def get_required_permissions(self, method, model_cls):
"""
Given a model and an HTTP method, return the list of permission
codes that the user is required to have.
"""
kwargs = {"app_label": model_cls._meta.app_label, "model_name": get_model_name(model_cls)}
return [perm % kwargs for perm in self.perms_map[method]]
def setUpClass(cls):
from guardian.shortcuts import assign_perm
# create users
create = User.objects.create_user
users = {
'fullaccess': create('fullaccess', '*****@*****.**', 'password'),
'readonly': create('readonly', '*****@*****.**', 'password'),
'writeonly': create('writeonly', '*****@*****.**', 'password'),
'deleteonly': create('deleteonly', '*****@*****.**', 'password'),
}
# give everyone model level permissions, as we are not testing those
everyone = Group.objects.create(name='everyone')
model_name = get_model_name(BasicPermModel)
app_label = BasicPermModel._meta.app_label
f = '{0}_{1}'.format
perms = {
'view': f('view', model_name),
'change': f('change', model_name),
'delete': f('delete', model_name)
}
for perm in perms.values():
perm = '{0}.{1}'.format(app_label, perm)
assign_perm(perm, everyone)
everyone.user_set.add(*users.values())
cls.perms = perms
cls.users = users
def assign_perms_others(sender, instance, created, raw, using, update_fields, **kwargs):
if created:
model_name = get_model_name(sender)
# locate project
if sender in (Workflow, WorkflowRun, Resource, ResourceList):
project = instance.project
elif sender in (WorkflowJob, WorkflowJobGroup):
project = instance.workflow.project
elif sender in (InputPort, OutputPort, WorkflowJobCoordinateSet):
project = instance.workflow_job.workflow.project
elif sender in (WorkflowJobGroupCoordinateSet, ):
project = instance.workflow_job_group.workflow.project
elif sender in (Connection, ):
project = instance.input_port.workflow_job.workflow.project
elif sender in (RunJob, ResultsPackage):
project = instance.workflow_run.project
elif sender in (Input, Output, ):
project = instance.run_job.workflow_run.project
admin_group = project.admin_group
worker_group = project.worker_group
# assign permissions
assign_perm('view_{0}'.format(model_name), admin_group, instance)
assign_perm('add_{0}'.format(model_name), admin_group, instance)
assign_perm('change_{0}'.format(model_name), admin_group, instance)
assign_perm('delete_{0}'.format(model_name), admin_group, instance)
assign_perm('view_{0}'.format(model_name), worker_group, instance)
assign_perm('add_{0}'.format(model_name), worker_group, instance)
assign_perm('change_{0}'.format(model_name), worker_group, instance)
assign_perm('delete_{0}'.format(model_name), worker_group, instance)
def setUpClass(cls):
from guardian.shortcuts import assign_perm
# create users
create = User.objects.create_user
users = {
'fullaccess':
create('fullaccess', '*****@*****.**', 'password'),
'readonly':
create('readonly', '*****@*****.**', 'password'),
'writeonly':
create('writeonly', '*****@*****.**', 'password'),
'deleteonly':
create('deleteonly', '*****@*****.**', 'password'),
}
# give everyone model level permissions, as we are not testing those
everyone = Group.objects.create(name='everyone')
model_name = get_model_name(BasicPermModel)
app_label = BasicPermModel._meta.app_label
f = '{0}_{1}'.format
perms = {
'view': f('view', model_name),
'change': f('change', model_name),
'delete': f('delete', model_name)
}
for perm in perms.values():
perm = '{0}.{1}'.format(app_label, perm)
assign_perm(perm, everyone)
everyone.user_set.add(*users.values())
cls.perms = perms
cls.users = users
def filter_queryset(self, request, queryset, view):
user = request.user
model_cls = queryset.model
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
permission = self.perm_format % kwargs
return guardian.shortcuts.get_objects_for_user(user, permission, queryset)
def filter_queryset(self, request, queryset, view):
user = request.user
model_cls = queryset.model
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
permission = self.perm_format % kwargs
return guardian.shortcuts.get_objects_for_user(user, permission, queryset)
def get_required_object_permissions(self, method, model_cls):
parent_model = model_cls._meta.get_field(self.parent_key).rel.to
kwargs = {
'app_label': parent_model._meta.app_label,
'model_name': get_model_name(parent_model)
}
return [perm % kwargs for perm in self.perms_map[method]]
def get_required_permissions(self, method, model_cls):
"""
Given a model and an HTTP method, return the list of permission
codes that the user is required to have.
