def forwards(self, orm):
if not db.dry_run:
# some object classes can only be seen by root, like all users for
# instance. Add the new object class RegistrationRequest to the group
# which all project admins are part of, so they don't get a 403 forbidden
# when trying to see requests for their project
try:
projectadmins = Group.objects.get(name="projectadmins")
except Group.DoesNotExist as e:
projectadmins = Group(name="projectadmins")
# TODO add permissions for all comicmodels and registrationRequest
projectadmins.save()
# my god spent 2 hours on this line. But this fixes any issues with
# default permissions for registrationrequest not being found..
db.send_pending_create_signals()
# each user in comic is part of this group projectadmins. With the
# permission in this group you can determine which types of objects
# regular adins can see and edit in the admin interface.
self.add_standard_perms("comicmodels", "registrationrequest", projectadmins)
self.add_standard_perms("comicmodels", "comicsite", projectadmins)
self.add_standard_perms("comicmodels", "page", projectadmins)
def testGetScenariosUserDoesntHavePermission(self):
# If the user doesn't have the required permission, an empty
# queryset is returned.
scenario = ScenarioF.create(status_cache=Scenario.STATUS_APPROVED)
project = ProjectF.create()
scenario.set_project(project)
scenarioproject = ScenarioProject.objects.get(scenario=scenario, project=project)
scenarioproject.approved = True
scenarioproject.save()
user, _ = User.objects.get_or_create(username="******")
group = Group()
group.save()
user.groups.add(group)
group.projectgrouppermission_set.add(
ProjectGroupPermission(group=group, project=project, permission=UserPermission.PERMISSION_SCENARIO_VIEW)
)
pm = permission_manager.UserPermissionManager(user)
self.assertFalse(pm.check_permission(UserPermission.PERMISSION_SCENARIO_VIEW))
self.assertEquals(0, len(pm.get_scenarios()))
user.userpermission_set.add(UserPermission(permission=UserPermission.PERMISSION_SCENARIO_VIEW, user=user))
self.assertTrue(pm.check_permission(UserPermission.PERMISSION_SCENARIO_VIEW))
self.assertEquals(1, len(pm.get_scenarios()))
def create_user_groups(sender, **kwargs):
# Create Registers group
defined_group = Group(name='Registers')
defined_group.save()
# Create Doctors group
defined_group = Group(name='Doctors')
defined_group.save()
def handle(self, *args, **options):
# collect static files
call_command('collectstatic', interactive=False)
# setup the database
call_command('syncdb', interactive=True)
# setup database for the Testers group
try:
testers = Group.objects.get(name='Testers')
except Group.DoesNotExist:
testers = Group(name='Testers')
testers.save()
# setup the database for the Subjects group
try:
subjects = Group.objects.get(name='Subjects')
except Group.DoesNotExist:
subjects = Group(name='Subjects')
subjects.save()
self.stdout.write('Tally is successfully initialized')
# run the development server
call_command('runserver')
def init(self):
from modoboa.admin.models import User, Domain
ct = ContentType.objects.get(app_label="admin", model="domain")
dagrp = Group.objects.get(name="DomainAdmins")
grp = Group(name="Resellers")
grp.save()
grp.permissions.add(*dagrp.permissions.all())
ct = ContentType.objects.get_for_model(Permission)
for pname in ["view_permissions"]:
perm = Permission.objects.get(content_type=ct, codename=pname)
grp.permissions.add(perm)
ct = ContentType.objects.get_for_model(Domain)
for pname in ["view_domains", "add_domain", "change_domain", "delete_domain"]:
perm = Permission.objects.get(content_type=ct, codename=pname)
grp.permissions.add(perm)
grp.save()
for user in User.objects.filter(groups__name='DomainAdmins'):
try:
controls.create_pool(user)
except IntegrityError:
pass
def setUp(self):
self.accounts = [('user1', 'pwd1', 'useronefirstname', 'useronelastname'),
('user2', 'pwd2', 'usertwofirstname', 'usertwolastname'),
('user3', 'pwd3', 'userthreefirstname', 'userthreelastname')]
for (uname, pwd, first, last) in self.accounts:
user = User.objects.create_user(uname, '', pwd)
user.first_name = first
user.last_name = last
user.save()
profile = UserProfile(user=user,
isDjangoAccount=True)
profile.save()
self.users = User.objects.all()
self.client = Client()
login = self.client.login(username=self.accounts[0][0],
password=self.accounts[0][1])
self.assertTrue(login)
self.groups = ['group1', 'group2', 'group3', 'group4']
for groupname in self.groups:
group = Group(name=groupname)
group.save()
def allGroup(request):
newgroupname=request.POST.get('newGroup', '')
note=request.POST.get('note', '')
#me=userQuerySet.get(username=request.user.username)
me=request.user
if newgroupname:
groupQuerySet=Group.objects.all()
newGroup=Group(groupName=newgroupname, note=note)
newGroup.memberList.add(me)
newGroup.save()
os.makedirs('media/'+newgroupname+'/')
#me=userQuerySet.get(username=request.user.username)
#newGroup.usergroup_set.add(me)
me.group_set.add(newGroup)
#newGroup.save()
me.save()
joinGroupName=request.POST.get('join', '')
if joinGroupName:
groupQuerySet=Group.objects.all()
joinGroup=groupQuerySet.get(groupName=joinGroupName)
#me=userQuerySet.get(uername=request.user.username)
me.group_set.add(joinGroup)
me.save()
myGroup=me.group_set
return render_to_reponse('group.html', {'username': request.user.username, 'allGroup': Group.objects.all(), 'myGroup': myGroup})
def handle(self, *args, **options):
try:
importGroup = Group.objects.get(name__exact='Imported Users')
except ObjectDoesNotExist, e:
importGroup = Group()
importGroup.name = 'Imported Users'
importGroup.save()
def setUp(self):
g = Group(name='h')
g.save()
c = Cred(title='testcred', password='******', group=g)
c.save()
d = Cred(title='todelete', password='******', group=g)
d.save()
d.delete()
u = User(username='******')
u.save()
