import mock
from django.test import TestCase
from django.db import IntegrityError
from django.contrib.auth.models import Permission
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.test.utils import override_settings
from protector.backends import BaseGenericPermissionBackend
from protector.exceptions import NoReasonSpecified, ImproperResponsibleInstancePassed
from protector.models import (
GenericGlobalPerm,
OwnerToPermission,
HistoryOwnerToPermission,
GenericUserToGroup,
HistoryGenericUserToGroup,
)
from protector.reserved_reasons import TEST_REASON
from protector.internals import get_default_group_ctype, get_user_ctype
from protector.helpers import (
get_all_permission_owners, get_permission_owners_of_type_for_object,
filter_object_id_list, is_user_having_perm_on_any_object, check_single_permission
)
TestUser = get_user_model()
@override_settings(
DISABLE_GENERIC_PERMISSION_CACHE=True
)
class GenericObjectRestrictionTest(TestCase):
def setUp(self):
self.TestGroup = get_default_group_ctype().model_class()
self.user = TestUser.objects.create(username='test1', email='test@test.com')
self.user2 = TestUser.objects.create(username='test2', email='test2@test.com')
self.user3 = TestUser.objects.create(username='test3', email='test3@test.com')
self.responsible_user = TestUser.objects.create_user(username='responsible')
self.permission = Permission.objects.create(
codename='test', content_type=get_user_ctype()
)
self.permission2 = Permission.objects.create(
codename='test2', content_type=get_user_ctype()
)
self.permission_key = get_user_ctype().app_label + '.test'
self.permission2_key = get_user_ctype().app_label + '.test2'
self.group = self.TestGroup.objects.create(
name='test_group'
)
self.group2 = self.TestGroup.objects.create(
name='test_group2'
)
self.group2.restrict()
self.group2.save()
self.HistoryOwnerToPermission = HistoryOwnerToPermission
self.HistoryGenericUserToGroup = HistoryGenericUserToGroup
def test_object_perm(self):
self.assertFalse(
self.user.has_perm(self.permission_key, self.user2)
)
self.user.permissions.add(
self.permission,
TEST_REASON,
obj=self.user2,
responsible=self.responsible_user,
)
self.assertTrue(
self.user.has_perm(self.permission_key, self.user2)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 1)
def test_object_global_perm(self):
self.assertFalse(
self.user.has_perm(self.permission_key, self.user2)
)
self.user.permissions.add(
self.permission,
TEST_REASON,
responsible=self.responsible_user,
)
self.assertTrue(
self.user.has_perm(self.permission_key, self.user2)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 1)
def test_object_group_perm_add_remove(self):
self.assertFalse(
self.user2.has_perm(self.permission_key, self.user)
)
self.group.permissions.add(
self.permission,
TEST_REASON,
obj=self.user,
responsible=self.responsible_user,
)
self.group.users.add(
self.user2,
TEST_REASON,
responsible=self.responsible_user,
)
self.assertTrue(
self.user2.has_perm(self.permission_key, self.user)
)
self.group.permissions.remove(
self.permission,
TEST_REASON,
obj=self.user,
responsible=self.responsible_user,
)
self.assertFalse(
self.user2.has_perm(self.permission_key, self.user)
)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 1)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 2)
def test_group_perm(self):
self.user2.groups.add(self.group, TEST_REASON, responsible=self.responsible_user)
self.group.permissions.add(self.permission, TEST_REASON, responsible=self.responsible_user)
self.group.permissions.add(self.permission2, TEST_REASON, responsible=self.responsible_user)
self.assertTrue(
self.user2.has_perm(self.permission_key)
)
self.group.permissions.remove(self.permission, TEST_REASON, responsible=self.responsible_user)
self.assertFalse(
self.user2.has_perm(self.permission_key)
