def test_has_perm(self): # security for superuser sec = security.get_security(self.superuser) # superuser has all rights to what he wants self.assertTrue(sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)), "Superuser always should have all permissions") self.assertTrue(sec.has_perm("fake.permission"), "Superuser always should have all permissions") # security for common user sec = security.get_security(self.user) # common user, should not have rights self.assertFalse( sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)), "If user doesn't have that role, this should be False") # common user, should have rights # mock get_default_role function security.base.get_default_role = mock.Mock( return_value=self.role_registered_user) self.assertTrue( sec.has_perm("content.register"), "If user doesn't have that role, this should be False")
def test_is_staff(self): # let's check is_staff method for non staff user sec = security.get_security(self.user) self.assertFalse(sec.is_staff()) # let's check is_staff method for staff user sec = security.get_security(self.staffuser) self.assertTrue(sec.is_staff())
def test_is_admin(self): # let's check is_admin method for superuser sec = security.get_security(self.superuser) self.assertTrue(sec.is_superuser()) # let's check is_admin method for common user sec = security.get_security(self.user) self.assertFalse(sec.is_superuser())
def test_get_permissions_fail(self): # mock get_default_role function security.base.get_default_role = mock.Mock(return_value=self.role) sec = security.get_security(self.superuser) self.assertNotIn(self.can_content_register_permission, sec._get_permissions())
def test_get_permissions_success(self): # mock get_default_role function security.base.get_default_role = mock.Mock(return_value=self.role_registered_user) sec = security.get_security(self.user) self.assertIn(self.can_content_register_permission, sec._get_permissions()) # check that there are no permissions from book self.assertNotIn(self.can_test_permission, sec._get_permissions())
def test_get_permissions_with_book(self): # get permissions from default role and from bookrole # mock get_default_role function security.base.get_default_role = mock.Mock(return_value=self.role_registered_user) sec = security.get_security(self.user) permissions = sec._get_permissions(book=self.bookrole.book) self.assertIn(self.can_content_register_permission, permissions) self.assertIn(self.can_test_permission, permissions)
def test_get_permissions_with_book(self): # get permissions from default role and from bookrole # mock get_default_role function security.base.get_default_role = mock.Mock( return_value=self.role_registered_user) sec = security.get_security(self.user) permissions = sec._get_permissions(book=self.bookrole.book) self.assertIn(self.can_content_register_permission, permissions) self.assertIn(self.can_test_permission, permissions)
def test_get_permissions_success(self): # mock get_default_role function security.base.get_default_role = mock.Mock( return_value=self.role_registered_user) sec = security.get_security(self.user) self.assertIn(self.can_content_register_permission, sec._get_permissions()) # check that there are no permissions from book self.assertNotIn(self.can_test_permission, sec._get_permissions())
def has_permission(self, request, view): """Takes the list of required permissions from the view and check if user has them all""" required_perms = getattr(view, 'required_perms', []) if len(required_perms) == 0: return True user_security = security.get_security(request.user) perms_list = [user_security.has_perm(x) for x in required_perms] return all(perms_list)
def has_permission(self, request, view): """Takes the list of required permissions from the view and check if user has them all""" required_perms = self.get_required_perms(view) if not required_perms: return True user_security = security.get_security(request.user) perms_list = [user_security.has_perm(x) for x in required_perms] return all(perms_list)
def test_has_perm(self): # security for superuser sec = security.get_security(self.superuser) # superuser has all rights to what he wants self.assertTrue(sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)), "Superuser always should have all permissions") self.assertTrue(sec.has_perm("fake.permission"), "Superuser always should have all permissions") # security for common user sec = security.get_security(self.user) # common user, should not have rights self.assertFalse(sec.has_perm('%s.%s' % (APP_NAME, CODE_NAME)), "If user doesn't have that role, this should be False") # common user, should have rights # mock get_default_role function security.base.get_default_role = mock.Mock(return_value=self.role_registered_user) self.assertTrue(sec.has_perm("content.register"), "If user doesn't have that role, this should be False")