"""
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
return [perm % kwargs for perm in self.perms_map[method]]
def filter_queryset(cls, user, queryset):
model_cls = queryset.model
view_all_perm_pattern = cls.VIEW_ALL_PERM_PATTERN
view_all_perm = view_all_perm_pattern.format(
app_label=model_cls._meta.app_label,
model_name=get_model_name(model_cls),
)
if user.has_perm(view_all_perm):
return queryset
else:
return queryset.filter(owner=user, )
def filter_queryset(self, request, queryset, view):
extra = {}
user = request.user
model_cls = queryset.model
kwargs = {"app_label": model_cls._meta.app_label, "model_name": get_model_name(model_cls)}
permission = self.perm_format % kwargs
if guardian.VERSION >= (1, 3):
# Maintain behavior compatibility with versions prior to 1.3
extra = {"accept_global_perms": False}
else:
extra = {}
return guardian.shortcuts.get_objects_for_user(user, permission, queryset, **extra)
def filter_queryset(self, request, queryset, view):
user = request.user
model_cls = queryset.model
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
permission = self.perm_format % kwargs
if guardian.VERSION >= (1, 3):
# Maintain behavior compatibility with versions prior to 1.3
extra = {'accept_global_perms': False}
return guardian.shortcuts.get_objects_for_user(user, permission,
queryset, **extra)
def assign_perms_project(sender, instance, created, raw, using, update_fields, **kwargs):
if created:
model_name = get_model_name(sender)
if instance.creator:
assign_perm('view_{0}'.format(model_name), instance.creator, instance)
assign_perm('change_{0}'.format(model_name), instance.creator, instance)
assign_perm('delete_{0}'.format(model_name), instance.creator, instance)
instance.admin_group.user_set.add(instance.creator)
assign_perm('view_{0}'.format(model_name), instance.admin_group, instance)
assign_perm('change_{0}'.format(model_name), instance.admin_group, instance)
assign_perm('view_{0}'.format(model_name), instance.worker_group, instance)
def filter_queryset(cls, user, queryset):
model_cls = queryset.model
view_all_perm_pattern = cls.VIEW_ALL_PERM_PATTERN
view_all_perm = view_all_perm_pattern.format(
app_label=model_cls._meta.app_label,
model_name=get_model_name(model_cls),
)
if user.has_perm(view_all_perm):
return queryset
else:
return queryset.filter(
owner=user,
)
def setUp(self):
from guardian.shortcuts import assign_perm
# create users
create = User.objects.create_user
users = {
'fullaccess':
create('fullaccess', '*****@*****.**', 'password'),
'readonly':
create('readonly', '*****@*****.**', 'password'),
'writeonly':
create('writeonly', '*****@*****.**', 'password'),
'deleteonly':
create('deleteonly', '*****@*****.**', 'password'),
}
# give everyone model level permissions, as we are not testing those
everyone = Group.objects.create(name='everyone')
model_name = get_model_name(BasicPermModel)
app_label = BasicPermModel._meta.app_label
f = '{0}_{1}'.format
perms = {
'view': f('view', model_name),
'change': f('change', model_name),
'delete': f('delete', model_name)
}
for perm in perms.values():
perm = '{0}.{1}'.format(app_label, perm)
assign_perm(perm, everyone)
everyone.user_set.add(*users.values())
# appropriate object level permissions
readers = Group.objects.create(name='readers')
writers = Group.objects.create(name='writers')
deleters = Group.objects.create(name='deleters')
model = BasicPermModel.objects.create(text='foo')
assign_perm(perms['view'], readers, model)
assign_perm(perms['change'], writers, model)
assign_perm(perms['delete'], deleters, model)
readers.user_set.add(users['fullaccess'], users['readonly'])
writers.user_set.add(users['fullaccess'], users['writeonly'])
deleters.user_set.add(users['fullaccess'], users['deleteonly'])
