def get_form_kwargs(self):
kwargs = super(G3WACLViewMixin, self).get_form_kwargs()
kwargs['request'] = self.request
# get editor level 1 users
editor_user_pk = None
editor_users = get_users_for_object(self.object, self.editor_permission, [G3W_EDITOR2, G3W_EDITOR1])
if editor_users:
editor_user_pk = editor_users[0].id
if self.request.user.is_superuser:
kwargs['initial']['editor_user'] = editor_users[0].id
# get editor level2 users
editor2_user_pk = None
editor2_users = get_users_for_object(self.object, self.editor2_permission, [G3W_EDITOR2])
if editor2_users:
editor2_user_pk = editor2_users[0].id
if self.request.user.is_superuser or userHasGroups(self.request.user, [G3W_EDITOR1]):
kwargs['initial']['editor2_user'] = editor2_users[0].id
# get viewer users
viewers = get_viewers_for_object(self.object, self.request.user, self.viewer_permission)
# get only user id and check if user is group or project editor
kwargs['initial']['viewer_users'] = [o.id for o in viewers if o.id not in [editor_user_pk, editor2_user_pk]]
# get initial editor user_groups
group_editors = get_user_groups_for_object(self.object, self.request.user, self.editor2_permission, 'editor')
kwargs['initial']['editor_user_groups'] = [o.id for o in group_editors]
group_viewers = get_user_groups_for_object(self.object, self.request.user, self.viewer_permission, 'viewer')
kwargs['initial']['viewer_user_groups'] = [o.id for o in group_viewers]
return kwargs
def save(self, commit=True):
super(GroupForm, self).save()
self._ACLPolicy()
# add permission to editor1 if current user is editor1
if userHasGroups(self.request.user, [G3W_EDITOR1]):
self.instance.addPermissionsToEditor(self.request.user)
def clean_macrogroups(self):
# for case editor1 without permission on magrogroup
if userHasGroups(self.request.user, [G3W_EDITOR1]) and self.instance.pk:
return self.cleaned_data['macrogroups'] | \
self.instance.macrogroups.filter(~Q(pk__in=self.fields['macrogroups'].queryset))
return self.cleaned_data['macrogroups']
def crispyBoxMacroGroups(form, **kwargs):
"""
Build a Crispy object layout element (div) for on AdminLTE2 box structure.
For macrogroups multiple selections
:param form: Django form instance (not used)
:return: Div Crispy form layout object
"""
if form.request.user.is_superuser or userHasGroups(form.request.user,
[G3W_EDITOR1]):
return Div(Div(Div(HTML(
"<h3 class='box-title'><i class='fa fa-globe'></i> {}</h3>".format(
_('MACRO Groups'))),
css_class='box-header with-border'),
Div(Div(
Field(
'macrogroups', **{
'css_class': 'select2 col-md-12',
'multiple': 'multiple',
'style': 'width:100%;'
}), ),
css_class='box-body'),
css_class='box box-danger'),
css_class='col-md-6')
else:
return None
def save(self, commit=True):
self._ACLPolicy()
self._save_url_alias()
# add permission to Editor level 1 and 2 if current user is Editor level 1 or 2
if userHasGroups(self.request.user, [G3W_EDITOR1, G3W_EDITOR2]):
self.instance.addPermissionsToEditor(self.request.user)
# give permission to Editor level 1 of group id user is Editor level 2
if userHasGroups(self.request.user, [G3W_EDITOR2]):
# give permission to user groups of map group
user_editor_groups = get_groups_for_object(
self.instance.group, 'view_group', 'editor')
self.instance.add_permissions_to_editor_user_groups(
[uge.pk for uge in user_editor_groups])
editor_users = get_users_for_object(
self.instance.group, 'view_group', [G3W_EDITOR1, G3W_EDITOR2])
for eu in editor_users:
self.instance.addPermissionsToEditor(eu)
def _set_viewer_user_groups_choices(self):
"""
Set choices for viewer_user_groups select by permission on project and by user main role
"""
# add user_groups_viewer choices
user_groups_viewers = get_groups_for_object(
self.project, 'view_project', grouprole='viewer')
# for Editor level filter by his groups
if userHasGroups(self.request.user, [G3W_EDITOR1]):
editor1_user_gorups_viewers = get_objects_for_user(self.request.user, 'auth.change_group',
AuthGroup).order_by('name').filter(grouprole__role='viewer')
user_groups_viewers = list(set(user_groups_viewers).intersection(
set(editor1_user_gorups_viewers)))
self.fields['user_groups_viewer'].choices = [
(v.pk, v) for v in user_groups_viewers]
def test_user_form_crud(self):
""" Test user CRUD form """
# Set current user to Admin1
# ==========================
self.request.user = self.test_user1
# Check empty form
uform = G3WUserForm(request=self.request)