def process_template_response(self, request, response): sec = response.context_data.get('security', None) if not sec or type(sec) is not Security: sec = get_security(request.user) if request.is_ajax(): return response response.context_data['can_view_books_list'] = sec.has_perm('portal.can_view_books_list') response.context_data['can_view_groups_list'] = sec.has_perm('portal.can_view_groups_list') response.context_data['can_view_user_list'] = sec.has_perm('portal.can_view_user_list') response.context_data['can_view_user_info'] = sec.has_perm('account.can_view_user_info') return response
def process_template_response(self, request, response): sec = response.context_data.get('security', None) if not sec or type(sec) is not Security: sec = get_security(request.user) if request.is_ajax(): return response response.context_data['can_view_books_list'] = sec.has_perm( 'portal.can_view_books_list') response.context_data['can_view_groups_list'] = sec.has_perm( 'portal.can_view_groups_list') response.context_data['can_view_user_list'] = sec.has_perm( 'portal.can_view_user_list') response.context_data['can_view_user_info'] = sec.has_perm( 'account.can_view_user_info') return response
def dispatch(self, request, *args, **kwargs): # try to create security instance try: if self.security_bridge is Security: self.security = get_security(request.user) elif self.security_bridge is BookSecurity: book = Book.objects.get(url_title__iexact=kwargs['bookid']) self.security = get_security_for_book(request.user, book) elif self.security_bridge is GroupSecurity: group = BookiGroup.objects.get(url_name=kwargs['groupid']) self.security = get_security_for_group(request.user, group) except (BookiGroup.DoesNotExist, Book.DoesNotExist): raise Http404 except KeyError as e: raise Exception('{bridge} bridge requires "{key}" in request'.format(bridge=self.security_bridge, key=e.message)) # hook for checking permissions self.check_permissions(request, *args, **kwargs) return super(SecurityMixin, self).dispatch(request, *args, **kwargs)
def test_get_security(self): # let's test helper for retrieving base Security instance self.assertEqual( security.base.BaseSecurity(self.user).__class__, security.get_security(self.user).__class__)
def get_context_data(self, **kwargs): context = super(DashboardPageView, self).get_context_data(**kwargs) current_user = self.request.user context['is_admin'] = current_user.is_superuser # get all user permissions role_key = security.get_default_role_key(current_user) default_role = security.get_default_role(role_key) if default_role: context['roles_permissions'] = [p.key_name for p in default_role.permissions.all()] else: context['roles_permissions'] = [] context['licenses'] = License.objects.all().order_by('name') context['languages'] = Language.objects.all() if self.is_current_user_dashboard: context['books'] = Book.objects.select_related('version').filter( owner=self.object).order_by('title') else: context['books'] = Book.objects.select_related('version').filter( owner=self.object, hidden=False).order_by('title') context['groups'] = BookiGroup.objects.filter( owner=self.object).order_by('name') context['participating_groups'] = BookiGroup.objects.filter( members=self.object).exclude(owner=self.object).order_by('name') # get books which user has collaborated on book_ids = set(BookHistory.objects.filter(user=self.object).values_list('book', flat=True).distinct()) # get books with user assigned by roles book_ids.update(BookRole.objects.filter(members=self.object).values_list('book', flat=True).distinct()) context['books_collaborating'] = Book.objects.filter( id__in=book_ids).exclude(owner=self.object).order_by('title') # get user recent activity context['recent_activity'] = BookHistory.objects.filter( user=self.object).order_by('-modified')[:3] context['can_upload_book'] = security.get_security(current_user).has_perm('account.can_upload_book') context['can_create_book'] = True # NOTE: base_books will be user's books for now, let's define with the rest of team # what should be a good logic to define existent books as skeletons form_kwargs = {'base_book_qs': context['books']} context['book_creation_form'] = BookCreationForm( initial={ 'language': config.get_configuration('CREATE_BOOK_LANGUAGE'), 'license': config.get_configuration('CREATE_BOOK_LICENSE'), 'visible_to_everyone': config.get_configuration('CREATE_BOOK_VISIBLE') }, **form_kwargs) # if only admin import then deny user permission to upload books if config.get_configuration('ADMIN_IMPORT_BOOKS'): if not current_user.is_superuser: context['can_upload_book'] = False # if only admin create then deny user permission