT_MODULES and has_permission(
user, watch_client_modules):
return True
return False
def home_page(request):
meeting_rooms = []
confirm_requests = []
if has_permission(request.user, 'create_reservation'):
meeting_time_query = ReservedMeetingTime.objects.filter(confirmed=2,
start_meeting_time__gte=timezone.localtime(timezone.now())
).order_by('start_meeting_time')
meeting_rooms = MeetingRoom.objects.prefetch_related(Prefetch('meetings_time',
queryset=meeting_time_query,
))
if has_permission(request.user, 'confirm_reservation'):
confirm_requests = ReservedMeetingTime.objects.filter(confirmed=1)
return render(request, 'home_page.html', {'rooms': meeting_rooms, 'confirm_requests': confirm_requests})
def alterarEspecialista(request, id):
if has_permission(request.user, 'permissao_unidade'):
especialista = get_object_or_404(Especialista, pk=id)
form = FormEspecialista(request.POST or None,
request.FILES or None,
instance=especialista)
if form.is_valid():
especialista.num_conselho = request.POST.get('num_conselho')
especialista.conselho = request.POST.get('conselho')
especialista.estado_conselho = request.POST.get('estado_conselho')
especializacoes = request.POST.getlist('especializacao[]')
especialista.especializacao.set(especializacoes)
form.save()
especialista.save()
return redirect('listaEspecialista')
context = {
'form': form,
'especialista': especialista,
'especializacoes': Especializacao.objects.all(),
}
return render(request, 'cadastro_especialista.html',
{'context': context})
else:
context = {'msg_error': 'Impossivel Acessar Essa Área'}
return render(request, 'home_usuario.html', {'context': context})
def detalhesAgendamentoUsuario(request, id):
if has_permission(request.user, 'permissao_usuario'):
agendamento = get_object_or_404(Agendamento, pk=id)
consulta = Consulta.objects.filter(agendamento=agendamento)
autorizacao = Autorizacao.objects.filter(agendamento=agendamento)
exame = Exame.objects.filter(agendamento=agendamento)
if consulta:
context = {
'agendamento': agendamento,
'consulta': consulta[0],
}
elif autorizacao:
context = {
'agendamento': agendamento,
'autorizacao': autorizacao[0],
}
elif exame:
context = {
'agendamento': agendamento,
'exame': exame[0],
}
return render(request, 'detalhes_agendamento_usuario.html',
{'context': context})
else:
context = {'msg_error': 'Impossivel Acesssar Essa Área'}
return render(request, 'home.html', {'context': context})
def cadastroAgendamentoAutorizacao(request, id):
if has_permission(request.user, 'permissao_unidade'):
autorizacao = get_object_or_404(Autorizacao, pk=id)
if request.method == 'POST':
agendamento = Agendamento(nome=request.POST.get('nome'),
vagas=request.POST.get('vagas'))
agendamento.save()
autorizacao.agendamento = agendamento
autorizacao.verifica = True
autorizacao.save()
return redirect('detalhesAgendamento', id=agendamento.id)
else:
form = FormAgendamento()
context = {
'autorizacao': autorizacao,
'form': form,
}
else:
context = {'msg_error': 'Sem Permissão Para Essa Área'}
return redirect('homeUsuario', {'context': context})
return render(request, 'cadastro_agendamento_autorizacao.html',
{'context': context})
def can_edit_financial_aid(role, user, program):
"""
Determines whether a user can access and edit financial aid requests for a specific program.