)
self.assertTrue(
self.user2.has_perm(self.permission2_key)
)
self.group.users.remove(self.user2, TEST_REASON, responsible=self.responsible_user)
self.assertFalse(
self.user2.has_perm(self.permission2_key)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 3)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 2)
def test_restricted_query_set(self):
self.assertEquals(
self.TestGroup.objects.count(), 2
)
self.assertEquals(
self.TestGroup.objects.visible().count(), 1
)
self.assertEquals(
self.TestGroup.objects.visible(self.user).count(), 1
)
self.user.permissions.add(
self.TestGroup.get_view_permission(),
TEST_REASON, responsible=self.responsible_user
)
self.assertEquals(
self.TestGroup.objects.visible(self.user).count(), 2
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_restricted_query_set_object_permission(self):
self.assertEquals(
self.TestGroup.objects.visible(self.user2).count(), 1
)
self.user2.permissions.add(
self.TestGroup.get_view_permission(),
TEST_REASON, responsible=self.responsible_user,
obj=self.group2
)
qset = self.TestGroup.objects.visible(self.user2)
self.assertEquals(qset.count(), 2)
self.assertEquals(qset.filter(name=self.group2.name).count(), 1)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_user_roles(self):
DEFAULT = 1
ROLE2 = 2
ROLE3 = 4
self.assertEquals(
self.group.users.count(), 0
)
self.group.users.add(self.user, TEST_REASON, responsible=self.responsible_user)
self.assertEquals(
self.group.users.count(), 1
)
self.group.users.add(self.user2, TEST_REASON, roles=DEFAULT+ROLE2, responsible=self.responsible_user)
self.assertEquals(
self.group.users.by_role(roles=DEFAULT).count(), 2
)
self.assertEquals(
self.group.users.by_role(roles=ROLE2).count(), 1
)
self.assertEquals(
self.group.users.by_role(roles=ROLE3).count(), 0
)
self.group.users.add(self.user3, TEST_REASON, responsible=self.responsible_user, roles=ROLE3)
self.assertEquals(
self.group.users.by_role(roles=ROLE2+ROLE3).count(), 2
)
self.assertEquals(
self.group.get_roles(self.user3), [ROLE3]
)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 3)
def test_content_type_perm(self):
DEFAULT = 1
ROLE2 = 2
self.group.users.add(self.user2, TEST_REASON, responsible=self.responsible_user, roles=ROLE2)
self.group.users.add(self.user, TEST_REASON, responsible=self.responsible_user, roles=DEFAULT)
self.assertFalse(
self.user2.has_perm(self.permission2_key, self.group)
)
GenericGlobalPerm.objects.create(
content_type=ContentType.objects.get_for_model(self.TestGroup),
roles=ROLE2, permission=self.permission2
)
self.assertTrue(
self.user2.has_perm(self.permission2_key, self.group)
)
self.assertFalse(
self.user2.has_perm(self.permission2_key, self.group2)
)
self.assertFalse(
self.user.has_perm(self.permission2_key, self.group)
)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 2)
def test_qset_ctype_perm(self):
ROLE2 = 2
self.assertEquals(
self.TestGroup.objects.visible(self.user2).count(), 1
)
GenericGlobalPerm.objects.create(
content_type=ContentType.objects.get_for_model(self.TestGroup),
roles=ROLE2, permission=self.TestGroup.get_view_permission()
)
self.group.users.add(self.user, TEST_REASON, responsible=self.responsible_user)
self.group2.users.add(self.user2, TEST_REASON, responsible=self.responsible_user, roles=ROLE2)
self.assertEquals(
self.TestGroup.objects.visible(self.user2).count(), 2
)
self.assertEquals(
self.TestGroup.objects.visible(self.user).count(), 1
)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 2)
def test_all_permission_owners(self):
self.user2.is_superuser = True
self.user2.save()
self.user.permissions.add(self.permission, TEST_REASON, responsible=self.responsible_user)
self.assertEquals(
get_all_permission_owners(self.permission).count(), 1
)
self.group.permissions.add(self.permission, TEST_REASON, responsible=self.responsible_user)
