def test_any_permissions(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perms = Permission.objects.filter( content_type__app_label='auth', codename__in=['add_group', 'change_group']) access_rule.permissions.add(*perms) self.user1.user_permissions.add(*perms) self.user1.groups.add(*groups) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.delete_group'], any_perm=False) self.assertEqual(set(), set(objects)) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.delete_group'], any_perm=True) self.assertEqual(set(groups), set(objects))
def test_multiple_permissions_to_check_use_groups(self): self.group.permissions.add( Permission.objects.get(content_type__app_label='auth', codename='add_group')) self.user1.user_permissions.add( Permission.objects.get(content_type__app_label='auth', codename='change_group')) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) access_rule.permissions.add(*Permission.objects.filter( content_type__app_label='auth', codename__in=['add_group', 'change_group'])) self.user1.groups.add(self.group) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.change_group'], use_groups=True) self.assertEqual(set(self.user1.groups.all()), set(objects)) self.user1.groups.remove(self.group) objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.change_group'], use_groups=False) self.assertEqual(set(), set(objects))
def test_with_superuser_false(self): BookFixture(Book, follow_fk=True, generate_m2m={ 'authors': (1, 1) }).create(count=2) user = User.objects.latest('pk') user.is_superuser = True # `with_superuser=False` requires defined access rules - should yield no results! self.assertEqual( set(Book.objects.none()), set( utils.get_objects_for_user(user, ['testapp.change_book'], Book.objects.all(), with_superuser=False))) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(user), ctype_target=utils.get_content_type(Book), relation_types=[{ 'AUTHOR': None }, { 'BOOK': None }]) perm = Permission.objects.get(content_type__app_label='testapp', codename='change_book') access_rule.permissions.add(perm) user.user_permissions.add(perm) objects = utils.get_objects_for_user(user, ['testapp.change_book'], Book.objects.all(), with_superuser=False) self.assertEqual(set(user.author.book_set.all()), set(objects))
def test_multiple_permissions_to_check_requires_staff(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), requires_staff=True, relation_types=[{ 'GROUPS': None }]) perms = Permission.objects.filter( content_type__app_label='auth', codename__in=['add_group', 'delete_group']) access_rule.permissions.add(*perms) self.user1.user_permissions.add(*perms) self.user1.groups.add(*groups) self.user1.is_staff = True get_node_for_object(self.user1).sync( ) # Sync node in order to write `is_staff` property objects = utils.get_objects_for_user( self.user1, ['auth.add_group', 'auth.delete_group']) self.assertEqual(set(groups), set(objects)) self.user2.user_permissions.add(*perms) self.user2.groups.add(*groups) self.assertFalse(self.user2.is_staff) objects = utils.get_objects_for_user( self.user2, ['auth.add_group', 'auth.delete_group']) self.assertEqual(set(), set(objects))
def test_relation_types_definition_index_variable(self): book = BookFixture(Book, generate_m2m={'authors': (2, 2)}).create_one() get_nodeset_for_queryset(Store.objects.filter(pk=book.pk), sync=True) user = User.objects.filter( pk__in=book.authors.values('user')).latest('pk') perm = Permission.objects.get(content_type__app_label='auth', codename='change_user') access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(User), relation_types=[{ 'AUTHOR': None }, { 'BOOK': None }, { '{0:AUTHORS}': None }, { 'USER': None }]) access_rule.permissions.add(perm) user.user_permissions.add(perm) objects = utils.get_objects_for_user(user, 'auth.change_user') self.assertEqual({user}, set(objects)) self.assertNotEqual(User.objects.count(), objects.count())
def test_nonexistent_source_node(self): user = User.objects.create_user(username='******') node = get_node_for_object(user).sync() node.delete() objects = utils.get_objects_for_user(user, ['testapp.add_book']) self.assertEqual(set(objects), set(Book.objects.none()))
def test_with_superuser_true(self): self.user1.is_superuser = True queryset = Book.objects.all() objects = utils.get_objects_for_user(self.user1, ['testapp.change_book'], queryset, with_superuser=True) self.assertEqual(set(queryset), set(objects))
def filter_queryset(self, request, queryset, view): from chemtrails.contrib.permissions.utils import get_objects_for_user permission = self.perm_format % { 'app_label': queryset.model._meta.app_label, 'model_name': queryset.model._meta.model_name } return get_objects_for_user(request.user, permissions=permission, klass=queryset)
def test_extra_perms_single(self): group = Group.objects.create(name='a group') access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) access_rule.permissions.add( Permission.objects.get(content_type__app_label='auth', codename='add_group')) self.user1.groups.add(group) objects = utils.get_objects_for_user(self.user1, 'auth.add_group') self.assertEqual(set(), set(objects)) objects = utils.get_objects_for_user(self.user1, 'auth.add_group', extra_perms='auth.add_group') self.assertEqual({group}, set(objects))
def test_permissions_single(self): access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perm = Permission.objects.get(content_type__app_label='auth', codename='change_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(self.group) self.assertEqual( set(self.user1.groups.all()), set(utils.get_objects_for_user(self.user1, 'auth.change_group'))) self.assertEqual( set(self.user1.groups.all()), set(utils.get_objects_for_user(self.user1, ['auth.change_group'])))
def test_klass_as_queryset(self): access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perm = Permission.objects.get(content_type__app_label='auth', codename='change_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(self.group) objects = utils.get_objects_for_user(self.user1, ['auth.change_group'], Group.objects.all()) self.assertEqual([obj.name for obj in objects], [self.group.name])
def test_single_permission_to_check(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2', 'group3']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': None }]) perm = Permission.objects.get(content_type__app_label='auth', codename='change_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(*groups) objects = utils.get_objects_for_user(self.user1, 'auth.change_group') self.assertEqual(len(groups), len(objects)) self.assertEqual(set(groups), set(objects))
def test_relation_types_target_props(self): groups = Group.objects.bulk_create( [Group(name=name) for name in ['group1', 'group2']]) access_rule = AccessRule.objects.create( ctype_source=utils.get_content_type(User), ctype_target=utils.get_content_type(Group), relation_types=[{ 'GROUPS': { 'name': 'group1' } }]) perm = Permission.objects.get(content_type__app_label='auth', codename='add_group') access_rule.permissions.add(perm) self.user1.user_permissions.add(perm) self.user1.groups.add(*groups) objects = utils.get_objects_for_user(self.user1, 'auth.add_group') self.assertEqual({Group.objects.get(name='group1')}, set(objects))
def test_ensure_returns_queryset(self): objects = utils.get_objects_for_user(self.user1, ['auth.change_group']) self.assertTrue(isinstance(objects, QuerySet)) self.assertEqual(objects.model, Group)
def test_empty_permissions_sequence(self): objects = utils.get_objects_for_user(self.user1, [], Book.objects.all()) self.assertEqual(set(objects), set())
def test_anonymous(self): user = AnonymousUser() queryset = Book.objects.all() objects = utils.get_objects_for_user(user, ['testapp.change_book'], queryset) self.assertEqual(set(Book.objects.none()), set(objects))