def checkAndCreateModelPermissions(appName): from django.db.models.loading import get_app from django.db import models app = get_app(appName) for i in dir(app): try: a = app.__getattribute__(i) if issubclass(a, models.Model): checkAndCreateModelPermission(a) except: pass try: ct = ContentType.objects.get_for_model(Transaction) Permission(content_type=ct, codename='init_database', name='Init database').save() except: pass try: ct = ContentType.objects.get_for_model(Group) Permission(content_type=ct, codename='browse_' + Group.__name__.lower(), name='Can browse %s' % Group.__name__).save() except: pass
def test_add_groups_add_permissions(self): '''Tests adding a group to a user and add a permission to the group''' p1 = Permission() p1.name = 'Can Create' p1.codename = 'can_create' p1.content_type = ContentType.objects.get(id=1) p1.save() g1 = Group() g1.name = "employee" g1.save() g1.permissions.add(p1) g1.save() p2 = Permission() p2.name = 'Can Delete' p2.codename = 'can_delete' p2.content_type = ContentType.objects.get(id=1) p2.save() g2 = Group() g2.name = "manager" g2.save() g2.permissions.add(p2) g2.save() self.u1.groups.add(g1) self.u1.groups.add(g2) self.assertTrue(self.u1.groups.filter(name="employee")) self.assertTrue(self.u1.groups.filter(name="manager")) self.assertTrue(self.u1.has_perm(p1.name)) self.assertTrue(self.u1.has_perm(p2.name))
def setUp(self): """ Set up dependent objects """ super(ItemTest, self).setUp() self.ct = ContentType(app_label="po") self.ct.save() self.p = Permission(codename="add_purchaseorder", content_type=self.ct) self.p.save() self.p2 = Permission(codename="change_purchaseorder", content_type=self.ct) self.p2.save() #Create the user self.username = '******' self.password = '******' self.user = User.objects.create_user( self.username, '*****@*****.**', self.password) self.user.save() self.user.user_permissions.add(self.p) self.user.user_permissions.add(self.p2) self.client.login(username=self.username, password=self.password) self.supplier = Supplier(**base_supplier) self.supplier.save() self.address = Address(**base_address) self.address.contact = self.supplier self.address.save() self.contact = SupplierContact(name='test', email='*****@*****.**', telephone=1234, primary=True) self.contact.supplier = self.supplier self.contact.save() self.supply = Fabric.create(**base_fabric) #self.supply.units = "m^2" self.supply.save() self.po = PurchaseOrder() self.po.employee = self.user self.po.supplier = self.supplier self.po.terms = self.supplier.terms self.po.vat = 7 self.po.order_date = datetime.datetime(2014, 3, 2) self.po.save() self.item = Item(unit_cost=Decimal('13.55'), quantity=Decimal('10'), supply=self.supply) self.item.description = self.supply.description self.item.purchase_order = self.po self.item.save()
def create_user(self): self.user = User.objects.create_user('test', '*****@*****.**', 'test') self.ct = ContentType(app_label='acknowledgements') self.ct.save() perm = Permission(content_type=self.ct, codename='change_item') perm.save() self.user.user_permissions.add(perm) perm = Permission(content_type=self.ct, codename='change_fabric') perm.save() self.user.user_permissions.add(perm) self.assertTrue(self.user.has_perm('acknowledgements.change_item')) return self.user
def setUp(self): self.product_type = Product_Type() self.user = Dojo_User() self.group = Group() self.permission_a = Permission() self.permission_a.codename = 'a' self.permission_b = Permission() self.permission_b.codename = 'b' self.permission_c = Permission() self.permission_c.codename = 'c'
def save(self, force_insert=False, force_update=False, using=None, update_fields=None): try: content_type1 = ContentType.objects.get(app_label="frontend", model="Article") except: content_type1 = ContentType(app_label="frontend", model="Article", name="文章板块权限") content_type1.save() try: content_type2 = ContentType.objects.get(app_label="frontend", model="Slider") except: content_type2 = ContentType(app_label="frontend", model="Slider", name="幻灯片推送权限") content_type2.save() try: content_type3 = ContentType.objects.get(app_label="frontend", model="Activity") except: content_type3 = ContentType(app_label="frontend", model="Activity", name="活动发布权限") content_type3.save() translate = {"add": "添加", "delete": "删除", "change": "修改"} for