示例#1
0
    def obj_delete(self, request, **kwargs):
        obj = self.get_by_resource_or_404(request, **kwargs)
        if not (AppOwnerAuthorization().is_authorized(request,
                                                      object=obj.addon)
                or OwnerAuthorization().is_authorized(request, object=obj) or
                PermissionAuthorization('Users', 'Edit').is_authorized(request)
                or PermissionAuthorization('Addons',
                                           'Edit').is_authorized(request)):
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk))
        return super(RatingResource, self).obj_delete(request, **kwargs)
class TestPermissionAuthorization(OwnerAuthorization):
    def setUp(self):
        super(TestPermissionAuthorization, self).setUp()
        self.auth = PermissionAuthorization("Drinkers", "Beer")
        self.app = app_factory()

    def test_has_role(self):
        self.grant_permission(self.profile, "Drinkers:Beer")
        ok_(self.auth.is_authorized(self.request(self.profile), self.app))

    def test_not_has_role(self):
        self.grant_permission(self.profile, "Drinkers:Scotch")
        ok_(not self.auth.is_authorized(self.request(self.profile), self.app))
示例#3
0
class TestPermissionAuthorization(OwnerAuthorization):
    def setUp(self):
        super(TestPermissionAuthorization, self).setUp()
        self.auth = PermissionAuthorization('Drinkers', 'Beer')
        self.app = app_factory()

    def test_has_role(self):
        self.grant_permission(self.profile, 'Drinkers:Beer')
        ok_(self.auth.is_authorized(self.request(self.profile), self.app))

    def test_not_has_role(self):
        self.grant_permission(self.profile, 'Drinkers:Scotch')
        ok_(not self.auth.is_authorized(self.request(self.profile), self.app))
示例#4
0
    def obj_delete(self, request, **kwargs):
        obj = self.get_by_resource_or_404(request, **kwargs)
        if not (AppOwnerAuthorization().is_authorized(request,
                                                      object=obj.addon)
                or OwnerAuthorization().is_authorized(request, object=obj) or
                PermissionAuthorization('Users', 'Edit').is_authorized(request)
                or PermissionAuthorization('Addons',
                                           'Edit').is_authorized(request)):
            raise http_error(
                http.HttpForbidden,
                'You do not have permission to delete this review.')

        log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk))
        return super(RatingResource, self).obj_delete(request, **kwargs)
示例#5
0
 class Meta(SearchResource.Meta):
     resource_name = 'search'
     authorization = PermissionAuthorization('Apps', 'Review')
     fields = [
         'device_types', 'id', 'is_escalated', 'is_packaged',
         'latest_version', 'name', 'premium_type', 'price', 'slug', 'status'
     ]
示例#6
0
 class Meta:
     queryset = MonolithRecord.objects.all()
     allowed_methods = ['get', 'delete']
     resource_name = 'data'
     filtering = {'recorded': ['exact', 'lt', 'lte', 'gt', 'gte'],
                  'key': ['exact', 'startswith'],
                  'id': ['lte', 'gte']}
     authorization = PermissionAuthorization('Monolith', 'API')
     authentication = OAuthAuthentication()
示例#7
0
 class Meta(MarketplaceResource.Meta):
     authentication = OptionalOAuthAuthentication()
     authorization = AnonymousReadOnlyAuthorization(
         authorizer=PermissionAuthorization('ProductIcon', 'Create'))
     detail_allowed_methods = ['get']
     fields = ['ext_url', 'ext_size', 'size']
     filtering = {
         'ext_url': 'exact',
         'ext_size': 'exact',
         'size': 'exact',
     }
     list_allowed_methods = ['get', 'post']
     queryset = ProductIcon.objects.filter()
     resource_name = 'product/icon'
     validation = CleanedDataFormValidation(form_class=ProductIconForm)
示例#8
0
 def setUp(self):
     super(TestPermissionAuthorization, self).setUp()
     self.auth = PermissionAuthorization('Drinkers', 'Beer')
     self.app = app_factory()
示例#9
0
 class Meta:
     authentication = OAuthAuthentication()
     authorization = PermissionAuthorization('Transaction', 'NotifyFailure')
     detail_allowed_methods = ['patch']
     queryset = Contribution.objects.filter(uuid__isnull=False)
     resource_name = 'failure'
 def setUp(self):
     super(TestPermissionAuthorization, self).setUp()
     self.auth = PermissionAuthorization("Drinkers", "Beer")
     self.app = app_factory()
示例#11
0
 class Meta(MarketplaceResource.Meta):
     authentication = OAuthAuthentication()
     authorization = PermissionAuthorization('Apps', 'Review')
     list_allowed_methods = ['get']
     resource_name = 'reviewing'
示例#12
0
 def setUp(self):
     super(TestPermissionAuthorization, self).setUp()
     self.auth = PermissionAuthorization('Drinkers', 'Beer')
     self.app = app_factory()