def test_check_permission_wrong_format(self):
check_permission(self.superuser, "no_dot_in_string") # superuser can do everything ;)
with self.assertRaises(PermissionDenied) as cm:
check_permission(self.staff_user, "no_dot_in_string")
self.assert_exception_startswith(cm, "Wrong permission string format")
def test_check_permission_wrong_codename(self):
check_permission(self.superuser, "auth.wrong") # superuser can do everything ;)
with self.assertRaises(PermissionDenied) as cm:
check_permission(self.staff_user, "auth.wrong")
self.assert_exception_startswith(cm,
"Codename 'wrong' from permission 'auth.wrong' doesn't exists!"
)
def test_check_permission_wrong_app_label(self):
check_permission(self.superuser, "wrong.foobar") # superuser can do everything ;)
with self.assertRaises(PermissionDenied) as cm:
check_permission(self.staff_user, "wrong.foobar")
self.assert_exception_startswith(cm,
"App label 'wrong' from permission 'wrong.foobar' doesn't exists!"
)
def test_superuser_check(self):
self.assertEqual(
check_permission(self.normal_user,
"foo.bar",
raise_exception=False), False)
self.assertEqual(has_perm(self.normal_user, "foo.bar"), False)
self.assertEqual(
check_permission(self.superuser, "foo.bar", raise_exception=False),
True)
self.assertEqual(has_perm(self.superuser, "foo.bar"), True)
def test_check_permission(self):
with LoggingBuffer(name=None, level=logging.ERROR) as log:
with self.assertRaises(PermissionDenied):
check_permission(self.normal_user,
"foo.bar2",
raise_exception=True)
log_messages = log.get_messages()
print(log_messages)
self.assertEqual(
log_messages,
'ERROR:django_tools.permissions:User "normal test user"'
' has not permission "foo.bar2" -> raise PermissionDenied!')
def test_superuser_check(self):
self.assertTrue(
check_permission(
self.superuser,
permission="superuser check ignores this completely!",
)
)
def test_check_permission_existing(self):
self.assertTrue(
check_permission(
self.staff_user,
"django_tools_test_app.extra_permission",
)
)
def has_object_permission(user, opts, action, raise_exception=True):
"""
Check if user has "<app_name>.<action>_<model_name>"
opts is <model_instance>._meta
"""
codename = get_permission_codename(action, opts)
if codename == "can_publish_page":
# FIXME: Django CMS code name doesn't has the prefix "can_" !
# TODO: Remove "can_" from own permissions to unify it.
# see also: publisher.models.PublisherStateModel#object_permission_name
# https://github.com/wearehoods/django-ya-model-publisher/issues/8
codename = "publish_page"
perm_name = "%s.%s" % (
opts.app_label,
codename
)
try:
has_permission = check_permission(user, perm_name, raise_exception)
except PermissionDenied:
# get_permission() will raise helpfull errors if format is wrong
# or if the permission doesn't exists
get_permission_by_string(perm_name)
raise
if not has_permission:
get_permission_by_string(perm_name)
return has_permission
def has_can_publish_permission(cls, user, raise_exception=True):
"""
user permission to:
* (un-)publish a object directly
* accept/reject a (un-)publish request
"""
permission_name = cls.extra_permission_name(action=constants.PERMISSION_CAN_PUBLISH)
return check_permission(user, permission_name, raise_exception)
def check_object_permission(self, user, action, raise_exception=True):
"""
e.g.: <app-label>.<action>_<model-name>
TODO: Use only permission checks against self.content_type everywhere if possible!
"""
permission_name = self.object_permission_name(action)
return check_permission(user, permission_name, raise_exception)
def test_check_permission_error_without_exception(self):
self.assertFalse(
check_permission(
self.normal_user,
"django_tools_test_app.extra_permission",
raise_exception=False
)
)
def test_add_permissions(self):
self.assertEqual(
check_permission(self.normal_user,
PERMISSION_NAME,
raise_exception=False), False)
# permissions = self.get_all_permissions(self.normal_user)
# self.assertEqual(permissions, "X")
permissions = ((LimitToUsergroupsTestModel, "publish"), )
add_permissions(permission_obj=self.group, permissions=permissions)
# log_group_permissions(self.group)
# log_user_permissions(self.normal_user)
user = self.refresh_user(self.normal_user)
# log_user_permissions(user)
self.assertEqual(
check_permission(user,
"django_tools_test_app.publish",
raise_exception=False), True)
self.assertEqual(user.get_all_permissions(),
{'django_tools_test_app.publish'})
def has_extra_permission_permission(cls, user, raise_exception=True):
permission = cls.extra_permission_name(action="extra_permission")
return check_permission(user, permission, raise_exception)
def test_check_permission_error_with_exception(self):
with self.assertRaises(PermissionDenied) as cm:
check_permission(self.normal_user,
"django_tools_test_app.extra_permission")
self.assertFalse(hasattr(cm, "args")) # No error message