permission in ["add", "delete", "change"]: try: codename = permission + "_" + self.codename + "_articles" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的文章" codename = permission + "_" + self.codename + "_articles" p = Permission(name=name, content_type=content_type1, codename=codename) p.save() try: codename = permission + "_" + self.codename + "_sliders" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的幻灯片" codename = permission + "_" + self.codename + "_sliders" p = Permission(name=name, content_type=content_type2, codename=codename) p.save() try: codename = permission + "_" + self.codename + "_activities" Permission.objects.get(codename=codename) except: name = "允许" + translate[permission] + " " + self.name + " 内的活动" codename = permission + "_" + self.codename + "_activities" p = Permission(name=name, content_type=content_type3, codename=codename) p.save() if self.order == None: self.order = self.id result = super(MainMenu, self).save() return result
def test_put_change_groups(self): """ Tests adding a group to a user """ #Create groups to be added group1 = Group(name="Testing") group1.save() #Create group to be removed group2 = Group(name='Bye') group2.save() self.user.groups.add(group2) #Create a permission ct = ContentType(name='test') ct.save() perm = Permission(codename='test', name='test', content_type=ct) perm.save() group1.permissions.add(perm) perm = Permission(codename='removed', name='removed', content_type=ct) perm.save() group2.permissions.add(perm) #Check that user has group to be removed and the permissions of that group self.assertEqual(self.user.groups.count(), 1) self.assertEqual(self.user.groups.all()[0].name, 'Bye') #Test the api and response resp = self.client.put('/api/v1/user/1/', format='json', data={ 'username': '******', 'email': '*****@*****.**', 'first_name': 'Charlie', 'last_name': 'P', 'groups': [{ 'id': 1, 'name': 'Testing' }] }) self.assertEqual(resp.status_code, 200) self.assertEqual(self.user.groups.count(), 1) self.assertEqual(self.user.groups.all()[0].name, 'Testing') #Tests the returned data user = resp.data self.assertEqual(len(user['groups']), 1) self.assertIn('id', user['groups'][0]) self.assertIn('name', user['groups'][0])
def set_admin_permission(group): view_stats = Permission( name='Can view site stats', codename=GroupPermission.STATS.value, content_type=ContentType.objects.get_for_model(UserProfile)) view_stats.save() view_coaches = Permission( name='Can view coach details', codename=GroupPermission.COACH.value, content_type=ContentType.objects.get_for_model(Coach)) view_coaches.save() group.permissions.add(view_stats) group.permissions.add(view_coaches) group.save()
def test_current_user_multiple_permissions(self): can_perm = Permission(content_type=self.content_type, name='Can something', codename='can_something') can_perm.save() self.user.user_permissions.add(can_perm) cannot_perm = Permission(content_type=self.content_type, name='Cannot something', codename='cannot_something') cannot_perm.save() response, json = self.do_get(self.user_perm_q, dict(q=['foo.example', 'auth.can_something', 'auth.cannot_something']), username=self.user.username) self.assertEquals(response.status_code, 200) permissions = json['permissions'] self.assertEquals(permissions['foo.example'], False, json) self.assertEquals(permissions['auth.can_something'], True, json) self.assertEquals(permissions['auth.cannot_something'], False, json)
def test_user_permission_not_allowed(self): permission = Permission(content_type=self.content_type, name='Can something', codename='can_something') permission.save() response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something')) self.assertEquals(response.status_code, 200) self.assertEquals(json['is-allowed'], False, json)
