def get_form_kwargs(self): kwargs = super(G3WACLViewMixin, self).get_form_kwargs() kwargs['request'] = self.request # get editor level 1 users editor_user_pk = None editor_users = get_users_for_object(self.object, self.editor_permission, [G3W_EDITOR2, G3W_EDITOR1]) if editor_users: editor_user_pk = editor_users[0].id if self.request.user.is_superuser: kwargs['initial']['editor_user'] = editor_users[0].id # get editor level2 users editor2_user_pk = None editor2_users = get_users_for_object(self.object, self.editor2_permission, [G3W_EDITOR2]) if editor2_users: editor2_user_pk = editor2_users[0].id if self.request.user.is_superuser or userHasGroups(self.request.user, [G3W_EDITOR1]): kwargs['initial']['editor2_user'] = editor2_users[0].id # get viewer users viewers = get_viewers_for_object(self.object, self.request.user, self.viewer_permission) # get only user id and check if user is group or project editor kwargs['initial']['viewer_users'] = [o.id for o in viewers if o.id not in [editor_user_pk, editor2_user_pk]] # get initial editor user_groups group_editors = get_user_groups_for_object(self.object, self.request.user, self.editor2_permission, 'editor') kwargs['initial']['editor_user_groups'] = [o.id for o in group_editors] group_viewers = get_user_groups_for_object(self.object, self.request.user, self.viewer_permission, 'viewer') kwargs['initial']['viewer_user_groups'] = [o.id for o in group_viewers] return kwargs
def save(self, commit=True): super(GroupForm, self).save() self._ACLPolicy() # add permission to editor1 if current user is editor1 if userHasGroups(self.request.user, [G3W_EDITOR1]): self.instance.addPermissionsToEditor(self.request.user)
def clean_macrogroups(self): # for case editor1 without permission on magrogroup if userHasGroups(self.request.user, [G3W_EDITOR1]) and self.instance.pk: return self.cleaned_data['macrogroups'] | \ self.instance.macrogroups.filter(~Q(pk__in=self.fields['macrogroups'].queryset)) return self.cleaned_data['macrogroups']
def crispyBoxMacroGroups(form, **kwargs): """ Build a Crispy object layout element (div) for on AdminLTE2 box structure. For macrogroups multiple selections :param form: Django form instance (not used) :return: Div Crispy form layout object """ if form.request.user.is_superuser or userHasGroups(form.request.user, [G3W_EDITOR1]): return Div(Div(Div(HTML( "<h3 class='box-title'><i class='fa fa-globe'></i> {}</h3>".format( _('MACRO Groups'))), css_class='box-header with-border'), Div(Div( Field( 'macrogroups', **{ 'css_class': 'select2 col-md-12', 'multiple': 'multiple', 'style': 'width:100%;' }), ), css_class='box-body'), css_class='box box-danger'), css_class='col-md-6') else: return None
def save(self, commit=True): self._ACLPolicy() self._save_url_alias() # add permission to Editor level 1 and 2 if current user is Editor level 1 or 2 if userHasGroups(self.request.user, [G3W_EDITOR1, G3W_EDITOR2]): self.instance.addPermissionsToEditor(self.request.user) # give permission to Editor level 1 of group id user is Editor level 2 if userHasGroups(self.request.user, [G3W_EDITOR2]): # give permission to user groups of map group user_editor_groups = get_groups_for_object( self.instance.group, 'view_group', 'editor') self.instance.add_permissions_to_editor_user_groups( [uge.pk for uge in user_editor_groups]) editor_users = get_users_for_object( self.instance.group, 'view_group', [G3W_EDITOR1, G3W_EDITOR2]) for eu in editor_users: self.instance.addPermissionsToEditor(eu)
def _set_viewer_user_groups_choices(self): """ Set choices for viewer_user_groups select by permission on project and by user main role """ # add user_groups_viewer choices user_groups_viewers = get_groups_for_object( self.project, 'view_project', grouprole='viewer') # for Editor level filter by his groups if userHasGroups(self.request.user, [G3W_EDITOR1]): editor1_user_gorups_viewers = get_objects_for_user(self.request.user, 'auth.change_group', AuthGroup).order_by('name').filter(grouprole__role='viewer') user_groups_viewers = list(set(user_groups_viewers).intersection( set(editor1_user_gorups_viewers))) self.fields['user_groups_viewer'].choices = [ (v.pk, v) for v in user_groups_viewers]
