def test_has_perm(self):
# security for superuser
sec = security.get_security(self.superuser)
# superuser has all rights to what he wants
self.assertTrue(sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)),
"Superuser always should have all permissions")
self.assertTrue(sec.has_perm("fake.permission"),
"Superuser always should have all permissions")
# security for common user
sec = security.get_security(self.user)
# common user, should not have rights
self.assertFalse(
sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)),
"If user doesn't have that role, this should be False")
# common user, should have rights
# mock get_default_role function
security.base.get_default_role = mock.Mock(
return_value=self.role_registered_user)
self.assertTrue(
sec.has_perm("content.register"),
"If user doesn't have that role, this should be False")
def test_is_staff(self):
# let's check is_staff method for non staff user
sec = security.get_security(self.user)
self.assertFalse(sec.is_staff())
# let's check is_staff method for staff user
sec = security.get_security(self.staffuser)
self.assertTrue(sec.is_staff())
def test_is_admin(self):
# let's check is_admin method for superuser
sec = security.get_security(self.superuser)
self.assertTrue(sec.is_superuser())
# let's check is_admin method for common user
sec = security.get_security(self.user)
self.assertFalse(sec.is_superuser())
def test_is_staff(self):
# let's check is_staff method for non staff user
sec = security.get_security(self.user)
self.assertFalse(sec.is_staff())
# let's check is_staff method for staff user
sec = security.get_security(self.staffuser)
self.assertTrue(sec.is_staff())
def test_is_admin(self):
# let's check is_admin method for superuser
sec = security.get_security(self.superuser)
self.assertTrue(sec.is_superuser())
# let's check is_admin method for common user
sec = security.get_security(self.user)
self.assertFalse(sec.is_superuser())
def test_get_permissions_fail(self):
# mock get_default_role function
security.base.get_default_role = mock.Mock(return_value=self.role)
sec = security.get_security(self.superuser)
self.assertNotIn(self.can_content_register_permission,
sec._get_permissions())
def test_get_permissions_success(self):
# mock get_default_role function
security.base.get_default_role = mock.Mock(return_value=self.role_registered_user)
sec = security.get_security(self.user)
self.assertIn(self.can_content_register_permission, sec._get_permissions())
# check that there are no permissions from book
self.assertNotIn(self.can_test_permission, sec._get_permissions())
def test_get_permissions_with_book(self):
# get permissions from default role and from bookrole
# mock get_default_role function
security.base.get_default_role = mock.Mock(return_value=self.role_registered_user)
sec = security.get_security(self.user)
permissions = sec._get_permissions(book=self.bookrole.book)
self.assertIn(self.can_content_register_permission, permissions)
self.assertIn(self.can_test_permission, permissions)
def test_get_permissions_with_book(self):
# get permissions from default role and from bookrole
# mock get_default_role function
security.base.get_default_role = mock.Mock(
return_value=self.role_registered_user)
sec = security.get_security(self.user)
permissions = sec._get_permissions(book=self.bookrole.book)
self.assertIn(self.can_content_register_permission, permissions)
self.assertIn(self.can_test_permission, permissions)
def test_get_permissions_success(self):
# mock get_default_role function
security.base.get_default_role = mock.Mock(
return_value=self.role_registered_user)
sec = security.get_security(self.user)
self.assertIn(self.can_content_register_permission,
sec._get_permissions())
# check that there are no permissions from book
self.assertNotIn(self.can_test_permission, sec._get_permissions())
def has_permission(self, request, view):
"""Takes the list of required permissions from the view and
check if user has them all"""
required_perms = getattr(view, 'required_perms', [])
if len(required_perms) == 0:
return True
user_security = security.get_security(request.user)
perms_list = [user_security.has_perm(x) for x in required_perms]
return all(perms_list)
def has_permission(self, request, view):
"""Takes the list of required permissions from the view and
check if user has them all"""
required_perms = self.get_required_perms(view)
if not required_perms:
return True
user_security = security.get_security(request.user)
perms_list = [user_security.has_perm(x) for x in required_perms]
return all(perms_list)
def test_has_perm(self):
# security for superuser
sec = security.get_security(self.superuser)
# superuser has all rights to what he wants
self.assertTrue(sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)),
"Superuser always should have all permissions")
self.assertTrue(sec.has_perm("fake.permission"),
"Superuser always should have all permissions")
# security for common user
sec = security.get_security(self.user)
# common user, should not have rights
self.assertFalse(sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)),
"If user doesn't have that role, this should be False")
# common user, should have rights
# mock get_default_role function
security.base.get_default_role = mock.Mock(return_value=self.role_registered_user)
