def has_permission(self, request, view): user = request.user return \ request.method in SAFE_METHODS \ or is_admin(user) \ or (hasattr(view, 'dataset') and view.dataset and ( view.dataset.is_custodian(user) or view.dataset.is_data_engineer(user)))
def has_object_permission(self, request, view, obj): """ Object level. Will be called only if the global level passed (see above). Note: it won't be called for a Create (POST) method """ is_owner = (request.user == obj) return request.method in SAFE_METHODS or is_admin(request.user) or is_owner
def has_permission(self, request, view): if settings.ALLOW_PUBLIC_REGISTRATION: return request.user and (is_admin(request.user) or is_data_engineer(request.user)) else: # authenticated return request.user and request.user.is_authenticated
def setUp(self): password = '******' self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_1 = Project.objects.filter(title="Project1").first() self.site_1 = Site.objects.filter(code="Adolphus").first() self.ds_1 = Dataset.objects.filter(name="Generic1", project=self.project_1).first() self.assertIsNotNone(self.ds_1) self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user)) self.record_1 = GenericRecord.objects.filter(dataset=self.ds_1).first() self.assertIsNotNone(self.record_1) self.assertTrue(self.record_1.is_custodian(self.custodian_1_user)) self.assertIsNotNone(self.record_1.site) self.assertEquals(self.site_1, self.record_1.site)
def has_object_destroy_permission(self, request): """ Admin or program data_engineer or project custodian :param request: :return: """ user = request.user return is_admin(user) or self.program.is_data_engineer(user)
def setUp(self): from main.api.views import SpeciesMixin SpeciesMixin.species_facade_class = self.species_facade_class password = '******' self.admin_user = factories.UserFactory.create(username='******', is_superuser=True) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.program_1 = factories.ProgramFactory.create(name='program_1') self.program_2 = factories.ProgramFactory.create(name='program_2') self.data_engineer_1_user = factories.UserFactory.create(username='******') self.data_engineer_1_user.set_password(password) self.data_engineer_1_user.save() self.program_1.data_engineers.add(self.data_engineer_1_user) self.data_engineer_1_client = APIClient() self.assertTrue(self.data_engineer_1_client.login(username=self.data_engineer_1_user.username, password=password)) self.data_engineer_2_user = factories.UserFactory.create(username='******') self.data_engineer_2_user.set_password(password) self.data_engineer_2_user.save() self.program_2.data_engineers.add(self.data_engineer_2_user) self.data_engineer_2_client = APIClient() self.assertTrue(self.data_engineer_2_client.login(username=self.data_engineer_2_user.username, password=password)) self.project_1 = factories.ProjectFactory.create(name="Project_1", program=self.program_1) self.custodian_1_user = factories.UserFactory.create(username="******") self.project_1.custodians.add(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_2 = factories.ProjectFactory.create(name="Project_2", program=self.program_2) self.custodian_2_user = factories.UserFactory.create(username="******") self.project_2.custodians.add(self.custodian_2_user) self.custodian_2_user.set_password(password) self.custodian_2_user.save() self.custodian_2_client = APIClient() self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password)) self.readonly_user = factories.UserFactory.create(username='******') self.assertIsNotNone(self.custodian_2_user) self.readonly_user.set_password(password) self.readonly_user.save() self.readonly_client = APIClient() self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password)) self.anonymous_client = APIClient() if hasattr(self, '_more_setup') and callable(self._more_setup): self._more_setup()
def setUp(self): password = '******' self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_1 = Project.objects.filter(title="Project1").first() self.site_1 = Site.objects.filter(code="Adolphus").first() self.ds_1 = Dataset.objects.filter(name="Observation1", project=self.project_1).first() self.assertIsNotNone(self.ds_1) self.assertEqual(self.ds_1.type, Dataset.TYPE_OBSERVATION) self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user)) self.record_1 = GenericRecord.objects.filter(dataset=self.ds_1).first() self.assertIsNotNone(self.ds_1) self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user)) self.record_1 = self.ds_1.record_model.objects.filter(dataset=self.ds_1).first() self.assertIsNotNone(self.record_1) self.assertIsNotNone(self.record_1.datetime) self.assertIsNotNone(self.record_1.geometry) self.assertTrue(self.record_1.is_custodian(self.custodian_1_user)) self.assertTrue(self.record_1.site, self.site_1) self.custodian_2_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.custodian_2_user.set_password(password) self.custodian_2_user.save() self.custodian_2_client = APIClient() self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password)) self.project_2 = Project.objects.filter(title="Project2").first() self.site_2 = Site.objects.filter(code="Site2").first() self.ds_2 = Dataset.objects.filter(name="Bats2", project=self.project_2).first() self.assertTrue(self.ds_2.is_custodian(self.custodian_2_user)) self.assertFalse(self.ds_1.is_custodian(self.custodian_2_user)) self.readonly_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.assertFalse(self.site_2.is_custodian(self.readonly_user)) self.assertFalse(self.site_1.is_custodian(self.readonly_user)) self.readonly_user.set_password(password) self.readonly_user.save() self.readonly_client = APIClient() self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password)) self.anonymous_client = APIClient()