self.group.users.add(self.user2, TEST_REASON, responsible=self.responsible_user)
self.assertEquals(
get_all_permission_owners(self.permission).count(), 2
)
self.assertEquals(
get_all_permission_owners(
self.permission2, include_superuser=True
).count(), 1
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 2)
# as we create generic group to user himself
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 2)
def test_unrestrict(self):
self.group.restrict()
self.assertEquals(
self.TestGroup.objects.visible(self.user2).count(), 0
)
self.group.unrestrict()
self.assertEquals(
self.TestGroup.objects.visible(self.user2).count(), 1
)
def test_ctype_owners(self):
owners = get_permission_owners_of_type_for_object(
permission=self.TestGroup.get_view_permission(),
owner_content_type=ContentType.objects.get_for_model(TestUser),
content_object=self.group2
)
self.assertEquals(
owners.count(), 0
)
self.group2.add_viewer(self.user2, TEST_REASON, responsible=self.responsible_user)
self.assertEquals(
owners.count(), 1
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_superuser(self):
groups = self.TestGroup.objects.visible(self.user2)
self.assertFalse(
self.user2.has_perm(self.TestGroup.VIEW_PERMISSION_NAME, self.group2)
)
self.assertEquals(
groups.count(), 1
)
self.user2.is_superuser = True
groups = self.TestGroup.objects.visible(self.user2)
self.assertEquals(
groups.count(), 2
)
self.assertTrue(
self.user2.has_perm(self.TestGroup.VIEW_PERMISSION_NAME, self.group2)
)
def test_groups_by_ctype(self):
DEFAULT = 1
ROLE2 = 2
self.group2.users.add(self.user2, TEST_REASON, responsible=self.responsible_user, roles=DEFAULT)
self.assertEquals(
self.user2.groups.by_ctype(
ContentType.objects.get_for_model(self.group2), DEFAULT
).count(), 1
)
self.assertEquals(
self.user2.groups.by_ctype(
ContentType.objects.get_for_model(self.group2), ROLE2
).count(), 0
)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 1)
def test_user_to_group_by_role(self):
utg_qset = GenericUserToGroup.objects.filter(
group_id=self.group2.pk,
group_content_type=ContentType.objects.get_for_model(self.group2),
user=self.user2
)
DEFAULT = 1
ROLE2 = 2
ROLE3 = 4
self.group2.users.add(self.user2, TEST_REASON, responsible=self.responsible_user, roles=ROLE2)
self.assertEquals(
utg_qset.by_role(DEFAULT).count(), 0
)
self.assertEquals(
utg_qset.by_role(ROLE2).count(), 1
)
self.group2.users.add(self.user2, TEST_REASON, responsible=self.responsible_user, roles=ROLE3)
# update history record
self.assertEquals(
utg_qset.by_role(ROLE2).count(), 1
)
self.user2.groups.remove(self.group2, TEST_REASON, responsible=self.responsible_user, roles=ROLE2)
# update history record
self.assertEquals(
utg_qset.by_role(ROLE2).count(), 0
)
self.assertEquals(
utg_qset.by_role(ROLE3).count(), 1
)
self.user2.groups.remove(self.group2, TEST_REASON, ROLE3, responsible=self.responsible_user)
self.user2.groups.remove(self.group2, TEST_REASON, ROLE3, responsible=self.responsible_user) # Test DoesNotExist
self.assertEquals(
utg_qset.by_role(ROLE3).count(), 0
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 0)
all_hist_records = self.HistoryGenericUserToGroup.objects.all()
self.assertEqual(
all_hist_records.filter(change_type=self.HistoryGenericUserToGroup.TYPE_CHANGE).count(), 2
)
self.assertEqual(
all_hist_records.filter(change_type=self.HistoryGenericUserToGroup.TYPE_ADD).count(), 1
)
self.assertEqual(
all_hist_records.filter(change_type=self.HistoryGenericUserToGroup.TYPE_REMOVE).count(), 1
)
def test_permissioned_manager(self):
groups = self.TestGroup.by_perm.filter_by_permission(
self.user2, self.TestGroup.VIEW_PERMISSION_NAME
)
self.assertEquals(
groups.count(), 0
)
self.user2.permissions.add(
self.group2.get_view_permission(),
TEST_REASON,
