def test_roles_unique(self): self.role = Role(name='abc') self.role.save() rp = RolePermission(role=self.role, permission=self.perm_change) rp.save() rp = RolePermission(role=self.role, permission=self.perm_delete) rp.save() try: rp = RolePermission(role=role, permission=self.perm_change) rp.save() fail('Duplicate is not detected') except: pass
def update_roles_permissions( Role, Permission, RolePermission, app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs ): if not router.allow_migrate_model(using, Role): return try: Role = app_config.get_model("trusts", "Role") except LookupError: return # This will hold the roles we're looking for as # (rolename (permissions)) model_roles = {} for klass in app_config.get_models(): if hasattr(klass._meta, "roles"): _process_roles(Permission, model_roles, klass, klass._meta.roles, using) elif hasattr(klass._meta, "content_roles"): if hasattr(klass, "get_content_model"): content_klass = klass.get_content_model() _process_roles(Permission, model_roles, content_klass, klass._meta.content_roles, using) # Find all the Roles and its Permission db_roles = {} for r in Role.objects.using(using).all(): db_roles[r.name] = set(r.permissions.all()) # Get all the diff between sets model_rolenames = set(model_roles.keys()) db_rolenames = set(db_roles.keys()) added_rolenames = model_rolenames - db_rolenames deleted_rolenames = db_rolenames - model_rolenames existing_rolenames = model_rolenames.intersection(db_rolenames) # Prepare rolepermissions for bulk op at the end bulk_add_rolepermissions = [] q_del_rolepermissions = [] deleted_role_ids = [] # Process added roles for rolename in added_rolenames: r = Role(name=rolename) r.save() for p in model_roles[rolename]: bulk_add_rolepermissions.append(RolePermission(managed=True, permission=p, role=r)) # Process existing roles for rolename in existing_rolenames: r = Role.objects.get(name=rolename) db_permissions = db_roles[rolename] model_permissions = model_roles[rolename] added_permissions = set(model_permissions) - set(db_permissions) for p in added_permissions: bulk_add_rolepermissions.append(RolePermission(managed=True, permission=p, role=r)) deleted_permissions = set(db_permissions) - set(model_permissions) if len(deleted_permissions): q_del_rolepermissions.append((r, Q(managed=True, role=r, permission__in=deleted_permissions))) # Process deleted roles for rolename in deleted_rolenames: r = Role.objects.get(name=rolename) q_del_rolepermissions.append((r, Q(managed=True, role=r))) deleted_role_ids.append(r.pk) # Create the added role permissions RolePermission.objects.using(using).bulk_create(bulk_add_rolepermissions) if verbosity >= 2: for rolepermission in bulk_add_rolepermissions: print('Adding role(%s).rolepermission "%s"' % (rolepermission.role.name, rolepermission)) # Remove the deleted role permissions for r, q in q_del_rolepermissions: qs = RolePermission.objects.filter(q) if verbosity >= 2: if qs.count() > 0: for rolepermission in qs.all(): print('Removing role(%s).rolepermission "%s"' % (rolepermission.role.name, rolepermission)) qs.delete() # Remove the deleted role qs = Role.objects.filter(pk__in=deleted_role_ids, permissions__isnull=True) if verbosity >= 2: if qs.count() > 0: for role in qs.all(): print('Removing role "%s"' % (role.name)) qs.delete()
class RoleTestMixin(object): def get_perm_codename(self, action): return '%s_%s' % (action, self.model_name.lower()) def test_roles_in_meta(self): self.assertIsNotNone(self.get_model_roles()) def test_roles_unique(self): self.role = Role(name='abc') self.role.save() rp = RolePermission(role=self.role, permission=self.perm_change) rp.save() rp = RolePermission(role=self.role, permission=self.perm_delete) rp.save() try: rp = RolePermission(role=role, permission=self.perm_change) rp.save() fail('Duplicate is not detected') except: pass def test_has_perm(self): get_or_create_root_user(self) reload_test_users(self) self.trust, created = Trust.objects.get_or_create_settlor_default(settlor=self.user) call_command('update_roles_permissions') self.content1 = self.create_content(self.trust) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change))) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read))) self.group.user_set.add(self.user) self.trust.groups.add(self.group) Role.objects.get(name='public').groups.add(self.group) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) def test_has_perm_diff_roles_on_contents(self): self.test_has_perm() content2 = self.create_content(self.trust) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content2)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content2)) # diff trust, same group, same role trust3 = Trust(settlor=self.user, title='trust 3') trust3.save() content3 = self.create_content(trust3) reload_test_users(self) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read), content3)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3)) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) trust3.groups.add(self.group) reload_test_users(self) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3)) # make sure trust does not affect one another self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) # diff trust, diff group, stronger role, not in group trust4 = Trust(settlor=self.user, title='trust 4') trust4.save() content4 = self.create_content(trust4) group4 = Group(name='admin group') group4.save() Role.objects.get(name='admin').groups.add(group4) reload_test_users(self) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content3)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_read), content4)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), content4)) # make sure trust does not affect one another self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) def test_has_perm_diff_group_on_contents(self): self.test_has_perm() # same trust, diff role, in different group group3 = Group(name='write group') group3.save() Role.objects.get(name='write').groups.add(group3) self.trust.groups.add(group3) reload_test_users(self) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertFalse(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) group3.user_set.add(self.user) reload_test_users(self) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) content3 = self.create_content(self.trust) reload_test_users(self) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), content3)) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_change), content3)) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_read), self.content1)) self.assertTrue(self.user.has_perm(self.get_perm_code(self.perm_change), self.content1)) def test_management_command_create_roles(self): self.assertEqual(Role.objects.count(), 0) self.assertEqual(RolePermission.objects.count(), 0) call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 3) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 9) rp = Role.objects.get(name='public') ra = Role.objects.get(name='admin') rw = Role.objects.get(name='write') self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).count(), 2) self.assertEqual(ra.permissions.filter(content_type__app_label=self.app_label).count(), 4) ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('add_topic_to')) ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('read')) ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('add')) ra.permissions.filter(content_type__app_label=self.app_label).get(codename=self.get_perm_codename('change')) self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('add_topic_to')).count(), 1) self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('add')).count(), 0) self.assertEqual(rp.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('change')).count(), 0) # Make change and ensure we add items self.append_model_roles('read', (self.get_perm_codename('read'),)) call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 4) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 10) rr = Role.objects.get(name='read') self.assertEqual(rr.permissions.filter(content_type__app_label=self.app_label).count(), 1) self.assertEqual(rr.permissions.filter(content_type__app_label=self.app_label).filter(codename=self.get_perm_codename('read')).count(), 1) # Add self.remove_model_roles('write') self.append_model_roles('write', (self.get_perm_codename('change'), self.get_perm_codename('add'), self.get_perm_codename('add_topic_to'), self.get_perm_codename('read'),)) call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 4) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 11) # Remove self.remove_model_roles('write') self.append_model_roles('write', (self.get_perm_codename('change'), self.get_perm_codename('read'), )) call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 4) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 9) # Remove 2 self.remove_model_roles('write') self.remove_model_roles('read') self.append_model_roles('write', (self.get_perm_codename('change'), )) call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 3) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 7) # Run again call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 3) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 7) # Add empty self.append_model_roles('read', ()) call_command('update_roles_permissions') rs = Role.objects.all() self.assertEqual(rs.count(), 4) rp = RolePermission.objects.filter(permission__content_type__app_label=self.app_label) self.assertEqual(rp.count(), 7)