"""
return (has_permission(user, Permissions.CAN_EDIT_FINANCIAL_AID)
and Role.objects.filter(
user=user, role=role.ROLE_ID, program=program).exists())
def deleteAgendamento(request, id):
if has_permission(request.user, 'permissao_unidade'):
agendamento = get_object_or_404(Agendamento, pk=id)
consulta = Consulta.objects.filter(agendamento=agendamento)
autorizacao = Autorizacao.objects.filter(agendamento=agendamento)
exame = Exame.objects.filter(agendamento=agendamento)
if request.method == 'POST':
if consulta:
if consulta[0].user == request.user:
agendamento.delete()
return redirect('detalhesConsulta', id=consulta[0].id)
else:
context = {'msg_error': 'Indisponivel Acessar Essa Área'}
return redirect('homeUnidadeSaude', {'context': context})
elif autorizacao:
if autorizacao[0].user == request.user:
agendamento.delete()
return redirect('detalhesAutorizacao',
id=autorizacao[0].id)
elif exame:
if exame[0].user == request.user:
agendamento.delete()
return redirect('detalhesExame', id=exame[0].id)
return render(request, 'delete_agendamento.html',
{'agendamento': agendamento})
else:
context = {'msg_error': 'Sem Permissão Para Essa Área'}
return render(request, 'home_usuario.html', {'context': context})
def encerrarAutorizacao(request, id):
if has_permission(request.user, 'permissao_unidade'):
autorizacao = get_object_or_404(Autorizacao, pk=id)
fila_normal = None
fila_preferencial = None
if request.method == 'POST':
autorizacao.status = 'ENCERRADA'
autorizacao.save()
for fila in autorizacao.filas.all():
if fila.fila_preferencial:
fila_preferencial = fila
fila_preferencial.status = "ENCERRADA"
fila_preferencial.save()
else:
fila_normal = fila
fila_normal.status = "ENCERRADA"
fila_normal.save()
context = {
'autorizacao': autorizacao,
'fila_preferencial': fila_preferencial,
'fila_normal': fila_normal
}
return render(request, 'detalhes_autorizacao.html', {'context': context})
return render(request, 'encerrar_autorizacao.html', {'autorizacao': autorizacao})
else:
context = {
'msg_error': 'Impossivel Acessar Essa Área'
}
return render(request, 'home_usuario.html', {'context': context})
def can_advance_search(role, user, program):
"""
Determines whether a user can perform an advanced search on a specific program.
"""
return (has_permission(user, Permissions.CAN_ADVANCE_SEARCH)
and Role.objects.filter(
user=user, role=role.ROLE_ID, program=program).exists())
def filasIniciadas(request):
if has_permission(request.user, 'permissao_unidade'):
hoje = date.today()
consultas_iniciadas = Consulta.objects.filter(status="INICIADA", data=hoje)
autorizacoes_iniciadas = Autorizacao.objects.filter(status="INICIADA", data=hoje)
exames_iniciadas = Exame.objects.filter(status="INICIADA", data=hoje)
if consultas_iniciadas or autorizacoes_iniciadas:
context = {
"consultas_iniciadas": consultas_iniciadas,
"autorizacoes_iniciadas": autorizacoes_iniciadas,
"exames_iniciadas": exames_iniciadas,
}
elif exames_iniciadas:
context = {
"consultas_iniciadas": consultas_iniciadas,
"autorizacoes_iniciadas": autorizacoes_iniciadas,
"exames_iniciadas": exames_iniciadas,
}
else:
context = {
'msg_error': 'Não possue filas iniciadas para hoje!'
}
return render(request, 'filas_iniciadas.html', {'context': context})
else:
context = {
'msg_error': 'Impossivel Acessar Essa Área'
}
return render(request, 'home_usuario.html', {'context': context})
def premium(request, id):
if has_permission(request.user, 'make_premium'):
ev = Event.objects.get(id=id)
ev.premium = not ev.premium
ev.save()
return redirect(reverse('core:my_events'))
def alterarPerfil(request, id):
if has_permission(request.user, 'permissao_usuario'):
usuario = get_object_or_404(Usuario, pk=id)
form = FormUsuario(request.POST or None,
request.FILES or None,
instance=usuario)
context = {'form': form, 'usuario': usuario}
if request.method == 'POST':
if form.is_valid():
usuario.user.first_name = request.POST.get('firstname')
usuario.user.last_name = request.POST.get('lastname')
usuario.logradouro = request.POST.get('logradouro')
usuario.bairro = request.POST.get('bairro')
usuario.numero = request.POST.get('numero')
usuario.cidade = request.POST.get('cidade')
usuario.estado = request.POST.get('estado')
usuario.rg = request.POST.get('rg')
usuario.cpf = request.POST.get('cpf')
usuario.sexo = request.POST.get('sexo')
usuario.sus = request.POST.get('sus')
form.save()
usuario.user.save()
usuario.save()
return render(request, 'perfil_usuario.html', {'usuario': usuario})
return render(request, 'alterar_perfil.html', {'context': context})
else:
context = {'msg_error': 'Impossivel Acessar Essa Área'}
return render(request, 'home.html', {'context': context})
def register(request):
if not request.user.is_authenticated():
return HttpResponseRedirect('/style545app/login/')
# print has_permission(request.user, 'create_user')
# print get_user_roles(request.user)
# users=User.objects.all()
# for user in users:
# print (user.username)
# print (get_user_roles (user))
# if user.username != 'Admin1':
# assign_role(user,'admin')
if not has_permission(request.user, 'create_user'):
return HttpResponse("You dont have access")
registered = False
if request.method == 'POST':
