diff --git a/mayan/apps/acls/links.py b/mayan/apps/acls/links.py index 865fc822bb..8652c4bde8 100644 --- a/mayan/apps/acls/links.py +++ b/mayan/apps/acls/links.py @@ -21,7 +21,7 @@ def get_kwargs_factory(variable_name): ) return { 'app_label': '"{}"'.format(content_type.app_label), - 'model': '"{}"'.format(content_type.model), + 'model_name': '"{}"'.format(content_type.model), 'object_id': '{}.pk'.format(variable_name) } diff --git a/mayan/apps/acls/tests/mixins.py b/mayan/apps/acls/tests/mixins.py index 1f7186b4bd..7886215ee9 100644 --- a/mayan/apps/acls/tests/mixins.py +++ b/mayan/apps/acls/tests/mixins.py @@ -3,10 +3,15 @@ from __future__ import unicode_literals from django.contrib.contenttypes.models import ContentType from django.core.exceptions import ImproperlyConfigured -from mayan.apps.permissions.tests.mixins import RoleTestCaseMixin +from mayan.apps.common.tests.mixins import TestModelTestMixin +from mayan.apps.permissions.tests.mixins import ( + PermissionTestMixin, RoleTestCaseMixin, RoleTestMixin +) from mayan.apps.user_management.tests.mixins import UserTestCaseMixin +from ..classes import ModelPermission from ..models import AccessControlList +from ..permissions import permission_acl_edit, permission_acl_view class ACLTestCaseMixin(RoleTestCaseMixin, UserTestCaseMixin): @@ -27,7 +32,7 @@ class ACLTestCaseMixin(RoleTestCaseMixin, UserTestCaseMixin): ) -class ACLTestMixin(object): +class ACLTestMixin(PermissionTestMixin, RoleTestMixin, TestModelTestMixin): auto_create_test_role = True def _create_test_acl(self): @@ -48,3 +53,21 @@ class ACLTestMixin(object): 'model_name': self.test_object_content_type.model, 'object_id': self.test_object.pk } + + def _setup_test_object(self): + self._create_test_model() + self._create_test_object() + ModelPermission.register( + model=self.test_object._meta.model, permissions=( + permission_acl_edit, permission_acl_view, + ) + ) + + self._create_test_permission() + ModelPermission.register( + model=self.test_object._meta.model, permissions=( + self.test_permission, + ) + ) + + self._inject_test_object_content_type() diff --git a/mayan/apps/acls/tests/test_api.py b/mayan/apps/acls/tests/test_api.py index 7138bc9d9d..0cadd7b008 100644 --- a/mayan/apps/acls/tests/test_api.py +++ b/mayan/apps/acls/tests/test_api.py @@ -2,38 +2,20 @@ from __future__ import absolute_import, unicode_literals from rest_framework import status -from mayan.apps.common.tests.mixins import TestModelTestMixin -from mayan.apps.permissions.tests.mixins import PermissionTestMixin, RoleTestMixin from mayan.apps.rest_api.tests import BaseAPITestCase -from ..classes import ModelPermission from ..models import AccessControlList from ..permissions import permission_acl_edit, permission_acl_view from .mixins import ACLTestMixin -class ACLAPITestCase(ACLTestMixin, RoleTestMixin, PermissionTestMixin, TestModelTestMixin, BaseAPITestCase): +class ACLAPITestCase(ACLTestMixin, BaseAPITestCase): def setUp(self): super(ACLAPITestCase, self).setUp() - - self._create_test_model() - self._create_test_object() - ModelPermission.register( - model=self.test_object._meta.model, permissions=( - permission_acl_edit, permission_acl_view, - ) - ) - - self._create_test_permission() + self._setup_test_object() self._create_test_acl() - ModelPermission.register( - model=self.test_object._meta.model, permissions=( - self.test_permission, - ) - ) self.test_acl.permissions.add(self.test_permission.stored_permission) - self._inject_test_object_content_type() def _request_object_acl_list_api_view(self): return self.get( diff --git a/mayan/apps/acls/tests/test_links.py b/mayan/apps/acls/tests/test_links.py index 582e9b45c8..e9407b84c4 100644 --- a/mayan/apps/acls/tests/test_links.py +++ b/mayan/apps/acls/tests/test_links.py @@ -2,7 +2,7 @@ from __future__ import unicode_literals from django.urls import reverse -from mayan.apps.documents.tests import GenericDocumentViewTestCase +from mayan.apps.common.tests import GenericViewTestCase from ..links import ( link_acl_create, link_acl_delete, link_acl_list, link_acl_permissions @@ -12,9 +12,13 @@ from ..permissions import permission_acl_edit, permission_acl_view from .mixins import ACLTestMixin -class ACLsLinksTestCase(ACLTestMixin, GenericDocumentViewTestCase): +class AccessControlListLinksTestCase(ACLTestMixin, GenericViewTestCase): auto_create_test_role = False + def setUp(self): + super(AccessControlListLinksTestCase, self).setUp() + self._setup_test_object() + def test_object_acl_create_link(self): self.grant_access(obj=self.test_object, permission=permission_acl_edit) diff --git a/mayan/apps/acls/tests/test_models.py b/mayan/apps/acls/tests/test_models.py index 6d6a6683d3..673193edd8 100644 --- a/mayan/apps/acls/tests/test_models.py +++ b/mayan/apps/acls/tests/test_models.py @@ -4,13 +4,11 @@ from django.core.exceptions import PermissionDenied