u.groups.add(g)
u.save()
f = User(username='******')
f.save()
s = User(username='******', is_staff=True)
s.save()
s.groups.add(g)
s.save()
self.c = c
self.d = d
self.u = u
self.f = f
self.s = s
def testGetScenariosPermissionScenarioView(self):
user, _ = User.objects.get_or_create(username="******")
group = Group()
group.save()
user.groups.add(group)
user.userpermission_set.add(UserPermission(permission=UserPermission.PERMISSION_SCENARIO_VIEW, user=user))
project = ProjectF.create()
# User can only see approved scenarios
scenario = ScenarioF.create(status_cache=Scenario.STATUS_APPROVED)
scenario.set_project(project)
scenarioproject = ScenarioProject.objects.get(scenario=scenario, project=project)
scenarioproject.approved = True
scenarioproject.save()
# So can't see this one
scenario2 = ScenarioF.create(status_cache=Scenario.STATUS_WAITING)
scenario2.set_project(project)
group.projectgrouppermission_set.add(
ProjectGroupPermission(group=group, project=project, permission=UserPermission.PERMISSION_SCENARIO_VIEW)
)
pm = permission_manager.UserPermissionManager(user)
self.assertTrue(pm.check_permission(UserPermission.PERMISSION_SCENARIO_VIEW))
scenarios = pm.get_scenarios()
self.assertEquals(len(scenarios), 1)
self.assertEquals(scenarios[0].id, scenario.id)
def create_product_group(self, sender, created, **kwargs):
if created:
group = Group(name='ppg@{}'.format(instance.id))
group.save()
self.first_owner.groups.add(group) #????????
self.product_group = group
self.save()
def create_group(request):
if request.method == "POST":
form_group_name = GroupNameHandlerForm(request.POST)
form_group_description = GroupDescriptionHandlerForm(request.POST)
if form_group_name.is_valid() and form_group_description.is_valid():
# create group
group_name = form_group_name.cleaned_data["group_name"]
group_description = form_group_description.cleaned_data["group_description"]
# group name must be unique!
# use user name + created time as group name
unique_group_name = "".join(("[real]", request.user.username, unicode(datetime.now())))
group = Group(name=unique_group_name)
group.save()
# create related group info to handle group information
group_info = GroupInfo(name=group_name, description=group_description, group=group, owner=request.user)
group_info.save()
# add user to group manager
group_info.manager.add(request.user)
# relate user to group
request.user.groups.add(group)
# redirect to group page
return redirect("group_page", group_info_id=group_info.id)
else:
form_group_name = GroupNameHandlerForm()
form_group_description = GroupDescriptionHandlerForm()
render_data_dict = {"form_group_name": form_group_name, "form_group_description": form_group_description}
return render(request, "group_info/create_group_page.html", render_data_dict)
def group_save(sender, instance, created, *args, **kwargs):
'''
Add Group to Django Groups
'''
from groups_manager.settings import GROUPS_MANAGER
if GROUPS_MANAGER['AUTH_MODELS_SYNC'] and instance.django_auth_sync:
# create a name compatible with django group name limit of 80 chars
prefix = GROUPS_MANAGER['GROUP_NAME_PREFIX']
suffix = GROUPS_MANAGER['GROUP_NAME_SUFFIX']
if suffix == '_$$random':
suffix = '_%s' % str(uuid4())[:8]
parent_name = ''
if instance.parent:
parent_name = '%s-' % instance.parent.name
name = '%s%s%s%s' % (prefix, parent_name, instance.name, suffix)
if not instance.django_group:
django_group = DjangoGroup(name=name)
django_group.save()
instance.django_group = django_group
instance.save()
elif (instance.django_group.name != name and
GROUPS_MANAGER['GROUP_NAME_SUFFIX'] != '_$$random') \
or (instance.django_group.name[:-len(suffix)] != name[:-len(suffix)] and
GROUPS_MANAGER['GROUP_NAME_SUFFIX'] == '_$$random'):
instance.django_group.name = name
instance.django_group.save()
def make_group(**kwargs):
i = get_next_id()
defaults = {'name': 'group{}'.format(i)}
defaults.update(**kwargs)
obj = Group(**defaults)
obj.save()
return obj
def create_profile(self, user, person, project, record_type, already_activated=False):
salt = hashlib.sha1(str(random.random())).hexdigest()[:5]
username = user.username
if isinstance(username, unicode):
username = username.encode('utf-8')
if already_activated:
activation_key = "ALREADY_ACTIVATED"
else:
activation_key = hashlib.sha1(salt+username).hexdigest()
create_user = self.create(user=user,activation_key=activation_key, person = person, project=project, record_type = record_type )
if already_activated:
user.is_active = True
user.is_staff = True
user.save()
from django.contrib.auth.models import Group
try:
g = Group.objects.get(name=record_type.clas)
except:
g = Group(name=record_type.clas)
g.save()
g.user_set.add(user)
return create_user
def user_add_group(user, group_name):
group = get_object_or_none(Group, name=group_name)
if not group:
group = Group(name=group_name)
group.save()
group.user_set.add(user)
return True
def post_save_project_handler(sender, **kwargs):
"""
fn that gets called after a QProject is saved;
if it's just been created, then the corresponding permissions and groups need to be setup
:param sender:
:param kwargs:
:return:
"""
created = kwargs.pop("created", True)
project = kwargs.pop("instance", None)
if created:
assert project.groups.count() == 0
for group_suffix, permission_prefixes in GROUP_PERMISSIONS.iteritems():
group_name = "{0}_{1}".format(project.name, group_suffix)
group = Group(
name=group_name
)
group.save()
for permission_prefix in permission_prefixes:
permission_codename = "{0}_{1}".format(permission_prefix, project.name)
permission_description = "{0} {1} instances".format(permission_prefix, project.name)
content_type = ContentType.objects.get(app_label=APP_LABEL, model='qproject')
(permission, created_permission) = Permission.objects.get_or_create(
codename=permission_codename,
name=permission_description,