self.assertFalse(uform.is_valid())
# Create a admin 1
form_data = {
'username': '******',
'password1': self.users_password,
'password2': self.users_password,
'is_superuser': True,
'is_staff': True,
'groups': [self.main_roles[G3W_EDITOR1].pk
], # required also fro admin1 and admin2
'backend': USER_BACKEND_DEFAULT
}
uform = G3WUserForm(request=self.request, data=form_data)
self.assertTrue(uform.is_valid())
uform.save()
u = User.objects.get(username='******')
self.assertTrue(u.is_superuser)
self.assertTrue(u.is_staff)
u.delete()
del (u)
# Create a admin level 2
form_data = {
'username': '******',
'password1': self.users_password,
'password2': self.users_password,
'is_superuser': True,
'is_staff': True,
'groups': [self.main_roles[G3W_EDITOR1].pk
], # required also for admin1 and admin2
'backend': USER_BACKEND_DEFAULT
}
uform = G3WUserForm(request=self.request, data=form_data)
self.assertTrue(uform.is_valid())
uform.save()
u = User.objects.get(username='******')
self.assertTrue(u.is_superuser)
self.assertTrue(u.is_staff)
# Update user
initial_data = copy.copy(form_data)
form_data.update({'username': '******'})
uform = G3WUserForm(request=self.request,
data=form_data,
initial=initial_data,
instance=u)
self.assertTrue(uform.is_valid())
uform.save()
# Check self constraint
with self.assertRaises(ObjectDoesNotExist) as ex:
u = User.objects.get(username='******')
u = User.objects.get(username='******')
self.assertTrue(u.is_superuser)
self.assertTrue(u.is_staff)
u.delete()
del (u)
form_data.update({'username': '******', 'is_staff': False})
uform = G3WUserForm(request=self.request, data=form_data)
self.assertTrue(uform.is_valid())
uform.save()
u = User.objects.get(username='******')
self.assertTrue(u.is_superuser)
self.assertFalse(u.is_staff)
u.delete()
del (u)
# Work as admin level 2
# =====================
self.request.user = self.test_user2
# Create a Admin2
form_data = {
'username': '******',
'password1': self.users_password,
'password2': self.users_password,
'is_superuser': True,
'is_staff': True,
'groups': [self.main_roles[G3W_EDITOR1].pk],
# required also for admin1 and admin2
'backend': USER_BACKEND_DEFAULT
}
uform = G3WUserForm(request=self.request, data=form_data)
self.assertTrue(uform.is_valid())
uform.save()
u = User.objects.get(username='******')
# Check User is Editor level 1
self.assertFalse(userHasGroups(u, [G3W_EDITOR1]))
self.assertFalse(userHasGroups(u, [G3W_EDITOR2]))
self.assertFalse(userHasGroups(u, [G3W_VIEWER1]))
# Check Admin2 can't set a Admin1 but only another Admin2
self.assertTrue(u.is_superuser)
self.assertFalse(u.is_staff)
u.delete()
del (u)
# Create a Editor 1
form_data = {
'username':
'******',
'password1':
self.users_password,
'password2':
self.users_password,
'is_superuser':
False,
'is_staff':
True,
'groups':
[self.main_roles[G3W_EDITOR1].pk, self.main_roles[G3W_VIEWER1].pk
], # required also for admin1 and admin2
'backend':
USER_BACKEND_DEFAULT
}
uform = G3WUserForm(request=self.request, data=form_data)
self.assertTrue(uform.is_valid())
uform.save()
u = User.objects.get(username='******')
# Check User is Editor level 1
self.assertTrue(userHasGroups(u, [G3W_EDITOR1]))
self.assertFalse(userHasGroups(u, [G3W_EDITOR2]))
self.assertTrue(userHasGroups(u, [G3W_VIEWER1]))
# Check Admin2 can't set a Admin1 but only another Admin2
self.assertFalse(u.is_superuser)
self.assertFalse(u.is_staff)
u.delete()
del (u)
# Work as editor level 1
# =======================
self.request.user = self.test_editor1
# Create a Editor 2
form_data = {
'username': '******',
'password1': self.users_password,
'password2': self.users_password,
'is_superuser': True,
'is_staff': True,
'groups': [self.main_roles[G3W_EDITOR2].pk],
# required also for admin1 and admin2
'backend': USER_BACKEND_DEFAULT
}
uform = G3WUserForm(request=self.request, data=form_data)
self.assertTrue(uform.is_valid())
uform.save()
u = User.objects.get(username='******')
# Check User is Editor level 2
self.assertFalse(userHasGroups(u, [G3W_EDITOR1]))
self.assertTrue(userHasGroups(u, [G3W_EDITOR2]))
self.assertFalse(userHasGroups(u, [G3W_VIEWER1]))
self.assertFalse(u.is_superuser)
self.assertFalse(u.is_staff)
u.delete()
del (u)
# Editor lavel 2 can't set a Editor level 1
form_data.update({'groups': [self.main_roles[G3W_EDITOR1].pk]})
uform = G3WUserForm(request=self.request, data=form_data)
self.assertFalse(uform.is_valid())
