|
29
|
1 |
from django.conf import settings |
|
|
2 |
from django.contrib.auth.models import User, Group, Permission, AnonymousUser |
|
|
3 |
from django.contrib.contenttypes.models import ContentType |
|
|
4 |
from django.test import TestCase |
|
|
5 |
|
|
|
6 |
|
|
|
7 |
class BackendTest(TestCase): |
|
|
8 |
|
|
|
9 |
backend = 'django.contrib.auth.backends.ModelBackend' |
|
|
10 |
|
|
|
11 |
def setUp(self): |
|
|
12 |
self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
|
13 |
settings.AUTHENTICATION_BACKENDS = (self.backend,) |
|
|
14 |
User.objects.create_user('test', 'test@example.com', 'test') |
|
|
15 |
|
|
|
16 |
def tearDown(self): |
|
|
17 |
settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
|
18 |
|
|
|
19 |
def test_has_perm(self): |
|
|
20 |
user = User.objects.get(username='test') |
|
|
21 |
self.assertEqual(user.has_perm('auth.test'), False) |
|
|
22 |
user.is_staff = True |
|
|
23 |
user.save() |
|
|
24 |
self.assertEqual(user.has_perm('auth.test'), False) |
|
|
25 |
user.is_superuser = True |
|
|
26 |
user.save() |
|
|
27 |
self.assertEqual(user.has_perm('auth.test'), True) |
|
|
28 |
user.is_staff = False |
|
|
29 |
user.is_superuser = False |
|
|
30 |
user.save() |
|
|
31 |
self.assertEqual(user.has_perm('auth.test'), False) |
|
|
32 |
user.is_staff = True |
|
|
33 |
user.is_superuser = True |
|
|
34 |
user.is_active = False |
|
|
35 |
user.save() |
|
|
36 |
self.assertEqual(user.has_perm('auth.test'), False) |
|
|
37 |
|
|
|
38 |
def test_custom_perms(self): |
|
|
39 |
user = User.objects.get(username='test') |
|
|
40 |
content_type=ContentType.objects.get_for_model(Group) |
|
|
41 |
perm = Permission.objects.create(name='test', content_type=content_type, codename='test') |
|
|
42 |
user.user_permissions.add(perm) |
|
|
43 |
user.save() |
|
|
44 |
|
|
|
45 |
# reloading user to purge the _perm_cache |
|
|
46 |
user = User.objects.get(username='test') |
|
|
47 |
self.assertEqual(user.get_all_permissions() == set([u'auth.test']), True) |
|
|
48 |
self.assertEqual(user.get_group_permissions(), set([])) |
|
|
49 |
self.assertEqual(user.has_module_perms('Group'), False) |
|
|
50 |
self.assertEqual(user.has_module_perms('auth'), True) |
|
|
51 |
perm = Permission.objects.create(name='test2', content_type=content_type, codename='test2') |
|
|
52 |
user.user_permissions.add(perm) |
|
|
53 |
user.save() |
|
|
54 |
perm = Permission.objects.create(name='test3', content_type=content_type, codename='test3') |
|
|
55 |
user.user_permissions.add(perm) |
|
|
56 |
user.save() |
|
|
57 |
user = User.objects.get(username='test') |
|
|
58 |
self.assertEqual(user.get_all_permissions(), set([u'auth.test2', u'auth.test', u'auth.test3'])) |
|
|
59 |
self.assertEqual(user.has_perm('test'), False) |
|
|
60 |
self.assertEqual(user.has_perm('auth.test'), True) |
|
|
61 |
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True) |
|
|
62 |
perm = Permission.objects.create(name='test_group', content_type=content_type, codename='test_group') |
|
|
63 |
group = Group.objects.create(name='test_group') |
|
|
64 |
group.permissions.add(perm) |
|
|
65 |
group.save() |
|
|
66 |
user.groups.add(group) |
|
|
67 |
user = User.objects.get(username='test') |
|
|
68 |
exp = set([u'auth.test2', u'auth.test', u'auth.test3', u'auth.test_group']) |
|
|
69 |
self.assertEqual(user.get_all_permissions(), exp) |
|
|
70 |
self.assertEqual(user.get_group_permissions(), set([u'auth.test_group'])) |
|
|
71 |
self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True) |
|
|
72 |
|
|
|
73 |
user = AnonymousUser() |
|
|
74 |
self.assertEqual(user.has_perm('test'), False) |
|
|
75 |
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False) |
|