content_type=content_type,
)
group.permissions.add(permission)
group.save()
project.groups.add(group)
def test_creation_with_m2m_relation(self):
class UserResource(ModelResource):
model = User
def url(self, instance):
return "/users/%i" % instance.id
group = Group(name='foo')
group.save()
form_data = {
'username': '******',
'password': '******',
'groups': [group.id]
}
request = self.req.post('/groups', data=form_data)
cleaned_data = dict(form_data)
cleaned_data['groups'] = [group]
mixin = CreateModelMixin()
mixin.resource = UserResource
mixin.CONTENT = cleaned_data
response = mixin.post(request)
self.assertEquals(1, User.objects.count())
self.assertEquals(1, response.cleaned_content.groups.count())
self.assertEquals('foo', response.cleaned_content.groups.all()[0].name)
def setUp(self):
self.tearDown()
User(id=1, username='******').save()
settings.ANONYMOUS_USER_ID=1
user = User(id=2, username='******')
user.set_password('secret')
user.save()
user1 = User(id=3, username='******')
user1.set_password('secret')
user1.save()
group = Group(name='testing_group')
group.save()
cluster = Cluster(hostname='test.osuosl.test', slug='OSL_TEST')
cluster.save()
dict_ = globals()
dict_['user'] = user
dict_['user1'] = user1
dict_['group'] = group
dict_['cluster'] = cluster
dict_['c'] = Client()
def add_event_editor(self):
group_permissions = [
{
'name': 'Event editor',
'permissions': ['add_event', 'change_event']
},
{
'name': 'Event admin',
'permissions': ['add_event', 'change_event', 'delete_event', 'delete_registration']
},
{
'name': 'Registration editor',
'permissions': ['add_registration', 'change_registration']
},
]
for group_permission in group_permissions:
try:
group = Group.objects.get(name=group_permission.get('name'))
except Group.DoesNotExist:
group = Group(name=group_permission.get('name'))
group.save()
for permission_name in group_permission.get('permissions'):
try:
permission = Permission.objects.get(codename=permission_name)
group.permissions.add(permission)
except Permission.DoesNotExist, e:
raise e
except Group.DoesNotExist, e:
raise e
def add_view(request, **kw):
context = kw
site = request.session['site']
context['site'] = site
if request.method == 'POST':
form = AddTeamForm(request.POST)
if form.is_valid():
members_group = Group(name = form.cleaned_data['title'] + ' Members')
members_group.save()
moderators_group = Group(name = form.cleaned_data['title'] + ' Moderators')
moderators_group.save()
team = Team(
title = form.cleaned_data['title'],
description = form.cleaned_data['description'],
membership_policy = form.cleaned_data['membership_policy'],
members_group = members_group,
moderators_group = moderators_group,
creator = request.user,
)
team.save()
if hasattr(site.active_section, '_counts'):
delattr(site.active_section, '_counts')
if hasattr(site.active_section, '_count_items'):
delattr(site.active_section, '_count_items')
request.user.groups.add(moderators_group)
return HttpResponseRedirect('/teams/detail/%s/' % team.id)
else:
form = AddTeamForm()
context['form'] = form
return render_to_response(
'teams/add.html',
context
)
def write_contacts():
global contacts
global allgroups
for group in allgroups :
grp = None
try:
grp = Group.objects.get(name=group)
except :
pass
if not grp :
grp = Group()
grp.name = group
grp.save()
for contact in contacts :
user = None
try:
user = User.objects.get(username=contact['email'])
except :
pass
if not user :
user = User()
user.username = contact['email']
user.email = contact['email']
user.is_active = False
user.last_name = contact['family_name']
user.first_name = contact['given_name']
user.save()
for grp in contact['groups']:
g = Group.objects.get(name=grp)
g.user_set.add(user)
user.save()
def setUp(self):
models.client.GanetiRapiClient = RapiProxy
vm, cluster = self.create_virtual_machine()
context = {}
self.create_standard_users(context)
self.create_users([
('user',{'id':69}),
('user1',{'id':88}),
('vm_admin',{'id':77}),
('vm_modify',{'id':75}),
('cluster_migrate',{'id':78}),
('cluster_admin',{'id':99}),
], context)
globals().update(context)
vm_admin.grant('admin', vm)
vm_modify.grant('modify', vm)
cluster_migrate.grant('migrate', cluster)
cluster_admin.grant('admin', cluster)
group = Group(id=42, name='testing_group')
group.save()
# XXX ensure namespaces for this module and child classes are updated
context['c'] = Client()
context['group'] = group
context['vm'] = vm
context['cluster'] = cluster
globals().update(context)
self.context.update(context)
def create_group(gname):
if Group.objects.filter(name=gname):
print " group exists for %s" % gname
return
g = Group(name=gname)
g.save()
print " created group %s" % gname
def groups():
'''sets up the groups'''
groupnames=[
{'n':'Principal',
'p':None},
{'n':'Bursar',
'p':None},
{'n':'Dean(Residence)',
'p':None},
{'n':'Dean(Academic Affairs)',
'p':None},
{'n':'Chaplain',
'p':None},
{'n':'Public Information Officer',
'p':None},
{'n':'Special Assignments',
'p':None},
{'n':'Administration',
'p':None},
{'n':'Staff Advisor',
'p':None},
{'n':'Faculty',
'p':None},
{'n':'Students',
'p':None}]
for i in groupnames:
a=Group()
a.name=i['n']
a.save()
def newregister(request):
get_authcode = lambda randcode: md5(settings.SECRET_KEY + randcode).hexdigest()
get_randcode = lambda: md5(str(getrandbits(64))).hexdigest()
error = ""
if request.method == "POST":
form = NewRegisterForm(request.POST)
if form.is_valid():
username = form.cleaned_data['saname']
password = form.cleaned_data['password1']
email = form.cleaned_data['email']
authcode = get_authcode(form.cleaned_data['randcode'])
error = None
randcode = form.cleaned_data['randcode']
if settings.REGISTER_SA_VERIFICATION:
try:
profile = SAProfile(username)
except URLError:
error = "Couldn't find your profile. Check you haven't made a typo and that SA isn't down."
