def test_workgroup_member_search_of_discussions(self): self.logout() # Only workgroup members should be able to see discussion posts self.discussionPost = models.DiscussionPost.objects.create( title="Hello World", body="Text text", workgroup=self.wg1) # Remove viewer from workgroup self.wg1.removeUser(self.viewer) # Check that the viewer was successfully removed self.assertFalse(perms.user_in_workgroup(self.viewer, self.wg1)) # Confirm discussion in QuerySet from haystack.query import SearchQuerySet sqs = SearchQuerySet() self.assertEqual(len(sqs.auto_query('Hello')), 1) # User is not in workgroup, so there should be no results psqs = get_permission_sqs().auto_query( 'Hello').apply_permission_checks(self.viewer) self.assertEqual(len(psqs), 0) # Put the viewer in the correct workgroup self.wg1.giveRoleToUser('manager', self.viewer) self.assertTrue(perms.user_in_workgroup(self.viewer, self.wg1)) # Viewer is now in workgroup, so there should be results psqs = get_permission_sqs().auto_query( 'Hello').apply_permission_checks(self.viewer) self.assertEqual(len(psqs), 1) self.login_viewer() response = self.client.get(reverse('aristotle:search') + "?q=Hello") self.assertEqual(len(response.context['page'].object_list), 1)
def test_managersCanEditWorkgroups(self): wg = models.Workgroup.objects.create( name="Test WG 1", stewardship_organisation=self.steward_org_1) user1 = get_user_model().objects.create_user('*****@*****.**', 'manager') user2 = get_user_model().objects.create_user('*****@*****.**', 'viewer') wg.giveRoleToUser('manager', user1) wg.giveRoleToUser('viewer', user2) wg.save() wg = models.Workgroup.objects.get(pk=wg.id) self.assertTrue(perms.user_in_workgroup(user1, wg)) self.assertTrue(perms.user_in_workgroup(user2, wg)) self.assertTrue(perms.user_can_view(user2, wg)) self.assertTrue(perms.user_can_view(user1, wg)) self.assertTrue(perms.user_can_edit(user1, wg)) self.assertFalse(perms.user_can_edit(user2, wg)) wg.removeUser(user1) wg.removeUser(user2) # Caching issue, refresh from DB with correct permissions user1 = get_user_model().objects.get(pk=user1.pk) user2 = get_user_model().objects.get(pk=user2.pk) self.assertFalse(perms.user_can_edit(user1, wg)) self.assertFalse(perms.user_can_edit(user2, wg))
def items(request, iid): wg = get_object_or_404(MDR.Workgroup, pk=iid) if not user_in_workgroup(request.user, wg): raise PermissionDenied items = MDR._concept.objects.filter(workgroup=iid).select_subclasses() context = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)} return paginated_list(request, items, "aristotle_mdr/workgroupItems.html", context)
def test_userInWorkgroup(self): wg = models.Workgroup.objects.create( name="Test WG 1", stewardship_organisation=self.steward_org_1) user = get_user_model().objects.create_user('*****@*****.**', 'editor1') wg.giveRoleToUser('viewer', user) self.assertTrue(perms.user_in_workgroup(user, wg))
def workgroupItems(request, iid): wg = get_object_or_404(MDR.Workgroup,pk=iid) if not user_in_workgroup(request.user,wg): raise PermissionDenied renderDict = {"item":wg,"workgroup":wg,"user_is_admin":user_is_workgroup_manager(request.user,wg)} renderDict['items'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses() page = render(request,"aristotle_mdr/workgroupItems.html",renderDict) return page
def workgroup(request, iid): wg = get_object_or_404(MDR.Workgroup,pk=iid) if not user_in_workgroup(request.user,wg): raise PermissionDenied renderDict = {"item":wg,"workgroup":wg,"user_is_admin":user_is_workgroup_manager(request.user,wg)} renderDict['recent'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses().order_by('-modified')[:10] #.filter("modified__gt"=(timezone.now()-datetime.timedelta(days=1)))[:10] page = render(request,wg.template,renderDict) return page
def workgroup(request, wgid): wg = get_object_or_404(MDR.Workgroup, pk=wgid) if not perms.user_in_workgroup(request.user, wg): raise PermissionDenied # Show all discussions for a workgroups page = render(request, "aristotle_mdr/discussions/workgroup.html", { 'workgroup': wg, 'discussions': wg.discussions.all() # MDR.DiscussionPost.objects.filter(workgroup=wg) }) return page