self.group2,
responsible=self.responsible_user
)
self.assertEquals(
groups.count(), 1
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_otp_unicode(self):
OwnerToPermission.objects.create(
owner=self.user2,
reason=TEST_REASON,
content_type=ContentType.objects.get_for_model(self.TestGroup),
permission=self.TestGroup.get_view_permission(),
)
otps = [otp.__unicode__() for otp in OwnerToPermission.objects.all()]
self.assertEquals(
otps[0], u'test_app.testuser.2 Roles 1. Permission view_restricted_objects'
)
def test_has_perms(self):
self.user2.permissions.add(self.permission, TEST_REASON)
self.assertFalse(
self.user2.has_perms([self.permission_key, self.permission2_key])
)
self.user2.permissions.add(self.permission2, TEST_REASON)
self.assertTrue(
self.user2.has_perms([self.permission_key, self.permission2_key])
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 2)
def test_has_module_perms(self):
app_label = get_user_model()._meta.app_label
self.assertFalse(
self.user2.has_module_perms(app_label)
)
self.user2.permissions.add(self.permission, TEST_REASON)
self.assertTrue(
self.user2.has_module_perms(app_label)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_object_list_filter(self):
group_ctype = ContentType.objects.get_for_model(self.TestGroup)
obj_list = (
(group_ctype.id, self.group.id),
(group_ctype.id, self.group2.id)
)
self.assertEquals(
len(filter_object_id_list(
obj_list, self.user2.id, self.TestGroup.get_view_permission().id
)), 0
)
self.user2.permissions.add(
self.TestGroup.get_view_permission(), TEST_REASON, self.group2, responsible=self.responsible_user
)
self.assertEquals(
filter_object_id_list(
obj_list, self.user2.id, self.TestGroup.get_view_permission().id
), [(group_ctype.id, self.group2.id)]
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_user_has_perm_on_any_object(self):
self.assertFalse(
is_user_having_perm_on_any_object(self.user, self.permission_key)
)
self.user.permissions.add(self.permission, TEST_REASON, self.group2, responsible=self.responsible_user)
self.assertTrue(
is_user_having_perm_on_any_object(self.user, self.permission_key)
)
self.assertFalse(
is_user_having_perm_on_any_object(self.user, self.permission2_key)
)
self.user.permissions.add(self.permission, TEST_REASON, self.group2)
self.user.permissions.remove(self.permission, TEST_REASON, self.group2)
self.assertFalse(
is_user_having_perm_on_any_object(self.user, self.permission_key)
)
self.user.permissions.add(self.permission, TEST_REASON, responsible=self.responsible_user)
self.assertTrue(
is_user_having_perm_on_any_object(self.user, self.permission_key)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 3)
def test_superuser_has_perm_on_any_object(self):
self.assertFalse(
is_user_having_perm_on_any_object(self.user, self.permission_key)
)
self.user.is_superuser = True
self.user.save()
self.assertTrue(
is_user_having_perm_on_any_object(self.user, self.permission_key)
)
def test_single_permission_helper_global(self):
self.assertFalse(
check_single_permission(self.user, self.permission_key, self.group)
)
self.user.permissions.add(self.permission, TEST_REASON, responsible=self.responsible_user)
self.assertTrue(
check_single_permission(self.user, self.permission_key, self.group)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_single_permission_helper_on_object(self):
self.assertFalse(
check_single_permission(self.user, self.permission_key, self.group)
)
self.user.permissions.add(self.permission, TEST_REASON, obj=self.group, responsible=self.responsible_user)
self.assertTrue(
check_single_permission(self.user, self.permission_key, self.group)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
def test_single_permission_global(self):
self.assertFalse(
check_single_permission(self.user, self.permission_key)
)