if LIVE:
try:
if len(UserProfile.objects.filter(sa_id=profile.get_id())) > 0:
error = "You appear to have already registered with this SA account"
except IDNotFoundError:
error = "Your SA ID could not be found. Please contact Jonnty"
if not profile.has_authcode(authcode):
error = "Verification code not found on your profile."
if len(User.objects.filter(username__iexact=username)):
error = "This username has already been taken. Please contact Jonnty to get a different one."
if error is None:
user = User.objects.create_user(username=username, email=email, password=password)
try: g = Group.objects.get(name="Listener")
except Group.DoesNotExist:
g = Group(name="Listener")
g.save()
[g.permissions.add(Permission.objects.get(codename=s)) for s in permissions]
g.save()
user.groups.add(g)
user.save()
up = UserProfile(user=user)
if LIVE:
up.sa_id = profile.get_id()
up.save()
return HttpResponseRedirect(reverse(django.contrib.auth.views.login))
else:
randcode = request.POST['randcode']
else:
randcode = get_randcode()
form = NewRegisterForm(initial={'randcode': randcode})
authcode = get_authcode(randcode)
return render_to_response('register.html', {'form': form, 'authcode': authcode, 'error':error}, context_instance=RequestContext(request))
class RestfulAuthPasswordResetRequestTestCase(TestCase):
def setUp(self):
self.bronze = Group(name='Bronze')
self.bronze.save()
self.silver = Group(name='Silver')
self.silver.save()
self.user = User.objects.create_user('test',email='*****@*****.**',password='******',first_name='Joe',last_name='Bloggs')
self.correct_details = {
'username':'******',
}
self.client = APIClient()
def tearDown(self):
Group.objects.all().delete()
User.objects.all().delete()
self.client = None
def test_valid_reset_request(self):
"""Check a password reset email is sent provided all data is entered correctly"""
response = self.client.post('/password_reset/',self.correct_details,format='json')
self.assertEqual(response.status_code,status.HTTP_201_CREATED)
self.assertEqual(len(mail.outbox),1)
def test_reset_request_username_missing(self):
"""Check reset fails if the username is not recognised. Should report this error."""
self.correct_details.pop('username')
response = self.client.post('/password_reset/',self.correct_details,format='json')
data = json.loads(response.content)
self.assertEqual(response.status_code,status.HTTP_401_UNAUTHORIZED)
self.assertTrue('username' in data) # Check for error message
self.assertEqual(len(mail.outbox),0)
def handle(self, *args, **options):
groups = settings.DEFAULT_GROUPS
for groupname in groups:
try:
g = Group.objects.get(name=groupname)
except Group.DoesNotExist:
g = Group()
g.name = groupname
g.save()
if g.name == "Default":
g.user_set = User.objects.all()
g.permissions = []
for permission in groups[groupname]:
try:
p = Permission.objects.get(codename=permission)
g.permissions.add(p)
except Permission.DoesNotExist:
if permission[0] == "*":
permissions = Permission.objects.filter(content_type__model=permission.split("_")[1])
for p in permissions:
g.permissions.add(p)
g.save()
def test_group_logo_is_not_present_on_list_view(self):
"""
Verify that no logo exists in list view when a group doesn't have one.