to create new books if config.get_configuration('ADMIN_CREATE_BOOKS'): if not current_user.is_superuser: context['can_create_book'] = False # check if user can create/import more books if current_user.is_authenticated(): book_p_user = config.get_configuration('BOOKTYPE_BOOKS_PER_USER') context['is_book_limit'] = Book.objects.filter(owner=current_user).count() >= book_p_user != -1 else: context['is_book_limit'] = True if context['is_book_limit']: if not current_user.is_superuser: context['can_create_book'] = False context['can_upload_book'] = False else: context['is_book_limit'] = False # change title in case of not authenticated user if not current_user.is_authenticated() or \ self.object != current_user: context['title'] = _('User profile') context['page_title'] = _('User profile') # Getting context variables for the form to invite users if current_user.is_authenticated(): initial = { 'message': getattr(settings, 'BOOKTYPE_DEFAULT_INVITE_MESSAGE', '') } context['invite_form'] = UserInviteForm(user=current_user, initial=initial) return context
def get_context_data(self, **kwargs): context = super(DashboardPageView, self).get_context_data(**kwargs) current_user = self.request.user context['is_admin'] = current_user.is_superuser # get all user permissions role_key = security.get_default_role_key(current_user) default_role = security.get_default_role(role_key) if default_role: context['roles_permissions'] = [ p.key_name for p in default_role.permissions.all() ] else: context['roles_permissions'] = [] context['licenses'] = License.objects.all().order_by('name') context['languages'] = Language.objects.all() if self.is_current_user_dashboard: context['books'] = Book.objects.select_related('version').filter( owner=self.object).order_by('title') else: context['books'] = Book.objects.select_related('version').filter( owner=self.object, hidden=False).order_by('title') context['groups'] = BookiGroup.objects.filter( owner=self.object).order_by('name') context['participating_groups'] = BookiGroup.objects.filter( members=self.object).exclude(owner=self.object).order_by('name') # get books which user has collaborated on book_ids = set( BookHistory.objects.filter(user=self.object).values_list( 'book', flat=True).distinct()) # get books with user assigned by roles book_ids.update( BookRole.objects.filter(members=self.object).values_list( 'book', flat=True).distinct()) context['books_collaborating'] = Book.objects.filter( id__in=book_ids).exclude(owner=self.object).order_by('title') # get user recent activity context['recent_activity'] = BookHistory.objects.filter( user=self.object).order_by('-modified')[:3] context['can_upload_book'] = security.get_security( current_user).has_perm('account.can_upload_book') context['can_create_book'] = True # NOTE: base_books will be user's books for now, let's define with the rest of team # what should be a good logic to define existent books as skeletons form_kwargs = {'base_book_qs': context['books']} context['book_creation_form'] = BookCreationForm(initial={ 'language': config.get_configuration('CREATE_BOOK_LANGUAGE'), 'license': config.get_configuration('CREATE_BOOK_LICENSE'), 'visible_to_everyone': config.get_configuration('CREATE_BOOK_VISIBLE') }, **form_kwargs) # if only admin import then deny user permission to upload books if config.get_configuration('ADMIN_IMPORT_BOOKS'): if not current_user.is_superuser: context['can_upload_book'] = False # if only admin create then deny user permission to create new books if config.get_configuration('ADMIN_CREATE_BOOKS'): if not current_user.is_superuser: context['can_create_book'] = False # check if user can create/import more books if current_user.is_authenticated(): book_p_user = config.get_configuration('BOOKTYPE_BOOKS_PER_USER') context['is_book_limit'] = Book.objects.filter( owner=current_user).count() >= book_p_user != -1 else: context['is_book_limit'] = True if context['is_book_limit']: if not current_user.is_superuser: context['can_create_book'] = False context['can_upload_book'] = False else: context['is_book_limit'] = False # change title in case of not authenticated user if not current_user.is_authenticated() or \ self.object != current_user: context['title'] = _('User profile') context['page_title'] = _('User profile') # Getting context variables for the form to invite users if current_user.is_authenticated(): initial = { 'message': getattr(settings, 'BOOKTYPE_DEFAULT_INVITE_MESSAGE', '') } context['invite_form'] = UserInviteForm(user=current_user, initial=initial) return context
def test_get_security(self): # let's test helper for retrieving base Security instance self.assertEqual(security.base.BaseSecurity(self.user).__class__, security.get_security(self.user).__class__)