self.user.permissions.add(self.permission, TEST_REASON, obj=self.group)
self.assertFalse(
check_single_permission(self.user, self.permission_key)
)
self.user.permissions.add(self.permission, TEST_REASON)
self.assertTrue(
check_single_permission(self.user, self.permission_key)
)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 2)
def test_non_existing_permission(self):
self.assertFalse(
check_single_permission(self.user, 'not.exist', self.group)
)
self.assertFalse(
check_single_permission(self.user, 'not.exist')
)
def test_no_owner_duplicates_allowed(self):
create_test_dict = {
'owner': self.user,
'permission': self.permission,
'reason': TEST_REASON,
}
try:
# Intentionally forgetting to point reason
OwnerToPermission.objects.create(owner=self.user, permission=self.permission)
except NoReasonSpecified:
pass
OwnerToPermission.objects.create(**create_test_dict)
try:
# Intentionally creating the same record
OwnerToPermission.objects.create(**create_test_dict)
except IntegrityError:
pass
_, created = OwnerToPermission.objects.get_or_create(
owner_content_type=ContentType.objects.get_for_model(self.user),
owner_object_id=self.user.id,
permission=self.permission,
reason=TEST_REASON
)
self.assertEqual(created, False)
self.assertEqual(OwnerToPermission.objects.count(), 1)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 1)
_, created = OwnerToPermission.objects.get_or_create(
owner_content_type=ContentType.objects.get_for_model(self.user),
owner_object_id=self.user.id,
permission=self.permission2,
reason=TEST_REASON
)
self.assertEqual(created, True)
self.assertEqual(OwnerToPermission.objects.count(), 2)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 2)
def test_otp_redefined_manager_methods(self):
otp = OwnerToPermission.objects.create(permission=self.permission, owner=self.user, reason=TEST_REASON)
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_ADD).count(),
self.HistoryOwnerToPermission.objects.count()
)
# model delete method
self.assertRaises(NoReasonSpecified, otp.delete)
delete_result = otp.delete(reason=TEST_REASON)
self.assertTrue(isinstance(delete_result, tuple))
self.assertEqual(delete_result[0], 1)
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_ADD).count(),
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_REMOVE).count(),
)
# model save method
otp = OwnerToPermission(permission=self.permission, owner=self.user, content_object=self.group)
self.assertRaises(NoReasonSpecified, otp.save)
otp.save(reason=TEST_REASON)
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_ADD).count(), 2
)
# role change
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_CHANGE).count(),
0
)
otp.roles = 2
otp.save(reason=TEST_REASON)
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_CHANGE).count(),
1
)
# manager delete method
self.assertRaises(NoReasonSpecified, OwnerToPermission.objects.all().delete)
try:
OwnerToPermission.objects.all().delete(reason=TEST_REASON, responsible=self.responsible_user)
except ImproperResponsibleInstancePassed:
pass
OwnerToPermission.objects.all().delete(reason=TEST_REASON, responsible=self.responsible_user)
self.assertEqual(self.HistoryOwnerToPermission.objects.count(), 5)
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(change_type=self.HistoryOwnerToPermission.TYPE_REMOVE).count(),
2
)
# manager bulk_create
otps_to_create = [
OwnerToPermission(permission=self.permission, owner=self.user, responsible=self.responsible_user),
OwnerToPermission(permission=self.permission2, owner=self.user2, responsible=self.responsible_user),
OwnerToPermission(permission=self.permission, owner=self.user2,
content_object=self.group, responsible=self.responsible_user),
]
OwnerToPermission.objects.bulk_create(otps_to_create, reason=TEST_REASON)
self.assertEqual(OwnerToPermission.objects.count(), 3)