"""
test_group = Group(name="tester")
test_profile = GroupProfile(
group=test_group,
title="test",
slug="test",
description="test",
access="public"
)
test_group.save()
test_profile.save()
response = self.client.get(
reverse("api_dispatch_list",
kwargs={"api_name": "api", "resource_name": "groups"})
)
response_payload = json.loads(response.content)
returned = response_payload["objects"]
group = [g for g in returned if g["title"] == test_profile.title][0]
self.assertEqual(200, response.status_code)
self.assertIsNone(group["logo"])
class MyTardisResourceTestCase(ResourceTestCase):
'''
abstract class without tests to combine common settings in one place
'''
def setUp(self):
super(MyTardisResourceTestCase, self).setUp()
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(username=self.username,
password=self.password)
test_auth_service = AuthService()
test_auth_service._set_user_from_dict(
self.user,
user_dict={'first_name': 'Testing',
'last_name': 'MyTardis API',
'email': '*****@*****.**'},
auth_method="None")
self.user_profile = UserProfile(user=self.user).save()
self.testgroup = Group(name="Test Group")
self.testgroup.save()
self.testgroup.user_set.add(self.user)
self.testfacility = Facility(name="Test Facility",
manager_group=self.testgroup)
self.testfacility.save()
self.testinstrument = Instrument(name="Test Instrument",
facility=self.testfacility)
self.testinstrument.save()
def get_credentials(self):
return self.create_basic(username=self.username,
password=self.password)
def get_apikey_credentials(self):
return self.create_apikey(username=self.username,
api_key=self.user.api_key.key)
def make(request):
user_id = request.POST.get('userid')
action = request.POST.get('action')
if user_id and action:
user = User.objects.get(id=user_id)
try:
group = Group.objects.get(name="teacher")
except ObjectDoesNotExist:
group = Group(name="teacher")
group.save()
if action == 'set':
group.user_set.add(user)
# create Message
title = "<" + request.user.first_name + u">設您為教師"
url = "/teacher/classroom"
message = Message(title=title,
url=url,
publication_date=timezone.now())
message.save()
# message for group member
messagepoll = MessagePoll(message_id=message.id, reader_id=user_id)
messagepoll.save()
else:
group.user_set.remove(user)
# create Message
title = "<" + request.user.first_name + u">取消您為教師"
url = "/"
message = Message(title=title,
url=url,
publication_date=timezone.now())
message.save()
# message for group member
messagepoll = MessagePoll(message_id=message.id, reader_id=user_id)
messagepoll.save()
return JsonResponse({'status': 'ok'}, safe=False)
else:
return JsonResponse({'status': 'no'}, safe=False)
def create_groups_users(self):
if not Group.objects.exists():
for group in GROUPS:
group = Group(name=group)
group.save()
if not User.objects.exists():
superuser = User.objects.create_superuser(
username="******", email="*****@*****.**", password="******"
)
superuser.save()
agent = User.objects.create_user(
username="******", email="*****@*****.**", password="******"
)
agent.agency = Agency.objects.all().first()
agent.save()
agent = User.objects.all().filter(
username="******"
).first()
group = Group.objects.get(name=GROUPS[0])
group.user_set.add(agent)
def RoleAgregar(request):
currentUser = User.objects.get(id=request.user.id)
if (currentUser.is_superuser):
form = GrupoForm(request.POST)
if form.is_valid():
nombreGrupo = request.POST['groupName']
if Group.objects.filter(name__iexact=nombreGrupo):
messages.add_message(request, messages.WARNING, 'Rol ya existe!')
rol = Group(name=nombreGrupo)
return render(request, 'RolesEdit.html', {'rol': rol, 'action': '/rol/add/', 'titulo': 'Crear Rol'})
else:
rol = Group.objects.create(name=nombreGrupo)
rol.save()
messages.add_message(request, messages.SUCCESS,
'Rol Agregado!') # Debo cambiar que los mensajes aparezcan en listar
return HttpResponseRedirect('/rol/todos')
else:
data = {
'error': 'agregar roles'
}
return render(request, 'sinPermisos.html', data)
def test_access_equality_op3(self):
"""
Group attribute differs => access models won't be equal.
"""
g1 = Group(name="G1")
g1.save()
g2 = Group(name="G2")
g2.save()
some_folder = Folder.objects.create(title="some_folder",
user=self.uploader_user)
a1 = Access(access_type=Access.ALLOW,
access_inherited=False,
node=some_folder,
group=g1)
a2 = Access(access_type=Access.ALLOW,
access_inherited=False,
node=some_folder,
group=g2)
a1.save()
a2.save()
# group attribute differ
self.assertNotEqual(a1, a2)
def post(self, request):
result = {}
hu = HttpUtils(self.request)
input_dict = hu.getRequestParam()
if input_dict is not None:
try:
if "id" in input_dict.keys():
id = request.data["id"]
g = Group.objects.get(id=id)
g.group_id = input_dict.get('group_id', g.group_id)
g.user_id = input_dict.get('user_id', g.user_id)
g.save()
result['status'] = 0
result['msg'] = "保存成功"
else:
group_id = input_dict.get('group_id', '')
user_id = input_dict.get('user_id', '')
error = ''
if not group_id:
error = 'GroupId不能为空'
elif not user_id:
error = 'UserId不能为空'
if error:
return HttpResponseBadRequest(error)
g = Group(group_id=group_id,user_id=user_id)
g.save()
result['status'] = 0
result['msg'] = "保存成功"
result['id'] = g.id
# result['info'] = ModuleSerializer(g).data
except Exception as e:
logger.error(e)
result['status'] = 1
result['msg'] = "保存失败"
return HttpResponseBadRequest(result['msg'])
return HttpResponse(json.dumps(result),content_type='application/json')
def run(self, params, args):
# Allow creation of one group only
if len(args) != 1:
raise ArgRequired(self, "group name")
groupname = args[0]
# Check to see if group name is alphanumeric
if not groupname.isalnum():
raise ArgError(self, "Group name", "must be alphanumeric")
# Check to see if group exists
try:
g = Group.objects.get(name=groupname)
except Group.DoesNotExist:
g = None
if g:
raise CommandError(self, "Group %s is already in use" % g)
# Create group
g = Group()
g.name = groupname
g.save()
class AuthUserViewTest(TestCase):
def setUp(self):
group_name = "My Test Group"
self.group = Group(name=group_name)
self.group.save()
self.user = User(
username='******',
email='*****@*****.**',
is_active=True,
is_staff=True,
is_superuser=True,
)
self.user.set_password('test')
self.user.save()
def test_user_noLogin(self):
""" The User don't have been login """
response = self.client.get(reverse('auth_user_list'))
#self.assertContains(response.context,url)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url,
"/accounts/login/?next=/lte/auth/user/list")
def test_user_list(self):
""" The user can load the users list, when it's login """
self.client.login(username='******', password='******')
response = self.client.get(reverse('auth_user_list'))
#print (response)
self.assertEqual(response.status_code, 200)
self.assertQuerysetEqual(response.context['object_list'],
['<User: test>'])
def test_user_group_list(self):
""" The user can lad group, when it's login """
self.client.login(username='******', password='******')
response = self.client.get(reverse('auth_user_groups_list'))
#print (response)
self.assertQuerysetEqual(response.context['object_list'], [])
def test_creation_with_m2m_relation(self):
"""Ensure that a model object with a m2m relation can be created"""
group = Group(name='foo')
group.save()
self.assertEqual(0, User.objects.count())
response = self.client.post('/users/', {
'username': '******',
'password': '******',
'groups': [group.id]
})
self.assertEqual(response.status_code, 201)
self.assertEqual(1, User.objects.count())
user = User.objects.all()[0]
self.assertEqual('bar', user.username)
self.assertEqual('baz', user.password)
self.assertEqual(1, user.groups.count())
group = user.groups.all()[0]
self.assertEqual('foo', group.name)
class RestfulAuthPasswordResetRequestTestCase(TestCase):
def setUp(self):
self.bronze = Group(name='Bronze')
self.bronze.save()
self.silver = Group(name='Silver')
self.silver.save()
self.user = User.objects.create_user('test',
email='*****@*****.**',
password='******',
first_name='Joe',
last_name='Bloggs')
self.correct_details = {
'username': '******',
}
self.client = APIClient()
def tearDown(self):
Group.objects.all().delete()
User.objects.all().delete()
self.client = None
def test_valid_reset_request(self):
"""Check a password reset email is sent provided all data is entered correctly"""
response = self.client.post('/password_reset/',
self.correct_details,
format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(len(mail.outbox), 1)
def test_reset_request_username_missing(self):
"""Check reset fails if the username is not recognised. Should report this error."""