def workgroup(request,wgid): wg = get_object_or_404(MDR.Workgroup,pk=wgid) if not perms.user_in_workgroup(request.user,wg): raise PermissionDenied #Show all discussions for a workgroups page = render(request,"aristotle_mdr/discussions/workgroup.html",{ 'workgroup':wg, 'discussions':wg.discussions.all() #MDR.DiscussionPost.objects.filter(workgroup=wg) }) return page
def members(request, iid): wg = get_object_or_404(MDR.Workgroup, pk=iid) renderDict = { "item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg) } if not user_in_workgroup(request.user, wg): raise PermissionDenied return render(request, "aristotle_mdr/workgroupMembers.html", renderDict)
def workgroup(request, iid, name_slug): wg = get_object_or_404(MDR.Workgroup, pk=iid) if not slugify(wg.name).startswith(str(name_slug)): return redirect(wg.get_absolute_url()) if not user_in_workgroup(request.user, wg): raise PermissionDenied renderDict = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)} renderDict['recent'] = MDR._concept.objects.filter(workgroup=iid).select_subclasses().order_by('-modified')[:5] page = render(request, wg.template, renderDict) return page
def get(self, request, *args, **kwargs): context = super().get_context_data(*args, **kwargs) wg = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid']) if not perms.user_in_workgroup(request.user, wg): raise PermissionDenied context['workgroup'] = wg context['discussions'] = wg.discussions.all() return render(request, self.template_name, context)
def get(self, request, *args, **kwargs): context = super(Workgroup, self).get_context_data(*args, **kwargs) wg = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid']) if not perms.user_in_workgroup(request.user, wg): raise PermissionDenied context['workgroup'] = wg context['discussions'] = wg.discussions.all() return render(request, self.template_name, context)
def post(request, pid): post = get_object_or_404(MDR.DiscussionPost, pk=pid) if not perms.user_in_workgroup(request.user, post.workgroup): raise PermissionDenied # Show all discussions for a workgroups comment_form = MDRForms.discussions.CommentForm(initial={'post': pid}) page = render(request, "aristotle_mdr/discussions/post.html", { 'workgroup': post.workgroup, 'post': post, 'comment_form': comment_form }) return page
def items(request, iid): wg = get_object_or_404(MDR.Workgroup, pk=iid) if not user_in_workgroup(request.user, wg): raise PermissionDenied items = MDR._concept.objects.filter(workgroup=iid).select_subclasses() context = { "item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg) } return paginated_list(request, items, "aristotle_mdr/workgroupItems.html", context)
def post(request,pid): post = get_object_or_404(MDR.DiscussionPost,pk=pid) if not perms.user_in_workgroup(request.user,post.workgroup): raise PermissionDenied #Show all discussions for a workgroups comment_form = MDRForms.discussions.CommentForm(initial={'post':pid}) page = render(request,"aristotle_mdr/discussions/post.html",{ 'workgroup':post.workgroup, 'post':post, 'comment_form':comment_form }) return page
def test_RemoveUserFromWorkgroup(self): # Does removing a user from a workgroup remove their permissions? It should! wg = models.Workgroup.objects.create(name="Test WG 1") user = User.objects.create_user('editor1','','editor1') wg.managers.add(user) # Caching issue, refresh from DB with correct permissions user = User.objects.get(pk=user.pk) self.assertTrue(perms.user_in_workgroup(user,wg)) self.assertTrue(perms.user_is_workgroup_manager(user,wg)) wg.removeUser(user) # Caching issue, refresh from DB with correct permissions user = User.objects.get(pk=user.pk) self.assertFalse(perms.user_is_workgroup_manager(user,wg))
def test_RemoveUserFromWorkgroup(self): # Does removing a user from a workgroup remove their permissions? It should! wg = models.Workgroup.objects.create(name="Test WG 1") user = get_user_model().objects.create_user('*****@*****.**','editor1') wg.managers.add(user) # Caching issue, refresh from DB with correct permissions user = get_user_model().objects.get(pk=user.pk) self.assertTrue(perms.user_in_workgroup(user,wg)) self.assertTrue(perms.user_is_workgroup_manager(user,wg)) wg.removeUser(user) # Caching issue, refresh from DB with correct permissions user = get_user_model().objects.get(pk=user.pk) self.assertFalse(perms.user_is_workgroup_manager(user,wg))
