def checkAndCreateModelPermissions(appName):
from django.db.models.loading import get_app
from django.db import models
app = get_app(appName)
for i in dir(app):
try:
a = app.__getattribute__(i)
if issubclass(a, models.Model):
checkAndCreateModelPermission(a)
except:
pass
try:
ct = ContentType.objects.get_for_model(Transaction)
Permission(content_type=ct,
codename='init_database',
name='Init database').save()
except:
pass
try:
ct = ContentType.objects.get_for_model(Group)
Permission(content_type=ct,
codename='browse_' + Group.__name__.lower(),
name='Can browse %s' % Group.__name__).save()
except:
pass
def test_add_groups_add_permissions(self):
'''Tests adding a group to a user and add a permission to the group'''
p1 = Permission()
p1.name = 'Can Create'
p1.codename = 'can_create'
p1.content_type = ContentType.objects.get(id=1)
p1.save()
g1 = Group()
g1.name = "employee"
g1.save()
g1.permissions.add(p1)
g1.save()
p2 = Permission()
p2.name = 'Can Delete'
p2.codename = 'can_delete'
p2.content_type = ContentType.objects.get(id=1)
p2.save()
g2 = Group()
g2.name = "manager"
g2.save()
g2.permissions.add(p2)
g2.save()
self.u1.groups.add(g1)
self.u1.groups.add(g2)
self.assertTrue(self.u1.groups.filter(name="employee"))
self.assertTrue(self.u1.groups.filter(name="manager"))
self.assertTrue(self.u1.has_perm(p1.name))
self.assertTrue(self.u1.has_perm(p2.name))
def setUp(self):
"""
Set up dependent objects
"""
super(ItemTest, self).setUp()
self.ct = ContentType(app_label="po")
self.ct.save()
self.p = Permission(codename="add_purchaseorder", content_type=self.ct)
self.p.save()
self.p2 = Permission(codename="change_purchaseorder",
content_type=self.ct)
self.p2.save()
#Create the user
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(
self.username, '*****@*****.**', self.password)
self.user.save()
self.user.user_permissions.add(self.p)
self.user.user_permissions.add(self.p2)
self.client.login(username=self.username, password=self.password)
self.supplier = Supplier(**base_supplier)
self.supplier.save()
self.address = Address(**base_address)
self.address.contact = self.supplier
self.address.save()
self.contact = SupplierContact(name='test',
email='*****@*****.**',
telephone=1234,
primary=True)
self.contact.supplier = self.supplier
self.contact.save()
self.supply = Fabric.create(**base_fabric)
#self.supply.units = "m^2"
self.supply.save()
self.po = PurchaseOrder()
self.po.employee = self.user
self.po.supplier = self.supplier
self.po.terms = self.supplier.terms
self.po.vat = 7
self.po.order_date = datetime.datetime(2014, 3, 2)
self.po.save()
self.item = Item(unit_cost=Decimal('13.55'),
quantity=Decimal('10'),
supply=self.supply)
self.item.description = self.supply.description
self.item.purchase_order = self.po
self.item.save()
def create_user(self):
self.user = User.objects.create_user('test', '*****@*****.**', 'test')
self.ct = ContentType(app_label='acknowledgements')
self.ct.save()
perm = Permission(content_type=self.ct, codename='change_item')
perm.save()
self.user.user_permissions.add(perm)
perm = Permission(content_type=self.ct, codename='change_fabric')
perm.save()
self.user.user_permissions.add(perm)
self.assertTrue(self.user.has_perm('acknowledgements.change_item'))
return self.user
def setUp(self):
self.product_type = Product_Type()
self.user = Dojo_User()
self.group = Group()
self.permission_a = Permission()
self.permission_a.codename = 'a'
self.permission_b = Permission()
self.permission_b.codename = 'b'
self.permission_c = Permission()
self.permission_c.codename = 'c'
def save(self, force_insert=False, force_update=False, using=None,
update_fields=None):
try:
content_type1 = ContentType.objects.get(app_label="frontend", model="Article")
except:
content_type1 = ContentType(app_label="frontend", model="Article", name="文章板块权限")
content_type1.save()
try:
content_type2 = ContentType.objects.get(app_label="frontend", model="Slider")
except:
content_type2 = ContentType(app_label="frontend", model="Slider", name="幻灯片推送权限")
content_type2.save()
try:
content_type3 = ContentType.objects.get(app_label="frontend", model="Activity")
except:
content_type3 = ContentType(app_label="frontend", model="Activity", name="活动发布权限")
content_type3.save()
translate = {"add": "添加", "delete": "删除", "change": "修改"}
for permission in ["add", "delete", "change"]:
try:
codename = permission + "_" + self.codename + "_articles"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的文章"
codename = permission + "_" + self.codename + "_articles"
p = Permission(name=name, content_type=content_type1, codename=codename)
p.save()
try:
