def has_permission(self, request, view): from ..users.roles import AppPermissions # Allow list to all if request.method in ['GET']: return True # Superuser can manage all the objects if request.user.is_authenticated and request.user.is_superuser: return True if request.method in permissions.SAFE_METHODS: return has_permission(request.user, AppPermissions.view_book_review) # 'POST' method creation if request.method == 'POST': return has_permission(request.user, AppPermissions.create_book_review) # 'PUT/PATCH' method update if request.method in ['PUT', 'PATCH']: return has_permission(request.user, AppPermissions.edit_book_review) # Deleting Books if request.method == 'DELETE' and has_permission( request.user, AppPermissions.delete_book_rating): return True parent_permission = super(CanManageBookReview, self).has_permission(request, view) if not parent_permission: return False return False
def has_object_permission(self, request, view, obj): from ..users.roles import AppPermissions """ Manages only permissions for editing and deleting the objects """ # Allow get to all if request.method in ['GET']: return True # Superuser can manage all the objects if request.user.is_authenticated and request.user.is_superuser: return True # 'PUT' method, editing the rental items if request.method in ['PUT', 'PATCH'] and has_permission( request.user, AppPermissions.edit_book_review): return True # 'PUT' method, editing the rental items # Let user have access to a single object if request.method in permissions.SAFE_METHODS: return True # Deleting rental items if request.method == 'DELETE' and has_permission( request.user, AppPermissions.delete_book_review): return True parent_permission = super(CanManageBookReview, self).has_permission(request, view) if not parent_permission: return False return True
def get_permissions(self, user): return { 'can_submit_book': has_permission(user, AppPermissions.submit_books), 'can_submit_audio': has_permission(user, AppPermissions.submit_audio), 'can_create_chatroom': has_permission(user, AppPermissions.create_chat_room), }
def UserEditView(request, userid=None): form = None user = None passForm = None rolesForm = None if userid == None: user = request.user elif has_permission(request.user, p.EDIT_USERS) or request.user.id == userid: try: user = User.objects.get(id=userid) except ObjectDoesNotExist as e: raise Http404("User Does Not Exist") else: raise PermissionDenied( "You do not have permission to edit/view this user") if has_permission(request.user, p.EDIT_USERS): roles = [] for x in get_user_roles(user): roles.append(x.display_name) rolesForm = RolesForm({'roles': roles}) form = UserForm(user=request.user, instance=user) passForm = PasswordChangeForm(user) if request.method == "POST": if 'user-submit' in request.POST: form = UserForm(user=request.user, data=request.POST or None, files=request.FILES or None, instance=user) if form.is_valid(): form.save() if 'password-change' in request.POST: passForm = PasswordChangeForm(user, request.POST or None) if passForm.is_valid(): passForm.save() update_session_auth_hash(request, user) if 'change-role' in request.POST: rolesForm = RolesForm(request.POST or None) if rolesForm.is_valid(): User().change_user_role(user, rolesForm.cleaned_data['roles']) return render( request, "dashboard/edit-user.html", { 'form': form, 'user_context': user, 'passform': passForm, 'rolesForm': rolesForm })
def profile(request, account_slug): account = get_object_or_404(Account.objects.active(), slug=account_slug) can_modify_profile = (request.user == account or has_permission(request.user, "modify_profile")) user_group_form = StaffUserGroupForm(request.POST or None, request.FILES or None) if request.user.is_authenticated: if user_group_form.is_valid() and has_permission(request.user, "change_user_group"): group = user_group_form.cleaned_data['group'] clear_roles(account) assign_role(account, group) if group in ['administrator','moderator','janitor']: account.is_staff = True account.save() has_comment_priv = request.user.has_priv("can_comment") can_change_group = has_permission(request.user, "change_user_group") else: has_comment_priv = False can_change_group = False if request.method == "POST": newCommentTextarea = request.POST.get("newCommentTextarea") aboutUserTextarea = request.POST.get("aboutUserTextarea") if not request.user.is_authenticated: return redirect('account:login') elif newCommentTextarea and has_comment_priv: # Comment creating comment_content = newCommentTextarea Comment.objects.create(content=comment_content, author=request.user, content_object=account) return redirect('booru:profile', account_slug=account.slug) elif aboutUserTextarea and can_modify_profile: # About myself editing account.about = aboutUserTextarea account.save() return redirect('booru:profile', account_slug=account.slug) # TODO: I don't remember if I can safely pass account as # an parameter to the render. favorites = Post.objects.filter(favorites__account=account)[:5] context = { 'account' : account, 'recent_favorites' : favorites, 'recent_uploads' : account.get_posts().not_deleted().order_by('-id'), 'deleted_posts' : account.get_posts().deleted(), 'can_modify_profile': request.user.is_authenticated and can_modify_profile, 'can_comment': has_comment_priv, 'user_group_form': user_group_form, 'can_change_group': can_change_group } return render(request, 'booru/account/profile.html', context)
def get(self,request): self.permission_classes = [IsAuthenticated] self.check_permissions(request) if has_permission(request.user, 'is_worker'): serializer = WorkerSerializer(request.user.worker) return Response(serializer.data,status=status.HTTP_200_OK) elif has_permission(request.user, 'is_client'): serializer = ClientSerializer(request.user.client) return Response(serializer.data,status=status.HTTP_200_OK) serializer = UserProfileSerializer(request.user) return Response({'user':serializer.data},status=status.HTTP_200_OK)
def access_content(role, user, content: Content) -> bool: if role == Member: return True module_slug = content.module_slug() if module_slug in _LEAD_MODULES and has_permission(user, watch_lead_modules): return True if module_slug in _CLIENT_MODULES and has_permission( user, watch_client_modules): return True return False
def home_page(request): meeting_rooms = [] confirm_requests = [] if has_permission(request.user, 'create_reservation'): meeting_time_query = ReservedMeetingTime.objects.filter(confirmed=2, start_meeting_time__gte=timezone.localtime(timezone.now()) ).order_by('start_meeting_time') meeting_rooms = MeetingRoom.objects.prefetch_related(Prefetch('meetings_time', queryset=meeting_time_query, )) if has_permission(request.user, 'confirm_reservation'): confirm_requests = ReservedMeetingTime.objects.filter(confirmed=1) return render(request, 'home_page.html', {'rooms': meeting_rooms, 'confirm_requests': confirm_requests})
def alterarEspecialista(request, id): if has_permission(request.user, 'permissao_unidade'): especialista = get_object_or_404(Especialista, pk=id) form = FormEspecialista(request.POST or None, request.FILES or None, instance=especialista) if form.is_valid(): especialista.num_conselho = request.POST.get('num_conselho') especialista.conselho = request.POST.get('conselho') especialista.estado_conselho = request.POST.get('estado_conselho') especializacoes = request.POST.getlist('especializacao[]') especialista.especializacao.set(especializacoes) form.save() especialista.save() return redirect('listaEspecialista') context = { 'form': form, 'especialista': especialista, 'especializacoes': Especializacao.objects.all(), } return render(request, 'cadastro_especialista.html', {'context': context}) else: context = {'msg_error': 'Impossivel Acessar Essa Área'} return render(request, 'home_usuario.html', {'context': context})
def detalhesAgendamentoUsuario(request, id): if has_permission(request.user, 'permissao_usuario'): agendamento = get_object_or_404(Agendamento, pk=id) consulta = Consulta.objects.filter(agendamento=agendamento) autorizacao = Autorizacao.objects.filter(agendamento=agendamento) exame = Exame.objects.filter(agendamento=agendamento) if consulta: context = { 'agendamento': agendamento, 'consulta': consulta[0], } elif autorizacao: context = { 'agendamento': agendamento, 'autorizacao': autorizacao[0], } elif exame: context = { 'agendamento': agendamento, 'exame': exame[0], } return render(request, 'detalhes_agendamento_usuario.html', {'context': context}) else: context = {'msg_error': 'Impossivel Acesssar Essa Área'} return render(request, 'home.html', {'context': context})