self.correct_details.pop('username')
response = self.client.post('/password_reset/',
self.correct_details,
format='json')
data = json.loads(response.content)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertTrue('username' in data) # Check for error message
self.assertEqual(len(mail.outbox), 0)
def form_valid(self, form):
# event
config['event_name'] = form.cleaned_data['event_name']
config['event_description'] = form.cleaned_data['event_description']
config['event_date'] = form.cleaned_data['event_date']
config['event_location'] = form.cleaned_data['event_location']
config['event_organizer'] = form.cleaned_data['event_organizer']
# welcome widget
config['welcome_title'] = form.cleaned_data['welcome_title']
config['welcome_text'] = form.cleaned_data['welcome_text']
# system
if form.cleaned_data['system_enable_anonymous']:
config['system_enable_anonymous'] = True
# check for Anonymous group and (re)create it as needed
try:
anonymous = Group.objects.get(name='Anonymous')
except Group.DoesNotExist:
default_perms = [
'can_see_agenda', 'can_see_projector', 'can_see_motion',
'can_see_assignment', 'can_see_dashboard'
]
anonymous = Group()
anonymous.name = 'Anonymous'
anonymous.save()
anonymous.permissions = Permission.objects.filter(
codename__in=default_perms)
anonymous.save()
messages.success(self.request,
_('Anonymous access enabled. Please modify the "Anonymous" ' \
'group to fit your required permissions.'))
else:
config['system_enable_anonymous'] = False
messages.success(self.request,
_('General settings successfully saved.'))
return super(GeneralConfig, self).form_valid(form)
def handle(self, *args, **options):
# Create Admin
try:
user = User.objects.create_user('admin', '*****@*****.**', 'admin')
user.is_superuser = True
user.is_staff = True
user.save()
except IntegrityError:
pass
# Pillbox Group
try:
group = Group()
group.name = 'Pillbox'
group.save()
except IntegrityError:
# Group already exists, so just pass
group = Group.objects.filter(name='Pillbox')[:1].get()
# Grab need permission ids
permissions = Permission.objects.all()
for p in permissions:
if p.content_type.model not in ['group', 'permission', 'user']:
if 'add' not in p.name or (p.content_type.model == 'import' and 'add' in p.name):
group.permissions.add(p)
# Create Pillbox User
try:
user = User.objects.create_user('pillbox', '*****@*****.**', 'pillbox')
user.is_staff = True
user.groups.add(group)
user.save()
except IntegrityError:
# User already exists, so just passs
pass
def set_perms(groups, output=True):
pmap = {'a': 'add_', 'c': 'change_', 'd': 'delete_'}
for g in groups:
query = Group.objects.filter(name=g['name'])
if query.count() == 0:
group = Group(name=g['name'])
group.save()
if output:
print("Added Group: %s" % g['name'])
else:
if output:
print("Using Group: %s" % g['name'])
group = query[0]
for c in g['codes']:
for key, prefix in list(pmap.items()):
if key in c[1]:
codename = prefix + c[0]
q = group.permissions.filter(codename=codename)
if q.count() == 0:
pm = Permission.objects.get(codename=codename)
group.permissions.add(pm)
if output:
print(" Added Permission: %s" % codename)
else:
if output:
print(" Skipping Permission: %s" % codename)
if output:
print("")
if output:
print("Set Permissions Complete\n\n")
class AdminViewTestCase(TestCase):
def setUp(self):
group_name = "My Test Group"
self.group = Group(name=group_name)
self.group.save()
self.user = User(
username='******',
email='*****@*****.**',
is_active=True,
is_staff=True,
is_superuser=True,
)
self.user.set_password('test')
self.user.save()
self.client.login(username='******', password='******')
def tearDown(self):
self.client.logout()
def test_user_can_access(self):
"""user in group should have access
"""
self.user.groups.add(self.group)
self.user.save()
self.client.login(username='******', password='******')
response = self.client.get(reverse('auth_user_list'))
self.assertEqual(response.status_code, 200)
def test_admin_not_broken(self):
response = self.client.get('/admin/')
self.assertContains(response, '/admin/password_change/')
self.assertNotContains(response,
"You don't have permission to edit anything")
def test_admin_auth_not_broken(self):
response = self.client.get('/admin/auth/')
self.assertEqual(response.status_code, 200, response)
def test_dataset(self):
exp = Experiment(title='test exp1',
institution_name='monash',
created_by=self.user)
exp.save()
exp2 = Experiment(title='test exp2',
institution_name='monash',
created_by=self.user)
exp2.save()
group = Group(name="Test Manager Group")
group.save()
group.user_set.add(self.user)
facility = Facility(name="Test Facility", manager_group=group)
facility.save()
instrument = Instrument(name="Test Instrument", facility=facility)
instrument.save()
dataset = Dataset(description='test dataset1')
dataset.instrument = instrument
dataset.save()
dataset.experiments.set([exp, exp2])
dataset.save()
dataset_id = dataset.id
del dataset
dataset = Dataset.objects.get(pk=dataset_id)
self.assertEqual(dataset.description, 'test dataset1')
self.assertEqual(dataset.experiments.count(), 2)
self.assertIn(exp, list(dataset.experiments.iterator()))
self.assertIn(exp2, list(dataset.experiments.iterator()))
