def run():
create_permission(
"can_change_user_cert",
description=\
"Owners of this permission can view/modify users' GCF"
"certificates.",
view=request_permission_wrapper,
)
def setUp(self):
"""
Create some permissions and users.
"""
self.u1 = User.objects.create_user("user1", "*****@*****.**", "password")
self.u2 = User.objects.create_user("user2", "*****@*****.**", "password")
create_permission("permission1", description="Permission 1 description.")
give_permission_to("permission1", self.u1, self.u1, can_delegate=True)
give_permission_to("permission1", self.u2, self.u1, can_delegate=True)
def setUp(self):
"""
Create some permissions and users.
"""
self.u1 = User.objects.create_user("user1", "*****@*****.**",
"password")
self.u2 = User.objects.create_user("user2", "*****@*****.**",
"password")
create_permission("permission1",
description="Permission 1 description.")
give_permission_to("permission1", self.u1, self.u1, can_delegate=True)
give_permission_to("permission1", self.u2, self.u1, can_delegate=True)
def run():
create_permission(
"can_edit_user",
description=\
"Owners of this permission can modify information about "
"or delete a particular user.",
view=request_permission_wrapper,
)
create_permission(
"can_manage_users",
description=\
"Owners of this permission can view/modify/delete users in the"
" user management page.",
view=request_permission_wrapper,
)
def run():
create_permission(
"can_edit_user",
description=\
"Owners of this permission can modify information about "
"or delete a particular user.",
view=request_permission_wrapper,
)
create_permission(
"can_manage_users",
description=\
"Owners of this permission can view/modify/delete users in the"
" user management page.",
view=request_permission_wrapper,
)
def run():
create_permission(
"can_add_aggregate",
description="Owners of this permission can add aggregates to Expedient.",
view=request_permission_wrapper,
)
create_permission(
"can_edit_aggregate",
description=\
"Owners of this permission can edit or delete "
"the related aggregates in Expedient.",
view=request_permission_wrapper,
)
create_permission(
"can_use_aggregate",
description=\
"Projects, slices, and users that are owners of this permission "
"can use the aggregate by starting or stopping slices on it, and "
"by calling other methods.",
view=get_can_use_permission,
)
def run():
create_permission(
"can_create_project",
description=\
"Owners of this permission can create projects in Expedient.",
view=request_permission_wrapper,
)
create_permission(
"can_edit_project",
description=\
"Owners of this permission can edit basic project properties.",
view=make_request,
force=True,
)
create_permission(
"can_delete_project",
description=\
"Owners of this permission can edit basic project properties.",
view=make_request,
force=True,
)
create_permission(
"can_view_project",
description=\
"Owners of this permission can view the project. Without "
"other permissions, they are non-functional members.",
view=make_request,
force=True,
)
create_permission(
"can_add_members",
description=\
"Owners of this permission can add members to "
"the project and assign to them roles.",
view=make_request,
force=True,
)
create_permission(
"can_remove_members",
description=\
"Owners of this permission can remove members from "
"the project. They can also remove permissions from roles and "
"remove roles from users.",
view=make_request,
force=True,
)
create_permission(
"can_create_slices",
description=\
"Owners of this permission can create new slices.",
view=make_request,
force=True,
)
create_permission(
"can_edit_slices",
description=\
"Owners of this permission can modify existing slices.",
view=make_request,
force=True,
)
create_permission(
"can_delete_slices",
description=\
"Owners of this permission can delete existing slices.",
view=make_request,
force=True,
)
create_permission(
"can_stop_slices",
description=\
"Owners of this permission can start slices.",
view=make_request,
force=True,
)
create_permission(
"can_start_slices",
description=\
"Owners of this permission can stop slices.",
view=make_request,
force=True,
)
create_permission(
"can_add_aggregates",
description=\
"Owners of this permission can add aggregates "
"to the project.",
view=make_request,
force=True,
)
create_permission(
"can_remove_aggregates",
description=\
"Owners of this permission can remove aggregates "
"from the project.",
view=make_request,
force=True,
)
create_permission(
"can_create_roles",
description=\
"Owners of this permission can create roles "
"in the project",
view=make_request,
force=True,
)
create_permission(
"can_edit_roles",
description=\
"Owners of this permission can modify and delete roles "
"in the project",
view=make_request,
force=True,
)
def setUp(self):
"""Create a project and test permissions and permittees"""
self.su = User.objects.create_superuser("superuser", "*****@*****.**",
"password")
self.u1 = User.objects.create_user("user1", "*****@*****.**", "password")
self.u2 = User.objects.create_user("user2", "*****@*****.**", "password")
self.u3 = User.objects.create_user("user3", "*****@*****.**", "password")
self.client.login(username="******", password="******")
threadlocals.push_frame(user=self.su)
self.project = Project.objects.create(name="projectX",
description="blabla")
self.projectY = Project.objects.create(name="projectY",
description="blabla")
self.client.logout()
threadlocals.pop_frame()
create_permission("perm1")
create_permission("perm2")
create_permission("perm3")
create_permission("perm4")
self.obj_perm1 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm1", self.project)[0]
self.obj_perm2 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm2", self.project)[0]
self.obj_perm3 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm3", self.project)[0]
self.obj_perm4 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm4", self.project)[0]
self.role1 = ProjectRole.objects.create(
name="role1",
project=self.project,
)
self.role1.obj_permissions.add(self.obj_perm1)
self.role2 = ProjectRole.objects.create(
name="role2",
project=self.project,