def test_managersCanEditWorkgroups(self): wg = models.Workgroup.objects.create(name="Test WG 1") user1 = User.objects.create_user('manager','','manager') user2 = User.objects.create_user('editor','','editor') wg.addUser(user1) wg.addUser(user2) wg.giveRoleToUser("Manager",user1) wg.giveRoleToUser("Viewer",user2) # Caching issue, refresh from DB with correct permissions user1 = User.objects.get(pk=user1.pk) user2 = User.objects.get(pk=user2.pk) self.assertTrue(perms.user_in_workgroup(user1,wg)) self.assertTrue(perms.user_in_workgroup(user2,wg)) self.assertTrue(perms.user_can_edit(user1,wg)) self.assertFalse(perms.user_can_edit(user2,wg)) wg.removeUser(user1) wg.removeUser(user2) # Caching issue, refresh from DB with correct permissions user1 = User.objects.get(pk=user1.pk) user2 = User.objects.get(pk=user2.pk) self.assertFalse(perms.user_can_edit(user1,wg)) self.assertFalse(perms.user_can_edit(user2,wg))
def test_managersCanEditWorkgroups(self): wg = models.Workgroup.objects.create(name="Test WG 1") user1 = get_user_model().objects.create_user('*****@*****.**','manager') user2 = get_user_model().objects.create_user('*****@*****.**','viewer') wg.managers.add(user1) wg.viewers.add(user2) wg.save() wg = models.Workgroup.objects.get(pk=wg.id) self.assertTrue(perms.user_in_workgroup(user1,wg)) self.assertTrue(perms.user_in_workgroup(user2,wg)) self.assertTrue(perms.user_can_view(user2,wg)) self.assertTrue(perms.user_can_view(user1,wg)) self.assertTrue(perms.user_can_edit(user1,wg)) self.assertFalse(perms.user_can_edit(user2,wg)) wg.removeUser(user1) wg.removeUser(user2) # Caching issue, refresh from DB with correct permissions user1 = get_user_model().objects.get(pk=user1.pk) user2 = get_user_model().objects.get(pk=user2.pk) self.assertFalse(perms.user_can_edit(user1,wg)) self.assertFalse(perms.user_can_edit(user2,wg))
def test_managersCanEditWorkgroups(self): wg = models.Workgroup.objects.create(name="Test WG 1") user1 = get_user_model().objects.create_user('manager','','manager') user2 = get_user_model().objects.create_user('viewer','','viewer') wg.managers.add(user1) wg.viewers.add(user2) wg.save() wg = models.Workgroup.objects.get(pk=wg.id) self.assertTrue(perms.user_in_workgroup(user1,wg)) self.assertTrue(perms.user_in_workgroup(user2,wg)) self.assertTrue(perms.user_can_view(user2,wg)) self.assertTrue(perms.user_can_view(user1,wg)) self.assertTrue(perms.user_can_edit(user1,wg)) self.assertFalse(perms.user_can_edit(user2,wg)) wg.removeUser(user1) wg.removeUser(user2) # Caching issue, refresh from DB with correct permissions user1 = get_user_model().objects.get(pk=user1.pk) user2 = get_user_model().objects.get(pk=user2.pk) self.assertFalse(perms.user_can_edit(user1,wg)) self.assertFalse(perms.user_can_edit(user2,wg))
def get(self, request, *args, **kwargs): context = super().get_context_data(*args, **kwargs) post = self.get_object() if not perms.user_in_workgroup(request.user, post.workgroup): raise PermissionDenied comment_form = MDRForms.discussions.CommentForm( initial={'post': self.kwargs['pid']}) context['workgroup'] = post.workgroup context['post'] = post context['comment_form'] = comment_form return render(request, self.template_name, context)
def test_userCanLeaveWorkgroup(self): self.login_viewer() response = self.client.get(self.wg1.get_absolute_url()) self.assertEqual(response.status_code,200) self.assertTrue(perms.user_in_workgroup(self.viewer,self.wg1)) response = self.client.get(reverse('aristotle:workgroup_leave',args=[self.wg1.id])) self.assertEqual(response.status_code,200) response = self.client.post(reverse('aristotle:workgroup_leave',args=[self.wg1.id])) self.assertEqual(response.status_code,302) response = self.client.get(self.wg1.get_absolute_url()) self.assertEqual(response.status_code,403)