codename = permission + "_" + self.codename + "_sliders"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的幻灯片"
codename = permission + "_" + self.codename + "_sliders"
p = Permission(name=name, content_type=content_type2, codename=codename)
p.save()
try:
codename = permission + "_" + self.codename + "_activities"
Permission.objects.get(codename=codename)
except:
name = "允许" + translate[permission] + " " + self.name + " 内的活动"
codename = permission + "_" + self.codename + "_activities"
p = Permission(name=name, content_type=content_type3, codename=codename)
p.save()
if self.order == None:
self.order = self.id
result = super(MainMenu, self).save()
return result
def test_put_change_groups(self):
"""
Tests adding a group to a user
"""
#Create groups to be added
group1 = Group(name="Testing")
group1.save()
#Create group to be removed
group2 = Group(name='Bye')
group2.save()
self.user.groups.add(group2)
#Create a permission
ct = ContentType(name='test')
ct.save()
perm = Permission(codename='test', name='test', content_type=ct)
perm.save()
group1.permissions.add(perm)
perm = Permission(codename='removed', name='removed', content_type=ct)
perm.save()
group2.permissions.add(perm)
#Check that user has group to be removed and the permissions of that group
self.assertEqual(self.user.groups.count(), 1)
self.assertEqual(self.user.groups.all()[0].name, 'Bye')
#Test the api and response
resp = self.client.put('/api/v1/user/1/',
format='json',
data={
'username': '******',
'email': '*****@*****.**',
'first_name': 'Charlie',
'last_name': 'P',
'groups': [{
'id': 1,
'name': 'Testing'
}]
})
self.assertEqual(resp.status_code, 200)
self.assertEqual(self.user.groups.count(), 1)
self.assertEqual(self.user.groups.all()[0].name, 'Testing')
#Tests the returned data
user = resp.data
self.assertEqual(len(user['groups']), 1)
self.assertIn('id', user['groups'][0])
self.assertIn('name', user['groups'][0])
def set_admin_permission(group):
view_stats = Permission(
name='Can view site stats',
codename=GroupPermission.STATS.value,
content_type=ContentType.objects.get_for_model(UserProfile))
view_stats.save()
view_coaches = Permission(
name='Can view coach details',
codename=GroupPermission.COACH.value,
content_type=ContentType.objects.get_for_model(Coach))
view_coaches.save()
group.permissions.add(view_stats)
group.permissions.add(view_coaches)
group.save()
def test_current_user_multiple_permissions(self):
can_perm = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
can_perm.save()
self.user.user_permissions.add(can_perm)
cannot_perm = Permission(content_type=self.content_type,
name='Cannot something', codename='cannot_something')
cannot_perm.save()
response, json = self.do_get(self.user_perm_q,
dict(q=['foo.example', 'auth.can_something', 'auth.cannot_something']),
username=self.user.username)
self.assertEquals(response.status_code, 200)
permissions = json['permissions']
self.assertEquals(permissions['foo.example'], False, json)
self.assertEquals(permissions['auth.can_something'], True, json)
self.assertEquals(permissions['auth.cannot_something'], False, json)
def test_user_permission_not_allowed(self):
permission = Permission(content_type=self.content_type,
name='Can something', codename='can_something')
permission.save()
response, json = self.do_get(self.perm % (self.user.pk, 'auth.can_something'))
self.assertEquals(response.status_code, 200)
self.assertEquals(json['is-allowed'], False, json)
def post(self, request):
"""
content_type_id = request.POST.get("content_type")
codename = request.POST.get("codename")
name = request.POST.get("name")
try:
content_type = ContentType.objects.get(pk=content_type_id)
except ContentType.DoesNotExist:
return redirect("error", next="permission_list", msg="模型不存在")
if not codename or codename.find(" ") >=0 :
return redirect("error", next="permission_list", msg="codename 不合法")
try:
Permission.objects.create(codename=codename, content_type=content_type,name=name)
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
return redirect("success", next="permission_list")
"""
permissionform = CreatePermissionForm(request.POST)
if permissionform.is_valid():
permission = Permission(**permissionform.cleaned_data)
try:
permission.save()
return redirect("success", next="permission_list")
except Exception as e:
return redirect("error", next="permission_list", msg=e.args)
else:
return redirect("error",
next="permission_list",
msg=json.dumps(permissionform.errors.as_json(),
ensure_ascii=False))
def _get_or_create_perm(perm):
from django.contrib.contenttypes.models import ContentType
from django.db import models
if not perm:
return None
try:
app, model, name = perm.split('.')