def has_permission(self, request, view): """ Global level. Reject Delete and Create for non admin. The rest will be checked at object level (below) """ method = request.method if method == 'DELETE': return False if method == 'POST': return is_admin(request.user) return True
def setUp(self): from main.api.views import SpeciesMixin SpeciesMixin.species_facade_class = self.species_facade_class password = '******' self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_1 = Project.objects.filter(title="Project1").first() self.site_1 = Site.objects.filter(code="Site1").first() self.ds_1 = Dataset.objects.filter(name="Bats1", project=self.project_1).first() self.assertIsNotNone(self.ds_1) self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user)) self.record_1 = self.ds_1.record_model.objects.filter(dataset=self.ds_1).first() self.assertIsNotNone(self.record_1) self.assertTrue(self.record_1.is_custodian(self.custodian_1_user)) self.assertTrue(self.record_1.species_name) self.assertTrue(self.record_1.name_id > 0) self.custodian_2_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.custodian_2_user.set_password(password) self.custodian_2_user.save() self.custodian_2_client = APIClient() self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password)) self.project_2 = Project.objects.filter(title="Project2").first() self.site_2 = Site.objects.filter(code="Site2").first() self.ds_2 = Dataset.objects.filter(name="Bats2", project=self.project_2).first() self.assertTrue(self.ds_2.is_custodian(self.custodian_2_user)) self.assertFalse(self.ds_1.is_custodian(self.custodian_2_user)) self.readonly_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.assertFalse(self.site_2.is_custodian(self.readonly_user)) self.assertFalse(self.site_1.is_custodian(self.readonly_user)) self.readonly_user.set_password(password) self.readonly_user.save() self.readonly_client = APIClient() self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password)) self.anonymous_client = APIClient()
def has_create_permission(request): """ Custodian and admin only Check that the user is a custodian of the project pk passed in the POST data. :param request: :return: """ result = False if is_admin(request.user): result = True elif 'project' in request.data: project = Project.objects.filter(pk=request.data['project']).first() result = project is not None and project.is_custodian(request.user) return result
def has_create_permission(request): """ Data engineers and admin only Check that the user is a custodian of the project pk passed in the POST data :param request: :return: """ result = False user = request.user if is_admin(user): result = True elif 'project' in request.data: project = Project.objects.filter( pk=request.data['project']).first() result = project is not None and project.is_data_engineer(user) return result
def has_create_permission(request): """ Admin or data_engineer of the program the project would belong to. Check that the user is a data_engineer of the program pk passed in the POST data. :param request: :return: """ result = False if is_admin(request.user): result = True elif 'program' in request.data: program = Program.objects.filter( pk=request.data['program']).first() result = program is not None and program.is_data_engineer( request.user) return result
def has_create_permission(request): """ Data engineer and admin only Check that the user is a data engineer of the dataset pk passed in the POST data. :param request: :return: """ result = False user = request.user if is_admin(user): result = True elif 'dataset' in request.data: dataset = Dataset.objects.filter( pk=request.data['dataset']).first() result = dataset is not None and dataset.is_data_engineer(user) return result
def has_create_permission(request): """ Custodian and admin only Check that the user is a custodian of the dataset pk passed in the POST data. :param request: :return: """ result = False user = request.user if is_admin(user): result = True elif 'record' in request.data: record = Record.objects.filter(pk=request.data['record']).first() result = record is not None and record.is_custodian( user) or record.is_data_engineer(user) return result
