def test_unauth_public(self): request = self.get_request() with self.assertNumQueries(0): self.assertViewAllowed(self.page) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_unauth_non_access(self): request = self.get_request() with self.assertNumQueries(0): self.assertViewNotAllowed(self.page) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [])
def test_unauth_non_access(self): request = self.get_request() with self.assertNumQueries(0): self.assertFalse(self.page.has_view_permission(request)) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [])
def test_unauth_public(self): request = self.get_request() with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_staff_public_staff(self): request = self.get_request(self.get_staff_user_with_no_permissions()) with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_normal_basic_auth(self): request = self.get_request(self.get_standard_user()) with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def assertGrantedVisibility(self, all_pages, expected_granted_pages, username=None): """ helper function to check the expected_granted_pages are not in the restricted_pages list and all visible pages are in the expected_granted_pages """ # log the user in if present user = None if username is not None: if get_user_model().USERNAME_FIELD == 'email': username = username + '@LegionMarket.com' query = dict() query[get_user_model().USERNAME_FIELD + '__iexact'] = username user = get_user_model().objects.get(**query) request = self.get_request(user) visible_page_ids = get_visible_pages(request, all_pages, self.site) public_page_ids = Page.objects.drafts().filter( title_set__title__in=expected_granted_pages).values_list('id', flat=True) self.assertEqual(len(visible_page_ids), len(expected_granted_pages)) restricted_pages = Page.objects.public().exclude( title_set__title__in=expected_granted_pages).values_list('id', flat=True) self.assertNodeMemberships(visible_page_ids, restricted_pages, public_page_ids)
def assertGrantedVisibility(self, all_pages, expected_granted_pages, username=None): """ helper function to check the expected_granted_pages are not in the restricted_pages list and all visible pages are in the expected_granted_pages """ # log the user in if present user = None if username is not None: if get_user_model().USERNAME_FIELD == "email": username = username + "@django-cms.org" query = dict() query[get_user_model().USERNAME_FIELD + "__iexact"] = username user = get_user_model().objects.get(**query) request = self.get_request(user) visible_page_ids = get_visible_pages(request, all_pages, self.site) public_page_ids = ( Page.objects.drafts().filter(title_set__title__in=expected_granted_pages).values_list("id", flat=True) ) self.assertEqual(len(visible_page_ids), len(expected_granted_pages)) restricted_pages = ( Page.objects.public().exclude(title_set__title__in=expected_granted_pages).values_list("id", flat=True) ) self.assertNodeMemberships(visible_page_ids, restricted_pages, public_page_ids)
def test_normal_basic_auth(self): user = self.get_standard_user() request = self.get_request(user) with self.assertNumQueries(0): self.assertViewAllowed(self.page, user) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_staff_basic_auth(self): user = self.get_staff_user_with_no_permissions() request = self.get_request(user) with self.assertNumQueries(0): self.assertViewAllowed(self.page, user) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_unauthed(self): request = self.get_request() with self.assertNumQueries(1): """The queries are: PagePermission query for the affected page (is the page restricted?) """ self.assertViewNotAllowed(self.page) self.assertEqual(get_visible_pages(request, self.pages, self.page.site), [])
def test_public_pages_anonymous_norestrictions(self): """ All pages are visible to an anonymous user """ all_pages = self._setup_tree_pages() request = self.get_request() visible_page_ids = get_visible_pages(request, all_pages, self.site) self.assertEqual(len(all_pages), len(visible_page_ids)) nodes = menu_pool.get_nodes(request) self.assertEqual(len(nodes), len(all_pages))
def test_page_group_permissions(self): user = self.get_standard_user() user.groups.add(self.group) request = self.get_request(user) with self.assertNumQueries(3): self.assertTrue(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_unauthed(self): request = self.get_request() with self.assertNumQueries(1): """The queries are: PagePermission query for the affected page (is the page restricted?) """ self.assertFalse(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertFalse(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, self.pages, self.page.site), [])