self.assertTrue(sec.has_perm("content.register"),
"If user doesn't have that role, this should be False")
def process_template_response(self, request, response):
sec = response.context_data.get('security', None)
if not sec or type(sec) is not Security:
sec = get_security(request.user)
if request.is_ajax():
return response
response.context_data['can_view_books_list'] = sec.has_perm('portal.can_view_books_list')
response.context_data['can_view_groups_list'] = sec.has_perm('portal.can_view_groups_list')
response.context_data['can_view_user_list'] = sec.has_perm('portal.can_view_user_list')
response.context_data['can_view_user_info'] = sec.has_perm('account.can_view_user_info')
return response
def process_template_response(self, request, response):
sec = response.context_data.get('security', None)
if not sec or type(sec) is not Security:
sec = get_security(request.user)
if request.is_ajax():
return response
response.context_data['can_view_books_list'] = sec.has_perm(
'portal.can_view_books_list')
response.context_data['can_view_groups_list'] = sec.has_perm(
'portal.can_view_groups_list')
response.context_data['can_view_user_list'] = sec.has_perm(
'portal.can_view_user_list')
response.context_data['can_view_user_info'] = sec.has_perm(
'account.can_view_user_info')
return response
def dispatch(self, request, *args, **kwargs):
# try to create security instance
try:
if self.security_bridge is Security:
self.security = get_security(request.user)
elif self.security_bridge is BookSecurity:
book = Book.objects.get(url_title__iexact=kwargs['bookid'])
self.security = get_security_for_book(request.user, book)
elif self.security_bridge is GroupSecurity:
group = BookiGroup.objects.get(url_name=kwargs['groupid'])
self.security = get_security_for_group(request.user, group)
except (BookiGroup.DoesNotExist, Book.DoesNotExist):
raise Http404
except KeyError as e:
raise Exception('{bridge} bridge requires "{key}" in request'.format(bridge=self.security_bridge,
key=e.message))
# hook for checking permissions
self.check_permissions(request, *args, **kwargs)
return super(SecurityMixin, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
# try to create security instance
try:
if self.security_bridge is Security:
self.security = get_security(request.user)
elif self.security_bridge is BookSecurity:
book = Book.objects.get(url_title__iexact=kwargs['bookid'])
self.security = get_security_for_book(request.user, book)
elif self.security_bridge is GroupSecurity:
group = BookiGroup.objects.get(url_name=kwargs['groupid'])
self.security = get_security_for_group(request.user, group)
except (BookiGroup.DoesNotExist, Book.DoesNotExist):
raise Http404
except KeyError as e:
raise Exception('{bridge} bridge requires "{key}" in request'.format(bridge=self.security_bridge,
key=e.message))
# hook for checking permissions
self.check_permissions(request, *args, **kwargs)
return super(SecurityMixin, self).dispatch(request, *args, **kwargs)
def test_get_security(self):
# let's test helper for retrieving base Security instance
self.assertEqual(
security.base.BaseSecurity(self.user).__class__,
security.get_security(self.user).__class__)
def get_context_data(self, **kwargs):
context = super(DashboardPageView, self).get_context_data(**kwargs)
current_user = self.request.user
context['is_admin'] = current_user.is_superuser
# get all user permissions
role_key = security.get_default_role_key(current_user)
default_role = security.get_default_role(role_key)
if default_role:
context['roles_permissions'] = [p.key_name for p in default_role.permissions.all()]
else:
context['roles_permissions'] = []
context['licenses'] = License.objects.all().order_by('name')
context['languages'] = Language.objects.all()
if self.is_current_user_dashboard:
context['books'] = Book.objects.select_related('version').filter(
owner=self.object).order_by('title')
else:
context['books'] = Book.objects.select_related('version').filter(
owner=self.object, hidden=False).order_by('title')
context['groups'] = BookiGroup.objects.filter(
owner=self.object).order_by('name')
context['participating_groups'] = BookiGroup.objects.filter(
members=self.object).exclude(owner=self.object).order_by('name')
# get books which user has collaborated on
book_ids = set(BookHistory.objects.filter(user=self.object).values_list('book', flat=True).distinct())
# get books with user assigned by roles
book_ids.update(BookRole.objects.filter(members=self.object).values_list('book', flat=True).distinct())
context['books_collaborating'] = Book.objects.filter(
id__in=book_ids).exclude(owner=self.object).order_by('title')
# get user recent activity
context['recent_activity'] = BookHistory.objects.filter(
user=self.object).order_by('-modified')[:3]
context['can_upload_book'] = security.get_security(current_user).has_perm('account.can_upload_book')
context['can_create_book'] = True
# NOTE: base_books will be user's books for now, let's define with the rest of team
# what should be a good logic to define existent books as skeletons
form_kwargs = {'base_book_qs': context['books']}
context['book_creation_form'] = BookCreationForm(
initial={
'language': config.get_configuration('CREATE_BOOK_LANGUAGE'),
'license': config.get_configuration('CREATE_BOOK_LICENSE'),
'visible_to_everyone': config.get_configuration('CREATE_BOOK_VISIBLE')
