def setup_env(self, *args, **options): """ Create some seed data """ instance = Instance.objects.get(pk=options['instance']) try: user = User.system_user() except User.DoesNotExist: self.stdout.write('Error: Could not find a superuser to use') return 1 instance_user = user.get_instance_user(instance) if instance_user is None: r = Role(name='global', rep_thresh=0, instance=instance) r.save() instance_user = InstanceUser(instance=instance, user=user, role=r) instance_user.save_with_user(user) self.stdout.write('Added system user to instance with global role') for field in Plot._meta.get_all_field_names(): _, c = FieldPermission.objects.get_or_create( model_name='Plot', field_name=field, role=instance_user.role, instance=instance, permission_level=FieldPermission.WRITE_DIRECTLY) if c: self.stdout.write('Created plot permission for field "%s"' % field) for field in Tree._meta.get_all_field_names(): _, c = FieldPermission.objects.get_or_create( model_name='Tree', field_name=field, role=instance_user.role, instance=instance, permission_level=FieldPermission.WRITE_DIRECTLY) if c: self.stdout.write('Created tree permission for field "%s"' % field) dt = 0 dp = 0 if options.get('delete', False): for t in Tree.objects.all(): t.delete_with_user(user) dt += 1 for p in Plot.objects.all(): p.delete_with_user(user) dp += 1 self.stdout.write("Deleted %s trees and %s plots" % (dt, dp)) return instance, user
def setup_env(self, *args, **options): """ Create some seed data """ instance = Instance.objects.get(pk=options['instance']) user = User.objects.filter(is_superuser=True) if len(user) == 0: print('Error: Could not find a superuser to use') return 1 else: user = user[0] if user.roles.count() == 0: print('Added global role to user') r = Role(name='global', rep_thresh=0, instance=instance) r.save() user.roles.add(r) user.save_base() for field in ('geom', 'import_event'): _, c = FieldPermission.objects.get_or_create( model_name='Plot', field_name=field, role=user.roles.all()[0], instance=instance, permission_level=FieldPermission.WRITE_DIRECTLY) if c: print('Created plot permission for field "%s"' % field) for field in ('plot',): _, c = FieldPermission.objects.get_or_create( model_name='Tree', field_name=field, role=user.roles.all()[0], instance=instance, permission_level=FieldPermission.WRITE_DIRECTLY) if c: print('Created tree permission for field "%s"' % field) dt = 0 dp = 0 if options.get('delete', False): for t in Tree.objects.all(): t.delete_with_user(user) dt += 1 for p in Plot.objects.all(): p.delete_with_user(user) dp += 1 print("Deleted %s trees and %s plots" % (dt, dp)) return instance, user
def make_role(instance): role = _make_loaded_role(instance, rolename, FieldPermission.NONE, field_permissions) if models_to_permit: role.instance_permissions.add( *Role.model_permissions(models_to_permit)) return role
def photo_is_addable(role_related_obj, associated_model): ''' photo_is_addable(role_related_obj, associated_model) returns True if a user possessing role_related_obj can add a photo to the associated_model, False otherwise. role_related_obj may be a role or an instance user. associated_model may be a model class or instance of a model. ''' AssociatedClass = _get_associated_model_class(associated_model) PhotoClass = TreePhoto if AssociatedClass == Tree else MapFeaturePhoto codename = Role.permission_codename(AssociatedClass, 'add', photo=True) role = _get_role_from_related_object(role_related_obj) return role and role.has_permission(codename, PhotoClass) or False
def make_officer_role(instance): """ The officer role has permission to modify only a few fields, and only a few models under test, but the officer is permitted to modify them directly without moderation. """ permissions = ( ('Plot', 'length', FieldPermission.WRITE_DIRECTLY), ('RainBarrel', 'capacity', FieldPermission.WRITE_DIRECTLY), ('Tree', 'diameter', FieldPermission.WRITE_DIRECTLY), ('Tree', 'height', FieldPermission.WRITE_DIRECTLY)) officer = _make_loaded_role(instance, 'officer', FieldPermission.NONE, permissions) models = [Model for Model in leaf_models_of_class(Authorizable) if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}] officer.instance_permissions.add(*Role.model_permissions(models)) officer.save() return officer
def make_conjurer_role(instance): """ The conjurer role has permission to create and delete all models under test and their related photo types, but limited permission to read or write fields in them. """ permissions = ( ('Plot', 'length', FieldPermission.WRITE_DIRECTLY), ('Tree', 'height', FieldPermission.WRITE_DIRECTLY)) conjurer = _make_loaded_role(instance, 'conjurer', FieldPermission.NONE, permissions) models = [Model for Model in leaf_models_of_class(Authorizable) if Model.__name__ in {'Plot', 'RainBarrel', 'Tree'}] ThroughModel = Role.instance_permissions.through model_permissions = Role.model_permissions(models) role_perms = [ThroughModel(role_id=conjurer.id, permission_id=perm.id) for perm in model_permissions] ThroughModel.objects.bulk_create(role_perms) return conjurer
def test_none_perm(self): self.assertEqual( False, perms._allows_perm(Role(), 'NonExistentModel', any, 'allows_reads'))
def handle(self, *args, **options): """ Create some seed data """ instance = Instance.objects.get(pk=options['instance']) user = User.objects.filter(is_superuser=True) if len(user) == 0: print('Error: Could not find a superuser to use') return 1 else: user = user[0] if user.roles.count() == 0: print('Added global role to user') r = Role(name='global', rep_thresh=0, instance=instance) r.save() user.roles.add(r) user.save() for field in ('geom', 'created_by', 'import_event'): _, c = FieldPermission.objects.get_or_create( model_name='Plot', field_name=field, role=user.roles.all()[0], instance=instance, permission_level=FieldPermission.WRITE_DIRECTLY) if c: print('Created plot permission for field "%s"' % field) for field in ('plot', 'created_by'): _, c = FieldPermission.objects.get_or_create( model_name='Tree', field_name=field, role=user.roles.all()[0], instance=instance, permission_level=FieldPermission.WRITE_DIRECTLY) if c: print('Created tree permission for field "%s"' % field) dt = 0 dp = 0 if options.get('delete', False): for t in Tree.objects.all(): t.delete_with_user(user) dt += 1 for p in Plot.objects.all(): p.delete_with_user(user) dp += 1 print("Deleted %s trees and %s plots" % (dt, dp)) n = options['n'] print("Will create %s plots" % n) tree_prob = float(max(100, min(0, options['ptree']))) / 100.0 max_radius = options['radius'] center_x = instance.center.x center_y = instance.center.y import_event = ImportEvent(imported_by=user) import_event.save() ct = 0 cp = 0 for i in xrange(0, n): mktree = random.random() < tree_prob radius = random.gauss(0.0, max_radius) theta = random.random() * 2.0 * math.pi x = math.cos(theta) * radius + center_x y = math.sin(theta) * radius + center_y plot = Plot(instance=instance, geom=Point(x, y), created_by=user, import_event=import_event) plot.save_with_user(user) cp += 1 if mktree: tree = Tree(plot=plot, created_by=user, import_event=import_event, instance=instance) tree.save_with_user(user) ct += 1 print("Created %s trees and %s plots" % (ct, cp))