def get_user_collections(user, collection_type, collections=None): """ Args: user: instance of User model collection_type: string for filtering collections based on their type collections: queryset of collections to filter Returns: wagtail collections queryset where given user has add, change permissions if collections queryset is provided filter is applied on that. """ model_mapping = { 'documents': { "model": Document, "owner_field": "uploaded_by_user" }, 'images': { "model": Image, "owner_field": "uploaded_by_user" }, 'videos': { "model": Video, "owner_field": "source_course_run" }, } if not collections: collections = Collection.objects.all() collection_permission_policy = CollectionOwnershipPermissionPolicy( model_mapping[collection_type]["model"], owner_field_name=model_mapping[collection_type]["owner_field"]) user_collections = collection_permission_policy.collections_user_has_any_permission_for( user, ['add', 'change']) return collections.filter(pk__in=user_collections)
def fun_call(request, pk, newsitem_pk=None): newsindex = get_object_or_404( Page.objects.specific().type(NewsIndexMixin), pk=pk) NewsItem = newsindex.get_newsitem_model() user = get_user(request) policy = CollectionOwnershipPermissionPolicy(model=NewsItem, auth_model=NewsItem) if perm == 'add': return function(request=request, newsindex=newsindex, NewsItem=NewsItem, user=user, policy=policy) newsitem = get_object_or_404(NewsItem, newsindex=newsindex, pk=newsitem_pk) if perm == 'change': newsitem = newsitem.get_latest_revision_as_newsitem() if not policy.user_has_permission_for_instance( user, perm, newsitem): raise PermissionDenied() return function(request=request, newsindex=newsindex, user=user, NewsItem=NewsItem, newsitem=newsitem, policy=policy)
def index(request, pk): newsindex = get_object_or_404( Page.objects.specific().type(NewsIndexMixin), pk=pk) NewsItem = newsindex.get_newsitem_model() if not user_can_edit_newsitem(request.user, NewsItem): raise PermissionDenied() newsitem_list = NewsItem.objects.filter(newsindex=newsindex) query = None try: query = request.GET['q'] except KeyError: pass else: backend = get_search_backend() newsitem_list = backend.search(query, newsitem_list) paginator, page = paginate(request, newsitem_list) policy = CollectionOwnershipPermissionPolicy( model=NewsItem, auth_model=NewsItem) return render(request, 'wagtailnews/index.html', { 'newsindex': newsindex, 'page': page, 'paginator': paginator, 'newsitem_list': page.object_list, 'newsitem_perms': perms_for_template(request, NewsItem), 'query_string': query, 'policy': policy, })
""" Permissions for related to journals app """ from wagtail.contrib.modeladmin.helpers import PermissionHelper from wagtail.wagtailcore.permission_policies.collections import CollectionOwnershipPermissionPolicy from journals.apps.journals.models import Video video_permission_policy = CollectionOwnershipPermissionPolicy( Video, owner_field_name='source_course_run') class VideoPermissionHelper(PermissionHelper): """ Permission overrides for videos """ def user_can_create(self, user): """ Since video entries are imported from studio. We need to override this method to disable add button for videos """ return False def user_can_edit_obj(self, user, obj): """ Check if user has edit permissions on videos """ return video_permission_policy.user_has_permission_for_instance( user, 'change', obj) def user_can_delete_obj(self, user, obj):
from wagtail.wagtailcore.permission_policies.collections import CollectionOwnershipPermissionPolicy from wagtail.wagtailimages.models import Image, get_image_model permission_policy = CollectionOwnershipPermissionPolicy( get_image_model(), auth_model=Image, owner_field_name='uploaded_by_user')
from __future__ import absolute_import, print_function, unicode_literals from wagtail.wagtailcore.permission_policies.collections import \ CollectionOwnershipPermissionPolicy from wagtailvideos.models import Video permission_policy = CollectionOwnershipPermissionPolicy( Video, auth_model=Video, owner_field_name='uploaded_by_user')
from wagtail.wagtailcore.permission_policies.collections import ( CollectionOwnershipPermissionPolicy ) from wagtailmedia.models import Media, get_media_model permission_policy = CollectionOwnershipPermissionPolicy( get_media_model(), auth_model=Media, owner_field_name='uploaded_by_user' )
from wagtail.wagtailcore.permission_policies.collections import ( CollectionOwnershipPermissionPolicy ) from .models import get_embed_video_model from .models import EmbedVideo permission_policy = CollectionOwnershipPermissionPolicy( get_embed_video_model(), auth_model=EmbedVideo, owner_field_name='uploaded_by_user' )
from __future__ import absolute_import, unicode_literals from wagtail.wagtailcore.permission_policies.collections import CollectionOwnershipPermissionPolicy from wagtail.wagtaildocs.models import Document, get_document_model permission_policy = CollectionOwnershipPermissionPolicy( get_document_model(), auth_model=Document, owner_field_name='uploaded_by_user')
def setUp(self): super(TestCollectionOwnershipPermissionPolicy, self).setUp() self.policy = CollectionOwnershipPermissionPolicy( Document, owner_field_name='uploaded_by_user', )