def setUp(self): password = '******' self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_1 = Project.objects.filter(title="Project1").first() self.site_1 = Site.objects.filter(code="Site1").first() self.ds_1 = Dataset.objects.filter(name="Generic1", project=self.project_1).first() self.assertIsNotNone(self.ds_1) self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user)) self.record_1 = GenericRecord.objects.filter(dataset=self.ds_1).first() self.assertIsNotNone(self.record_1) self.assertTrue(self.record_1.is_custodian(self.custodian_1_user)) self.custodian_2_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.custodian_2_user.set_password(password) self.custodian_2_user.save() self.custodian_2_client = APIClient() self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password)) self.project_2 = Project.objects.filter(title="Project2").first() self.site_2 = Site.objects.filter(code="Site2").first() self.ds_2 = Dataset.objects.filter(name="Bats2", project=self.project_2).first() self.assertTrue(self.ds_2.is_custodian(self.custodian_2_user)) self.assertFalse(self.ds_1.is_custodian(self.custodian_2_user)) self.readonly_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.assertFalse(self.site_2.is_custodian(self.readonly_user)) self.assertFalse(self.site_1.is_custodian(self.readonly_user)) self.readonly_user.set_password(password) self.readonly_user.save() self.readonly_client = APIClient() self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password)) self.anonymous_client = APIClient()
def has_permission(self, request, view): """ Global level. GET: Only admins and data_engineers POST: depends if the server allows public registration or not DELETE: forbidden UPDATE/PATCH: handle by has_object_permission below. Admin or user itself. """ method = request.method user = request.user if method == 'DELETE': return False elif method == 'POST': return can_create_user(user) elif method == 'GET': return is_admin(user) or is_data_engineer(user) else: # UPDATE and PATCH permission are sorted in has_object_permission() below. return user.is_authenticated
def setUp(self): password = '******' self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_1 = Project.objects.filter(title="Project1").first() self.site_1 = Site.objects.filter(code="Site1").first() self.ds_1 = Dataset.objects.filter(name="Bats1", project=self.project_1).first() self.assertTrue(self.ds_1.is_custodian(self.custodian_1_user))
def setUp(self): password = "******" self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.project_1 = Project.objects.filter(title="Project1").first() self.site_1 = Site.objects.filter(code="Site1").first() self.assertTrue(self.site_1.is_custodian(self.custodian_1_user)) self.custodian_2_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.custodian_2_user.set_password(password) self.custodian_2_user.save() self.custodian_2_client = APIClient() self.assertTrue(self.custodian_2_client.login(username=self.custodian_2_user.username, password=password)) self.project_2 = Project.objects.filter(title="Project2").first() self.site_2 = Site.objects.filter(code="Site2").first() self.assertTrue(self.site_2.is_custodian(self.custodian_2_user)) self.assertFalse(self.site_1.is_custodian(self.custodian_2_user)) self.readonly_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_2_user) self.assertFalse(self.site_2.is_custodian(self.readonly_user)) self.assertFalse(self.site_1.is_custodian(self.readonly_user)) self.readonly_user.set_password(password) self.readonly_user.save() self.readonly_client = APIClient() self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password)) self.anonymous_client = APIClient()
def setUp(self): password = '******' self.admin_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.admin_user) self.assertTrue(is_admin(self.admin_user)) self.admin_user.set_password(password) self.admin_user.save() self.admin_client = APIClient() self.assertTrue(self.admin_client.login(username=self.admin_user.username, password=password)) self.custodian_1_user = User.objects.filter(username="******").first() self.assertIsNotNone(self.custodian_1_user) self.custodian_1_user.set_password(password) self.custodian_1_user.save() self.custodian_1_client = APIClient() self.assertTrue(self.custodian_1_client.login(username=self.custodian_1_user.username, password=password)) self.readonly_user = User.objects.filter(username="******").first() self.readonly_user.set_password(password) self.readonly_user.save() self.readonly_client = APIClient() self.assertTrue(self.readonly_client.login(username=self.readonly_user.username, password=password)) self.anonymous_client = APIClient()
def has_object_update_permission(self, request): user = request.user return is_admin(user) or self.is_custodian( user) or self.is_data_engineer(user)
def has_object_destroy_permission(self, request): return is_admin(request.user) or self.is_custodian(request.user)
def has_object_destroy_permission(self, request): user = request.user return is_admin(user) or self.project.is_data_engineer(user)
def has_create_permission(request): return is_admin(request.user)
def has_permission(self, request, view): user = request.user return \ request.method in SAFE_METHODS \ or is_admin(user) \ or (hasattr(view, 'dataset') and view.dataset and view.dataset.is_custodian(user))
def has_object_update_permission(request): return is_admin(request.user)
def has_permission(self, request, view): user = request.user return \ request.method in SAFE_METHODS \ or is_admin(user) \ or (hasattr(view, 'project') and view.project and view.project.is_custodian(user))
def has_object_destroy_permission(self, request): return is_admin(request.user) or self.is_custodian( request.user) or self.is_data_engineer(request.user)
def get_is_admin(self, user): return is_admin(user)
def has_object_destroy_permission(request): return is_admin(request.user)