)
self.role2.obj_permissions.add(self.obj_perm2)
self.role3 = ProjectRole.objects.create(
name="role3",
project=self.project,
)
self.role3.obj_permissions.add(self.obj_perm1)
self.role3.obj_permissions.add(self.obj_perm3)
create_permission("permY1")
create_permission("permY2")
create_permission("permY3")
create_permission("permY4")
self.obj_permY1 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY1", self.projectY)[0]
self.obj_permY2 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY2", self.projectY)[0]
self.obj_permY3 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY3", self.projectY)[0]
self.obj_permY4 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY4", self.projectY)[0]
self.roleY1 = ProjectRole.objects.create(
name="roleY1",
project=self.projectY,
)
self.roleY1.obj_permissions.add(self.obj_permY1)
self.roleY2 = ProjectRole.objects.create(
name="roleY2",
project=self.projectY,
)
self.roleY2.obj_permissions.add(self.obj_permY2)
self.roleY3 = ProjectRole.objects.create(
name="roleY3",
project=self.projectY,
)
self.roleY3.obj_permissions.add(self.obj_permY1)
self.roleY3.obj_permissions.add(self.obj_permY3)
def setUp(self):
"""Create a project and test permissions and permittees"""
self.su = User.objects.create_superuser(
"superuser", "*****@*****.**", "password")
self.u1 = User.objects.create_user(
"user1", "*****@*****.**", "password")
self.u2 = User.objects.create_user(
"user2", "*****@*****.**", "password")
self.u3 = User.objects.create_user(
"user3", "*****@*****.**", "password")
self.client.login(username="******", password="******")
threadlocals.push_frame(user=self.su)
self.project = Project.objects.create(
name="projectX", description="blabla")
self.projectY = Project.objects.create(
name="projectY", description="blabla")
self.client.logout()
threadlocals.pop_frame()
create_permission("perm1")
create_permission("perm2")
create_permission("perm3")
create_permission("perm4")
self.obj_perm1 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm1", self.project)[0]
self.obj_perm2 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm2", self.project)[0]
self.obj_perm3 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm3", self.project)[0]
self.obj_perm4 = ObjectPermission.objects.\
get_or_create_for_object_or_class("perm4", self.project)[0]
self.role1 = ProjectRole.objects.create(
name="role1", project=self.project,
)
self.role1.obj_permissions.add(self.obj_perm1)
self.role2 = ProjectRole.objects.create(
name="role2", project=self.project,
)
self.role2.obj_permissions.add(self.obj_perm2)
self.role3 = ProjectRole.objects.create(
name="role3", project=self.project,
)
self.role3.obj_permissions.add(self.obj_perm1)
self.role3.obj_permissions.add(self.obj_perm3)
create_permission("permY1")
create_permission("permY2")
create_permission("permY3")
create_permission("permY4")
self.obj_permY1 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY1", self.projectY)[0]
self.obj_permY2 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY2", self.projectY)[0]
self.obj_permY3 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY3", self.projectY)[0]
self.obj_permY4 = ObjectPermission.objects.\
get_or_create_for_object_or_class("permY4", self.projectY)[0]
self.roleY1 = ProjectRole.objects.create(
name="roleY1", project=self.projectY,
)
self.roleY1.obj_permissions.add(self.obj_permY1)
self.roleY2 = ProjectRole.objects.create(
name="roleY2", project=self.projectY,
)
self.roleY2.obj_permissions.add(self.obj_permY2)
self.roleY3 = ProjectRole.objects.create(
name="roleY3", project=self.projectY,
)
self.roleY3.obj_permissions.add(self.obj_permY1)
self.roleY3.obj_permissions.add(self.obj_permY3)
def run():
create_permission(
"can_create_project",
description=\
"Owners of this permission can create projects in Expedient.",
view=request_permission_wrapper,
)
create_permission(
"can_edit_project",
description=\
"Owners of this permission can edit basic project properties.",
view=make_request,
force=True,
)
create_permission(
"can_delete_project",
description=\
"Owners of this permission can edit basic project properties.",
view=make_request,
force=True,
)
create_permission(
"can_view_project",
description=\
"Owners of this permission can view the project. Without "
"other permissions, they are non-functional members.",
view=make_request,
force=True,
)
create_permission(
"can_add_members",
description=\
"Owners of this permission can add members to "
"the project and assign to them roles.",
view=make_request,
force=True,
)
create_permission(
"can_remove_members",
description=\
"Owners of this permission can remove members from "
"the project. They can also remove permissions from roles and "
"remove roles from users.",
view=make_request,
force=True,
)
create_permission(
"can_create_slices",
description=\
"Owners of this permission can create new slices.",
view=make_request,
force=True,
)
create_permission(
"can_edit_slices",
description=\
"Owners of this permission can modify existing slices.",
view=make_request,
force=True,
)
create_permission(
"can_delete_slices",
description=\
"Owners of this permission can delete existing slices.",
view=make_request,
force=True,
)
create_permission(
"can_stop_slices",
description=\
"Owners of this permission can start slices.",
view=make_request,
force=True,
)
create_permission(
"can_start_slices",
description=\
"Owners of this permission can stop slices.",
view=make_request,
force=True,
)
create_permission(
"can_add_aggregates",
description=\
"Owners of this permission can add aggregates "
"to the project.",
view=make_request,
force=True,
)
create_permission(
"can_remove_aggregates",
description=\
"Owners of this permission can remove aggregates "
"from the project.",
view=make_request,
force=True,
)
create_permission(
"can_create_roles",
description=\
"Owners of this permission can create roles "
"in the project",
view=make_request,
force=True,
)
create_permission(
"can_edit_roles",
description=\
"Owners of this permission can modify and delete roles "
"in the project",
view=make_request,
force=True,
)