self.assertEqual(instrument, dataset.instrument)
target_id = Dataset.objects.first().id
self.assertEqual(
dataset.get_absolute_url(), '/dataset/%d' % target_id,
dataset.get_absolute_url() + ' != /dataset/%d' % target_id)
class GroupTestCase(TestCase):
""" test user group permissions """
def setUp(self):
self.credentials = base64.b64encode(b'email:password').decode("ascii")
self.client.defaults[
'HTTP_AUTHORIZATION'] = 'Basic ' + self.credentials
self.group = Group(name='test')
self.group.save()
self.group.permissions.add(
Permission.objects.get(name='Can add Firma'))
self.user = User.objects.create_user(email="*****@*****.**",
password="******")
self.user.is_staff = True
def test_user_can_access(self):
""" tests if user with new group can access """
self.user.groups.add(self.group)
self.user.save()
self.client.force_login(self.user, backend=None)
response = self.client.get('/company/company/add/')
self.assertEqual(response.status_code, 200,
u'user in group should have access')
def test_user_cannot_access(self):
""" tests if user without group cannot access """
self.user.save()
self.client.force_login(self.user, backend=None)
response = self.client.get('/company/company/add/')
self.assertEqual(response.status_code, 403,
u'user not in group should have not access')
def tearDown(self):
Group.objects.all().delete()
User.objects.all().delete()
def test_memorify_single_relation_hidden_None():
setup_test_environment()
old_name = "django_app"
from django.db import connection
old_name = connection.creation.create_test_db(verbosity=1,
autoclobber=True)
user = User()
user.username = "******"
user.save()
group = Group()
group.name = "test group"
group.save()
user.groups.add(group)
user.save()
memorify_m2m(user, {'groups': [1]})
connection.creation.destroy_test_db(old_name, 1)
teardown_test_environment()
def test_unconfigured_group(self):
with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=[]):
# After login the user will be created
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
query = User.objects.all()
# Ensure the user was created
self.assertEqual(query.count(), 1)
user = User.objects.get(username='******')
# The user should have no groups
self.assertEqual(user.groups.all().count(), 0)
# Create a group and add the user
g = Group(name='Testgroup')
g.save()
# Now we should have exactly one group
self.assertEqual(Group.objects.all().count(), 1)
g.user_set.add(user)
# Now the user should be in exactly one group
self.assertEqual(user.groups.all().count(), 1)
self.client.get(reverse('shibauth_rit:shibauth_info'),
**settings.SAMPLE_HEADERS)
# After a request the user should still be in the group.
self.assertEqual(user.groups.all().count(), 1)
def test_content_delete_authenticated_group_permission_can_delete(self):
g = Group()
g.name = 'test'
g.save()
g.user_set.add(self.test_user)
permission = DBLayerGroup()
permission.can_view = False
permission.can_edit = False
permission.can_delete = True
permission.can_update = False
permission.layer = self.layer
permission.group = g
permission.save()
self.login_test_user()
url = reverse('content-detail',
kwargs={
'name': self.layer.name,
'pk': self.location.pk
})
response = self.client.delete(url)
self.assertEqual(response.status_code, 204)
def setUp(self):
self.accounts = [
('user1', 'pwd1', 'useronefirstname', 'useronelastname'),
('user2', 'pwd2', 'usertwofirstname', 'usertwolastname'),
('user3', 'pwd3', 'userthreefirstname', 'userthreelastname')]
for (uname, pwd, first, last) in self.accounts:
user = User.objects.create_user(uname, '', pwd)
user.first_name = first
user.last_name = last
user.save()
self.users = User.objects.all()
self.client = Client()
login = self.client.login(username=self.accounts[0][0],
password=self.accounts[0][1])
self.assertTrue(login)
self.groups = ['group1', 'group2', 'group3', 'group4']
for groupname in self.groups:
group = Group(name=groupname)
group.save()
def create(email: str, password: str, firstname: str,
phone: str) -> 'Customer':
if User.objects.filter(email=email).exists():
raise IntegrityError("Email ID Duplicated")
customer = Customer()
customer.email = email
customer.user = User.objects.create_user(email, email, password)
customer.user.first_name = firstname
customer.phone = phone
customer.user.save()
try:
g = Group.objects.get(name=Customer.GROUP_NAME)
except Group.DoesNotExist:
g = Group(name=Customer.GROUP_NAME)
g.save()
try:
customer.save()
except IntegrityError:
customer.user.delete()
raise IntegrityError("Email ID Duplicated")
g.user_set.add(customer.user)
g.save()
return customer
def test_group_member_in_group_allowed(self):
from django.contrib.auth.models import Group
group = Group(name="allowed_group")
other_group = Group(name="other_group")
group.save()
other_group.save()
policy = OpenIDClientPolicy(openid_client=self.oidc_client)
policy.allow_groups.set([group, other_group])
policy.save()
user = get_user_model()(username="******",
email="*****@*****.**")
user.save()
user.groups.set([group])
user.save()
self.assertTrue(policy.is_user_allowed(user))
other_group.delete()
group.delete()
user.delete()
policy.delete()
def groupadd(request):
if request.method == 'GET':
# 读取所有的权限
perms = Permission.objects.exclude(name__istartswith='Can')