def post(self, request): """ content_type_id = request.POST.get("content_type") codename = request.POST.get("codename") name = request.POST.get("name") try: content_type = ContentType.objects.get(pk=content_type_id) except ContentType.DoesNotExist: return redirect("error", next="permission_list", msg="模型不存在") if not codename or codename.find(" ") >=0 : return redirect("error", next="permission_list", msg="codename 不合法") try: Permission.objects.create(codename=codename, content_type=content_type,name=name) except Exception as e: return redirect("error", next="permission_list", msg=e.args) return redirect("success", next="permission_list") """ permissionform = CreatePermissionForm(request.POST) if permissionform.is_valid(): permission = Permission(**permissionform.cleaned_data) try: permission.save() return redirect("success", next="permission_list") except Exception as e: return redirect("error", next="permission_list", msg=e.args) else: return redirect("error", next="permission_list", msg=json.dumps(permissionform.errors.as_json(), ensure_ascii=False))
def _get_or_create_perm(perm): from django.contrib.contenttypes.models import ContentType from django.db import models if not perm: return None try: app, model, name = perm.split('.') except ValueError: return None # NOTE: This check is added to support local userdb database connection. # TODO: Ensure this is right. m = models.get_model(app, model, only_installed=False) if not m: return None try: return Permission.objects.get_by_natural_key(name, app, model) except Permission.DoesNotExist: try: ct = ContentType.objects.get_by_natural_key(app, model) perm = Permission(name=name, content_type=ct, codename=name) perm.save() return perm except ContentType.DoesNotExist: return None except ContentType.DoesNotExist: return None
def setUp(self): """ Set up the environment for the test cases """ super(GroupResourceTest, self).setUp() self.username = '******' self.password = '******' self.user = User.objects.create_superuser('tester', '*****@*****.**', 'test') self.user.user_permissions.add( Permission.objects.get(codename="add_user")) self.api_client.client.login(username='******', password='******') #Create a group self.group = Group(name="God") self.group.save() #Create a permission self.ct = ContentType(name='test') self.ct.save() self.permission = Permission(name='Test', codename='test', content_type=self.ct) self.permission.save() self.group.permissions.add(self.permission)
def get_missing_permissions_for_app_config(app_config): """ Return missing permissions for a given app config """ # get existing contenttypes ctypes = get_all_contenttypes_for_app_config(app_config) if not ctypes: return [] # get all permissions that should exist searched_perms = get_searched_permissions(ctypes) if not searched_perms: return [] # get existing permissions all_perms = get_all_permissions([ctype for ctype, klass in ctypes]) # build missing permissions perms = [ Permission(codename=codename, name=name, content_type=ct) for ct, (codename, name) in searched_perms if (ct.pk, codename) not in all_perms ] return perms
def add_owner_permissions(): owner_ct = ContentType.objects.get(app_label='pet', model='owner') is_owner = Permission(name='Is Owner', codename='is_a_owner', content_type=owner_ct) is_owner.save() return is_owner
def post(self, request): ret = {'result': 0, 'msg': None} ## ajax 请求的权限验证 if not request.user.has_perm(self.permission_required): ret["result"] = 1 ret["msg"] = "Sorry,你没有'添加 permission 模型对象'的权限,请联系运维!" return JsonResponse(ret) perms_form = PermissionAddForm(request.POST) if not perms_form.is_valid(): ret['result'] = 1 error_msg = json.loads( perms_form.errors.as_json(escape_html=False)) ret["msg"] = '\n'.join( [i["message"] for v in error_msg.values() for i in v]) return JsonResponse(ret) try: perm = Permission(**perms_form.cleaned_data) except Exception as e: ret['result'] = 1 ret['msg'] = e.args else: perm.save() ret['msg'] = "权限创建成功" return JsonResponse(ret)
def _create_permissions_for_mezzaninecalloutwidget(sender, **kwargs): """ This works around this bug which has been fixed in Django 1.9: <https://github.com/django/django/pull/4681> """ PERMISSIONS = {'add_mezzaninecalloutwidget': 'Can add Callout Widget', 'change_mezzaninecalloutwidget': 'Can change Callout Widget', 'delete_mezzaninecalloutwidget': 'Can delete Callout Widget'} from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType ct = ContentType.objects.get_for_model(MezzanineCalloutWidget, for_concrete_model=False) permissions = Permission.objects.filter( codename__in=PERMISSIONS.keys() ).select_related('content_type') # Delete permission with the wrong content type (these are created by Django < 1.9) to_delete = set(p.pk for p in permissions if p.content_type != ct) permissions_set = set(p.codename for p in permissions if p.pk not in to_delete) to_create = [Permission(codename=k, name=v, content_type=ct) for k, v in PERMISSIONS.items() if k not in permissions_set] with transaction.atomic(): if to_delete: Permission.objects.filter(pk__in=to_delete).delete() if to_create: Permission.objects.bulk_create(to_create)