except ValueError:
return None
# NOTE: This check is added to support local userdb database connection.
# TODO: Ensure this is right.
m = models.get_model(app, model, only_installed=False)
if not m:
return None
try:
return Permission.objects.get_by_natural_key(name, app, model)
except Permission.DoesNotExist:
try:
ct = ContentType.objects.get_by_natural_key(app, model)
perm = Permission(name=name, content_type=ct, codename=name)
perm.save()
return perm
except ContentType.DoesNotExist:
return None
except ContentType.DoesNotExist:
return None
def setUp(self):
"""
Set up the environment for the test cases
"""
super(GroupResourceTest, self).setUp()
self.username = '******'
self.password = '******'
self.user = User.objects.create_superuser('tester',
'*****@*****.**', 'test')
self.user.user_permissions.add(
Permission.objects.get(codename="add_user"))
self.api_client.client.login(username='******', password='******')
#Create a group
self.group = Group(name="God")
self.group.save()
#Create a permission
self.ct = ContentType(name='test')
self.ct.save()
self.permission = Permission(name='Test',
codename='test',
content_type=self.ct)
self.permission.save()
self.group.permissions.add(self.permission)
def get_missing_permissions_for_app_config(app_config):
"""
Return missing permissions for a given app config
"""
# get existing contenttypes
ctypes = get_all_contenttypes_for_app_config(app_config)
if not ctypes:
return []
# get all permissions that should exist
searched_perms = get_searched_permissions(ctypes)
if not searched_perms:
return []
# get existing permissions
all_perms = get_all_permissions([ctype for ctype, klass in ctypes])
# build missing permissions
perms = [
Permission(codename=codename, name=name, content_type=ct)
for ct, (codename, name) in searched_perms
if (ct.pk, codename) not in all_perms
]
return perms
def add_owner_permissions():
owner_ct = ContentType.objects.get(app_label='pet', model='owner')
is_owner = Permission(name='Is Owner',
codename='is_a_owner',
content_type=owner_ct)
is_owner.save()
return is_owner
def post(self, request):
ret = {'result': 0, 'msg': None}
## ajax 请求的权限验证
if not request.user.has_perm(self.permission_required):
ret["result"] = 1
ret["msg"] = "Sorry,你没有'添加 permission 模型对象'的权限,请联系运维!"
return JsonResponse(ret)
perms_form = PermissionAddForm(request.POST)
if not perms_form.is_valid():
ret['result'] = 1
error_msg = json.loads(
perms_form.errors.as_json(escape_html=False))
ret["msg"] = '\n'.join(
[i["message"] for v in error_msg.values() for i in v])
return JsonResponse(ret)
try:
perm = Permission(**perms_form.cleaned_data)
except Exception as e:
ret['result'] = 1
ret['msg'] = e.args
else:
perm.save()
ret['msg'] = "权限创建成功"
return JsonResponse(ret)
def _create_permissions_for_mezzaninecalloutwidget(sender, **kwargs):
"""
This works around this bug which has been fixed in Django 1.9:
<https://github.com/django/django/pull/4681>
"""
PERMISSIONS = {'add_mezzaninecalloutwidget': 'Can add Callout Widget',
'change_mezzaninecalloutwidget': 'Can change Callout Widget',
'delete_mezzaninecalloutwidget': 'Can delete Callout Widget'}
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
ct = ContentType.objects.get_for_model(MezzanineCalloutWidget, for_concrete_model=False)
permissions = Permission.objects.filter(
codename__in=PERMISSIONS.keys()
).select_related('content_type')
# Delete permission with the wrong content type (these are created by Django < 1.9)
to_delete = set(p.pk for p in permissions if p.content_type != ct)
permissions_set = set(p.codename for p in permissions if p.pk not in to_delete)
to_create = [Permission(codename=k, name=v, content_type=ct)
for k, v in PERMISSIONS.items()
if k not in permissions_set]
with transaction.atomic():
if to_delete:
Permission.objects.filter(pk__in=to_delete).delete()
if to_create:
Permission.objects.bulk_create(to_create)
def test_usuarios_render_form_change_pas(self):
"""
Testa renderização do formulário de troca de senha
"""
contentItem = ContentType.objects.get(app_label='acesso',
model='usuario')
permission = Permission(name='Can Change Pass',
content_type=contentItem,
codename='change_pass_usuario')
permission.save()
permissions = Permission.objects.all().filter(
content_type=contentItem.id)
for permission in permissions:
self.user.user_permissions.add(permission)
