def test_blanket_rule(perms, backend):
user_a = factories.UserFactory(username="******")
user_b = factories.UserFactory(username="******")
perms["foo.username_starts_with_a"] = username_starts_with_a
assert backend.has_perm(user_a, "foo.username_starts_with_a")
assert not backend.has_perm(user_b, "foo.username_starts_with_a")
assert backend.has_module_perms(user_a, "foo")
assert not backend.has_module_perms(user_b, "foo")
def test_blanket_rule(perms, backend):
user_a = factories.UserFactory(username='******')
user_b = factories.UserFactory(username='******')
perms['foo.username_starts_with_a'] = username_starts_with_a
assert backend.has_perm(user_a, 'foo.username_starts_with_a')
assert not backend.has_perm(user_b, 'foo.username_starts_with_a')
assert backend.has_module_perms(user_a, 'foo')
assert not backend.has_module_perms(user_b, 'foo')
def test_queryset_rule(perms, backend):
user_a = factories.UserFactory(username="******")
user_b = factories.UserFactory(username="******")
perms["foo.bar"] = store_name_matches_username
store_a = factories.StoreFactory(name="aaa")
store_b = factories.StoreFactory(name="bbb")
assert backend.has_perm(user_a, "foo.bar", store_a)
assert backend.has_perm(user_b, "foo.bar", store_b)
assert not backend.has_perm(user_a, "foo.bar", store_b)
assert not backend.has_perm(user_b, "foo.bar", store_a)
assert backend.has_module_perms(user_a, "foo")
assert backend.has_module_perms(user_b, "foo")
assert not backend.has_perm(user_a, "foo.bar")
assert not backend.has_perm(user_b, "foo.bar")
def test_queryset_rule(perms, backend):
user_a = factories.UserFactory(username='******')
user_b = factories.UserFactory(username='******')
perms['foo.bar'] = store_name_matches_username
store_a = factories.StoreFactory(name='aaa')
store_b = factories.StoreFactory(name='bbb')
assert backend.has_perm(user_a, 'foo.bar', store_a)
assert backend.has_perm(user_b, 'foo.bar', store_b)
assert not backend.has_perm(user_a, 'foo.bar', store_b)
assert not backend.has_perm(user_b, 'foo.bar', store_a)
assert backend.has_module_perms(user_a, 'foo')
assert backend.has_module_perms(user_b, 'foo')
assert not backend.has_perm(user_a, 'foo.bar')
assert not backend.has_perm(user_b, 'foo.bar')
def test_list_view_is_disallowed_if_not_possible():
user = factories.UserFactory()
perms["shrubberies.view_store"] = always_deny
v = StoreViewSet.as_view({"get": "list"})
r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r)
assert response.status_code == 403
def test_list_view_is_disallowed_if_not_possible():
user = factories.UserFactory()
perms['shrubberies.view_store'] = always_deny
v = StoreViewSet.as_view({'get': 'list'})
r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r)
assert response.status_code == 403
def test_improperly_configured_when_perm_missing():
user = factories.UserFactory()
s1 = factories.StoreFactory(name="a")
factories.StoreFactory(name="b")
v = StoreViewSet.as_view({"get": "retrieve"})
r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json")
r.user = user
with pytest.raises(ImproperlyConfigured):
v(r, pk=s1.id)
def test_improperly_configured_when_perm_missing():
user = factories.UserFactory()
s1 = factories.StoreFactory(name='a')
factories.StoreFactory(name='b')
v = StoreViewSet.as_view({'get': 'retrieve'})
r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json')
r.user = user
with pytest.raises(ImproperlyConfigured):
v(r, pk=s1.id)
def test_detail_view_404_when_not_permitted():
user = factories.UserFactory()
factories.StoreFactory(name="a")
s2 = factories.StoreFactory(name="b")
perms["shrubberies.view_store"] = Attribute("name", "a")
v = StoreViewSet.as_view({"get": "retrieve"})
r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r, pk=s2.id)
assert response.status_code == 404
def test_detail_view_404_when_not_permitted():
user = factories.UserFactory()
factories.StoreFactory(name='a')
s2 = factories.StoreFactory(name='b')
perms['shrubberies.view_store'] = Attribute('name', 'a')
v = StoreViewSet.as_view({'get': 'retrieve'})
r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r, pk=s2.id)
assert response.status_code == 404
def test_update_view_ok_when_permitted():
user = factories.UserFactory()
s1 = factories.StoreFactory(name="a")
factories.StoreFactory(name="b")
perms["shrubberies.view_store"] = Attribute("name", "a")
perms["shrubberies.change_store"] = Attribute("name", "a")
v = StoreViewSet.as_view({"patch": "partial_update"})
r = RequestFactory().patch("/", {"name": "a"},
HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r, pk=s1.id)
assert response.status_code == 200
def test_update_view_ok_when_permitted():
user = factories.UserFactory()
s1 = factories.StoreFactory(name='a')
factories.StoreFactory(name='b')
perms['shrubberies.view_store'] = Attribute('name', 'a')
perms['shrubberies.change_store'] = Attribute('name', 'a')
v = StoreViewSet.as_view({'patch': 'partial_update'})
r = RequestFactory().patch(
'/', {'name': 'a'}, HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r, pk=s1.id)
assert response.status_code == 200
def test_list_view_is_filtered():
user = factories.UserFactory()
s1 = factories.StoreFactory(name="a")
factories.StoreFactory(name="b")
perms["shrubberies.view_store"] = Attribute("name", "a")
v = StoreViewSet.as_view({"get": "list"})
r = RequestFactory().get("/", HTTP_CONTENT_TYPE="text/json")
r.user = user
response = v(r)
response.render()
assert response.status_code == 200
data = json.loads(response.content.decode("utf8"))
assert len(data) == 1
assert data[0]["id"] == s1.id
def test_list_view_is_filtered():
user = factories.UserFactory()
s1 = factories.StoreFactory(name='a')
factories.StoreFactory(name='b')
perms['shrubberies.view_store'] = Attribute('name', 'a')
v = StoreViewSet.as_view({'get': 'list'})
r = RequestFactory().get('/', HTTP_CONTENT_TYPE='text/json')
r.user = user
response = v(r)
response.render()
print(response.content)
assert response.status_code == 200
data = json.loads(response.content.decode('utf8'))
assert len(data) == 1
assert data[0]['id'] == s1.id
def test_module_perms_with_no_matching_objects(perms, backend):
user_b = factories.UserFactory(username="******")
perms["foo.bar"] = store_name_matches_username
factories.StoreFactory(name="aaa")
assert backend.has_module_perms(user_b, "foo")
def test_module_perms_with_no_matching_objects(perms, backend):
user_b = factories.UserFactory(username='******')
perms['foo.bar'] = store_name_matches_username
factories.StoreFactory(name='aaa')
assert backend.has_module_perms(user_b, 'foo')
