matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
fd8721b297e5fc4b08de96854f3486f7bf13f64f
mayan-edms/mayan/apps/acls/test_models.py
Roberto Rosario fd8721b297 Add teardown method for all tests.
2015-07-12 03:28:31 -04:00

143 lines
6.4 KiB
Python
Raw Blame History

from __future__ import absolute_import, unicode_literals
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from django.core.exceptions import PermissionDenied
from django.core.files import File
from django.test import TestCase
from documents.models import Document, DocumentType
from documents.permissions import permission_document_view
from documents.test_models import TEST_SMALL_DOCUMENT_PATH, TEST_DOCUMENT_TYPE
from permissions.classes import Permission
from permissions.models import Role
from .models import AccessControlList
class PermissionTestCase(TestCase):
def setUp(self):
self.document_type_1 = DocumentType.objects.create(label=TEST_DOCUMENT_TYPE)
ocr_settings = self.document_type_1.ocr_settings
ocr_settings.auto_ocr = False
ocr_settings.save()
self.document_type_2 = DocumentType.objects.create(label=TEST_DOCUMENT_TYPE + '2')
ocr_settings = self.document_type_2.ocr_settings
ocr_settings.auto_ocr = False
ocr_settings.save()
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
self.document_1 = self.document_type_1.new_document(file_object=File(file_object), label='document 1')
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
self.document_2 = self.document_type_1.new_document(file_object=File(file_object), label='document 2')
with open(TEST_SMALL_DOCUMENT_PATH) as file_object:
self.document_3 = self.document_type_2.new_document(file_object=File(file_object), label='document 3')
self.user = get_user_model().objects.create(username='test user')
self.group = Group.objects.create(name='test group')
self.role = Role.objects.create(label='test role')
Permission.invalidate_cache()
def tearDown(self):
for document_type in DocumentType.objects.all():
document_type.delete()
self.role.delete()
self.group.delete()
self.user.delete()
def test_check_access_without_permissions(self):
with self.assertRaises(PermissionDenied):
AccessControlList.objects.check_access(permissions=(permission_document_view,), user=self.user, obj=self.document_1)
def test_filtering_without_permissions(self):
self.assertEqual(
list(AccessControlList.objects.filter_by_access(permission=permission_document_view, user=self.user, queryset=Document.objects.all())),
[]
)
def test_check_access_with_acl(self):
self.group.user_set.add(self.user)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(content_object=self.document_1, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
try:
AccessControlList.objects.check_access(permissions=(permission_document_view,), user=self.user, obj=self.document_1)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')
def test_filtering_with_permissions(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_document_view.stored_permission)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(content_object=self.document_1, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
self.assertEqual(
list(AccessControlList.objects.filter_by_access(permission=permission_document_view, user=self.user, queryset=Document.objects.all())),
[self.document_1]
)
def test_check_access_with_inherited_acl(self):
self.group.user_set.add(self.user)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(content_object=self.document_type_1, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
try:
AccessControlList.objects.check_access(permissions=(permission_document_view,), user=self.user, obj=self.document_1)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')
def test_check_access_with_inherited_acl_and_local_acl(self):
self.group.user_set.add(self.user)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(content_object=self.document_type_1, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
acl = AccessControlList.objects.create(content_object=self.document_3, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
try:
AccessControlList.objects.check_access(permissions=(permission_document_view,), user=self.user, obj=self.document_3)
except PermissionDenied:
self.fail('PermissionDenied exception was not expected.')
def test_filtering_with_inherited_permissions(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_document_view.stored_permission)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(content_object=self.document_type_1, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
result = AccessControlList.objects.filter_by_access(permission=permission_document_view, user=self.user, queryset=Document.objects.all())
self.assertTrue(self.document_1 in result)
self.assertTrue(self.document_2 in result)
self.assertTrue(self.document_3 not in result)
def test_filtering_with_inherited_permissions_and_local_acl(self):
self.group.user_set.add(self.user)
self.role.permissions.add(permission_document_view.stored_permission)
self.role.groups.add(self.group)
acl = AccessControlList.objects.create(content_object=self.document_type_1, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
acl = AccessControlList.objects.create(content_object=self.document_3, role=self.role)
acl.permissions.add(permission_document_view.stored_permission)
result = AccessControlList.objects.filter_by_access(permission=permission_document_view, user=self.user, queryset=Document.objects.all())
self.assertTrue(self.document_1 in result)
self.assertTrue(self.document_2 in result)
self.assertTrue(self.document_3 in result)
Reference in New Issue View Git Blame Copy Permalink