Пример #1
0
 def test_has_perm_without_mappers(self):
     # Without any permission mappers created for this user
     self.content = Content()
     self.other_data_set = DataSet.objects.create(name='other_data_set')
     self.content.data_set = self.other_data_set
     self.content.save()
     with patch('lizard_security.backends.request') as request:
         request.user_group_ids = [self.user_group.id]
         request.allowed_data_set_ids = []
         self.assertFalse(self.backend.has_perm(
             self.manager, 'testcontent.change_content', self.content))
Пример #2
0
 def setUp(self):
     self.backend = LizardPermissionBackend()
     self.manager = User.objects.create_user(
         'managermanager',
         '*****@*****.**',
         'managermanager')
     self.manager.is_staff = True
     self.manager.save()
     self.user_group = UserGroup()
     self.user_group.save()
     self.data_set = DataSet.objects.create(name='data_set')
     self.content = Content()
     self.content.data_set = self.data_set
     self.content.save()
     self.permission_mapper = PermissionMapper()
     self.permission_mapper.user_group = self.user_group
     self.permission_mapper.data_set = self.data_set
     self.permission_mapper.save()
     self.content = Content()
     self.content.data_set = self.data_set
     self.content.save()
Пример #3
0
    def test_has_perm_with_no_dataset(self):
        # And now with an object that has no dataset attribute
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        self.permission_mapper.permission_group = group
        self.permission_mapper.data_set = None
        self.permission_mapper.save()

        self.content = ContentWithoutDataset()
        self.content.save()
        self.assertFalse(self.backend.has_perm(
            self.manager, 'testcontent.change_content', self.content))
Пример #4
0
class PermissionBackendTest(TestCase):

    def setUp(self):
        self.backend = LizardPermissionBackend()
        self.manager = User.objects.create_user(
            'managermanager',
            '*****@*****.**',
            'managermanager')
        self.manager.is_staff = True
        self.manager.save()
        self.user_group = UserGroup()
        self.user_group.save()
        self.data_set = DataSet.objects.create(name='data_set')
        self.content = Content()
        self.content.data_set = self.data_set
        self.content.save()
        self.permission_mapper = PermissionMapper()
        self.permission_mapper.user_group = self.user_group
        self.permission_mapper.data_set = self.data_set
        self.permission_mapper.save()
        self.content = Content()
        self.content.data_set = self.data_set
        self.content.save()

    def test_no_authentication(self):
        self.assertEquals(None, self.backend.authenticate())

    def test_security_module_perms(self):
        """Usergroup managers need specific access to our module in de admin.
        """
        self.assertFalse(
            self.backend.has_module_perms(self.manager, 'lizard_security'))
        self.user_group.managers.add(self.manager)
        self.user_group.save()
        self.assertTrue(
            self.backend.has_module_perms(self.manager, 'lizard_security'))

    def test_has_perm_only_objects(self):
        self.assertFalse(self.backend.has_perm('dont care', 'none.can_exist'))

    def test_has_perm(self):
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        self.permission_mapper.permission_group = group
        self.permission_mapper.save()
        self.assertFalse(self.backend.has_perm(
            self.manager, 'testcontent.change_content', self.content))
        # If we belong to the right group, we *do* have access.
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = [self.data_set.id]
            self.assertTrue(self.backend.has_perm(
                self.manager, 'testcontent.change_content', self.content))

    def test_has_perm_with_implicit_view_perm(self):
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = [self.data_set.id]
            self.assertTrue(self.backend.has_perm(
                self.manager,
                'lizard_security.can_view_lizard_data',
                self.content))

    def test_has_perm_without_mappers(self):
        # Without any permission mappers created for this user
        self.content = Content()
        self.other_data_set = DataSet.objects.create(name='other_data_set')
        self.content.data_set = self.other_data_set
        self.content.save()
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = []
            self.assertFalse(self.backend.has_perm(
                self.manager, 'testcontent.change_content', self.content))

    def test_has_perm_with_unset_dataset(self):
        # And now with dataset is None
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        self.permission_mapper.permission_group = group
        self.permission_mapper.data_set = None
        self.permission_mapper.save()
        self.content.data_set = None
        self.content.save()
        self.assertFalse(self.backend.has_perm(
            self.manager, 'testcontent.change_content', self.content))
        # If we belong to the right group, we *do* have access.
        with patch('lizard_security.backends.request') as request:
            request.user_group_ids = [self.user_group.id]
            request.allowed_data_set_ids = []
            self.assertTrue(self.backend.has_perm(
                self.manager, 'testcontent.change_content', self.content))

    def test_has_perm_with_no_dataset(self):
        # And now with an object that has no dataset attribute
        add_permission = Permission.objects.get(codename='change_content')
        group = Group()
        group.save()
        group.permissions.add(add_permission)
        self.permission_mapper.permission_group = group
        self.permission_mapper.data_set = None
        self.permission_mapper.save()

        self.content = ContentWithoutDataset()
        self.content.save()
        self.assertFalse(self.backend.has_perm(
            self.manager, 'testcontent.change_content', self.content))