diff --git a/mayan/apps/acls/api_views.py b/mayan/apps/acls/api_views.py index ad0754bb82..7ea8b81144 100644 --- a/mayan/apps/acls/api_views.py +++ b/mayan/apps/acls/api_views.py @@ -1,21 +1,15 @@ from __future__ import absolute_import, unicode_literals -from django.contrib.contenttypes.models import ContentType -from django.shortcuts import get_object_or_404 - -from rest_framework import generics, status, viewsets +from rest_framework import status from rest_framework.decorators import action from rest_framework.response import Response from mayan.apps.common.mixins import ContentTypeViewMixin, ExternalObjectMixin -from mayan.apps.rest_api.viewsets import ( - MayanAPIGenericViewSet, MayanAPIModelViewSet, MayanAPIReadOnlyModelViewSet -) from mayan.apps.permissions.serializers import ( PermissionSerializer, RolePermissionAddRemoveSerializer ) +from mayan.apps.rest_api.viewsets import MayanAPIModelViewSet -from .models import AccessControlList from .permissions import permission_acl_edit, permission_acl_view from .serializers import AccessControlListSerializer @@ -57,8 +51,7 @@ class ObjectACLAPIViewSet(ContentTypeViewMixin, ExternalObjectMixin, MayanAPIMod return self.get_content_type().get_all_objects_for_this_type() def get_queryset(self): - obj = self.get_external_object() - return obj.acls.all() + return self.get_external_object().acls.all() @action( detail=True, lookup_url_kwarg='acl_id', methods=('post',), diff --git a/mayan/apps/acls/apps.py b/mayan/apps/acls/apps.py index b15022bce8..600dfb4f0f 100644 --- a/mayan/apps/acls/apps.py +++ b/mayan/apps/acls/apps.py @@ -7,7 +7,6 @@ from mayan.apps.events import ModelEventType from mayan.apps.events.links import ( link_events_for_object, link_object_event_types_user_subcriptions_list ) -from mayan.apps.events.permissions import permission_events_view from mayan.apps.navigation import SourceColumn from .classes import ModelPermission diff --git a/mayan/apps/acls/serializers.py b/mayan/apps/acls/serializers.py index 116d1c6151..9cec79ad7d 100644 --- a/mayan/apps/acls/serializers.py +++ b/mayan/apps/acls/serializers.py @@ -1,30 +1,19 @@ from __future__ import absolute_import, unicode_literals -from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import ValidationError as DjangoValidationError -from django.utils.encoding import force_text from django.utils.translation import ugettext_lazy as _ from rest_framework import serializers -from rest_framework.exceptions import ValidationError -from rest_framework.reverse import reverse from mayan.apps.common.serializers import ContentTypeSerializer -from mayan.apps.permissions import Permission -from mayan.apps.permissions.models import Role, StoredPermission +from mayan.apps.permissions.models import Role from mayan.apps.permissions.permissions import permission_role_edit -from mayan.apps.permissions.serializers import ( - PermissionSerializer, RoleSerializer -) -from mayan.apps.rest_api.mixins import ( - ExternalObjectListSerializerMixin, ExternalObjectSerializerMixin -) +from mayan.apps.permissions.serializers import RoleSerializer +from mayan.apps.rest_api.mixins import ExternalObjectSerializerMixin from mayan.apps.rest_api.relations import MultiKwargHyperlinkedIdentityField from .models import AccessControlList -#TODO: Inherited permissions class AccessControlListSerializer(ExternalObjectSerializerMixin, serializers.ModelSerializer): content_type = ContentTypeSerializer(read_only=True) role = RoleSerializer(read_only=True) diff --git a/mayan/apps/acls/tests/test_api.py b/mayan/apps/acls/tests/test_api.py index 8768d3e69e..7138bc9d9d 100644 --- a/mayan/apps/acls/tests/test_api.py +++ b/mayan/apps/acls/tests/test_api.py @@ -1,13 +1,8 @@ from __future__ import absolute_import, unicode_literals -from django.contrib.contenttypes.models import ContentType - from rest_framework import status from mayan.apps.common.tests.mixins import TestModelTestMixin -from mayan.apps.documents.permissions import permission_document_view -from mayan.apps.documents.tests import DocumentTestMixin -from mayan.apps.permissions.tests.literals import TEST_ROLE_LABEL from mayan.apps.permissions.tests.mixins import PermissionTestMixin, RoleTestMixin from mayan.apps.rest_api.tests import BaseAPITestCase @@ -24,7 +19,6 @@ class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModel self._create_test_model() self._create_test_object() - self._create_test_acl() ModelPermission.register( model=self.test_object._meta.model, permissions=( permission_acl_edit, permission_acl_view, @@ -32,6 +26,7 @@ class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModel ) self._create_test_permission() + self._create_test_acl() ModelPermission.register( model=self.test_object._meta.model, permissions=( self.test_permission, @@ -86,141 +81,125 @@ class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModel self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) self.assertTrue(self.test_acl in AccessControlList.objects.all()) - def test_object_acl_detail_view(self): - self._create_acl() + def _request_object_acl_detail_api_view(self): + kwargs = self.test_content_object_view_kwargs.copy() + kwargs['acl_id'] = self.test_acl.pk - response = self.get( + return self.get( viewname='rest_api:object-acl-detail', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model': self.document_content_type.model, - 'object_id': self.document.pk, - 'acl_pk': self.acl.pk - } + kwargs=kwargs ) + + def test_object_acl_detail_api_view_with_access(self): + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_object_acl_detail_api_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['content_type']['app_label'], - self.document_content_type.app_label + self.test_object_content_type.app_label ) self.assertEqual( - response.data['role']['label'], TEST_ROLE_LABEL + response.data['role']['label'], self.test_acl.role.label ) - def test_object_acl_permission_delete_view(self): - self._create_acl() - permission = self.acl.permissions.first() + def test_object_acl_detail_api_view_no_permission(self): + response = self._request_object_acl_detail_api_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) - response = self.delete( - viewname='rest_api:object-acl-permission-detail', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model_name': self.document_content_type.model, - 'object_id': self.document.pk, - 'acl_id': self.acl.pk, 'permission_id': permission.pk - } - ) - self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) - self.assertEqual(self.acl.permissions.count(), 0) + def _request_object_acl_permission_list_api_view(self): + kwargs = self.test_content_object_view_kwargs.copy() + kwargs['acl_id'] = self.test_acl.pk - def test_object_acl_permission_detail_view(self): - self._create_acl() - permission = self.acl.permissions.first() - - response = self.get( - viewname='rest_api:object-acl-permission-detail', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model_name': self.document_content_type.model, - 'object_id': self.document.pk, 'acl_pk': self.acl.pk, - 'permission_pk': permission.pk - } - ) - - self.assertEqual( - response.data['permission_pk'], permission_document_view.pk - ) - - def test_object_acl_permission_list_view(self): - self._create_acl() - - response = self.get( + return self.get( viewname='rest_api:object-acl-permission-list', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model_name': self.document_content_type.model, - 'object_id': self.document.pk, - 'acl_id': self.acl.pk - } + kwargs=kwargs ) + def test_object_acl_permission_list_api_view_with_access(self): + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_object_acl_permission_list_api_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( - response.data['results'][0]['permission_pk'], - permission_document_view.pk + response.data['results'][0]['pk'], + self.test_permission.pk ) - def test_object_acl_permission_list_post_view(self): - self._create_acl() + def test_object_acl_permission_list_api_view_no_permission(self): + response = self._request_object_acl_permission_list_api_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) - response = self.post( - viewname='rest_api:object-acl-permission-list', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model_name': self.document_content_type.model, - 'object_id': self.document.pk, 'acl_pk': self.acl.pk - }, data={'permission_id': permission_acl_view.pk} + def _request_object_acl_permission_remove_api_view(self): + kwargs = self.test_content_object_view_kwargs.copy() + kwargs['acl_id'] = self.test_acl.pk + + return self.post( + viewname='rest_api:object-acl-permission-remove', + kwargs=kwargs, data={'permission_id_list': self.test_permission.pk} ) - self.assertEqual(response.status_code, status.HTTP_201_CREATED) - self.assertQuerysetEqual( - ordered=False, qs=self.acl.permissions.all(), values=( - repr(permission_document_view.stored_permission), - repr(permission_acl_view.stored_permission) - ) + def