def workgroup(request, iid, name_slug): wg = get_object_or_404(MDR.Workgroup, pk=iid) if not slugify(wg.name).startswith(str(name_slug)): return redirect(wg.get_absolute_url()) if not user_in_workgroup(request.user, wg): raise PermissionDenied renderDict = { "item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg) } renderDict['recent'] = MDR._concept.objects.filter( workgroup=iid).select_subclasses().order_by('-modified')[:5] page = render(request, wg.template, renderDict) return page
def in_workgroup(user, workgroup): """ A filter that acts as a wrapper around ``aristotle_mdr.perms.user_in_workgroup``. Returns true if the user has permission to administer the workgroup, otherwise it returns False. If calling ``user_in_workgroup`` throws an exception it safely returns False. For example:: {% if request.user|in_workgroup:workgroup %} {{ something }} {% endif %} """ try: return perms.user_in_workgroup(user, workgroup) except: return False
def in_workgroup(user,workgroup): """ A filter that acts as a wrapper around ``aristotle_mdr.perms.user_in_workgroup``. Returns true if the user has permission to administer the workgroup, otherwise it returns False. If calling ``user_in_workgroup`` throws an exception it safely returns False. For example:: {% if request.user|in_workgroup:workgroup %} {{ something }} {% endif %} """ try: return perms.user_in_workgroup(user,workgroup) except: return False
def get(self, request, *args, **kwargs): context = super().get_context_data(*args, **kwargs) post = self.get_object() if not perms.user_in_workgroup(request.user, post.workgroup): raise PermissionDenied comment_form = MDRForms.discussions.CommentForm(initial={ 'post': self.kwargs['pid'] }) context['workgroup'] = post.workgroup context['post'] = post context['comment_form'] = comment_form return render(request, self.template_name, context)
def test_workgroup_member_search_has_valid_facets(self): self.logout() self.viewer = get_user_model().objects.create_user( '*****@*****.**', 'equalRightsForAll') response = self.client.post( reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in self.xmen_wg.giveRoleToUser('viewer', self.viewer) self.weaponx_wg = models.Workgroup.objects.create( name="WeaponX", stewardship_organisation=self.steward_org) response = self.client.post( reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in # Create Deadpool in Weapon X workgroup with reversion.create_revision(): dp = models.ObjectClass.objects.create( name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.weaponx_wg) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertFalse(perms.user_can_view(self.viewer, dp)) self.assertFalse(dp.is_public()) response = self.client.get(reverse('aristotle:search') + "?q=xman") self.assertEqual(response.status_code, 200) facets = response.context['form'].facets['fields'] self.assertTrue('restriction' in facets.keys()) self.assertTrue('facet_model_ct' in facets.keys()) self.assertTrue('statuses' in facets.keys()) self.assertTrue('workgroup' in facets.keys()) for wg in facets['workgroup']: wg = models.Workgroup.objects.get(pk=wg) self.assertTrue(perms.user_in_workgroup(self.viewer, wg))
def new_comment(request,pid): post = get_object_or_404(MDR.DiscussionPost,pk=pid) if not perms.user_in_workgroup(request.user,post.workgroup): raise PermissionDenied if request.method == 'POST': form = MDRForms.discussions.CommentForm(request.POST) if form.is_valid(): new = MDR.DiscussionComment( post = post, body = form.cleaned_data['body'], author = request.user, ) new.save() return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[new.post.pk])+"#comment_%s"%new.id) else: # It makes no sense to "GET" this comment, so push them back to the discussion return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[post.pk])) return render(request,"aristotle_mdr/discussions/new.html",{"form":form,})
def new_comment(request, pid): post = get_object_or_404(MDR.DiscussionPost, pk=pid) if not perms.user_in_workgroup(request.user, post.workgroup): raise PermissionDenied if post.closed: messages.error(request, _('This post is closed. Your comment was not added.')) return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk])) if request.method == 'POST': form = MDRForms.discussions.CommentForm(request.POST) if form.is_valid(): new = MDR.DiscussionComment( post=post, body=form.cleaned_data['body'], author=request.user, ) new.save() return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[new.post.pk]) + "#comment_%s" % new.id) else: return render(request, "aristotle_mdr/discussions/new.html", {"form": form}) else: # It makes no sense to "GET" this comment, so push them back to the discussion return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
