def test_readonly_no_downloads_has_role(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(ReadOnlyRoleNoDownload.user_has_role(alice, self.xform)) self.assertFalse(ReadOnlyRoleNoDownload.has_role( perms_for(alice, self.xform), self.xform)) ReadOnlyRoleNoDownload.add(alice, self.xform) self.assertTrue(ReadOnlyRoleNoDownload.user_has_role(alice, self.xform)) self.assertTrue(ReadOnlyRoleNoDownload.has_role( perms_for(alice, self.xform), self.xform))
def test_project_share_readonly_no_downloads(self): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) tom_data = {'username': '******', 'email': '*****@*****.**'} tom_data = self._create_user_profile(tom_data) projectid = self.project.pk self.assertFalse( ReadOnlyRoleNoDownload.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': ReadOnlyRoleNoDownload.name} request = self.factory.post('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'post': 'share', 'get': 'retrieve' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) data = {'username': '******', 'role': ReadOnlyRole.name} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) # get the users users = response.data.get('users') self.assertEqual(len(users), 3) for user in users: if user.get('user') == 'bob': self.assertEquals(user.get('role'), 'owner') elif user.get('user') == 'alice': self.assertEquals(user.get('role'), 'readonly-no-download') elif user.get('user') == 'tom': self.assertEquals(user.get('role'), 'readonly')
def has_object_permission(self, request, view, obj): model_cls = Project user = request.user if not isinstance(obj.content_object, (XForm, DataView)): return False xform = obj.content_object if isinstance(obj.content_object, XForm) \ else obj.content_object.xform if view.action == 'partial_update' and \ ReadOnlyRoleNoDownload.user_has_role(user, xform): # allow readonlynodownload and above roles to edit widget return True return self._has_object_permission(request, model_cls, user, obj.content_object.project)