def test_anonymous_restricted_device_by_non_view_permission(self):
guy_fawkes = AnonymousUser()
auth = PermissionAuth(guy_fawkes)
GroupDevicePermission.objects.assign_perm(
"change_device", self.group, self.device
)
self.assertTrue(auth.has_perm("lava_scheduler_app.view_device", self.device))
def test_get_group_perms(self):
# Test group permission queries.
auth = PermissionAuth(self.user)
GroupDevicePermission.objects.assign_perm("change_device", self.group,
self.device)
permissions = auth.get_group_perms(self.device)
self.assertEqual(permissions,
{"change_device", "view_device", "submit_to_device"})
def test_anonymous_restricted_device_type(self):
guy_fawkes = AnonymousUser()
auth = PermissionAuth(guy_fawkes)
GroupDeviceTypePermission.objects.assign_perm(
"view_devicetype", self.group, self.device_type
)
self.assertFalse(
auth.has_perm("lava_scheduler_app.view_devicetype", self.device_type)
)
def test_not_active_user(self):
user = User.objects.create(username="******")
user.groups.add(self.group)
GroupDevicePermission.objects.assign_perm(
"admin_device", self.group, self.device
)
check = PermissionAuth(user)
self.assertTrue(check.has_perm("lava_scheduler_app.admin_device", self.device))
user.is_active = False
self.assertFalse(check.has_perm("lava_scheduler_app.admin_device", self.device))
def get_all_permissions(self, user, obj=None):
"""
Returns a set of permissions that the given user has for object.
"""
if not obj:
return super().get_all_permissions(user, None)
if not is_object_supported(obj):
return set()
auth = PermissionAuth(user)
return auth.get_perms(obj)
def test_superuser(self):
user = User.objects.create(username="******", is_superuser=True)
auth = PermissionAuth(user)
content_type = ContentType.objects.get_for_model(self.device)
perms = set(
chain(*Permission.objects.filter(
content_type=content_type).values_list("codename")))
self.assertEqual(perms, auth.get_perms(self.device))
for perm in perms:
self.assertTrue(
auth.has_perm("%s.%s" % (content_type.app_label, perm),
self.device))
def test_not_active_superuser(self):
user = User.objects.create(username="******",
is_superuser=True,
is_active=False)
check = PermissionAuth(user)
content_type = ContentType.objects.get_for_model(self.device)
perms = sorted(
chain(*Permission.objects.filter(
content_type=content_type).values_list("codename")))
self.assertEqual(check.get_perms(self.device), [])
for perm in perms:
self.assertFalse(
check.has_perm("%s.%s" % (content_type.app_label, perm),
self.device))
def test_get_perms(self):
device1 = self.factory.make_device(
device_type=self.device_type, hostname="qemu-tmp-01"
)
device2 = self.factory.make_device(
device_type=self.device_type, hostname="qemu-tmp-02"
)
assign_perms = {device1: ("change_device",), device2: ("view_device",)}
auth = PermissionAuth(self.user)
for obj, perms in assign_perms.items():
for perm in perms:
GroupDevicePermission.objects.assign_perm(perm, self.group, obj)
self.assertTrue(set(perms).issubset(auth.get_perms(obj)))
def test_has_perm_unsupported_model(self):
# Unsupported permission codename will raise PermissionNameError.
user = self.factory.make_user()
auth = PermissionAuth(user)
with TestCase.assertRaises(self, PermissionNameError):
GroupDevicePermission.objects.assign_perm("change_group",
self.group, self.device)
def has_perm(self, user, perm, obj=None):
"""
Returns True if given user has particular permission for the object.
If no object is given, False is returned.
"""
if not is_object_supported(obj):
return False
app_label, _ = perm.split(".", maxsplit=1)
if app_label != obj._meta.app_label:
raise ValueError("Passed perm has wrong app label: '%s'" %
app_label)
# Global permissions test. The django backend doesn't handle well
# has_perm call when obj is not None so we have to do the check here
# as well (https://github.com/django/django/blob/master/django/contrib/auth/backends.py#L104)
if perm in super().get_all_permissions(user, None):
return True
auth = PermissionAuth(user)
return auth.has_perm(perm, obj)
def test_anonymous_unrestricted_device_type(self):
guy_fawkes = AnonymousUser()
auth = PermissionAuth(guy_fawkes)
self.assertTrue(
auth.has_perm("lava_scheduler_app.view_devicetype", self.device_type)
)