def test_usuarios_render_form_change_pas(self): """ Testa renderização do formulário de troca de senha """ contentItem = ContentType.objects.get(app_label='acesso', model='usuario') permission = Permission(name='Can Change Pass', content_type=contentItem, codename='change_pass_usuario') permission.save() permissions = Permission.objects.all().filter( content_type=contentItem.id) for permission in permissions: self.user.user_permissions.add(permission) # Faz chamada da pagina response = self.client.get('/acesso/usuarios/password/') self.assertEquals(response.status_code, 200) self.assertContains(response, 'name="new_password1"', status_code=200) """ Testa renderização do formulário de troca de senha """ dataPost = { 'new_password1': 'testpass2', 'new_password2': 'testpass2', } response = self.client.post('/acesso/usuarios/password/', dataPost) self.assertEquals(response.status_code, 200)
def test_groups_permissions(self): '''Test permissions and adding groups to users''' g1 = Group() g1.name = 'Salespeople' # you must save before you add test_groups_permissions g1.save() g1.permissions.add(Permission.objects.get(id=1)) # prints out all available test_groups_permissions # for p in Permission.objects.all(): # print('Codename: ' + p.codename) # print('Name: ' + p.name) # print('ContentType: ' + str(p.content_type)) # this is a pretty bad idea: self.u1.user_permissions.add(p) # create a permission p = Permission() p.codename = 'change_product_price' p.name = 'Change the price of a product' p.content_type = ContentType.objects.get(id=1) p.save() # add permission to groups g1.permissions.add( Permission.objects.get(codename='change_product_price')) g1.save() # add user to group self.u1.groups.add(g1) self.u1.save() # check to see if the group has the new permissions self.assertTrue(self.u1.groups.filter(name='Salespeople')) self.assertTrue(self.u1.has_perm('admin.change_product_price'))
def manager_perms_add(request): # login check start if not request.user.is_authenticated: return redirect('mylogin') # login check end perm = 0 for i in request.user.groups.all(): if i.name == "masteruser": perm = 1 if perm == 0: error = "Access Denied" return render(request, 'back/error.html', {'error': error}) if request.method == 'POST': name = request.POST.get('name') cname = request.POST.get('cname') contenttype = ContentType.objects.get(app_label='main', model='main') if len(Permission.objects.filter(codename=cname)) == 0: perm = Permission(name=name, codename=cname, content_type=contenttype) #permission = Permission.objects.create(codename=cname, name=name, content_type=content_type) perm.save() else: error = "This Codename Used Before" return render(request, 'back/error.html', {'error': error}) return redirect('manager_perms')
def permission_add(module, using=None): ''' 添加自定义权限 ''' content_type = None try: if not using: content_type = ContentType.objects.get( app_label=settings.PERMISSION_APP, model=module) else: content_type = ContentType.objects.using(using).get( app_label=settings.PERMISSION_APP, model=module) except: content_type = ContentType(name=module, app_label=settings.PERMISSION_APP, model=module) content_type.save(using=using) for op in operations.values(): try: perm = Permission(codename='%s_%s' % (op, module), name='can %s %s' % (op, module), content_type=content_type) perm.save(using=using) except: pass
def setUp(self): self.factory = RequestFactory() self.test_user = UserModel.objects.create_user("test_user", "*****@*****.**", "123456") self.test_noscope_user = UserModel.objects.create_user( "test_no_scope_user", "*****@*****.**", "123456") from django.contrib.auth.models import Permission p = Permission() p.name = "test_user_scope" p.content_type_id = 7 p.save() self.test_user.user_permissions.add(p) self.application = Application( name="Test Application", user=self.test_user, client_type=Application.CLIENT_CONFIDENTIAL, client_id="test_client_id", authorization_grant_type=Application.GRANT_PASSWORD, client_secret="test_client_secret", scopes="test_app_scope1 test_app_scope2") self.application.save() oauth2_settings._SCOPES = ['read', 'write']