def test_workgroup_member_search_has_valid_facets(self): self.logout() self.viewer = User.objects.create_user('charles.xavier','*****@*****.**','equalRightsForAll') response = self.client.post(reverse('friendly_login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in self.xmen_wg.giveRoleToUser('viewer',self.viewer) self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX") response = self.client.post(reverse('friendly_login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in #Create Deadpool in Weapon X workgroup with reversion.create_revision(): dp = models.ObjectClass.objects.create(name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.weaponx_wg) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertFalse(perms.user_can_view(self.viewer,dp)) self.assertFalse(dp.is_public()) response = self.client.get(reverse('aristotle:search')+"?q=xman") self.assertEqual(response.status_code,200) facets = response.context['form'].facets['fields'] self.assertTrue('restriction' in facets.keys()) self.assertTrue('facet_model_ct' in facets.keys()) self.assertTrue('statuses' in facets.keys()) self.assertTrue('workgroup' in facets.keys()) for wg, count in facets['workgroup']: wg = models.Workgroup.objects.get(pk=wg) self.assertTrue(perms.user_in_workgroup(self.viewer,wg))
def test_userInWorkgroup(self): wg = models.Workgroup.objects.create(name="Test WG 1") user = User.objects.create_user('editor1','','editor1') wg.viewers.add(user) self.assertTrue(perms.user_in_workgroup(user,wg))
def test_workgroup_member_search(self): self.logout() self.viewer = User.objects.create_user( 'charles.xavier', '*****@*****.**', 'equalRightsForAll') self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX") response = self.client.post(reverse('friendly_login'), { 'username': '******', 'password': '******' }) self.assertEqual(response.status_code, 302) # logged in #Charles is not in any workgroups self.assertFalse(perms.user_in_workgroup(self.viewer, self.xmen_wg)) self.assertFalse(perms.user_in_workgroup(self.viewer, self.weaponx_wg)) #Create Deadpool in Weapon X workgroup with reversion.create_revision(): dp = models.ObjectClass.objects.create( name="deadpool", definition="not really an xman, no matter how much he tries", workgroup=self.weaponx_wg, readyToReview=False) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertFalse(perms.user_can_view(self.viewer, dp)) self.assertFalse(dp.is_public()) # Charles isn't a viewer of X-men yet, so no results. from aristotle_mdr.forms.search import PermissionSearchQuerySet psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs), 0) #response = self.client.get(reverse('aristotle:search')+"?q=deadpool") #self.assertEqual(len(response.context['page'].object_list),0) # Make viewer of XMen self.xmen_wg.giveRoleToUser('viewer', self.viewer) self.assertFalse(perms.user_can_view(self.viewer, dp)) # Deadpool isn't an Xman yet, still no results. psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs), 0) with reversion.create_revision(): dp.workgroup = self.xmen_wg dp.save() dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache # Charles is a viewer, Deadpool is in X-men, should have results now. psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs), 1) response = self.client.get(reverse('aristotle:search') + "?q=deadpool") self.assertTrue(perms.user_can_view(self.viewer, dp)) self.assertEqual(len(response.context['page'].object_list), 1) self.assertEqual(response.context['page'].object_list[0].object.item, dp) # Take away Charles viewing rights and no results again. self.xmen_wg.removeRoleFromUser('viewer', self.viewer) psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs), 0) response = self.client.get(reverse('aristotle:search') + "?q=deadpool") self.assertEqual(len(response.context['page'].object_list), 0)
