def test_is_group_owner(self): # user is group owner sec = security.get_security_for_group(self.user, self.group) self.assertTrue(sec.is_group_owner()) # superuser is not group owner sec = security.get_security_for_group(self.superuser, self.group) self.assertFalse(sec.is_group_owner()) # staff user is not group owner sec = security.get_security_for_group(self.staffuser, self.group) self.assertFalse(sec.is_group_owner())
def can_delete_group(group, user): """ Checks if a given user has enough rights to delete a group :param group: booki.editor.models.BookiGroup instance :param user: django.contrib.auth.models.User instance :returns: Boolean """ group_security = security.get_security_for_group(user, group) return group_security.is_group_admin()
def dispatch(self, request, *args, **kwargs): """ Checks if user is a group admin. If not, return no permissions page """ self.object = self.get_object() group_security = security.get_security_for_group(request.user, self.object) if not group_security.is_admin(): return views.ErrorPage(request, "errors/nopermissions.html") return super(GroupUpdateView, self).dispatch(request, *args, **kwargs)
def get_context_data(self, **kwargs): context = super(GroupPageView, self).get_context_data(**kwargs) try: context['selected_group'] = BookiGroup.objects.get(url_name=context['groupid']) except BookiGroup.DoesNotExist: context['selected_group_error'] = True return context except BookiGroup.MultipleObjectsReturned: context['selected_group_error'] = True return context context['selected_group_error'] = False context['title'] = context['selected_group'].name context['group_members'] = context['selected_group'].members.all() if self.request.user.is_superuser: context['books_list'] = Book.objects.filter(group=context['selected_group']).order_by('-created') else: context['books_list'] = Book.objects.filter( Q(group=context['selected_group']), Q(hidden=False) | Q(owner=self.request.user) ).order_by('-created') context['user_group'] = { 'url_name': context['selected_group'].url_name, 'name': context['selected_group'].name, 'description': context['selected_group'].description, 'num_members': context['selected_group'].members.count(), 'num_books': context['books_list'].count(), 'group_image': context['selected_group'].get_big_group_image } context['books_to_add'] = [] user_group_security = security.get_security_for_group(self.request.user, context['selected_group']) context['is_group_admin'] = user_group_security.is_group_admin() if context['is_group_admin']: if self.request.user.is_superuser: # Last filter (group__isnull=True) should be removed when Book model will support multiple groups list_of_books = Book.objects.exclude(group=context['selected_group']).\ filter(group__isnull=True) else: # Last filter (group__isnull=True) should be removed when Book model will support multiple groups list_of_books = Book.objects.exclude(group=context['selected_group']).\ filter(owner=self.request.user).\ filter(group__isnull=True) for b in list_of_books: context['books_to_add'].append({'id': b.id, 'cover': b.cover, 'url_title': b.url_title, 'title': b.title}) context['is_group_member'] = self.request.user in context['group_members'] return context
def delete(self, request, *args, **kwargs): user = self.request.user group = self.get_object() group_security = security.get_security_for_group(user, group) if group.owner != user and not user.is_superuser or not group_security.is_group_admin(): messages.warning(self.request, _("You are not allowed to delete this group")) return HttpResponseRedirect(self.get_success_url()) else: # remove books from group group.book_set.update(group=None) # delete group images if needed try: group.remove_group_images() except Exception as e: print e messages.success(self.request, _('Group successfully deleted.')) return super(GroupDeleteView, self).delete(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): # try to create security instance try: if self.security_bridge is Security: self.security = get_security(request.user) elif self.security_bridge is BookSecurity: book = Book.objects.get(url_title__iexact=kwargs['bookid']) self.security = get_security_for_book(request.user, book) elif self.security_bridge is GroupSecurity: group = BookiGroup.objects.get(url_name=kwargs['groupid']) self.security = get_security_for_group(request.user, group) except (BookiGroup.DoesNotExist, Book.DoesNotExist): raise Http404 except KeyError as e: raise Exception('{bridge} bridge requires "{key}" in request'.format(bridge=self.security_bridge, key=e.message)) # hook for checking permissions self.check_permissions(request, *args, **kwargs) return super(SecurityMixin, self).dispatch(request, *args, **kwargs)
def test_get_security_for_group(self): # let's test helper for retrieving BookSecurity instance group = self.bookrole.book.group self.assertEqual(security.GroupSecurity(self.user, group).__class__, security.get_security_for_group(self.user, group).__class__)
def test_get_security_for_group(self): # let's test helper for retrieving BookSecurity instance group = self.bookrole.book.group self.assertEqual( security.GroupSecurity(self.user, group).__class__, security.get_security_for_group(self.user, group).__class__)