# Faz chamada da pagina
response = self.client.get('/acesso/usuarios/password/')
self.assertEquals(response.status_code, 200)
self.assertContains(response, 'name="new_password1"', status_code=200)
"""
Testa renderização do formulário de troca de senha
"""
dataPost = {
'new_password1': 'testpass2',
'new_password2': 'testpass2',
}
response = self.client.post('/acesso/usuarios/password/', dataPost)
self.assertEquals(response.status_code, 200)
def test_groups_permissions(self):
'''Test permissions and adding groups to users'''
g1 = Group()
g1.name = 'Salespeople'
# you must save before you add test_groups_permissions
g1.save()
g1.permissions.add(Permission.objects.get(id=1))
# prints out all available test_groups_permissions
# for p in Permission.objects.all():
# print('Codename: ' + p.codename)
# print('Name: ' + p.name)
# print('ContentType: ' + str(p.content_type))
# this is a pretty bad idea: self.u1.user_permissions.add(p)
# create a permission
p = Permission()
p.codename = 'change_product_price'
p.name = 'Change the price of a product'
p.content_type = ContentType.objects.get(id=1)
p.save()
# add permission to groups
g1.permissions.add(
Permission.objects.get(codename='change_product_price'))
g1.save()
# add user to group
self.u1.groups.add(g1)
self.u1.save()
# check to see if the group has the new permissions
self.assertTrue(self.u1.groups.filter(name='Salespeople'))
self.assertTrue(self.u1.has_perm('admin.change_product_price'))
def manager_perms_add(request):
# login check start
if not request.user.is_authenticated:
return redirect('mylogin')
# login check end
perm = 0
for i in request.user.groups.all():
if i.name == "masteruser": perm = 1
if perm == 0:
error = "Access Denied"
return render(request, 'back/error.html', {'error': error})
if request.method == 'POST':
name = request.POST.get('name')
cname = request.POST.get('cname')
contenttype = ContentType.objects.get(app_label='main', model='main')
if len(Permission.objects.filter(codename=cname)) == 0:
perm = Permission(name=name,
codename=cname,
content_type=contenttype)
#permission = Permission.objects.create(codename=cname, name=name, content_type=content_type)
perm.save()
else:
error = "This Codename Used Before"
return render(request, 'back/error.html', {'error': error})
return redirect('manager_perms')
def permission_add(module, using=None):
'''
添加自定义权限
'''
content_type = None
try:
if not using:
content_type = ContentType.objects.get(
app_label=settings.PERMISSION_APP, model=module)
else:
content_type = ContentType.objects.using(using).get(
app_label=settings.PERMISSION_APP, model=module)
except:
content_type = ContentType(name=module,
app_label=settings.PERMISSION_APP,
model=module)
content_type.save(using=using)
for op in operations.values():
try:
perm = Permission(codename='%s_%s' % (op, module),
name='can %s %s' % (op, module),
content_type=content_type)
perm.save(using=using)
except:
pass
def setUp(self):
self.factory = RequestFactory()
self.test_user = UserModel.objects.create_user("test_user",
"*****@*****.**",
"123456")
self.test_noscope_user = UserModel.objects.create_user(
"test_no_scope_user", "*****@*****.**", "123456")
from django.contrib.auth.models import Permission
p = Permission()
p.name = "test_user_scope"
p.content_type_id = 7
p.save()
self.test_user.user_permissions.add(p)
self.application = Application(
name="Test Application",
user=self.test_user,
client_type=Application.CLIENT_CONFIDENTIAL,
client_id="test_client_id",
authorization_grant_type=Application.GRANT_PASSWORD,
client_secret="test_client_secret",
scopes="test_app_scope1 test_app_scope2")
self.application.save()
oauth2_settings._SCOPES = ['read', 'write']
def test_puede_obtener_grupos_junto_con_permisos(self):
user = User.objects.create_user(username='******', password='******')
grupo = Group.objects.create(name='coordinador')
tipo = ContentType.objects.get(app_label='escuelas', model='evento')
puede_crear_eventos = Permission(name='crear',
codename='evento.crear',
content_type=tipo)
puede_crear_eventos.save()
grupo.permissions.add(puede_crear_eventos)
self.client.force_authenticate(user=user)
response = self.client.get('/api/groups', format='json')
self.assertEqual(len(response.data['results']), 2)
item_1 = response.data['results'][1]
self.assertEquals(item_1["name"], "coordinador")
# Inicialmente este grupo no tiene perfil
self.assertEquals(item_1["perfiles"], [])