def test_puede_obtener_grupos_junto_con_permisos(self): user = User.objects.create_user(username='******', password='******') grupo = Group.objects.create(name='coordinador') tipo = ContentType.objects.get(app_label='escuelas', model='evento') puede_crear_eventos = Permission(name='crear', codename='evento.crear', content_type=tipo) puede_crear_eventos.save() grupo.permissions.add(puede_crear_eventos) self.client.force_authenticate(user=user) response = self.client.get('/api/groups', format='json') self.assertEqual(len(response.data['results']), 2) item_1 = response.data['results'][1] self.assertEquals(item_1["name"], "coordinador") # Inicialmente este grupo no tiene perfil self.assertEquals(item_1["perfiles"], []) # Si se vincula el grupo a un perfil ... user.perfil.group = grupo grupo.save() user.save() user.perfil.save() response = self.client.get('/api/groups', format='json') item_1 = response.data['results'][1] self.assertEquals(len(item_1["perfiles"]), 1) self.assertEquals(item_1["perfiles"][0]['type'], 'perfiles')
def create_permission(instance): content_type = ContentType.objects.get_for_model(instance) for acltype in ACLType.availables(): codename = "%s.%s" % (instance.id, acltype.id) Permission(name=acltype.name, codename=codename, content_type=content_type).save()
def add_kennel_permissions(): kennel_ct = ContentType.objects.get(app_label='pet', model='kennel') is_kennel = Permission(name='Is Kennel', codename='is_a_kennel', content_type=kennel_ct) is_kennel.save() return is_kennel
def test_filter_by_permissions(self): language_contenttype = ContentType.objects.get_for_model(Language) consultant_1 = FakeConsultantFactory() consultant_2 = FakeConsultantFactory() new_perm_1 = Permission( name=faker.word() + faker.numerify(), codename=faker.word() + faker.numerify(), content_type=language_contenttype, ) new_perm_1.save() new_perm_2 = Permission( name=faker.word() + faker.numerify(), codename=faker.word() + faker.numerify(), content_type=language_contenttype, ) new_perm_2.save() self.assertEqual( Consultant.objects.filter_by_user_permissions( [new_perm_1.codename], ).count(), 0, ) consultant_1.user.user_permissions.add(new_perm_1) self.assertEqual( Consultant.objects.filter_by_user_permissions( [new_perm_1.codename], ).count(), 1, ) self.assertEqual( Consultant.objects.filter_by_user_permissions( [new_perm_1.codename, new_perm_2.codename], ).count(), 0, ) consultant_1.user.user_permissions.add(new_perm_2) consultant_2.user.user_permissions.add(new_perm_1) consultant_2.user.user_permissions.add(new_perm_2) self.assertEqual( Consultant.objects.filter_by_user_permissions([ new_perm_1.codename, new_perm_2.codename, ], ).count(), 2, )
def create_club_admin_permission(sender, **kwargs): print "Creating club admin permission..." club_content_type = ContentType.objects.get_for_model(Club) if len(Permission.objects.filter(codename='full_club_admin')) == 0: club_admin_permission = Permission(name='Full Club Admin Access', codename='full_club_admin', content_type=club_content_type) club_admin_permission.save()
def new_permission(self, name, content_type_id, codename): permission = Permission() permission.name = name permission.content_type_id = content_type_id permission.codename = codename permission.save() return False if permission.pk is None else permission
def test_permissions(self): """Test adding permissions to users and then test those permissions""" p1 = Permission() p1.codename = 'change_product_name' p1.name = 'Change the name of a product' p1.content_type = ContentType.objects.get(id=1) p1.save() p2 = Permission() p2.codename = 'give_discount' p2.name = 'Can give a discount to a customer' p2.content_type = ContentType.objects.get(id=2) p2.save() self.u1.user_permissions.add(p1,p2) self.assertTrue(self.u1.has_perm('change_product_name')) self.assertTrue(self.u1.has_perm('give_discount'))
def test_contrib_models(self): from django.contrib.admin.models import LogEntry from django.contrib.auth.models import User, Group, Permission self.assertTrue(is_shared_model(User())) self.assertTrue(is_shared_model(Permission())) self.assertTrue(is_shared_model(Group())) self.assertTrue(is_shared_model(LogEntry()))