def test_userInWorkgroup(self): wg = models.Workgroup.objects.create(name="Test WG 1") user = get_user_model().objects.create_user('*****@*****.**','editor1') wg.viewers.add(user) self.assertTrue(perms.user_in_workgroup(user,wg))
def members(request, iid): wg = get_object_or_404(MDR.Workgroup, pk=iid) renderDict = {"item": wg, "workgroup": wg, "user_is_admin": user_is_workgroup_manager(request.user, wg)} if not user_in_workgroup(request.user, wg): raise PermissionDenied return render(request, "aristotle_mdr/workgroupMembers.html", renderDict)
def test_workgroup_member_search(self): self.logout() self.viewer = User.objects.create_user('charles.xavier','*****@*****.**','equalRightsForAll') self.weaponx_wg = models.Workgroup.objects.create(name="WeaponX") response = self.client.post(reverse('django.contrib.auth.views.login'), {'username': '******', 'password': '******'}) self.assertEqual(response.status_code,302) # logged in #Charles is not in any workgroups self.assertFalse(perms.user_in_workgroup(self.viewer,self.xmen_wg)) self.assertFalse(perms.user_in_workgroup(self.viewer,self.weaponx_wg)) #Create Deadpool in Weapon X workgroup dp = models.ObjectClass.objects.create(name="deadpool", description="not really an xman, no matter how much he tries", workgroup=self.weaponx_wg,readyToReview=False) dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache self.assertFalse(perms.user_can_view(self.viewer,dp)) self.assertFalse(dp.is_public()) # Charles isn't a viewer of X-men yet, so no results. from aristotle_mdr.forms.search import PermissionSearchQuerySet psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs),0) #response = self.client.get(reverse('aristotle:search')+"?q=deadpool") #self.assertEqual(len(response.context['page'].object_list),0) # Make viewer of XMen self.xmen_wg.giveRoleToUser('viewer',self.viewer) self.assertFalse(perms.user_can_view(self.viewer,dp)) # Deadpool isn't an Xman yet, still no results. psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs),0) dp.workgroup = self.xmen_wg dp.save() dp = models.ObjectClass.objects.get(pk=dp.pk) # Un-cache # Charles is a viewer, Deadpool is in X-men, should have results now. psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs),1) response = self.client.get(reverse('aristotle:search')+"?q=deadpool") self.assertTrue(perms.user_can_view(self.viewer,dp)) self.assertEqual(len(response.context['page'].object_list),1) self.assertEqual(response.context['page'].object_list[0].object.item,dp) # Take away Charles viewing rights and no results again. self.xmen_wg.removeRoleFromUser('viewer',self.viewer) psqs = PermissionSearchQuerySet() psqs = psqs.auto_query('deadpool').apply_permission_checks(self.viewer) self.assertEqual(len(psqs),0) response = self.client.get(reverse('aristotle:search')+"?q=deadpool") self.assertEqual(len(response.context['page'].object_list),0)
def test_in_workgroup(self): self.assertTrue(perms.user_in_workgroup(self.su,None))
def has_perm(self, user_obj, perm, obj=None): if not user_obj.is_active: return False if user_obj.is_superuser: return True app_label, perm_name = perm.split('.', 1) extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', []) if app_label == "aristotle_mdr" and hasattr(perms, perm_name): return getattr(perms, perm_name)(user_obj, obj) from django.apps import apps from aristotle_mdr.models import _concept perm_parts = perm_name.split("_") if len(perm_parts) == 2: model = apps.get_model(app_label, perm_parts[1]) elif obj is not None: model = type(obj) else: model = int if app_label in extensions + ["aristotle_mdr"] and issubclass(model, _concept): # This is required so that a user can correctly delete the 'concept' parent class in the admin site. # This is a rough catch all, and is designed to indicate a user could # delete an item type, but not a specific item. if ( perm_name.startswith('delete_') or perm_name.startswith('create_') or perm_name.startswith('add_') ): if obj is None: return perms.user_is_editor(user_obj) else: return perms.user_can_edit(user_obj, obj) if app_label in extensions + ["aristotle_mdr"]: if perm_name == "delete_concept_from_admin": return obj is None