# Si se vincula el grupo a un perfil ...
user.perfil.group = grupo
grupo.save()
user.save()
user.perfil.save()
response = self.client.get('/api/groups', format='json')
item_1 = response.data['results'][1]
self.assertEquals(len(item_1["perfiles"]), 1)
self.assertEquals(item_1["perfiles"][0]['type'], 'perfiles')
def create_permission(instance):
content_type = ContentType.objects.get_for_model(instance)
for acltype in ACLType.availables():
codename = "%s.%s" % (instance.id, acltype.id)
Permission(name=acltype.name,
codename=codename,
content_type=content_type).save()
def add_kennel_permissions():
kennel_ct = ContentType.objects.get(app_label='pet', model='kennel')
is_kennel = Permission(name='Is Kennel',
codename='is_a_kennel',
content_type=kennel_ct)
is_kennel.save()
return is_kennel
def test_filter_by_permissions(self):
language_contenttype = ContentType.objects.get_for_model(Language)
consultant_1 = FakeConsultantFactory()
consultant_2 = FakeConsultantFactory()
new_perm_1 = Permission(
name=faker.word() + faker.numerify(),
codename=faker.word() + faker.numerify(),
content_type=language_contenttype,
)
new_perm_1.save()
new_perm_2 = Permission(
name=faker.word() + faker.numerify(),
codename=faker.word() + faker.numerify(),
content_type=language_contenttype,
)
new_perm_2.save()
self.assertEqual(
Consultant.objects.filter_by_user_permissions(
[new_perm_1.codename], ).count(),
0,
)
consultant_1.user.user_permissions.add(new_perm_1)
self.assertEqual(
Consultant.objects.filter_by_user_permissions(
[new_perm_1.codename], ).count(),
1,
)
self.assertEqual(
Consultant.objects.filter_by_user_permissions(
[new_perm_1.codename, new_perm_2.codename], ).count(),
0,
)
consultant_1.user.user_permissions.add(new_perm_2)
consultant_2.user.user_permissions.add(new_perm_1)
consultant_2.user.user_permissions.add(new_perm_2)
self.assertEqual(
Consultant.objects.filter_by_user_permissions([
new_perm_1.codename,
new_perm_2.codename,
], ).count(),
2,
)
def create_club_admin_permission(sender, **kwargs):
print "Creating club admin permission..."
club_content_type = ContentType.objects.get_for_model(Club)
if len(Permission.objects.filter(codename='full_club_admin')) == 0:
club_admin_permission = Permission(name='Full Club Admin Access',
codename='full_club_admin',
content_type=club_content_type)
club_admin_permission.save()
def new_permission(self, name, content_type_id, codename):
permission = Permission()
permission.name = name
permission.content_type_id = content_type_id
permission.codename = codename
permission.save()
return False if permission.pk is None else permission
def test_permissions(self):
"""Test adding permissions to users and then test those permissions"""
p1 = Permission()
p1.codename = 'change_product_name'
p1.name = 'Change the name of a product'
p1.content_type = ContentType.objects.get(id=1)
p1.save()
p2 = Permission()
p2.codename = 'give_discount'
p2.name = 'Can give a discount to a customer'
p2.content_type = ContentType.objects.get(id=2)
p2.save()
self.u1.user_permissions.add(p1,p2)
self.assertTrue(self.u1.has_perm('change_product_name'))
self.assertTrue(self.u1.has_perm('give_discount'))
def test_contrib_models(self):
from django.contrib.admin.models import LogEntry
from django.contrib.auth.models import User, Group, Permission
self.assertTrue(is_shared_model(User()))
self.assertTrue(is_shared_model(Permission()))
self.assertTrue(is_shared_model(Group()))
self.assertTrue(is_shared_model(LogEntry()))