def cadastroAgendamentoAutorizacao(request, id): if has_permission(request.user, 'permissao_unidade'): autorizacao = get_object_or_404(Autorizacao, pk=id) if request.method == 'POST': agendamento = Agendamento(nome=request.POST.get('nome'), vagas=request.POST.get('vagas')) agendamento.save() autorizacao.agendamento = agendamento autorizacao.verifica = True autorizacao.save() return redirect('detalhesAgendamento', id=agendamento.id) else: form = FormAgendamento() context = { 'autorizacao': autorizacao, 'form': form, } else: context = {'msg_error': 'Sem Permissão Para Essa Área'} return redirect('homeUsuario', {'context': context}) return render(request, 'cadastro_agendamento_autorizacao.html', {'context': context})
def can_edit_financial_aid(role, user, program): """ Determines whether a user can access and edit financial aid requests for a specific program. """ return (has_permission(user, Permissions.CAN_EDIT_FINANCIAL_AID) and Role.objects.filter( user=user, role=role.ROLE_ID, program=program).exists())
def deleteAgendamento(request, id): if has_permission(request.user, 'permissao_unidade'): agendamento = get_object_or_404(Agendamento, pk=id) consulta = Consulta.objects.filter(agendamento=agendamento) autorizacao = Autorizacao.objects.filter(agendamento=agendamento) exame = Exame.objects.filter(agendamento=agendamento) if request.method == 'POST': if consulta: if consulta[0].user == request.user: agendamento.delete() return redirect('detalhesConsulta', id=consulta[0].id) else: context = {'msg_error': 'Indisponivel Acessar Essa Área'} return redirect('homeUnidadeSaude', {'context': context}) elif autorizacao: if autorizacao[0].user == request.user: agendamento.delete() return redirect('detalhesAutorizacao', id=autorizacao[0].id) elif exame: if exame[0].user == request.user: agendamento.delete() return redirect('detalhesExame', id=exame[0].id) return render(request, 'delete_agendamento.html', {'agendamento': agendamento}) else: context = {'msg_error': 'Sem Permissão Para Essa Área'} return render(request, 'home_usuario.html', {'context': context})
def encerrarAutorizacao(request, id): if has_permission(request.user, 'permissao_unidade'): autorizacao = get_object_or_404(Autorizacao, pk=id) fila_normal = None fila_preferencial = None if request.method == 'POST': autorizacao.status = 'ENCERRADA' autorizacao.save() for fila in autorizacao.filas.all(): if fila.fila_preferencial: fila_preferencial = fila fila_preferencial.status = "ENCERRADA" fila_preferencial.save() else: fila_normal = fila fila_normal.status = "ENCERRADA" fila_normal.save() context = { 'autorizacao': autorizacao, 'fila_preferencial': fila_preferencial, 'fila_normal': fila_normal } return render(request, 'detalhes_autorizacao.html', {'context': context}) return render(request, 'encerrar_autorizacao.html', {'autorizacao': autorizacao}) else: context = { 'msg_error': 'Impossivel Acessar Essa Área' } return render(request, 'home_usuario.html', {'context': context})
def can_advance_search(role, user, program): """ Determines whether a user can perform an advanced search on a specific program. """ return (has_permission(user, Permissions.CAN_ADVANCE_SEARCH) and Role.objects.filter( user=user, role=role.ROLE_ID, program=program).exists())
def filasIniciadas(request): if has_permission(request.user, 'permissao_unidade'): hoje = date.today() consultas_iniciadas = Consulta.objects.filter(status="INICIADA", data=hoje) autorizacoes_iniciadas = Autorizacao.objects.filter(status="INICIADA", data=hoje) exames_iniciadas = Exame.objects.filter(status="INICIADA", data=hoje) if consultas_iniciadas or autorizacoes_iniciadas: context = { "consultas_iniciadas": consultas_iniciadas, "autorizacoes_iniciadas": autorizacoes_iniciadas, "exames_iniciadas": exames_iniciadas, } elif exames_iniciadas: context = { "consultas_iniciadas": consultas_iniciadas, "autorizacoes_iniciadas": autorizacoes_iniciadas, "exames_iniciadas": exames_iniciadas, } else: context = { 'msg_error': 'Não possue filas iniciadas para hoje!' } return render(request, 'filas_iniciadas.html', {'context': context}) else: context = { 'msg_error': 'Impossivel Acessar Essa Área' } return render(request, 'home_usuario.html', {'context': context})