class TestCollectionOwnershipPermissionPolicy(PermissionPolicyTestCase): def setUp(self): super(TestCollectionOwnershipPermissionPolicy, self).setUp() self.policy = CollectionOwnershipPermissionPolicy( Document, owner_field_name='uploaded_by_user', ) def test_user_has_permission(self): self.assertUserPermissionMatrix([ (self.superuser, True, True, True, True), (self.inactive_superuser, False, False, False, False), (self.doc_changer, False, True, True, False), (self.inactive_doc_changer, False, False, False, False), (self.report_changer, False, True, True, False), (self.report_adder, True, True, True, False), (self.useless_user, False, False, False, False), (self.anonymous_user, False, False, False, False), ]) def test_user_has_any_permission(self): self.assertTrue( self.policy.user_has_any_permission(self.superuser, ['add', 'change']) ) self.assertFalse( self.policy.user_has_any_permission(self.inactive_superuser, ['add', 'change']) ) self.assertTrue( self.policy.user_has_any_permission(self.report_changer, ['add', 'delete']) ) self.assertTrue( self.policy.user_has_any_permission(self.report_adder, ['add', 'change']) ) self.assertTrue( self.policy.user_has_any_permission(self.report_adder, ['change', 'delete']) ) self.assertFalse( self.policy.user_has_any_permission(self.anonymous_user, ['add', 'change']) ) def test_users_with_any_permission(self): users_with_add_or_change_permission = self.policy.users_with_any_permission( ['add', 'change'] ) self.assertResultSetEqual(users_with_add_or_change_permission, [ self.superuser, self.doc_changer, self.report_changer, self.report_adder, ]) def test_users_with_permission(self): users_with_change_permission = self.policy.users_with_permission('change') self.assertResultSetEqual(users_with_change_permission, [ self.superuser, self.doc_changer, self.report_changer, self.report_adder, ]) users_with_custom_permission = self.policy.users_with_permission('frobnicate') self.assertResultSetEqual(users_with_custom_permission, [ self.superuser, ]) def test_user_has_permission_for_instance(self): # document in the root is only editable by users with permissions # on the root collection self.assertUserInstancePermissionMatrix(self.changer_doc, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.doc_changer, True, True, False), (self.inactive_doc_changer, False, False, False), (self.report_changer, False, False, False), (self.report_adder, False, False, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) # document in 'reports' is editable by users with permissions # on 'reports' or the root collection self.assertUserInstancePermissionMatrix(self.useless_report, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.doc_changer, True, True, False), (self.inactive_doc_changer, False, False, False), (self.report_changer, True, True, False), (self.report_adder, False, False, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) # adder_report is editable by its owner (who only has 'add' permission) self.assertUserInstancePermissionMatrix(self.adder_report, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.doc_changer, True, True, False), (self.inactive_doc_changer, False, False, False), (self.report_changer, True, True, False), (self.report_adder, True, True, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) def test_user_has_any_permission_for_instance(self): self.assertTrue( self.policy.user_has_any_permission_for_instance( self.report_changer, ['change', 'delete'], self.useless_report ) ) self.assertFalse( self.policy.user_has_any_permission_for_instance( self.report_changer, ['change', 'delete'], self.changer_doc ) ) self.assertFalse( self.policy.user_has_any_permission_for_instance( self.report_adder, ['change', 'delete'], self.changer_doc ) ) self.assertTrue( self.policy.user_has_any_permission_for_instance( self.report_adder, ['change', 'delete'], self.adder_report ) ) self.assertFalse( self.policy.user_has_any_permission_for_instance( self.anonymous_user, ['change', 'delete'], self.changer_doc ) ) def test_instances_user_has_permission_for(self): self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.superuser, 'change', ), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ] ) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.inactive_superuser, 'change', ), [] ) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.doc_changer, 'change', ), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ] ) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.report_changer, 'change', ), [ self.changer_report, self.useless_report, self.adder_report, self.anonymous_report ] ) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.useless_user, 'change', ), [] ) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.anonymous_user, 'change', ), [] ) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.report_adder, 'change', ), [ self.adder_report, ] ) def test_instances_user_has_any_permission_for(self): self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.superuser, ['change', 'delete'] ), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ] ) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.inactive_superuser, ['change', 'delete'] ), [] ) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.doc_changer, ['change', 'delete'] ), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ] ) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.report_changer, ['change', 'delete'] ), [ self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ] ) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.useless_user, ['change', 'delete'] ), [] ) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.anonymous_user, ['change', 'delete'] ), [] ) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.report_adder, ['change', 'delete'], ), [ self.adder_report, ] ) def test_users_with_permission_for_instance(self): self.assertResultSetEqual( self.policy.users_with_permission_for_instance('change', self.changer_doc), [ self.superuser, self.doc_changer ] ) self.assertResultSetEqual( self.policy.users_with_permission_for_instance('change', self.changer_report), [ self.superuser, self.doc_changer, self.report_changer ] ) self.assertResultSetEqual( self.policy.users_with_permission_for_instance('change', self.adder_report), [ self.superuser, self.doc_changer, self.report_changer, self.report_adder ] ) self.assertResultSetEqual( self.policy.users_with_permission_for_instance('change', self.useless_report), [ self.superuser, self.doc_changer, self.report_changer ] ) self.assertResultSetEqual( self.policy.users_with_permission_for_instance('change', self.anonymous_report), [ self.superuser, self.doc_changer, self.report_changer ] ) def test_users_with_any_permission_for_instance(self): self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.changer_doc ), [ self.superuser, self.doc_changer ] ) self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.adder_report ), [ self.superuser, self.doc_changer, self.report_changer, self.report_adder ] ) self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.useless_report ), [ self.superuser, self.doc_changer, self.report_changer ] ) self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['delete', 'frobnicate'], self.useless_report ), [self.superuser, self.doc_changer, self.report_changer] ) def test_collections_user_has_permission_for(self): self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.superuser, 'change', ), [self.root_collection, self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.inactive_superuser, 'change', ), [] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.doc_changer, 'change', ), [self.root_collection, self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.report_changer, 'change', ), [self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.report_adder, 'change', ), [self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.report_adder, 'add', ), [self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.useless_user, 'change', ), [] ) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.anonymous_user, 'change', ), [] ) def test_collections_user_has_any_permission_for(self): self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.superuser, ['change', 'delete'] ), [self.root_collection, self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.inactive_superuser, ['change', 'delete'] ), [] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.doc_changer, ['change', 'delete'] ), [self.root_collection, self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.report_changer, ['change', 'delete'] ), [self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.report_adder, ['change', 'delete'] ), [self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.report_adder, ['add', 'delete'] ), [self.reports_collection] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.useless_user, ['change', 'delete'] ), [] ) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.anonymous_user, ['change', 'delete'] ), [] )
class TestCollectionOwnershipPermissionPolicy(PermissionPolicyTestCase): def setUp(self): super(TestCollectionOwnershipPermissionPolicy, self).setUp() self.policy = CollectionOwnershipPermissionPolicy( Document, owner_field_name='uploaded_by_user', ) def test_user_has_permission(self): self.assertUserPermissionMatrix([ (self.superuser, True, True, True, True), (self.inactive_superuser, False, False, False, False), (self.doc_changer, False, True, True, False), (self.inactive_doc_changer, False, False, False, False), (self.report_changer, False, True, True, False), (self.report_adder, True, True, True, False), (self.useless_user, False, False, False, False), (self.anonymous_user, False, False, False, False), ]) def test_user_has_any_permission(self): self.assertTrue( self.policy.user_has_any_permission(self.superuser, ['add', 'change'])) self.assertFalse( self.policy.user_has_any_permission(self.inactive_superuser, ['add', 'change'])) self.assertTrue( self.policy.user_has_any_permission(self.report_changer, ['add', 'delete'])) self.assertTrue( self.policy.user_has_any_permission(self.report_adder, ['add', 'change'])) self.assertTrue( self.policy.user_has_any_permission(self.report_adder, ['change', 'delete'])) self.assertFalse( self.policy.user_has_any_permission(self.anonymous_user, ['add', 'change'])) def test_users_with_any_permission(self): users_with_add_or_change_permission = self.policy.users_with_any_permission( ['add', 'change']) self.assertResultSetEqual(users_with_add_or_change_permission, [ self.superuser, self.doc_changer, self.report_changer, self.report_adder, ]) def test_users_with_permission(self): users_with_change_permission = self.policy.users_with_permission( 'change') self.assertResultSetEqual(users_with_change_permission, [ self.superuser, self.doc_changer, self.report_changer, self.report_adder, ]) users_with_custom_permission = self.policy.users_with_permission( 'frobnicate') self.assertResultSetEqual(users_with_custom_permission, [ self.superuser, ]) def test_user_has_permission_for_instance(self): # document in the root is only editable by users with permissions # on the root collection self.assertUserInstancePermissionMatrix(self.changer_doc, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.doc_changer, True, True, False), (self.inactive_doc_changer, False, False, False), (self.report_changer, False, False, False), (self.report_adder, False, False, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) # document in 'reports' is editable by users with permissions # on 'reports' or the root collection self.assertUserInstancePermissionMatrix(self.useless_report, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.doc_changer, True, True, False), (self.inactive_doc_changer, False, False, False), (self.report_changer, True, True, False), (self.report_adder, False, False, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) # adder_report is editable by its owner (who only has 'add' permission) self.assertUserInstancePermissionMatrix(self.adder_report, [ (self.superuser, True, True, True), (self.inactive_superuser, False, False, False), (self.doc_changer, True, True, False), (self.inactive_doc_changer, False, False, False), (self.report_changer, True, True, False), (self.report_adder, True, True, False), (self.useless_user, False, False, False), (self.anonymous_user, False, False, False), ]) def