# Attempt to grab information from the raw form information.
# Note that we make use of both UserForm and UserProfileForm.
user_form = SignUpForm(data=request.POST)
if user_form.is_valid():
user_form.save()
assign_role(request.user, 'admin')
# Now we hash the password with the set_password method.
# Once hashed, we can update the user object.
#user.set_password(user.password)
#user.save()
registered = True
else:
print user_form.errors
else:
user_form = SignUpForm()
return render(request, 'style545app/register.html', {
'user_form': user_form,
'registered': registered
})
def alterarSenhaUserUnidade(request):
if has_permission(request.user, 'permissao_unidade'):
if request.method == 'POST':
user = User.objects.get(username=request.user.username)
atual_password = request.POST.get('atualPassword')
password = request.POST.get('password')
confirm_passowrd = request.POST.get('confirmPassword')
if password != confirm_passowrd:
context = {
'msg':
'A nova senha está diferente do campo de confirmação.'
}
return render(request, 'alterar_senha_user_unidade.html',
{'msg': msg})
elif not user.check_password(atual_password):
context = {'msg': 'Senha atual não confere com a cadastrada.'}
return render(request, 'alterar_senha_user_unidade.html',
{'context': context})
else:
user.set_password(password)
user.save()
context = {'msg': 'Senha redefinida com sucesso.'}
return render(request, 'configuracoes_unidade.html',
{'context': context})
return render(request, 'alterar_senha_user_unidade.html')
else:
context = {'msg_error': 'Sem Permissão Para Essa Área'}
return redirect('homeUsuario', {'context': context})
def BrowseUsersView(request):
if has_permission(request.user, p.READ_USERS):
enabled_columns = None
if request.GET.get('enabled_columns', False):
enabled_columns = request.GET.getlist('enabled_columns')
sort_by = request.GET.get('sort_by', None)
sort_order = request.GET.get('sort_order', None)
search = request.GET.get('search', None)
page = int(request.GET.get('page', 1))
page_size = int(request.GET.get('pagesize', 20))
try:
tableData = getTableDataForUsers(
request_obj=request.GET.urlencode(),
page=page,
enabled_columns=enabled_columns,
search=search,
sort_by=sort_by,
sort_order=sort_order,
page_size=page_size,
admin_view=True)
except td.PageIndexOutOfRangeError:
raise Http404("Page not found")
return render(request, "dashboard/list.html", {
"tableData": tableData,
'title': "Browse Users"
})
else:
raise PermissionDenied("You are not allowed to List Users.")
def alterarUsernameUsuario(request):
if has_permission(request.user, 'permissao_usuario'):
if request.method == 'POST':
try:
user = User.objects.get(username=request.POST.get('username'))
except:
user = None
if user == request.user:
user.username = request.POST.get('newUsername')
user.save()
context = {'msg': 'Username alterado com sucesso.'}
return render(request, 'configuracoes_usuario.html',
{'context': context})
else:
context = {
'msg':
'Você está tentando alterar o username de outro Usuário ou um que Não Existe.'
}
return render(request, 'alterar_username_usuario.html',
{'context': context})
return render(request, 'alterar_username_usuario.html')
else:
context = {'msg_error': 'Sem Permissão Para Essa Área'}
return redirect('home', {'context': context})
def detalhesUsuario(request, id, id_sec):
if has_permission(request.user, 'permissao_unidade'):
usuario = get_object_or_404(Usuario, pk=id)
agendamento = None
fila = None
try:
agendamento = Agendamento.objects.get(id=id_sec)
except:
fila = Fila.objects.get(id=id_sec)
if agendamento:
context = {
'usuario': usuario,
'agendamento': agendamento,
}
return render(request, 'detalhes_usuario.html',
{'context': context})
elif fila:
context = {
'usuario': usuario,
'fila': fila,
}
return render(request, 'detalhes_usuario.html',
{'context': context})
else:
context = {'msg_error': 'Impossivel Acessar Essa Área'}
return render(request, 'home_usuario.html', {'context': context})
def encerrarConsulta(request, id):
if has_permission(request.user, 'permissao_unidade'):
consulta = get_object_or_404(Consulta, pk=id)
fila_normal = None
fila_preferencial = None
if request.method == 'POST':
for fila in consulta.filas.all():
if fila.fila_preferencial:
fila_preferencial = fila
fila_preferencial.status = "ENCERRADA"
fila_preferencial.save()
else:
fila_normal = fila
fila_normal.status = "ENCERRADA"
fila_normal.save()
consulta.status = "ENCERRADA"
consulta.save()
context = {
'consulta': consulta,
'fila_preferencial': fila_preferencial,
'fila_normal': fila_normal
}
return render(request, 'detalhes_consulta.html',
{'context': context})
return render(request, 'encerrar_consulta.html',
{'consulta': consulta})
else:
context = {'msg_error': 'Impossivel Acessar Essa Área'}
return render(request, 'home_usuario.html', {'context': context})
def meusAgendamentos(request):
if has_permission(request.user, 'permissao_usuario'):
usuario = Usuario.objects.filter(user=request.user)
agendamentos = Agendamento.objects.filter(usuarios=usuario[0])
nome = request.GET.get('nome')
if nome:
agendamentos = agendamentos.filter(nome__icontains=nome)
if agendamentos:
context = {'agendamentos': agendamentos}
else:
agendamentos = Agendamento.objects.filter(usuarios=usuario[0])
context = {
'agendamentos': agendamentos,
'msg_busca': 'Nada encontrado para esses parâmetros!'