def premium(request, id): if has_permission(request.user, 'make_premium'): ev = Event.objects.get(id=id) ev.premium = not ev.premium ev.save() return redirect(reverse('core:my_events'))
def alterarPerfil(request, id): if has_permission(request.user, 'permissao_usuario'): usuario = get_object_or_404(Usuario, pk=id) form = FormUsuario(request.POST or None, request.FILES or None, instance=usuario) context = {'form': form, 'usuario': usuario} if request.method == 'POST': if form.is_valid(): usuario.user.first_name = request.POST.get('firstname') usuario.user.last_name = request.POST.get('lastname') usuario.logradouro = request.POST.get('logradouro') usuario.bairro = request.POST.get('bairro') usuario.numero = request.POST.get('numero') usuario.cidade = request.POST.get('cidade') usuario.estado = request.POST.get('estado') usuario.rg = request.POST.get('rg') usuario.cpf = request.POST.get('cpf') usuario.sexo = request.POST.get('sexo') usuario.sus = request.POST.get('sus') form.save() usuario.user.save() usuario.save() return render(request, 'perfil_usuario.html', {'usuario': usuario}) return render(request, 'alterar_perfil.html', {'context': context}) else: context = {'msg_error': 'Impossivel Acessar Essa Área'} return render(request, 'home.html', {'context': context})
def register(request): if not request.user.is_authenticated(): return HttpResponseRedirect('/style545app/login/') # print has_permission(request.user, 'create_user') # print get_user_roles(request.user) # users=User.objects.all() # for user in users: # print (user.username) # print (get_user_roles (user)) # if user.username != 'Admin1': # assign_role(user,'admin') if not has_permission(request.user, 'create_user'): return HttpResponse("You dont have access") registered = False if request.method == 'POST': # Attempt to grab information from the raw form information. # Note that we make use of both UserForm and UserProfileForm. user_form = SignUpForm(data=request.POST) if user_form.is_valid(): user_form.save() assign_role(request.user, 'admin') # Now we hash the password with the set_password method. # Once hashed, we can update the user object. #user.set_password(user.password) #user.save() registered = True else: print user_form.errors else: user_form = SignUpForm() return render(request, 'style545app/register.html', { 'user_form': user_form, 'registered': registered })
def alterarSenhaUserUnidade(request): if has_permission(request.user, 'permissao_unidade'): if request.method == 'POST': user = User.objects.get(username=request.user.username) atual_password = request.POST.get('atualPassword') password = request.POST.get('password') confirm_passowrd = request.POST.get('confirmPassword') if password != confirm_passowrd: context = { 'msg': 'A nova senha está diferente do campo de confirmação.' } return render(request, 'alterar_senha_user_unidade.html', {'msg': msg}) elif not user.check_password(atual_password): context = {'msg': 'Senha atual não confere com a cadastrada.'} return render(request, 'alterar_senha_user_unidade.html', {'context': context}) else: user.set_password(password) user.save() context = {'msg': 'Senha redefinida com sucesso.'} return render(request, 'configuracoes_unidade.html', {'context': context}) return render(request, 'alterar_senha_user_unidade.html') else: context = {'msg_error': 'Sem Permissão Para Essa Área'} return redirect('homeUsuario', {'context': context})
def BrowseUsersView(request): if has_permission(request.user, p.READ_USERS): enabled_columns = None if request.GET.get('enabled_columns', False): enabled_columns = request.GET.getlist('enabled_columns') sort_by = request.GET.get('sort_by', None) sort_order = request.GET.get('sort_order', None) search = request.GET.get('search', None) page = int(request.GET.get('page', 1)) page_size = int(request.GET.get('pagesize', 20)) try: tableData = getTableDataForUsers( request_obj=request.GET.urlencode(), page=page, enabled_columns=enabled_columns, search=search, sort_by=sort_by, sort_order=sort_order, page_size=page_size, admin_view=True) except td.PageIndexOutOfRangeError: raise Http404("Page not found") return render(request, "dashboard/list.html", { "tableData": tableData, 'title': "Browse Users" }) else: raise PermissionDenied("You are not allowed to List Users.")