or perms.user_can_edit(user_obj, obj) if perm == "aristotle_mdr.can_create_metadata": return perms.user_is_editor(user_obj) if perm == "aristotle_mdr.view_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_leave_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.change_workgroup_memberships": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.change_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_archive_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_view_discussions_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_post_discussion_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_view_discussion_post": return perms.user_in_workgroup(user_obj, obj.workgroup) if perm == "aristotle_mdr.view_registrationauthority_details": return ( perms.user_is_registation_authority_manager(user_obj, obj) or perms.user_is_registrar(user_obj, obj) ) if perm == "aristotle_mdr.change_registrationauthority": return perms.user_is_registation_authority_manager(user_obj, obj) if perm == "aristotle_mdr.change_registrationauthority_memberships": return perms.user_is_registation_authority_manager(user_obj, obj) from aristotle_mdr.contrib.links import perms as link_perms if perm == "aristotle_mdr_links.add_link": return link_perms.user_can_make_link(user_obj) return super().has_perm(user_obj, perm, obj)
def has_perm(self, user_obj, perm, obj=None): if not user_obj.is_active: return False if user_obj.is_superuser: return True app_label, perm_name = perm.split('.', 1) extensions = fetch_aristotle_settings().get('CONTENT_EXTENSIONS', []) if app_label == "aristotle_mdr" and hasattr(perms, perm_name): return getattr(perms, perm_name)(user_obj, obj) from django.apps import apps from aristotle_mdr.models import _concept perm_parts = perm_name.split("_") if len(perm_parts) == 2: model = apps.get_model(app_label, perm_parts[1]) else: model = int if app_label in extensions + ["aristotle_mdr"] and issubclass( model, _concept): # This is required so that a user can correctly delete the 'concept' parent class in the admin site. # This is a rough catch all, and is designed to indicate a user could # delete an item type, but not a specific item. if (perm_name.startswith('delete_') or perm_name.startswith('create_') or perm_name.startswith('add_')): if obj is None: return perms.user_is_editor(user_obj) else: return perms.user_can_edit(user_obj, obj) if app_label in extensions + ["aristotle_mdr"]: if perm_name == "delete_concept_from_admin": return obj is None or perms.user_can_edit(user_obj, obj) if perm == "aristotle_mdr.can_create_metadata": return perms.user_is_editor(user_obj) if perm == "aristotle_mdr.view_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_leave_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.change_workgroup_memberships": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.change_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_archive_workgroup": return perms.user_is_workgroup_manager(user_obj, obj) if perm == "aristotle_mdr.can_view_discussions_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_post_discussion_in_workgroup": return perms.user_in_workgroup(user_obj, obj) if perm == "aristotle_mdr.can_view_discussion_post": return perms.user_in_workgroup(user_obj, obj.workgroup) if perm == "aristotle_mdr.view_registrationauthority_details": return (perms.user_is_registation_authority_manager(user_obj, obj) or perms.user_is_registrar(user_obj, obj)) if perm == "aristotle_mdr.change_registrationauthority": return perms.user_is_registation_authority_manager(user_obj, obj) if perm == "aristotle_mdr.change_registrationauthority_memberships": return perms.user_is_registation_authority_manager(user_obj, obj) from aristotle_mdr.contrib.links import perms as link_perms if perm == "aristotle_mdr_links.add_link": return link_perms.user_can_make_link(user_obj) return super(AristotleBackend, self).has_perm(user_obj, perm, obj)
def dispatch(self, request, *args, **kwargs): self.workgroup = get_object_or_404(MDR.Workgroup, pk=self.kwargs['wgid']) if not perms.user_in_workgroup(request.user, self.workgroup): raise PermissionDenied return super().dispatch(request, *args, **kwargs)