def test_autoprefetch_group_perms(self): settings.DEBUG = True guardian_settings.AUTO_PREFETCH = True ProjectUserObjectPermission.enabled = False ProjectGroupObjectPermission.enabled = False try: from django.db import connection ContentType.objects.clear_cache() group = Group.objects.create(name='new-group') projects = \ [Project.objects.create(name='Project%s' % i) for i in range(3)] assign_perm("change_project", group, projects[0]) assign_perm("change_project", group, projects[1]) checker = ObjectPermissionChecker(group) pre_query_count = len(connection.queries) # Fill cache checker._prefetch_cache() query_count = len(connection.queries) # Ensure only one query has been made self.assertEqual(query_count - pre_query_count, 1) # Check group has cache attribute self.assertTrue(hasattr(group, '_guardian_perms_cache')) # Checking shouldn't spawn any queries self.assertTrue(checker.has_perm("change_project", projects[0])) self.assertEqual(len(connection.queries), query_count) # Checking for other permission but for Group object again # shouldn't spawn any query too self.assertFalse(checker.has_perm("delete_project", projects[0])) self.assertEqual(len(connection.queries), query_count) # Checking for same model but other instance shouldn't spawn any # queries self.assertTrue(checker.has_perm("change_project", projects[1])) self.assertEqual(len(connection.queries), query_count) # Checking for same model but other instance shouldn't spawn any queries # Even though User doesn't have perms on projects[2], we still # should not hit DB self.assertFalse(checker.has_perm("change_project", projects[2])) self.assertEqual(len(connection.queries), query_count) finally: settings.DEBUG = False guardian_settings.AUTO_PREFETCH = False ProjectUserObjectPermission.enabled = True ProjectGroupObjectPermission.enabled = True
def test_autoprefetch_superuser_perms(self): settings.DEBUG = True guardian_settings.AUTO_PREFETCH = True ProjectUserObjectPermission.enabled = False ProjectGroupObjectPermission.enabled = False try: from django.db import connection ContentType.objects.clear_cache() group1 = Group.objects.create(name='group1') user = User.objects.create(username='******', is_superuser=True, is_active=True) assign_perm("change_group", user, self.group) checker = ObjectPermissionChecker(user) # Fill cache checker._prefetch_cache() query_count = len(connection.queries) # Check customuser has cache attribute self.assertTrue(hasattr(user, '_guardian_perms_cache')) # Checking shouldn't spawn any queries self.assertTrue(checker.has_perm("change_group", self.group)) self.assertTrue(user.has_perm("change_group", self.group)) self.assertEqual(len(connection.queries), query_count) # Checking for other permission but for Group object again # shouldn't spawn any query too self.assertTrue(checker.has_perm("delete_group", self.group)) self.assertTrue(user.has_perm("delete_group", self.group)) self.assertEqual(len(connection.queries), query_count) # Checking for same model but other instance shouldn't spawn any queries self.assertTrue(checker.has_perm("change_group", group1)) self.assertTrue(user.has_perm("change_group", group1)) self.assertEqual(len(connection.queries), query_count) finally: settings.DEBUG = False guardian_settings.AUTO_PREFETCH = False ProjectUserObjectPermission.enabled = True ProjectGroupObjectPermission.enabled = True
def test_autoprefetch_user_perms(self): settings.DEBUG = True guardian_settings.AUTO_PREFETCH = True ProjectUserObjectPermission.enabled = False ProjectGroupObjectPermission.enabled = False try: from django.db import connection ContentType.objects.clear_cache() group1 = Group.objects.create(name='group1') group2 = Group.objects.create(name='group2') user = User.objects.create(username='******', is_active=True) assign_groups = [self.group, group1] for group in assign_groups: assign_perm("change_group", user, group) # Faux monkeypatching setattr(User, 'evict_obj_perms_cache', evict_obj_perms_cache) # Try to evict non-existent cache, should return false self.assertFalse(user.evict_obj_perms_cache()) checker = ObjectPermissionChecker(user) pre_query_count = len(connection.queries) # Fill cache checker._prefetch_cache() query_count = len(connection.queries) # Ensure two queries have been made self.assertEqual(query_count - pre_query_count, 2) # Check user has cache attribute self.assertTrue(hasattr(user, '_guardian_perms_cache')) # Checking cache is filled self.assertEqual( len(checker._obj_perms_cache), len(assign_groups) ) # Checking shouldn't spawn any queries self.assertTrue(checker.has_perm("change_group", self.group)) self.assertTrue(user.has_perm("change_group", self.group)) self.assertEqual(len(connection.queries), query_count) # Checking for other permission but for Group object again # shouldn't spawn any query too self.assertFalse(checker.has_perm("delete_group", self.group)) self.assertFalse(user.has_perm("delete_group", self.group)) self.assertEqual(len(connection.queries), query_count) # Checking for same model but other instance shouldn't spawn any queries self.assertTrue(checker.has_perm("change_group", group1)) self.assertTrue(user.has_perm("change_group", group1)) self.assertEqual(len(connection.queries), query_count) # Checking for same model but other instance shouldn't spawn any queries # Even though User doesn't have perms on Group2, we still should # not hit DB self.assertFalse(checker.has_perm("change_group", group2)) self.assertFalse(user.has_perm("change_group", group2)) self.assertEqual(len(connection.queries), query_count) # Evict cache and verify that reloaded perms have changed self.assertTrue(user.evict_obj_perms_cache()) self.assertFalse(hasattr(user, '_guardian_perms_cache')) assign_perm("delete_group", user, self.group) query_count = len(connection.queries) # New checker object so that we reload perms from db checker = ObjectPermissionChecker(user) self.assertTrue(checker.has_perm("delete_group", self.group)) self.assertTrue(user.has_perm("delete_group", self.group)) # Two more queries should have been executed self.assertEqual(len(connection.queries), query_count + 2) finally: settings.DEBUG = False guardian_settings.AUTO_PREFETCH = False ProjectUserObjectPermission.enabled = True ProjectGroupObjectPermission.enabled = True