def alterarUsernameUsuario(request): if has_permission(request.user, 'permissao_usuario'): if request.method == 'POST': try: user = User.objects.get(username=request.POST.get('username')) except: user = None if user == request.user: user.username = request.POST.get('newUsername') user.save() context = {'msg': 'Username alterado com sucesso.'} return render(request, 'configuracoes_usuario.html', {'context': context}) else: context = { 'msg': 'Você está tentando alterar o username de outro Usuário ou um que Não Existe.' } return render(request, 'alterar_username_usuario.html', {'context': context}) return render(request, 'alterar_username_usuario.html') else: context = {'msg_error': 'Sem Permissão Para Essa Área'} return redirect('home', {'context': context})
def detalhesUsuario(request, id, id_sec): if has_permission(request.user, 'permissao_unidade'): usuario = get_object_or_404(Usuario, pk=id) agendamento = None fila = None try: agendamento = Agendamento.objects.get(id=id_sec) except: fila = Fila.objects.get(id=id_sec) if agendamento: context = { 'usuario': usuario, 'agendamento': agendamento, } return render(request, 'detalhes_usuario.html', {'context': context}) elif fila: context = { 'usuario': usuario, 'fila': fila, } return render(request, 'detalhes_usuario.html', {'context': context}) else: context = {'msg_error': 'Impossivel Acessar Essa Área'} return render(request, 'home_usuario.html', {'context': context})
def encerrarConsulta(request, id): if has_permission(request.user, 'permissao_unidade'): consulta = get_object_or_404(Consulta, pk=id) fila_normal = None fila_preferencial = None if request.method == 'POST': for fila in consulta.filas.all(): if fila.fila_preferencial: fila_preferencial = fila fila_preferencial.status = "ENCERRADA" fila_preferencial.save() else: fila_normal = fila fila_normal.status = "ENCERRADA" fila_normal.save() consulta.status = "ENCERRADA" consulta.save() context = { 'consulta': consulta, 'fila_preferencial': fila_preferencial, 'fila_normal': fila_normal } return render(request, 'detalhes_consulta.html', {'context': context}) return render(request, 'encerrar_consulta.html', {'consulta': consulta}) else: context = {'msg_error': 'Impossivel Acessar Essa Área'} return render(request, 'home_usuario.html', {'context': context})
def meusAgendamentos(request): if has_permission(request.user, 'permissao_usuario'): usuario = Usuario.objects.filter(user=request.user) agendamentos = Agendamento.objects.filter(usuarios=usuario[0]) nome = request.GET.get('nome') if nome: agendamentos = agendamentos.filter(nome__icontains=nome) if agendamentos: context = {'agendamentos': agendamentos} else: agendamentos = Agendamento.objects.filter(usuarios=usuario[0]) context = { 'agendamentos': agendamentos, 'msg_busca': 'Nada encontrado para esses parâmetros!' } elif agendamentos: context = {'agendamentos': agendamentos} else: context = { 'msg_alert': 'Você não participa de nenhum agendamento!' } return render(request, 'meus_agendamentos.html', {'context': context}) else: context = {'msg_error': 'Impossivel Acessar Essa Área'} return render(request, 'home.html', {'context': context})
def deleteConsulta(request, id): if has_permission(request.user, 'permissao_unidade'): consulta = get_object_or_404(Consulta, pk=id) fila_normal = None fila_preferencial = None agendamento = consulta.agendamento for fila in consulta.filas.all(): if fila.fila_preferencial: fila_preferencial = fila else: fila_normal = fila if consulta.user == request.user: if request.method == 'POST': if fila_normal != None: fila_normal.delete() fila_preferencial.delete() if agendamento != None: agendamento.delete() consulta.delete() return redirect('listaConsulta') else: context = {'msg_error': 'Indisponivel Acessar Essa Área'} return redirect('homeUnidadeSaude', {'context': context}) return render(request, 'delete_consulta.html', {'nome': consulta.nome}) else: context = {'msg_error': 'Impossivel Acessar Essa Área'} return render(request, 'home_usuario.html', {'context': context})
def access_content(role, user, content: Content) -> bool: if role == Member: return True module_slug = content.module_slug() if module_slug in _BOOTCAMPER_MODULES and has_permission(user, watch_bootcamp_modules): return True if module_slug in _WEBDEV_MODULES and has_permission(user, watch_webdev_modules): return True if module_slug in _PYTHONISTA_MODULES and has_permission(user, watch_pythonista_modules): return True if module_slug in _CLIENT_MODULES and has_permission(user, watch_client_modules): return True if module_slug in _LEAD_MODULES and has_permission(user, watch_lead_modules): return True return False
def listaNotificacoes(request): if has_permission(request.user, 'permissao_usuario'): usuario = Usuario.objects.filter(user=request.user) notificacoes = usuario[0].notificacoes.all().order_by('status') if notificacoes: context = { 'notificacoes': notificacoes } return render(request, 'lista_notificacoes.html', {'context': context}) else: context = { 'msg': 'Nenhuma notificação até o momento' } return render(request, 'lista_notificacoes.html', {'context': context}) else: context = { 'msg_error': 'Impossivel Acessar Essa Área' } return render(request, 'home.html', {'context': context})
def RemoveUser(request, userid): if has_permission(request.user, p.DELETE_USERS): if request.method == "GET": return render(request, 'confirm-action.html', { 'action': 'Delete User', 'value': userid, 'key': 'id' }) if 'yes' in request.POST: try: user = User.objects.get(id=userid) if request.user == user: raise PermissionDenied( "Deletion of self accounts is banned!") user.delete() return redirect( request.GET.get('next') if request.GET. get('next', False) else reverse('dashboard:list-users')) except User.DoesNotExist: raise Http404("User Doesn't Exist") else: return redirect(reverse('dashboard:list-users')) else: raise PermissionDenied("You Do not have permissions to remove users.")