self.credentials = {}
for user in users.values():
self.credentials[user.username] = basic_auth_header(
user.username, 'password')
def assign_perms_user_userpreference(sender, instance, created, raw, using, update_fields, **kwargs):
if created:
model_name = get_model_name(sender)
if sender == UserPreference:
assign_perm('view_{0}'.format(model_name), instance.user, instance)
assign_perm('change_{0}'.format(model_name), instance.user, instance)
assign_perm('delete_{0}'.format(model_name), instance.user, instance)
elif not settings.TEST:
# add permission for viewing/changing/deleting the same user
assign_perm('view_{0}'.format(model_name), instance, instance)
assign_perm('change_{0}'.format(model_name), instance, instance)
assign_perm('delete_{0}'.format(model_name), instance, instance)
# add permission for viewing other users by adding it to view_user_permission group
group = Group.objects.get_or_create(name="view_user_permission")[0]
instance.groups.add(group)
assign_perm('view_user', group, instance)
def setUp(self):
from guardian.shortcuts import assign_perm
# create users
create = User.objects.create_user
users = {
'fullaccess': create('fullaccess', '*****@*****.**', 'password'),
'readonly': create('readonly', '*****@*****.**', 'password'),
'writeonly': create('writeonly', '*****@*****.**', 'password'),
'deleteonly': create('deleteonly', '*****@*****.**', 'password'),
}
# give everyone model level permissions, as we are not testing those
everyone = Group.objects.create(name='everyone')
model_name = get_model_name(BasicPermModel)
app_label = BasicPermModel._meta.app_label
f = '{0}_{1}'.format
perms = {
'view': f('view', model_name),
'change': f('change', model_name),
'delete': f('delete', model_name)
}
for perm in perms.values():
perm = '{0}.{1}'.format(app_label, perm)
assign_perm(perm, everyone)
everyone.user_set.add(*users.values())
# appropriate object level permissions
readers = Group.objects.create(name='readers')
writers = Group.objects.create(name='writers')
deleters = Group.objects.create(name='deleters')
model = BasicPermModel.objects.create(text='foo')
assign_perm(perms['view'], readers, model)
assign_perm(perms['change'], writers, model)
assign_perm(perms['delete'], deleters, model)
readers.user_set.add(users['fullaccess'], users['readonly'])
writers.user_set.add(users['fullaccess'], users['writeonly'])
deleters.user_set.add(users['fullaccess'], users['deleteonly'])
self.credentials = {}
for user in users.values():
self.credentials[user.username] = basic_auth_header(user.username, 'password')
def assign_perms_project(sender, instance, created, raw, using, update_fields,
**kwargs):
if created:
model_name = get_model_name(sender)
if instance.creator:
assign_perm('view_{0}'.format(model_name), instance.creator,
instance)
assign_perm('change_{0}'.format(model_name), instance.creator,
instance)
assign_perm('delete_{0}'.format(model_name), instance.creator,
instance)
instance.admin_group.user_set.add(instance.creator)
assign_perm('view_{0}'.format(model_name), instance.admin_group,
instance)
assign_perm('change_{0}'.format(model_name), instance.admin_group,
instance)
assign_perm('view_{0}'.format(model_name), instance.worker_group,
instance)
def assign_perms_user_userpreference(sender, instance, created, raw, using,
update_fields, **kwargs):
if created:
model_name = get_model_name(sender)
if sender == UserPreference:
assign_perm('view_{0}'.format(model_name), instance.user, instance)
assign_perm('change_{0}'.format(model_name), instance.user,
instance)
assign_perm('delete_{0}'.format(model_name), instance.user,
instance)
elif not settings.TEST:
# add permission for viewing/changing/deleting the same user
assign_perm('view_{0}'.format(model_name), instance, instance)