self.assertEqual(
self.HistoryOwnerToPermission.objects.filter(
change_type=self.HistoryOwnerToPermission.TYPE_ADD,
responsible=self.responsible_user,
).count(), 3
)
def test_gug_redefined_manager_methods(self):
gug = GenericUserToGroup.objects.create(group=self.group, user=self.user, reason=TEST_REASON)
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_ADD).count(),
self.HistoryGenericUserToGroup.objects.count()
)
# model delete method
self.assertRaises(NoReasonSpecified, gug.delete)
delete_result = gug.delete(reason=TEST_REASON)
self.assertTrue(isinstance(delete_result, tuple))
self.assertEqual(delete_result[0], 1)
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_ADD).count(),
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_REMOVE).count(),
)
# model save method
gug = GenericUserToGroup(group=self.group2, user=self.user2)
self.assertRaises(NoReasonSpecified, gug.save)
gug.save(reason=TEST_REASON)
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_ADD).count(), 2
)
# role change
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_CHANGE).count(), 0
)
gug.roles = 2
gug.save(reason=TEST_REASON)
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_CHANGE).count(), 1
)
# manager delete method
self.assertRaises(NoReasonSpecified, GenericUserToGroup.objects.all().delete)
try:
GenericUserToGroup.objects.all().delete(reason=TEST_REASON, responsible=self.group)
except ImproperResponsibleInstancePassed:
pass
GenericUserToGroup.objects.all().delete(reason=TEST_REASON, responsible=self.responsible_user)
self.assertEqual(self.HistoryGenericUserToGroup.objects.count(), 5)
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(change_type=self.HistoryGenericUserToGroup.TYPE_REMOVE).count(), 2
)
# manager bulk_create
gugs_to_create = [
GenericUserToGroup(group=self.group2, user=self.user2, responsible=self.responsible_user),
GenericUserToGroup(group=self.group, user=self.user, responsible=self.responsible_user),
GenericUserToGroup(group=self.group, user=self.user2, responsible=self.responsible_user),
]
GenericUserToGroup.objects.bulk_create(gugs_to_create, reason=TEST_REASON)
self.assertEqual(GenericUserToGroup.objects.count(), 3)
self.assertEqual(
self.HistoryGenericUserToGroup.objects.filter(
change_type=self.HistoryGenericUserToGroup.TYPE_ADD,
responsible=self.responsible_user,
).count(), 3
)
def test_responsible_reason_decorator(self):
try:
GenericUserToGroup.objects.create(group=self.group, user=self.user, reason='')
except NoReasonSpecified:
pass
try:
OwnerToPermission.objects.get_or_create(owner=self.user, permission=self.permission, reason='', defaults={
'responsible': self.user2,
})
except NoReasonSpecified:
pass
try:
OwnerToPermission.objects.create(
owner=self.user, permission=self.permission, responsible=self.group,
reason=TEST_REASON,
)
except ImproperResponsibleInstancePassed:
pass
@override_settings(
DISABLE_GENERIC_PERMISSION_CACHE=False
)
class TestUserPermissionCache(TestCase):
def setUp(self):
self.user = TestUser.objects.create(username='aragorn', email='aragorn@test.com')
permission_code_name = 'rule_gondor'
self.permission = Permission.objects.create(
codename=permission_code_name, content_type=get_user_ctype()
)
self.permission_key = '{}.{}'.format(get_user_ctype().app_label, permission_code_name)
self.user.permissions.add(self.permission, TEST_REASON)
@mock.patch('protector.backends.check_single_permission')
def test_has_perm_not_called_when_all_permissions_fetched(self, check_single_permission_mock):
backend = BaseGenericPermissionBackend()
backend.get_all_permissions(self.user)
self.assertTrue(backend.has_perm(self.user, self.permission_key))
self.assertFalse(backend.has_perm(self.user, 'some_random_permission'))
self.assertEqual(check_single_permission_mock.call_count, 0)