|
76 |
|
|
|
77 |
def test_has_no_object_perm(self): |
|
|
78 |
"""Regressiontest for #12462""" |
|
|
79 |
user = User.objects.get(username='test') |
|
|
80 |
content_type=ContentType.objects.get_for_model(Group) |
|
|
81 |
perm = Permission.objects.create(name='test', content_type=content_type, codename='test') |
|
|
82 |
user.user_permissions.add(perm) |
|
|
83 |
user.save() |
|
|
84 |
|
|
|
85 |
self.assertEqual(user.has_perm('auth.test', 'object'), False) |
|
|
86 |
self.assertEqual(user.get_all_permissions('object'), set([])) |
|
|
87 |
self.assertEqual(user.has_perm('auth.test'), True) |
|
|
88 |
self.assertEqual(user.get_all_permissions(), set(['auth.test'])) |
|
|
89 |
|
|
|
90 |
|
|
|
91 |
class TestObj(object): |
|
|
92 |
pass |
|
|
93 |
|
|
|
94 |
|
|
|
95 |
class SimpleRowlevelBackend(object): |
|
|
96 |
supports_object_permissions = True |
|
|
97 |
|
|
|
98 |
# This class also supports tests for anonymous user permissions, |
|
|
99 |
# via subclasses which just set the 'supports_anonymous_user' attribute. |
|
|
100 |
|
|
|
101 |
def has_perm(self, user, perm, obj=None): |
|
|
102 |
if not obj: |
|
|
103 |
return # We only support row level perms |
|
|
104 |
|
|
|
105 |
if isinstance(obj, TestObj): |
|
|
106 |
if user.username == 'test2': |
|
|
107 |
return True |
|
|
108 |
elif user.is_anonymous() and perm == 'anon': |
|
|
109 |
# not reached due to supports_anonymous_user = False |
|
|
110 |
return True |
|
|
111 |
return False |
|
|
112 |
|
|
|
113 |
def has_module_perms(self, user, app_label): |
|
|
114 |
return app_label == "app1" |
|
|
115 |
|
|
|
116 |
def get_all_permissions(self, user, obj=None): |
|
|
117 |
if not obj: |
|
|
118 |
return [] # We only support row level perms |
|
|
119 |
|
|
|
120 |
if not isinstance(obj, TestObj): |
|
|
121 |
return ['none'] |
|
|
122 |
|
|
|
123 |
if user.is_anonymous(): |
|
|
124 |
return ['anon'] |
|
|
125 |
if user.username == 'test2': |
|
|
126 |
return ['simple', 'advanced'] |
|
|
127 |
else: |
|
|
128 |
return ['simple'] |
|
|
129 |
|
|
|
130 |
def get_group_permissions(self, user, obj=None): |
|
|
131 |
if not obj: |
|
|
132 |
return # We only support row level perms |
|
|
133 |
|
|
|
134 |
if not isinstance(obj, TestObj): |
|
|
135 |
return ['none'] |
|
|
136 |
|
|
|
137 |
if 'test_group' in [group.name for group in user.groups.all()]: |
|
|
138 |
return ['group_perm'] |
|
|
139 |
else: |
|
|
140 |
return ['none'] |
|
|
141 |
|
|
|
142 |
|
|
|
143 |
class RowlevelBackendTest(TestCase): |
|
|
144 |
""" |
|
|
145 |
Tests for auth backend that supports object level permissions |
|
|
146 |
""" |
|
|
147 |
backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend' |
|
|
148 |
|
|
|
149 |
def setUp(self): |
|
|
150 |
self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
|
151 |
settings.AUTHENTICATION_BACKENDS = self.curr_auth + (self.backend,) |
|
|
152 |
self.user1 = User.objects.create_user('test', 'test@example.com', 'test') |
|
|
153 |
self.user2 = User.objects.create_user('test2', 'test2@example.com', 'test') |
|
|
154 |
self.user3 = User.objects.create_user('test3', 'test3@example.com', 'test') |
|
|
155 |
|
|
|
156 |
def tearDown(self): |
|
|
157 |
settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
|
158 |
|
|
|
159 |
def test_has_perm(self): |
|
|
160 |
self.assertEqual(self.user1.has_perm('perm', TestObj()), False) |
|
|
161 |
self.assertEqual(self.user2.has_perm('perm', TestObj()), True) |
|
|
162 |
self.assertEqual(self.user2.has_perm('perm'), False) |
|
|
163 |
self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True) |
|
|
164 |
self.assertEqual(self.user3.has_perm('perm', TestObj()), False) |
|
|
165 |
self.assertEqual(self.user3.has_perm('anon', TestObj()), False) |
