def get(self, object_type, object_id, access_type): model = get_model_from_type(object_type) obj = get_object_or_404(model.get_by_id_and_org, object_id, self.current_org) has_access = AccessPermission.exists(obj, access_type, self.current_user) return {'response': has_access}
def test_creates_permission_if_the_user_is_an_owner(self): query = self.factory.create_query() other_user = self.factory.create_user() data = {"access_type": ACCESS_TYPE_MODIFY, "user_id": other_user.id} rv = self.make_request("post", "/api/queries/{}/acl".format(query.id), user=query.user, data=data) self.assertEqual(200, rv.status_code) self.assertTrue(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_creates_permission_if_the_user_is_an_owner(self): query = self.factory.create_query() other_user = self.factory.create_user() data = { 'access_type': ACCESS_TYPE_MODIFY, 'user_id': other_user.id } rv = self.make_request('post', '/api/queries/{}/acl'.format(query.id), user=query.user, data=data) self.assertEqual(200, rv.status_code) self.assertTrue(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_removes_permission(self): query = self.factory.create_query() user = self.factory.user other_user = self.factory.create_user() data = {"access_type": ACCESS_TYPE_MODIFY, "user_id": other_user.id} AccessPermission.grant(obj=query, access_type=ACCESS_TYPE_MODIFY, grantor=self.factory.user, grantee=other_user) rv = self.make_request("delete", "/api/queries/{}/acl".format(query.id), user=user, data=data) self.assertEqual(rv.status_code, 200) self.assertFalse(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_removes_permission_created_by_another_user(self): query = self.factory.create_query() other_user = self.factory.create_user() data = { 'access_type': ACCESS_TYPE_MODIFY, 'user_id': other_user.id } AccessPermission.grant(obj=query, access_type=ACCESS_TYPE_MODIFY, grantor=self.factory.user, grantee=other_user) rv = self.make_request('delete', '/api/queries/{}/acl'.format(query.id), user=self.factory.create_admin(), data=data) self.assertEqual(rv.status_code, 200) self.assertFalse(AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))
def test_removes_permission(self): query = self.factory.create_query() user = self.factory.user other_user = self.factory.create_user() data = {"access_type": ACCESS_TYPE_MODIFY, "user_id": other_user.id} AccessPermission.grant( obj=query, access_type=ACCESS_TYPE_MODIFY, grantor=self.factory.user, grantee=other_user, ) rv = self.make_request("delete", "/api/queries/{}/acl".format(query.id), user=user, data=data) self.assertEqual(rv.status_code, 200) self.assertFalse( AccessPermission.exists(query, ACCESS_TYPE_MODIFY, other_user))