def test_request_configuration_by_logged_staff_with_perm_client(self): user = self.create_test_user(is_staff=True) self.assertTrue(has_permission(user, 'change_configurations')) c = Client() logged_in = c.login(username='******', password='******') response = c.get('/staff_page/configuration') self.assertEqual(200, response.status_code)
def assert_standard_role_permissions(self, expected_bool, program=None): """ Helper function to assert role and permissions assignment """ assert isinstance(expected_bool, bool) assert has_role(self.user, 'staff') is expected_bool assert has_permission(self.user, 'can_advance_search') is expected_bool assert has_object_permission('can_advance_search', self.user, program or self.program) is expected_bool
def test_remove_role_reinstates_permissions_correctly_scenario_2(self): """ Initial Roles: Doctor Surgeon Actions: Remove role: Doctor Expected resulting permission: enter_surgery_room = True operate = True """ assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) remove_role(self.user, self.Doctor) self.assertTrue(has_permission(self.user, self.enter_surgery_room)) self.assertTrue(has_permission(self.user, self.operate))
def wrapper(request, *args, **kwargs): user = request.user if user_is_authenticated(user): if has_permission(user, permission_name): return dispatch(request, *args, **kwargs) redirect = redirect_to_login if redirect is None: redirect = getattr( settings, 'ROLEPERMISSIONS_REDIRECT_TO_LOGIN', False) if redirect: return dj_redirect_to_login(request.get_full_path()) raise PermissionDenied
def test_remove_role_reinstates_permissions_correctly_scenario_5(self): """ Initial Roles: Doctor Surgeon Actions: Grant permission: operate Remove role: Surgeon Expected resulting permission: enter_surgery_room = False operate = True """ assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) grant_permission(self.user, self.operate) remove_role(self.user, self.Surgeon) self.assertFalse(has_permission(self.user, self.enter_surgery_room)) self.assertFalse(has_permission(self.user, self.operate))
def test_remove_role_reinstates_permissions_correctly_scenario_10(self): """ Initial Roles: Doctor Surgeon Anesthesiologist Actions: Revoke permission: enter_surgery_room Remove role: Doctor Expected resulting permission: enter_surgery_room = False operate = True """ assign_role(self.user, self.Doctor) assign_role(self.user, self.Surgeon) assign_role(self.user, self.Anesthesiologist) revoke_permission(self.user, self.enter_surgery_room) remove_role(self.user, self.Doctor) self.assertFalse(has_permission(self.user, self.enter_surgery_room)) self.assertTrue(has_permission(self.user, self.operate))
def test_user_with_no_role(self): user = mommy.make(get_user_model()) self.assertFalse(has_permission(user, 'permission1'))
def test_not_existent_permission(self): user = self.user self.assertFalse(has_permission(user, 'not_a_permission'))
def test_dos_not_have_VerRole1_permission(self): user = self.user VerRole1.assign_role_to_user(user) self.assertFalse(has_permission(user, 'permission3'))
def test_has_VerRole1_permission(self): user = self.user self.assertTrue(has_permission(user, 'permission1'))
def test_queries_with_prefetch(self): fetched_user = get_user_model().objects.prefetch_related('groups', 'user_permissions').get(pk=self.user.pk) N = 3 with self.assertNumQueries(0): # all data required is cached with fetched_user for i in range(N): has_permission(fetched_user, 'permission1')
def test_queries_no_prefetch(self): fetched_user = get_user_model().objects.get(pk=self.user.pk) N = 3 with self.assertNumQueries(2 * N): # Two query (fetch roles, fetch permissions) per call for i in range(N): has_permission(fetched_user, 'permission1')
def test_none_user_param(self): self.assertFalse(has_permission(None, 'ver_role1'))
def test_revoke_revoked_permission(self): user = self.user revoke_permission(user, 'permission4') self.assertFalse(has_permission(user, 'permission4'))
def test_grat_granted_permission(self): user = self.user grant_permission(user, 'permission3') self.assertTrue(has_permission(user, 'permission3'))
def can_template_tag(user, role): return has_permission(user, role)
def has_permission(self, request, view): """ Returns True if the user has the 'can_advance_search' permission. """ return has_permission(request.user, Permissions.CAN_ADVANCE_SEARCH)
def has_permission(self, request, view): """ Returns True if the user has the 'can_message_learners' permission. """ return has_permission(request.user, Permissions.CAN_MESSAGE_LEARNERS)