}
elif agendamentos:
context = {'agendamentos': agendamentos}
else:
context = {
'msg_alert': 'Você não participa de nenhum agendamento!'
}
return render(request, 'meus_agendamentos.html', {'context': context})
else:
context = {'msg_error': 'Impossivel Acessar Essa Área'}
return render(request, 'home.html', {'context': context})
def deleteConsulta(request, id):
if has_permission(request.user, 'permissao_unidade'):
consulta = get_object_or_404(Consulta, pk=id)
fila_normal = None
fila_preferencial = None
agendamento = consulta.agendamento
for fila in consulta.filas.all():
if fila.fila_preferencial:
fila_preferencial = fila
else:
fila_normal = fila
if consulta.user == request.user:
if request.method == 'POST':
if fila_normal != None:
fila_normal.delete()
fila_preferencial.delete()
if agendamento != None:
agendamento.delete()
consulta.delete()
return redirect('listaConsulta')
else:
context = {'msg_error': 'Indisponivel Acessar Essa Área'}
return redirect('homeUnidadeSaude', {'context': context})
return render(request, 'delete_consulta.html', {'nome': consulta.nome})
else:
context = {'msg_error': 'Impossivel Acessar Essa Área'}
return render(request, 'home_usuario.html', {'context': context})
def access_content(role, user, content: Content) -> bool:
if role == Member:
return True
module_slug = content.module_slug()
if module_slug in _BOOTCAMPER_MODULES and has_permission(user, watch_bootcamp_modules):
return True
if module_slug in _WEBDEV_MODULES and has_permission(user, watch_webdev_modules):
return True
if module_slug in _PYTHONISTA_MODULES and has_permission(user, watch_pythonista_modules):
return True
if module_slug in _CLIENT_MODULES and has_permission(user, watch_client_modules):
return True
if module_slug in _LEAD_MODULES and has_permission(user, watch_lead_modules):
return True
return False
def listaNotificacoes(request):
if has_permission(request.user, 'permissao_usuario'):
usuario = Usuario.objects.filter(user=request.user)
notificacoes = usuario[0].notificacoes.all().order_by('status')
if notificacoes:
context = {
'notificacoes': notificacoes
}
return render(request, 'lista_notificacoes.html', {'context': context})
else:
context = {
'msg': 'Nenhuma notificação até o momento'
}
return render(request, 'lista_notificacoes.html', {'context': context})
else:
context = {
'msg_error': 'Impossivel Acessar Essa Área'
}
return render(request, 'home.html', {'context': context})
def RemoveUser(request, userid):
if has_permission(request.user, p.DELETE_USERS):
if request.method == "GET":
return render(request, 'confirm-action.html', {
'action': 'Delete User',
'value': userid,
'key': 'id'
})
if 'yes' in request.POST:
try:
user = User.objects.get(id=userid)
if request.user == user:
raise PermissionDenied(
"Deletion of self accounts is banned!")
user.delete()
return redirect(
request.GET.get('next') if request.GET.
get('next', False) else reverse('dashboard:list-users'))
except User.DoesNotExist:
raise Http404("User Doesn't Exist")
else:
return redirect(reverse('dashboard:list-users'))
else:
raise PermissionDenied("You Do not have permissions to remove users.")