def test_user_form_crud(self): """ Test user CRUD form """ # Set current user to Admin1 # ========================== self.request.user = self.test_user1 # Check empty form uform = G3WUserForm(request=self.request) self.assertFalse(uform.is_valid()) # Create a admin 1 form_data = { 'username': '******', 'password1': self.users_password, 'password2': self.users_password, 'is_superuser': True, 'is_staff': True, 'groups': [self.main_roles[G3W_EDITOR1].pk ], # required also fro admin1 and admin2 'backend': USER_BACKEND_DEFAULT } uform = G3WUserForm(request=self.request, data=form_data) self.assertTrue(uform.is_valid()) uform.save() u = User.objects.get(username='******') self.assertTrue(u.is_superuser) self.assertTrue(u.is_staff) u.delete() del (u) # Create a admin level 2 form_data = { 'username': '******', 'password1': self.users_password, 'password2': self.users_password, 'is_superuser': True, 'is_staff': True, 'groups': [self.main_roles[G3W_EDITOR1].pk ], # required also for admin1 and admin2 'backend': USER_BACKEND_DEFAULT } uform = G3WUserForm(request=self.request, data=form_data) self.assertTrue(uform.is_valid()) uform.save() u = User.objects.get(username='******') self.assertTrue(u.is_superuser) self.assertTrue(u.is_staff) # Update user initial_data = copy.copy(form_data) form_data.update({'username': '******'}) uform = G3WUserForm(request=self.request, data=form_data, initial=initial_data, instance=u) self.assertTrue(uform.is_valid()) uform.save() # Check self constraint with self.assertRaises(ObjectDoesNotExist) as ex: u = User.objects.get(username='******') u = User.objects.get(username='******') self.assertTrue(u.is_superuser) self.assertTrue(u.is_staff) u.delete() del (u) form_data.update({'username': '******', 'is_staff': False}) uform = G3WUserForm(request=self.request, data=form_data) self.assertTrue(uform.is_valid()) uform.save() u = User.objects.get(username='******') self.assertTrue(u.is_superuser) self.assertFalse(u.is_staff) u.delete() del (u) # Work as admin level 2 # ===================== self.request.user = self.test_user2 # Create a Admin2 form_data = { 'username': '******', 'password1': self.users_password, 'password2': self.users_password, 'is_superuser': True, 'is_staff': True, 'groups': [self.main_roles[G3W_EDITOR1].pk], # required also for admin1 and admin2 'backend': USER_BACKEND_DEFAULT } uform = G3WUserForm(request=self.request, data=form_data) self.assertTrue(uform.is_valid()) uform.save() u = User.objects.get(username='******') # Check User is Editor level 1 self.assertFalse(userHasGroups(u, [G3W_EDITOR1])) self.assertFalse(userHasGroups(u, [G3W_EDITOR2])) self.assertFalse(userHasGroups(u, [G3W_VIEWER1])) # Check Admin2 can't set a Admin1 but only another Admin2 self.assertTrue(u.is_superuser) self.assertFalse(u.is_staff) u.delete() del (u) # Create a Editor 1 form_data = { 'username': '******', 'password1': self.users_password, 'password2': self.users_password, 'is_superuser': False, 'is_staff': True, 'groups': [self.main_roles[G3W_EDITOR1].pk, self.main_roles[G3W_VIEWER1].pk ], # required also for admin1 and admin2 'backend': USER_BACKEND_DEFAULT } uform = G3WUserForm(request=self.request, data=form_data) self.assertTrue(uform.is_valid()) uform.save() u = User.objects.get(username='******') # Check User is Editor level 1 self.assertTrue(userHasGroups(u, [G3W_EDITOR1])) self.assertFalse(userHasGroups(u, [G3W_EDITOR2])) self.assertTrue(userHasGroups(u, [G3W_VIEWER1])) # Check Admin2 can't set a Admin1 but only another Admin2 self.assertFalse(u.is_superuser) self.assertFalse(u.is_staff) u.delete() del (u) # Work as editor level 1 # ======================= self.request.user = self.test_editor1 # Create a Editor 2 form_data = { 'username': '******', 'password1': self.users_password, 'password2': self.users_password, 'is_superuser': True, 'is_staff': True, 'groups': [self.main_roles[G3W_EDITOR2].pk], # required also for admin1 and admin2 'backend': USER_BACKEND_DEFAULT } uform = G3WUserForm(request=self.request, data=form_data) self.assertTrue(uform.is_valid()) uform.save() u = User.objects.get(username='******') # Check User is Editor level 2 self.assertFalse(userHasGroups(u, [G3W_EDITOR1])) self.assertTrue(userHasGroups(u, [G3W_EDITOR2])) self.assertFalse(userHasGroups(u, [G3W_VIEWER1])) self.assertFalse(u.is_superuser) self.assertFalse(u.is_staff) u.delete() del (u) # Editor lavel 2 can't set a Editor level 1 form_data.update({'groups': [self.main_roles[G3W_EDITOR1].pk]}) uform = G3WUserForm(request=self.request, data=form_data) self.assertFalse(uform.is_valid())