}, **form_kwargs)
# if only admin import then deny user permission to upload books
if config.get_configuration('ADMIN_IMPORT_BOOKS'):
if not current_user.is_superuser:
context['can_upload_book'] = False
# if only admin create then deny user permission to create new books
if config.get_configuration('ADMIN_CREATE_BOOKS'):
if not current_user.is_superuser:
context['can_create_book'] = False
# check if user can create/import more books
if current_user.is_authenticated():
book_p_user = config.get_configuration('BOOKTYPE_BOOKS_PER_USER')
context['is_book_limit'] = Book.objects.filter(owner=current_user).count() >= book_p_user != -1
else:
context['is_book_limit'] = True
if context['is_book_limit']:
if not current_user.is_superuser:
context['can_create_book'] = False
context['can_upload_book'] = False
else:
context['is_book_limit'] = False
# change title in case of not authenticated user
if not current_user.is_authenticated() or \
self.object != current_user:
context['title'] = _('User profile')
context['page_title'] = _('User profile')
# Getting context variables for the form to invite users
if current_user.is_authenticated():
initial = {
'message': getattr(settings, 'BOOKTYPE_DEFAULT_INVITE_MESSAGE', '')
}
context['invite_form'] = UserInviteForm(user=current_user, initial=initial)
return context
def get_context_data(self, **kwargs):
context = super(DashboardPageView, self).get_context_data(**kwargs)
current_user = self.request.user
context['is_admin'] = current_user.is_superuser
# get all user permissions
role_key = security.get_default_role_key(current_user)
default_role = security.get_default_role(role_key)
if default_role:
context['roles_permissions'] = [
p.key_name for p in default_role.permissions.all()
]
else:
context['roles_permissions'] = []
context['licenses'] = License.objects.all().order_by('name')
context['languages'] = Language.objects.all()
if self.is_current_user_dashboard:
context['books'] = Book.objects.select_related('version').filter(
owner=self.object).order_by('title')
else:
context['books'] = Book.objects.select_related('version').filter(
owner=self.object, hidden=False).order_by('title')
context['groups'] = BookiGroup.objects.filter(
owner=self.object).order_by('name')
context['participating_groups'] = BookiGroup.objects.filter(
members=self.object).exclude(owner=self.object).order_by('name')
# get books which user has collaborated on
book_ids = set(
BookHistory.objects.filter(user=self.object).values_list(
'book', flat=True).distinct())
# get books with user assigned by roles
book_ids.update(
BookRole.objects.filter(members=self.object).values_list(
'book', flat=True).distinct())
context['books_collaborating'] = Book.objects.filter(
id__in=book_ids).exclude(owner=self.object).order_by('title')
# get user recent activity
context['recent_activity'] = BookHistory.objects.filter(
user=self.object).order_by('-modified')[:3]
context['can_upload_book'] = security.get_security(
current_user).has_perm('account.can_upload_book')
context['can_create_book'] = True
# NOTE: base_books will be user's books for now, let's define with the rest of team
# what should be a good logic to define existent books as skeletons
form_kwargs = {'base_book_qs': context['books']}
context['book_creation_form'] = BookCreationForm(initial={
'language':
config.get_configuration('CREATE_BOOK_LANGUAGE'),
'license':
config.get_configuration('CREATE_BOOK_LICENSE'),
'visible_to_everyone':
config.get_configuration('CREATE_BOOK_VISIBLE')
},
**form_kwargs)
# if only admin import then deny user permission to upload books
if config.get_configuration('ADMIN_IMPORT_BOOKS'):
if not current_user.is_superuser:
context['can_upload_book'] = False
# if only admin create then deny user permission to create new books
if config.get_configuration('ADMIN_CREATE_BOOKS'):
if not current_user.is_superuser:
context['can_create_book'] = False
# check if user can create/import more books
if current_user.is_authenticated():
book_p_user = config.get_configuration('BOOKTYPE_BOOKS_PER_USER')
context['is_book_limit'] = Book.objects.filter(
owner=current_user).count() >= book_p_user != -1
else:
context['is_book_limit'] = True
if context['is_book_limit']:
if not current_user.is_superuser:
context['can_create_book'] = False
context['can_upload_book'] = False
else:
context['is_book_limit'] = False
# change title in case of not authenticated user
if not current_user.is_authenticated() or \
self.object != current_user:
context['title'] = _('User profile')
context['page_title'] = _('User profile')
# Getting context variables for the form to invite users
if current_user.is_authenticated():
initial = {
'message': getattr(settings, 'BOOKTYPE_DEFAULT_INVITE_MESSAGE',
'')
}
context['invite_form'] = UserInviteForm(user=current_user,
initial=initial)
return context
def test_get_permissions_fail(self):
# mock get_default_role function
security.base.get_default_role = mock.Mock(return_value=self.role)
sec = security.get_security(self.superuser)
self.assertNotIn(self.can_content_register_permission, sec._get_permissions())
def test_get_security(self):
# let's test helper for retrieving base Security instance
self.assertEqual(security.base.BaseSecurity(self.user).__class__,
security.get_security(self.user).__class__)