context = {'perms': perms}
return render(request, 'auth/group/add.html', context)
elif request.method == 'POST':
# 创建组
g = Group(name=request.POST['name'])
g.save()
# 获取选择的所有权限
prms = request.POST.getlist('prms', None)
# 判断是否需要给组添加权限
if prms:
# 给组分配权限
g.permissions.set(prms)
g.save()
return HttpResponse(
'<script>location.href="/myadmin/auth/group/list"</script>')
def GroupCreateView(request):
context = {}
context["users"] = User.objects.all()
if request.method == "GET":
return render_to_response(
"system/group_edit.html",
context,
context_instance = RequestContext(request)
)
else:
group = Group(
name = request.POST.get("name")
)
group.save()
users_id = request.POST.getlist("users")
if users_id:
for id in users_id:
group.user_set.add(
User.objects.get(pk=int(id))
)
return HttpResponseRedirect(
"/system/group/"
)
def _prepare(cls, create, **kwargs):
password = kwargs.pop('password', None)
user = super(StaffFactory, cls)._prepare(create, **kwargs)
if password:
user.set_password(password)
if create:
user.save()
group_staff = Group.objects.filter(name='staff').first()
if group_staff is None:
group_staff = Group(name='staff')
group_staff.save()
hat, _ = Hat.objects.get_or_create(name__iexact='Staff',
defaults={'name': 'Staff'})
hat.group = group_staff
hat.save()
perms = Permission.objects.filter(codename__startswith='change_').all()
for perm in perms:
group_staff.permissions.add(perm)
user.groups.add(group_staff)
user.save()
return user
def group_add(request):
vinfo = viewinfo.prepare(request)
error_message = None
if len(request.POST) > 0 and 'name' in request.POST:
try:
group_get = Group.objects.get(name=request.POST['name'])
error_message = 'Group already exists'
except Group.DoesNotExist:
group_create = Group(name=request.POST['name'])
group_create.save()
return redirect('config:groups-list')
else:
instance_id = 0
context = viewinfo.context(vinfo)
localcontext = {
'error_message': error_message,
}
context.update(localcontext)
return render(request, 'config/group_add.html', context)
def setUp(self):
# scenario - topic1 :
# post1 - user1 - unread
# post2 - user2 - unread
self.user1 = ProfileFactory().user
self.user2 = ProfileFactory().user
self.outsider = ProfileFactory().user
# Create the bot accound and add it to the bot group
self.bot = ProfileFactory().user
bot_group = Group(name=settings.ZDS_APP["member"]["bot_group"])
bot_group.save()
self.bot.groups.add(bot_group)
self.topic1 = PrivateTopicFactory(author=self.user1)
self.topic1.participants.add(self.user2)
self.post1 = PrivatePostFactory(privatetopic=self.topic1,
author=self.user1,
position_in_topic=1)
self.post2 = PrivatePostFactory(privatetopic=self.topic1,
author=self.user2,
position_in_topic=2)
def test_creation_with_m2m_relation_through(self):
"""
Ensure that a model object with a m2m relation can be created where that
relation uses a through table
"""
group = Group(name='foo')
group.save()
self.assertEqual(0, User.objects.count())
response = self.client.post('/customusers/', {
'username': '******',
'groups': [group.id]
})
self.assertEqual(response.status_code, 201)
self.assertEqual(1, CustomUser.objects.count())
user = CustomUser.objects.all()[0]
self.assertEqual('bar', user.username)
self.assertEqual(1, user.groups.count())
group = user.groups.all()[0]
self.assertEqual('foo', group.name)
class LoggedInTestCase(TestCase):
def setUp(self):
Product.objects.create(code='Machine1',
name='machine_1 desc',
type='maszyny',
mark='M',
price_a=10,
price_b=5,
price_c=7,
price_d=15,
is_active=True,
availability=10)
group_name = "Dystrybutorzy_B"
self.group_b = Group(name=group_name)
self.group_b.save()
group_name = "Dystrybutorzy_C"
self.group_c = Group(name=group_name)
self.group_c.save()
self.user = User.objects.create_user('adam', '*****@*****.**',
'adampassword')
self.client.login(username='******', password='******')
def test_group_logo_is_present_on_list_view(self):
"""Verify that a group's logo is rendered on list view."""
test_group = Group(name="tester")
test_profile = GroupProfile(group=test_group,
title="test",
slug="test",
description="test",
access="public",
logo=SimpleUploadedFile(
"dummy-file.jpg", b"dummy contents"))
test_group.save()
test_profile.save()
response = self.client.get(
reverse("api_dispatch_list",
kwargs={
"api_name": "api",
"resource_name": "groups"
}))
response_payload = json.loads(response.content)
returned = response_payload["objects"]
group = [g for g in returned if g["title"] == test_profile.title][0]
self.assertEqual(200, response.status_code)
self.assertEqual(group["logo"], test_profile.logo.url)
def readd_group(group_name, perms=[], direct_add=False):
"""
Add permission from perms to group_name group.
If group doesn't exist, new one is created.
If direct_add is True, then perms is assumed to be Permission's instance. Otherwise it should be a string.
"""
g = None
try:
# delete group if exist
Group.objects.get(name=group_name).delete()
except Group.DoesNotExist:
pass
# create a new one
g = Group(name=group_name)
g.save()
for perm in perms:
if direct_add or isinstance(perm, Permission):
p = perm
else:
p = Permission.objects.get(codename=perm)
assert isinstance(p, Permission)
g.permissions.add(p)
g.save()