from django.db import models from mayan.apps.common.tests import BaseTestCase -from mayan.apps.common.tests.mixins import TestModelTestMixin from mayan.apps.documents.models import Document, DocumentType from mayan.apps.documents.permissions import permission_document_view from mayan.apps.documents.tests import ( DocumentTestMixin, TEST_DOCUMENT_TYPE_2_LABEL, TEST_DOCUMENT_TYPE_LABEL ) -from mayan.apps.permissions.tests.mixins import PermissionTestMixin, RoleTestMixin from ..classes import ModelPermission from ..models import AccessControlList @@ -157,7 +155,7 @@ class PermissionTestCase(DocumentTestMixin, BaseTestCase): self.assertTrue(self.test_document_3 in result) -class InheritedPermissionTestCase(TestModelTestMixin, PermissionTestMixin, RoleTestMixin, ACLTestMixin, BaseTestCase): +class InheritedPermissionTestCase(ACLTestMixin, BaseTestCase): def test_retrieve_inherited_role_permission_not_model_applicable(self): self._create_test_model() self.test_object = self.TestModel.objects.create() diff --git a/mayan/apps/acls/tests/test_views.py b/mayan/apps/acls/tests/test_views.py index 7fabba2db8..696db3c44a 100644 --- a/mayan/apps/acls/tests/test_views.py +++ b/mayan/apps/acls/tests/test_views.py @@ -2,16 +2,39 @@ from __future__ import absolute_import, unicode_literals from django.utils.encoding import force_text -from mayan.apps.documents.tests import GenericDocumentViewTestCase -from mayan.apps.permissions.tests.mixins import RoleTestMixin +from mayan.apps.common.tests import GenericViewTestCase +from ..classes import ModelPermission from ..models import AccessControlList from ..permissions import permission_acl_edit, permission_acl_view from .mixins import ACLTestMixin -class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocumentViewTestCase): +class AccessControlListViewTestCase(ACLTestMixin, GenericViewTestCase): + def setUp(self): + super(AccessControlListViewTestCase, self).setUp() + + self._create_test_model() + self._create_test_object() + ModelPermission.register( + model=self.test_object._meta.model, permissions=( + permission_acl_edit, permission_acl_view, + ) + ) + + self._create_test_permission() + ModelPermission.register( + model=self.test_object._meta.model, permissions=( + self.test_permission, + ) + ) + + self._inject_test_object_content_type() + + self._create_test_acl() + self.test_acl.permissions.add(self.test_permission.stored_permission) + def _request_acl_create_get_view(self): return self.get( viewname='acls:acl_create', @@ -21,12 +44,15 @@ class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocument ) def test_acl_create_get_view_no_permission(self): + self.test_acl.delete() + response = self._request_acl_create_get_view() - self.assertEqual(response.status_code, 404) - self.assertEqual(AccessControlList.objects.count(), 0) - def test_acl_create_get_view_with_document_access(self): + self.assertFalse(self.test_object.acls.filter(role=self.test_role).exists()) + + def test_acl_create_get_view_with_object_access(self): + self.test_acl.delete() self.grant_access(obj=self.test_object, permission=permission_acl_edit) response = self._request_acl_create_get_view() @@ -35,6 +61,8 @@ class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocument status_code=200 ) + self.assertFalse(self.test_object.acls.filter(role=self.test_role).exists()) + def _request_acl_create_post_view(self): return self.post( viewname='acls:acl_create', @@ -44,27 +72,27 @@ class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocument ) def test_acl_create_view_post_no_permission(self): - response = self._request_acl_create_post_view() + self.test_acl.delete() + response = self._request_acl_create_post_view() self.assertEqual(response.status_code, 404) - self.assertEqual(AccessControlList.objects.count(), 0) + + self.assertFalse(self.test_object.acls.filter(role=self.test_role).exists()) def test_acl_create_view_post_with_access(self): + self.test_acl.delete() self.grant_access(obj=self.test_object, permission=permission_acl_edit) response = self._request_acl_create_post_view() self.assertEqual(response.status_code, 302) - # 2 ACLs: 1 created by the test and the other by the self.grant_access - self.assertEqual(AccessControlList.objects.count(), 2) + self.assertTrue(self.test_object.acls.filter(role=self.test_role).exists()) def test_acl_create_duplicate_view_with_access(self): """ Test creating a duplicate ACL entry: same object & role Result: Should redirect to existing ACL for object + role combination """ - self._create_test_acl() - self.grant_access(obj=self.test_object, permission=permission_acl_edit) response = self._request_acl_create_post_view() @@ -105,22 +133,15 @@ class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocument ) def test_acl_delete_view_no_permission(self): - self._create_test_acl() - response = self._request_acl_delete_view() self.assertNotContains( response=response, text=force_text(self.test_object), status_code=404 ) - # 1 ACL: the test one - self.assertQuerysetEqual( - qs=AccessControlList.objects.all(), values=(repr(self.test_acl),) - ) + self.assertTrue(self.test_object.acls.filter(role=self.test_role).exists()) def test_acl_delete_view_with_access(self): - self._create_test_acl() - self.grant_access( obj=self.test_object, permission=permission_acl_edit ) @@ -128,12 +149,7 @@ class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocument response = self._request_acl_delete_view() self.assertEqual(response.status_code, 302) - # 1 ACL: the one created by the self.grant_access - self.assertQuerysetEqual( - qs=AccessControlList.objects.all(), values=( - repr(self._test_case_acl), - ) - ) + self.assertFalse(self.test_object.acls.filter(role=self.test_role).exists()) def _request_acl_list_view(self): return self.get( @@ -158,28 +174,66 @@ class AccessControlListViewTestCase(ACLTestMixin, RoleTestMixin, GenericDocument status_code=200 ) - def _request_get_acl_permissions_view(self): + def _request_get_acl_permissions_get_view(self): return self.get( viewname='acls:acl_permissions', kwargs={'acl_id': self.test_acl.pk} ) - def test_acl_permissions_view_get_no_permission(self): - self._create_test_acl() + def test_acl_permissions_get_view_no_permission(self): + self.test_acl.permissions.clear() - response = self._request_get_acl_permissions_view() + response = self._request_get_acl_permissions_get_view() self.assertNotContains( response=response, text=force_text(self.test_object), status_code=404 ) - def test_acl_permissions_view_get_with_access(self): - self._create_test_acl() + self.assertFalse( + self.test_object.acls.filter(permissions=self.test_permission.stored_permission).exists() + ) + def test_acl_permissions_get_view_with_access(self): + self.test_acl.permissions.clear() self.grant_access(obj=self.test_object, permission=permission_acl_edit) - response = self._request_get_acl_permissions_view() + response = self._request_get_acl_permissions_get_view() self.assertContains( response=response, text=force_text(self.test_object), status_code=200 ) + + self.assertFalse( + self.test_object.acls.filter(permissions=self.test_permission.stored_permission).exists() + ) + + def _request_post_acl_permissions_post_view(self): + return self.post( + viewname='acls:acl_permissions', + kwargs={'acl_id': self.test_acl.pk}, + data={'available-selection': self.test_permission.stored_permission.pk} + ) + + def test_acl_permissions_post_view_no_permission(self): + self.test_acl.permissions.clear() + + response = self._request_post_acl_permissions_post_view() + self.assertNotContains( + response=response, text=force_text(self.test_object), + status_code=404 + ) + + self.assertFalse( + self.test_object.acls.filter(permissions=self.test_permission.stored_permission).exists() + ) + + def test_acl_permissions_post_view_with_access(self): + self.test_acl.permissions.clear() + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_post_acl_permissions_post_view() + self.assertEqual(response.status_code, 302) + + self.assertTrue( + self.test_object.acls.filter(permissions=self.test_permission.stored_permission).exists() + ) diff --git a/mayan/apps/acls/urls.py b/mayan/apps/acls/urls.py index b2e0dc0c4d..d0d370dd26 100644 --- a/mayan/apps/acls/urls.py +++ b/mayan/apps/acls/urls.py @@ -9,11 +9,11 @@ from .views import ( urlpatterns = [ url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/create/$', + regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/create/$', name='acl_create', view=ACLCreateView.as_view() ), url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/list/$', + regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/list/$', name='acl_list', view=ACLListView.as_view() ), url( diff --git a/mayan/apps/acls/views.py b/mayan/apps/acls/views.py index fe3d2ad95e..dc11e41648 100644 --- a/mayan/apps/acls/views.py +++ b/mayan/apps/acls/views.py @@ -27,6 +27,10 @@ logger = logging.getLogger(__name__) class ACLCreateView(ContentTypeViewMixin, ExternalObjectMixin, SingleObjectCreateView): + content_type_url_kw_args = { + 'app_label': 'app_label', + 'model': 'model_name' + } external_object_permission = permission_acl_edit external_object_pk_url_kwarg = 'object_id' form_class = ACLCreateForm @@ -93,13 +97,17 @@ class ACLDeleteView(SingleObjectDeleteView): return reverse( 'acls:acl_list', kwargs={ 'app_label': instance.content_type.app_label, - 'model': instance.content_type.model, + 'model_name': instance.content_type.model, 'object_id': instance.object_id } ) class ACLListView(ContentTypeViewMixin, ExternalObjectMixin, SingleObjectListView): + content_type_url_kw_args = { + 'app_label': 'app_label', + 'model': 'model_name' + } external_object_permission = permission_acl_view external_object_pk_url_kwarg = 'object_id'