test_object_acl_permission_remove_api_view_with_access(self): + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_object_acl_permission_remove_api_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertTrue(self.test_permission.stored_permission not in self.test_acl.permissions.all()) + + def test_object_acl_permission_remove_api_view_no_permission(self): + response = self._request_object_acl_permission_remove_api_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) + self.assertTrue(self.test_permission.stored_permission in self.test_acl.permissions.all()) + + def _request_object_acl_permission_add_api_view(self): + kwargs = self.test_content_object_view_kwargs.copy() + kwargs['acl_id'] = self.test_acl.pk + + return self.post( + viewname='rest_api:object-acl-permission-add', + kwargs=kwargs, data={'permission_id_list': self.test_permission.pk} ) - def test_object_acl_post_no_permissions_added_view(self): - response = self.post( - viewname='rest_api:object-acl-list', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model_name': self.document_content_type.model, - 'object_id': self.document.pk - }, data={'role_id': self.test_role.pk} + def test_object_acl_permission_add_api_view_with_access(self): + self.test_acl.permissions.clear() + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_object_acl_permission_add_api_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertTrue(self.test_permission.stored_permission in self.test_acl.permissions.all()) + + def test_object_acl_permission_add_api_view_no_permission(self): + self.test_acl.permissions.clear() + + response = self._request_object_acl_permission_add_api_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) + self.assertTrue(self.test_permission.stored_permission not in self.test_acl.permissions.all()) + + def _request_object_acl_inherited_permission_list_api_view(self): + kwargs = self.test_content_object_view_kwargs.copy() + kwargs['acl_id'] = self.test_acl.pk + + return self.get( + viewname='rest_api:object-acl-permission-inherited-list', + kwargs=kwargs ) - self.assertEqual(response.status_code, status.HTTP_201_CREATED) + def test_object_acl_inherited_permission_list_api_view_with_access(self): + self.test_acl.permissions.clear() + self.test_role.grant(permission=self.test_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_object_acl_inherited_permission_list_api_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( - self.document.acls.first().role, self.test_role - ) - self.assertEqual( - self.document.acls.first().content_object, self.document - ) - self.assertEqual( - self.document.acls.first().permissions.count(), 0 + response.data['results'][0]['pk'], + self.test_permission.pk ) - def test_object_acl_post_with_permissions_added_view(self): - response = self.post( - viewname='rest_api:object-acl-list', - kwargs={ - 'app_label': self.document_content_type.app_label, - 'model': self.document_content_type.model, - 'object_id': self.document.pk - }, data={ - 'role_pk': self.test_role.pk, - 'permissions_pk_list': permission_acl_view.pk + def test_object_acl_inherited_permission_list_api_view_no_permission(self): + self.test_acl.permissions.clear() + self.test_role.grant(permission=self.test_permission) - } - ) - - self.assertEqual(response.status_code, status.HTTP_201_CREATED) - self.assertEqual( - self.document.acls.first().content_object, self.document - ) - self.assertEqual( - self.document.acls.first().role, self.test_role - ) - self.assertEqual( - self.document.acls.first().permissions.first(), - permission_acl_view.stored_permission - ) + response = self._request_object_acl_inherited_permission_list_api_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) diff --git a/mayan/apps/acls/urls.py b/mayan/apps/acls/urls.py index 640d9c510a..b2e0dc0c4d 100644 --- a/mayan/apps/acls/urls.py +++ b/mayan/apps/acls/urls.py @@ -32,26 +32,3 @@ api_router_entries = ( 'viewset': ObjectACLAPIViewSet, 'basename': 'object-acl' }, ) - -''' -api_urls = [ - url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/$', - name='accesscontrollist-list', view=APIObjectACLListView.as_view() - ), - url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/$', - name='accesscontrollist-detail', view=APIObjectACLView.as_view() - ), - url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/permissions/$', - name='accesscontrollist-permission-list', - view=APIObjectACLPermissionListView.as_view() - ), - url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/permissions/(?P\d+)/$', - name='accesscontrollist-permission-detail', - view=APIObjectACLPermissionView.as_view() - ), -] -'''