|
|
166 |
self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False) |
|
|
167 |
|
|
|
168 |
def test_get_all_permissions(self): |
|
|
169 |
self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['simple'])) |
|
|
170 |
self.assertEqual(self.user2.get_all_permissions(TestObj()), set(['simple', 'advanced'])) |
|
|
171 |
self.assertEqual(self.user2.get_all_permissions(), set([])) |
|
|
172 |
|
|
|
173 |
def test_get_group_permissions(self): |
|
|
174 |
content_type=ContentType.objects.get_for_model(Group) |
|
|
175 |
group = Group.objects.create(name='test_group') |
|
|
176 |
self.user3.groups.add(group) |
|
|
177 |
self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm'])) |
|
|
178 |
|
|
|
179 |
|
|
|
180 |
class AnonymousUserBackend(SimpleRowlevelBackend): |
|
|
181 |
|
|
|
182 |
supports_anonymous_user = True |
|
|
183 |
|
|
|
184 |
|
|
|
185 |
class NoAnonymousUserBackend(SimpleRowlevelBackend): |
|
|
186 |
|
|
|
187 |
supports_anonymous_user = False |
|
|
188 |
|
|
|
189 |
|
|
|
190 |
class AnonymousUserBackendTest(TestCase): |
|
|
191 |
""" |
|
|
192 |
Tests for AnonymousUser delegating to backend if it has 'supports_anonymous_user' = True |
|
|
193 |
""" |
|
|
194 |
|
|
|
195 |
backend = 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend' |
|
|
196 |
|
|
|
197 |
def setUp(self): |
|
|
198 |
self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
|
199 |
settings.AUTHENTICATION_BACKENDS = (self.backend,) |
|
|
200 |
self.user1 = AnonymousUser() |
|
|
201 |
|
|
|
202 |
def tearDown(self): |
|
|
203 |
settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
|
204 |
|
|
|
205 |
def test_has_perm(self): |
|
|
206 |
self.assertEqual(self.user1.has_perm('perm', TestObj()), False) |
|
|
207 |
self.assertEqual(self.user1.has_perm('anon', TestObj()), True) |
|
|
208 |
|
|
|
209 |
def test_has_perms(self): |
|
|
210 |
self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True) |
|
|
211 |
self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False) |
|
|
212 |
|
|
|
213 |
def test_has_module_perms(self): |
|
|
214 |
self.assertEqual(self.user1.has_module_perms("app1"), True) |
|
|
215 |
self.assertEqual(self.user1.has_module_perms("app2"), False) |
|
|
216 |
|
|
|
217 |
def test_get_all_permissions(self): |
|
|
218 |
self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['anon'])) |
|
|
219 |
|
|
|
220 |
|
|
|
221 |
class NoAnonymousUserBackendTest(TestCase): |
|
|
222 |
""" |
|
|
223 |
Tests that AnonymousUser does not delegate to backend if it has 'supports_anonymous_user' = False |
|
|
224 |
""" |
|
|
225 |
backend = 'django.contrib.auth.tests.auth_backends.NoAnonymousUserBackend' |
|
|
226 |
|
|
|
227 |
def setUp(self): |
|
|
228 |
self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
|
229 |
settings.AUTHENTICATION_BACKENDS = self.curr_auth + (self.backend,) |
|
|
230 |
self.user1 = AnonymousUser() |
|
|
231 |
|
|
|
232 |
def tearDown(self): |
|
|
233 |
settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
|
234 |
|
|
|
235 |
def test_has_perm(self): |
|
|
236 |
self.assertEqual(self.user1.has_perm('perm', TestObj()), False) |
|
|
237 |
self.assertEqual(self.user1.has_perm('anon', TestObj()), False) |
|
|
238 |
|
|
|
239 |
def test_has_perms(self): |
|
|
240 |
self.assertEqual(self.user1.has_perms(['anon'], TestObj()), False) |
|
|
241 |
|
|
|
242 |
def test_has_module_perms(self): |
|
|
243 |
self.assertEqual(self.user1.has_module_perms("app1"), False) |
|
|
244 |
self.assertEqual(self.user1.has_module_perms("app2"), False) |
|
|
245 |
|
|
|
246 |
def test_get_all_permissions(self): |
|
|
247 |
self.assertEqual(self.user1.get_all_permissions(TestObj()), set()) |