|
1 from django.conf import settings |
|
2 from django.contrib.auth.models import User, Group, Permission, AnonymousUser |
|
3 from django.contrib.contenttypes.models import ContentType |
|
4 from django.test import TestCase |
|
5 |
|
6 |
|
7 class BackendTest(TestCase): |
|
8 |
|
9 backend = 'django.contrib.auth.backends.ModelBackend' |
|
10 |
|
11 def setUp(self): |
|
12 self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
13 settings.AUTHENTICATION_BACKENDS = (self.backend,) |
|
14 User.objects.create_user('test', 'test@example.com', 'test') |
|
15 |
|
16 def tearDown(self): |
|
17 settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
18 |
|
19 def test_has_perm(self): |
|
20 user = User.objects.get(username='test') |
|
21 self.assertEqual(user.has_perm('auth.test'), False) |
|
22 user.is_staff = True |
|
23 user.save() |
|
24 self.assertEqual(user.has_perm('auth.test'), False) |
|
25 user.is_superuser = True |
|
26 user.save() |
|
27 self.assertEqual(user.has_perm('auth.test'), True) |
|
28 user.is_staff = False |
|
29 user.is_superuser = False |
|
30 user.save() |
|
31 self.assertEqual(user.has_perm('auth.test'), False) |
|
32 user.is_staff = True |
|
33 user.is_superuser = True |
|
34 user.is_active = False |
|
35 user.save() |
|
36 self.assertEqual(user.has_perm('auth.test'), False) |
|
37 |
|
38 def test_custom_perms(self): |
|
39 user = User.objects.get(username='test') |
|
40 content_type=ContentType.objects.get_for_model(Group) |
|
41 perm = Permission.objects.create(name='test', content_type=content_type, codename='test') |
|
42 user.user_permissions.add(perm) |
|
43 user.save() |
|
44 |
|
45 # reloading user to purge the _perm_cache |
|
46 user = User.objects.get(username='test') |
|
47 self.assertEqual(user.get_all_permissions() == set([u'auth.test']), True) |
|
48 self.assertEqual(user.get_group_permissions(), set([])) |
|
49 self.assertEqual(user.has_module_perms('Group'), False) |
|
50 self.assertEqual(user.has_module_perms('auth'), True) |
|
51 perm = Permission.objects.create(name='test2', content_type=content_type, codename='test2') |
|
52 user.user_permissions.add(perm) |
|
53 user.save() |
|
54 perm = Permission.objects.create(name='test3', content_type=content_type, codename='test3') |
|
55 user.user_permissions.add(perm) |
|
56 user.save() |
|
57 user = User.objects.get(username='test') |
|
58 self.assertEqual(user.get_all_permissions(), set([u'auth.test2', u'auth.test', u'auth.test3'])) |
|
59 self.assertEqual(user.has_perm('test'), False) |
|
60 self.assertEqual(user.has_perm('auth.test'), True) |
|
61 self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True) |
|
62 perm = Permission.objects.create(name='test_group', content_type=content_type, codename='test_group') |
|
63 group = Group.objects.create(name='test_group') |
|
64 group.permissions.add(perm) |
|
65 group.save() |
|
66 user.groups.add(group) |
|
67 user = User.objects.get(username='test') |
|
68 exp = set([u'auth.test2', u'auth.test', u'auth.test3', u'auth.test_group']) |
|
69 self.assertEqual(user.get_all_permissions(), exp) |
|
70 self.assertEqual(user.get_group_permissions(), set([u'auth.test_group'])) |
|
71 self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True) |
|
72 |
|
73 user = AnonymousUser() |
|
74 self.assertEqual(user.has_perm('test'), False) |
|
75 self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False) |
|
76 |
|
77 def test_has_no_object_perm(self): |
|
78 """Regressiontest for #12462""" |
|
79 user = User.objects.get(username='test') |
|
80 content_type=ContentType.objects.get_for_model(Group) |
|
81 perm = Permission.objects.create(name='test', content_type=content_type, codename='test') |
|
82 user.user_permissions.add(perm) |
|
83 user.save() |
|
84 |
|
85 self.assertEqual(user.has_perm('auth.test', 'object'), False) |
|
86 self.assertEqual(user.get_all_permissions('object'), set([])) |
|
87 self.assertEqual(user.has_perm('auth.test'), True) |
|
88 self.assertEqual(user.get_all_permissions(), set(['auth.test'])) |
|
89 |
|
90 |
|
91 class TestObj(object): |
|
92 pass |
|
93 |
|
94 |
|
95 class SimpleRowlevelBackend(object): |
|
96 supports_object_permissions = True |
|
97 |
|
98 # This class also supports tests for anonymous user permissions, |
|
99 # via subclasses which just set the 'supports_anonymous_user' attribute. |
|
100 |
|
101 def has_perm(self, user, perm, obj=None): |
|
102 if not obj: |
|
103 return # We only support row level perms |
|
104 |
|
105 if isinstance(obj, TestObj): |
|
106 if user.username == 'test2': |
|
107 return True |
|
108 elif user.is_anonymous() and perm == 'anon': |
|
109 # not reached due to supports_anonymous_user = False |
|
110 return True |
|
111 return False |
|
112 |
|
113 def has_module_perms(self, user, app_label): |
|
114 return app_label == "app1" |
|
115 |
|
116 def get_all_permissions(self, user, obj=None): |
|
117 if not obj: |
|
118 return [] # We only support row level perms |
|
119 |
|
120 if not isinstance(obj, TestObj): |
|
121 return ['none'] |
|
122 |
|
