matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
4fb86fba14f6663740026c5e23b65d48532e68d3
mayan-edms/mayan/apps/acls/tests/test_models.py
Roberto Rosario 4fb86fba14 Re-estructure tests to cleanup the apps' namespace.
2015-08-18 23:06:26 -04:00

195 lines
7.0 KiB
Python
Raw Blame History

from __future__ import absolute_import, unicode_literals
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from django.core.exceptions import PermissionDenied
from django.core.files import File
from django.test import TestCase
from documents.models import Document, DocumentType
from documents.permissions import permission_document_view
from documents.tests import TEST_SMALL_DOCUMENT_PATH, TEST_DOCUMENT_TYPE
from permissions.classes import Permission
from permissions.models import Role
from ..models import AccessControlList
class PermissionTestCase(TestCase):
def setUp(self):
self.document_type_1 = DocumentType.objects.create(
label=TEST_DOCUMENT_TYPE
)
ocr_settings = self.document_type_1.ocr_settings
ocr_settings.auto_ocr = False
ocr_settings.save()
self.document_type_2 = DocumentType.objects.create(
label=TEST_DOCUMENT_TYPE + '2'
)
ocr_settings = self.document_type_2.ocr_settings
ocr_settings.auto_ocr = False
ocr_settings.save()
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
self.document_1 = self.document_type_1.new_document(
file_object=File(file_object), label='document 1'
)
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
self.document_2 = self.document_type_1.new_document(
file_object=File(file_object), label='document 2'
)
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
self.document_3 = self.document_type_2.new_document(
file_object=File(file_object), label='document 3'
)
self.user = get_user_model().objects.create(username='test user')
self.group = Group.objects.create(name='test group')
self.role = Role.objects.create(label='test role')
Permission.invalidate_cache()
def tearDown(self):
for document_type in DocumentType.objects.all():
document_type.delete()
self.role.delete()
self.group.delete()
self.user.delete()
def test_check_access_without_permissions(self):
with self.assertRaises(PermissionDenied):
AccessControlList.objects.check_access(
permissions=(permission_document_view,),
user=self.user, obj=self.document_1
)
def test_filtering_without_permissions(self):
self.assertEqual(
list(
AccessControlList.objects.filter_by_access(
permission=permission_document_view, user=self.user,
queryset=Document.objects.all()
)
), []
)
def test_check_access_with_acl(self):
self.group.user_set.add(self.user)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(
content_object=self.document_1, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
try:
AccessControlList.objects.check_access(
permissions=(permission_document_view,), user=self.user,
obj=self.document_1
)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')
def test_filtering_with_permissions(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_document_view.stored_permission)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(
content_object=self.document_1, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
self.assertEqual(
list(
AccessControlList.objects.filter_by_access(
permission=permission_document_view, user=self.user,
queryset=Document.objects.all()
)
), [self.document_1]
)
def test_check_access_with_inherited_acl(self):
self.group.user_set.add(self.user)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(
content_object=self.document_type_1, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
try:
AccessControlList.objects.check_access(
permissions=(permission_document_view,), user=self.user,
obj=self.document_1
)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')
def test_check_access_with_inherited_acl_and_local_acl(self):
self.group.user_set.add(self.user)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(
content_object=self.document_type_1, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
acl = AccessControlList.objects.create(
content_object=self.document_3, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
try:
AccessControlList.objects.check_access(
permissions=(permission_document_view,), user=self.user,
obj=self.document_3
)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')
def test_filtering_with_inherited_permissions(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_document_view.stored_permission)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(
content_object=self.document_type_1, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
result = AccessControlList.objects.filter_by_access(
permission=permission_document_view, user=self.user,
queryset=Document.objects.all()
)
self.assertTrue(self.document_1 in result)
self.assertTrue(self.document_2 in result)
self.assertTrue(self.document_3 not in result)
def test_filtering_with_inherited_permissions_and_local_acl(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_document_view.stored_permission)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(
content_object=self.document_type_1, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
acl = AccessControlList.objects.create(
content_object=self.document_3, role=self.role
)
acl.permissions.add(permission_document_view.stored_permission)
result = AccessControlList.objects.filter_by_access(
permission=permission_document_view, user=self.user,
queryset=Document.objects.all()
)
self.assertTrue(self.document_1 in result)
self.assertTrue(self.document_2 in result)
self.assertTrue(self.document_3 in result)
Reference in New Issue View Git Blame Copy Permalink