def test_basic_perm(self): user = self.get_standard_user() user.user_permissions.add(Permission.objects.get(codename='view_page')) request = self.get_request(user) with self.assertNumQueries(3): """ The queries are: PagePermission query (is this page restricted) Generic django permission lookup content type lookup by permission lookup """ self.assertViewAllowed(self.page, user) self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_normal_denied(self): user = self.get_standard_user() request = self.get_request(user) with self.assertNumQueries(4): """ The queries are: PagePermission query for the affected page (is the page restricted?) GlobalPagePermission query for the page site User permissions query Content type query """ self.assertViewNotAllowed(self.page, user) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [])
def test_global_access(self): user = self.get_standard_user() GlobalPagePermission.objects.create(can_view=True, user=user) request = self.get_request(user) with self.assertNumQueries(4): """The queries are: PagePermission query for the affected page (is the page restricted?) Generic django permission lookup content type lookup by permission lookup GlobalPagePermission query for the page site """ self.assertViewAllowed(self.page, user) self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_global_access(self): user = self.get_standard_user() GlobalPagePermission.objects.create(can_view=True, user=user) request = self.get_request(user) with self.assertNumQueries(2): """The queries are: PagePermission query for the affected page (is the page restricted?) GlobalPagePermission query for the page site """ self.assertTrue(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [self.page.pk])
def test_global_permission(self): user = self.get_standard_user() GlobalPagePermission.objects.create(can_view=True, user=user) request = self.get_request(user) with self.assertNumQueries(4): """ The queries are: PagePermission query (is this page restricted) Generic django permission lookup content type lookup by permission lookup GlobalpagePermission query for user """ self.assertViewAllowed(self.page, user) self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_basic_perm_denied(self): user = self.get_staff_user_with_no_permissions() request = self.get_request(user) with self.assertNumQueries(5): """ The queries are: PagePermission query (is this page restricted) GlobalpagePermission query for user PagePermission query for this user Generic django permission lookup content type lookup by permission lookup """ self.assertViewNotAllowed(self.page, user) self.assertEqual(get_visible_pages(request, self.pages, self.page.site), [])
def test_normal_denied(self): request = self.get_request(self.get_standard_user()) with self.assertNumQueries(4): """ The queries are: PagePermission query for the affected page (is the page restricted?) GlobalPagePermission query for the page site User permissions query Content type query """ self.assertFalse(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertFalse(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, [self.page], self.page.site), [])
def test_page_group_permissions(self): user = self.get_standard_user() user.groups.add(self.group) request = self.get_request(user) with self.assertNumQueries(5): """ The queries are: PagePermission query (is this page restricted) Generic django permission lookup content type lookup by permission lookup GlobalpagePermission query for user PagePermission query for user """ self.assertViewAllowed(self.page, user) self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_global_permission(self): user = self.get_standard_user() GlobalPagePermission.objects.create(can_view=True, user=user) request = self.get_request(user) with self.assertNumQueries(2): """ The queries are: PagePermission query (is this page restricted) GlobalpagePermission query for user """ self.assertTrue(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def test_basic_perm_denied(self): request = self.get_request(self.get_staff_user_with_no_permissions()) with self.assertNumQueries(5): """ The queries are: PagePermission query (is this page restricted) GlobalpagePermission query for user PagePermission query for this user Generic django permission lookup content type lookup by permission lookup """ self.assertFalse(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertFalse(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, self.pages, self.page.site), [])
def test_basic_perm(self): user = self.get_standard_user() user.user_permissions.add(Permission.objects.get(codename='view_page')) request = self.get_request(user) with self.assertNumQueries(5): """ The queries are: PagePermission query (is this page restricted) GlobalpagePermission query for user PagePermission query for this user Generic django permission lookup content type lookup by permission lookup """ self.assertTrue(self.page.has_view_permission(request)) with self.assertNumQueries(0): self.assertTrue(self.page.has_view_permission(request)) # test cache self.assertEqual(get_visible_pages(request, self.pages, self.page.site), self.expected)
def get_viewable_pages(self): site = self.get_site() page_queryset = get_page_queryset(self.request).published() pages = page_queryset.filter(site=site) return get_visible_pages(self.request, pages, site)