test_user_has_any_permission_for_instance(self): self.assertTrue( self.policy.user_has_any_permission_for_instance( self.report_changer, ['change', 'delete'], self.useless_report)) self.assertFalse( self.policy.user_has_any_permission_for_instance( self.report_changer, ['change', 'delete'], self.changer_doc)) self.assertFalse( self.policy.user_has_any_permission_for_instance( self.report_adder, ['change', 'delete'], self.changer_doc)) self.assertTrue( self.policy.user_has_any_permission_for_instance( self.report_adder, ['change', 'delete'], self.adder_report)) self.assertFalse( self.policy.user_has_any_permission_for_instance( self.anonymous_user, ['change', 'delete'], self.changer_doc)) def test_instances_user_has_permission_for(self): self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.superuser, 'change', ), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ]) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.inactive_superuser, 'change', ), []) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.doc_changer, 'change', ), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ]) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.report_changer, 'change', ), [ self.changer_report, self.useless_report, self.adder_report, self.anonymous_report ]) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.useless_user, 'change', ), []) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.anonymous_user, 'change', ), []) self.assertResultSetEqual( self.policy.instances_user_has_permission_for( self.report_adder, 'change', ), [ self.adder_report, ]) def test_instances_user_has_any_permission_for(self): self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.superuser, ['change', 'delete']), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ]) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.inactive_superuser, ['change', 'delete']), []) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.doc_changer, ['change', 'delete']), [ self.changer_doc, self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ]) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.report_changer, ['change', 'delete']), [ self.changer_report, self.adder_report, self.useless_report, self.anonymous_report ]) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.useless_user, ['change', 'delete']), []) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.anonymous_user, ['change', 'delete']), []) self.assertResultSetEqual( self.policy.instances_user_has_any_permission_for( self.report_adder, ['change', 'delete'], ), [ self.adder_report, ]) def test_users_with_permission_for_instance(self): self.assertResultSetEqual( self.policy.users_with_permission_for_instance( 'change', self.changer_doc), [self.superuser, self.doc_changer]) self.assertResultSetEqual( self.policy.users_with_permission_for_instance( 'change', self.changer_report), [self.superuser, self.doc_changer, self.report_changer]) self.assertResultSetEqual( self.policy.users_with_permission_for_instance( 'change', self.adder_report), [ self.superuser, self.doc_changer, self.report_changer, self.report_adder ]) self.assertResultSetEqual( self.policy.users_with_permission_for_instance( 'change', self.useless_report), [self.superuser, self.doc_changer, self.report_changer]) self.assertResultSetEqual( self.policy.users_with_permission_for_instance( 'change', self.anonymous_report), [self.superuser, self.doc_changer, self.report_changer]) def test_users_with_any_permission_for_instance(self): self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.changer_doc), [self.superuser, self.doc_changer]) self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.adder_report), [ self.superuser, self.doc_changer, self.report_changer, self.report_adder ]) self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['change', 'delete'], self.useless_report), [self.superuser, self.doc_changer, self.report_changer]) self.assertResultSetEqual( self.policy.users_with_any_permission_for_instance( ['delete', 'frobnicate'], self.useless_report), [self.superuser, self.doc_changer, self.report_changer]) def test_collections_user_has_permission_for(self): self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.superuser, 'change', ), [self.root_collection, self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.inactive_superuser, 'change', ), []) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.doc_changer, 'change', ), [self.root_collection, self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.report_changer, 'change', ), [self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.report_adder, 'change', ), [self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.report_adder, 'add', ), [self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.useless_user, 'change', ), []) self.assertResultSetEqual( self.policy.collections_user_has_permission_for( self.anonymous_user, 'change', ), []) def test_collections_user_has_any_permission_for(self): self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.superuser, ['change', 'delete']), [self.root_collection, self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.inactive_superuser, ['change', 'delete']), []) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.doc_changer, ['change', 'delete']), [self.root_collection, self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.report_changer, ['change', 'delete']), [self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.report_adder, ['change', 'delete']), [self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.report_adder, ['add', 'delete']), [self.reports_collection]) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.useless_user, ['change', 'delete']), []) self.assertResultSetEqual( self.policy.collections_user_has_any_permission_for( self.anonymous_user, ['change', 'delete']), [])