def setUp(self): self.app = Webapp.objects.get(pk=337141) self.permission = AllowAppOwner() self.anonymous = AnonymousUser() self.owner = self.app.authors.all()[0] self.request = RequestFactory().get('/') self.request.user = self.anonymous
class TestAllowAppOwner(TestCase): fixtures = fixture('user_2519', 'webapp_337141') def setUp(self): self.app = Webapp.objects.get(pk=337141) self.permission = AllowAppOwner() self.anonymous = AnonymousUser() self.owner = self.app.authors.all()[0] self.request = RequestFactory().get('/') self.request.user = self.anonymous def test_has_permission_anonymous(self): eq_(self.permission.has_permission(self.request, 'myview'), False) def test_has_permission_user(self): self.request.user = self.owner self.request.user = self.owner eq_(self.permission.has_permission(self.request, 'myview'), True) def test_has_object_permission_user(self): self.request.user = self.owner self.request.user = self.owner obj = self.app eq_(self.permission.has_object_permission(self.request, 'myview', obj), True) def test_has_object_permission_different_user(self): self.request.user = UserProfile.objects.get(pk=2519) self.request.user = self.request.user obj = self.app eq_(self.permission.has_object_permission(self.request, 'myview', obj), False) def test_has_object_permission_anonymous(self): obj = self.app eq_(self.permission.has_object_permission(self.request, 'myview', obj), False)
def check(self, request, app, account): if AllowAppOwner().has_object_permission(request, '', app): if account.shared or account.user.pk == request.user.pk: return True else: log.info('AddonPaymentAccount access %(account)s denied ' 'for %(user)s: wrong user, not shared.'.format({ 'account': account.pk, 'user': request.user.pk })) else: log.info('AddonPaymentAccount access %(account)s denied ' 'for %(user)s: no app permission.'.format({ 'account': account.pk, 'user': request.user.pk })) return False
def check(self, request, free, premium): allow = AllowAppOwner() for app in free, premium: if app and not allow.has_object_permission(request, '', app): return False return True