def test_request_configuration_by_logged_staff_with_perm_client(self):
user = self.create_test_user(is_staff=True)
self.assertTrue(has_permission(user, 'change_configurations'))
c = Client()
logged_in = c.login(username='******', password='******')
response = c.get('/staff_page/configuration')
self.assertEqual(200, response.status_code)
def assert_standard_role_permissions(self, expected_bool, program=None):
"""
Helper function to assert role and permissions assignment
"""
assert isinstance(expected_bool, bool)
assert has_role(self.user, 'staff') is expected_bool
assert has_permission(self.user, 'can_advance_search') is expected_bool
assert has_object_permission('can_advance_search', self.user, program or self.program) is expected_bool
def test_remove_role_reinstates_permissions_correctly_scenario_2(self):
"""
Initial Roles:
Doctor
Surgeon
Actions:
Remove role: Doctor
Expected resulting permission:
enter_surgery_room = True
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
remove_role(self.user, self.Doctor)
self.assertTrue(has_permission(self.user, self.enter_surgery_room))
self.assertTrue(has_permission(self.user, self.operate))
def wrapper(request, *args, **kwargs):
user = request.user
if user_is_authenticated(user):
if has_permission(user, permission_name):
return dispatch(request, *args, **kwargs)
redirect = redirect_to_login
if redirect is None:
redirect = getattr(
settings, 'ROLEPERMISSIONS_REDIRECT_TO_LOGIN', False)
if redirect:
return dj_redirect_to_login(request.get_full_path())
raise PermissionDenied
def test_remove_role_reinstates_permissions_correctly_scenario_5(self):
"""
Initial Roles:
Doctor
Surgeon
Actions:
Grant permission: operate
Remove role: Surgeon
Expected resulting permission:
enter_surgery_room = False
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
grant_permission(self.user, self.operate)
remove_role(self.user, self.Surgeon)
self.assertFalse(has_permission(self.user, self.enter_surgery_room))
self.assertFalse(has_permission(self.user, self.operate))
def test_remove_role_reinstates_permissions_correctly_scenario_10(self):
"""
Initial Roles:
Doctor
Surgeon
Anesthesiologist
Actions:
Revoke permission: enter_surgery_room
Remove role: Doctor
Expected resulting permission:
enter_surgery_room = False
operate = True
"""
assign_role(self.user, self.Doctor)
assign_role(self.user, self.Surgeon)
assign_role(self.user, self.Anesthesiologist)
revoke_permission(self.user, self.enter_surgery_room)
remove_role(self.user, self.Doctor)
self.assertFalse(has_permission(self.user, self.enter_surgery_room))
self.assertTrue(has_permission(self.user, self.operate))
def test_user_with_no_role(self):
user = mommy.make(get_user_model())
self.assertFalse(has_permission(user, 'permission1'))
def test_not_existent_permission(self):
user = self.user
self.assertFalse(has_permission(user, 'not_a_permission'))
def test_dos_not_have_VerRole1_permission(self):
user = self.user
VerRole1.assign_role_to_user(user)
self.assertFalse(has_permission(user, 'permission3'))
def test_has_VerRole1_permission(self):
user = self.user
self.assertTrue(has_permission(user, 'permission1'))
def test_queries_with_prefetch(self):
fetched_user = get_user_model().objects.prefetch_related('groups', 'user_permissions').get(pk=self.user.pk)
N = 3
with self.assertNumQueries(0): # all data required is cached with fetched_user
for i in range(N):
has_permission(fetched_user, 'permission1')
def test_queries_no_prefetch(self):
fetched_user = get_user_model().objects.get(pk=self.user.pk)
N = 3
with self.assertNumQueries(2 * N): # Two query (fetch roles, fetch permissions) per call
for i in range(N):
has_permission(fetched_user, 'permission1')
def test_none_user_param(self):
self.assertFalse(has_permission(None, 'ver_role1'))
def test_revoke_revoked_permission(self):
user = self.user
revoke_permission(user, 'permission4')
self.assertFalse(has_permission(user, 'permission4'))
def test_grat_granted_permission(self):
user = self.user
grant_permission(user, 'permission3')
self.assertTrue(has_permission(user, 'permission3'))
def can_template_tag(user, role):
return has_permission(user, role)
def has_permission(self, request, view):
"""
Returns True if the user has the 'can_advance_search' permission.
"""
return has_permission(request.user, Permissions.CAN_ADVANCE_SEARCH)
def has_permission(self, request, view):
"""
Returns True if the user has the 'can_message_learners' permission.
"""
return has_permission(request.user, Permissions.CAN_MESSAGE_LEARNERS)