assign_perm('change_{0}'.format(model_name), instance, instance)
assign_perm('delete_{0}'.format(model_name), instance, instance)
# add permission for viewing other users by adding it to view_user_permission group
group = Group.objects.get_or_create(name="view_user_permission")[0]
instance.groups.add(group)
assign_perm('view_user', group, instance)
def setUp(self):
from guardian.shortcuts import assign_perm
# create users
create = User.objects.create_user
users = {
"fullaccess": create("fullaccess", "*****@*****.**", "password"),
"readonly": create("readonly", "*****@*****.**", "password"),
"writeonly": create("writeonly", "*****@*****.**", "password"),
"deleteonly": create("deleteonly", "*****@*****.**", "password"),
}
# give everyone model level permissions, as we are not testing those
everyone = Group.objects.create(name="everyone")
model_name = get_model_name(BasicPermModel)
app_label = BasicPermModel._meta.app_label
f = "{0}_{1}".format
perms = {"view": f("view", model_name), "change": f("change", model_name), "delete": f("delete", model_name)}
for perm in perms.values():
perm = "{0}.{1}".format(app_label, perm)
assign_perm(perm, everyone)
everyone.user_set.add(*users.values())
# appropriate object level permissions
readers = Group.objects.create(name="readers")
writers = Group.objects.create(name="writers")
deleters = Group.objects.create(name="deleters")
model = BasicPermModel.objects.create(text="foo")
assign_perm(perms["view"], readers, model)
assign_perm(perms["change"], writers, model)
assign_perm(perms["delete"], deleters, model)
readers.user_set.add(users["fullaccess"], users["readonly"])
writers.user_set.add(users["fullaccess"], users["writeonly"])
deleters.user_set.add(users["fullaccess"], users["deleteonly"])
self.credentials = {}
for user in users.values():
self.credentials[user.username] = basic_auth_header(user.username, "password")
def assign_perms_others(sender, instance, created, raw, using, update_fields,
**kwargs):
if created:
model_name = get_model_name(sender)
# locate project
if sender in (Workflow, WorkflowRun, Resource, ResourceList):
project = instance.project
elif sender in (WorkflowJob, WorkflowJobGroup):
project = instance.workflow.project
elif sender in (InputPort, OutputPort, WorkflowJobCoordinateSet):
project = instance.workflow_job.workflow.project
elif sender in (WorkflowJobGroupCoordinateSet, ):
project = instance.workflow_job_group.workflow.project
elif sender in (Connection, ):
project = instance.input_port.workflow_job.workflow.project
elif sender in (RunJob, ResultsPackage):
project = instance.workflow_run.project
elif sender in (
Input,
Output,
):
project = instance.run_job.workflow_run.project
admin_group = project.admin_group
worker_group = project.worker_group
# assign permissions
assign_perm('view_{0}'.format(model_name), admin_group, instance)
assign_perm('add_{0}'.format(model_name), admin_group, instance)
assign_perm('change_{0}'.format(model_name), admin_group, instance)
assign_perm('delete_{0}'.format(model_name), admin_group, instance)
assign_perm('view_{0}'.format(model_name), worker_group, instance)
assign_perm('add_{0}'.format(model_name), worker_group, instance)
assign_perm('change_{0}'.format(model_name), worker_group, instance)
assign_perm('delete_{0}'.format(model_name), worker_group, instance)
def get_required_object_permissions(self, method, model_cls):
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
return [perm % kwargs for perm in self.perms_map[method]]
def get_required_object_permissions(self, method, model_cls):
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
return [perm % kwargs for perm in self.perms_map[method]]