123 if user.is_anonymous(): |
|
124 return ['anon'] |
|
125 if user.username == 'test2': |
|
126 return ['simple', 'advanced'] |
|
127 else: |
|
128 return ['simple'] |
|
129 |
|
130 def get_group_permissions(self, user, obj=None): |
|
131 if not obj: |
|
132 return # We only support row level perms |
|
133 |
|
134 if not isinstance(obj, TestObj): |
|
135 return ['none'] |
|
136 |
|
137 if 'test_group' in [group.name for group in user.groups.all()]: |
|
138 return ['group_perm'] |
|
139 else: |
|
140 return ['none'] |
|
141 |
|
142 |
|
143 class RowlevelBackendTest(TestCase): |
|
144 """ |
|
145 Tests for auth backend that supports object level permissions |
|
146 """ |
|
147 backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend' |
|
148 |
|
149 def setUp(self): |
|
150 self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
151 settings.AUTHENTICATION_BACKENDS = self.curr_auth + (self.backend,) |
|
152 self.user1 = User.objects.create_user('test', 'test@example.com', 'test') |
|
153 self.user2 = User.objects.create_user('test2', 'test2@example.com', 'test') |
|
154 self.user3 = User.objects.create_user('test3', 'test3@example.com', 'test') |
|
155 |
|
156 def tearDown(self): |
|
157 settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
158 |
|
159 def test_has_perm(self): |
|
160 self.assertEqual(self.user1.has_perm('perm', TestObj()), False) |
|
161 self.assertEqual(self.user2.has_perm('perm', TestObj()), True) |
|
162 self.assertEqual(self.user2.has_perm('perm'), False) |
|
163 self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True) |
|
164 self.assertEqual(self.user3.has_perm('perm', TestObj()), False) |
|
165 self.assertEqual(self.user3.has_perm('anon', TestObj()), False) |
|
166 self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False) |
|
167 |
|
168 def test_get_all_permissions(self): |
|
169 self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['simple'])) |
|
170 self.assertEqual(self.user2.get_all_permissions(TestObj()), set(['simple', 'advanced'])) |
|
171 self.assertEqual(self.user2.get_all_permissions(), set([])) |
|
172 |
|
173 def test_get_group_permissions(self): |
|
174 content_type=ContentType.objects.get_for_model(Group) |
|
175 group = Group.objects.create(name='test_group') |
|
176 self.user3.groups.add(group) |
|
177 self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm'])) |
|
178 |
|
179 |
|
180 class AnonymousUserBackend(SimpleRowlevelBackend): |
|
181 |
|
182 supports_anonymous_user = True |
|
183 |
|
184 |
|
185 class NoAnonymousUserBackend(SimpleRowlevelBackend): |
|
186 |
|
187 supports_anonymous_user = False |
|
188 |
|
189 |
|
190 class AnonymousUserBackendTest(TestCase): |
|
191 """ |
|
192 Tests for AnonymousUser delegating to backend if it has 'supports_anonymous_user' = True |
|
193 """ |
|
194 |
|
195 backend = 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend' |
|
196 |
|
197 def setUp(self): |
|
198 self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
199 settings.AUTHENTICATION_BACKENDS = (self.backend,) |
|
200 self.user1 = AnonymousUser() |
|
201 |
|
202 def tearDown(self): |
|
203 settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
204 |
|
205 def test_has_perm(self): |
|
206 self.assertEqual(self.user1.has_perm('perm', TestObj()), False) |
|
207 self.assertEqual(self.user1.has_perm('anon', TestObj()), True) |
|
208 |
|
209 def test_has_perms(self): |
|
210 self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True) |
|
211 self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False) |
|
212 |
|
213 def test_has_module_perms(self): |
|
214 self.assertEqual(self.user1.has_module_perms("app1"), True) |
|
215 self.assertEqual(self.user1.has_module_perms("app2"), False) |
|
216 |
|
217 def test_get_all_permissions(self): |
|
218 self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['anon'])) |
|
219 |
|
220 |
|
221 class NoAnonymousUserBackendTest(TestCase): |
|
222 """ |
|
223 Tests that AnonymousUser does not delegate to backend if it has 'supports_anonymous_user' = False |
|
224 """ |
|
225 backend = 'django.contrib.auth.tests.auth_backends.NoAnonymousUserBackend' |
|
226 |
|
227 def setUp(self): |
|
228 self.curr_auth = settings.AUTHENTICATION_BACKENDS |
|
229 settings.AUTHENTICATION_BACKENDS = self.curr_auth + (self.backend,) |
|
230 self.user1 = AnonymousUser() |
|
231 |
|
232 def tearDown(self): |
|
233 settings.AUTHENTICATION_BACKENDS = self.curr_auth |
|
234 |
|
235 def test_has_perm(self): |
|
236 self.assertEqual(self.user1.has_perm('perm', TestObj()), False) |
|
237 self.assertEqual(self.user1.has_perm('anon', TestObj()), False) |
|
238 |
|
239 def test_has_perms(self): |
|
240 self.assertEqual(self.user1.has_perms(['anon'], TestObj()), False) |
|
241 |
|
242 def test_has_module_perms(self): |
|
243 self.assertEqual(self.user1.has_module_perms("app1"), False) |
|
244 self.assertEqual(self.user1.has_module_perms("app2"), False) |
|
245 |
|
246 def test_get_all_permissions(self): |
|
247 self.assertEqual(self.user1.get_all_permissions(TestObj()), set()) |