2009-12-10 09:05:35 +08:00
|
|
|
from django.conf import settings
|
|
|
|
from django.contrib.auth.models import User, Group, Permission, AnonymousUser
|
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2010-12-04 12:47:59 +08:00
|
|
|
from django.core.exceptions import ImproperlyConfigured
|
2009-12-10 09:05:35 +08:00
|
|
|
from django.test import TestCase
|
|
|
|
|
|
|
|
|
|
|
|
class BackendTest(TestCase):
|
|
|
|
|
|
|
|
backend = 'django.contrib.auth.backends.ModelBackend'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.curr_auth = settings.AUTHENTICATION_BACKENDS
|
|
|
|
settings.AUTHENTICATION_BACKENDS = (self.backend,)
|
|
|
|
User.objects.create_user('test', 'test@example.com', 'test')
|
2010-12-04 13:59:56 +08:00
|
|
|
User.objects.create_superuser('test2', 'test2@example.com', 'test')
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
settings.AUTHENTICATION_BACKENDS = self.curr_auth
|
2011-01-14 00:22:03 +08:00
|
|
|
# The custom_perms test messes with ContentTypes, which will
|
|
|
|
# be cached; flush the cache to ensure there are no side effects
|
|
|
|
# Refs #14975, #14925
|
|
|
|
ContentType.objects.clear_cache()
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
user = User.objects.get(username='test')
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
|
|
|
user.is_staff = True
|
|
|
|
user.save()
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
|
|
|
user.is_superuser = True
|
|
|
|
user.save()
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), True)
|
|
|
|
user.is_staff = False
|
|
|
|
user.is_superuser = False
|
|
|
|
user.save()
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
2010-01-11 00:51:13 +08:00
|
|
|
user.is_staff = True
|
|
|
|
user.is_superuser = True
|
|
|
|
user.is_active = False
|
|
|
|
user.save()
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), False)
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
def test_custom_perms(self):
|
|
|
|
user = User.objects.get(username='test')
|
|
|
|
content_type=ContentType.objects.get_for_model(Group)
|
|
|
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
# reloading user to purge the _perm_cache
|
|
|
|
user = User.objects.get(username='test')
|
|
|
|
self.assertEqual(user.get_all_permissions() == set([u'auth.test']), True)
|
|
|
|
self.assertEqual(user.get_group_permissions(), set([]))
|
|
|
|
self.assertEqual(user.has_module_perms('Group'), False)
|
|
|
|
self.assertEqual(user.has_module_perms('auth'), True)
|
|
|
|
perm = Permission.objects.create(name='test2', content_type=content_type, codename='test2')
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
user.save()
|
|
|
|
perm = Permission.objects.create(name='test3', content_type=content_type, codename='test3')
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
user.save()
|
|
|
|
user = User.objects.get(username='test')
|
|
|
|
self.assertEqual(user.get_all_permissions(), set([u'auth.test2', u'auth.test', u'auth.test3']))
|
|
|
|
self.assertEqual(user.has_perm('test'), False)
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), True)
|
|
|
|
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True)
|
|
|
|
perm = Permission.objects.create(name='test_group', content_type=content_type, codename='test_group')
|
|
|
|
group = Group.objects.create(name='test_group')
|
|
|
|
group.permissions.add(perm)
|
|
|
|
group.save()
|
|
|
|
user.groups.add(group)
|
|
|
|
user = User.objects.get(username='test')
|
|
|
|
exp = set([u'auth.test2', u'auth.test', u'auth.test3', u'auth.test_group'])
|
|
|
|
self.assertEqual(user.get_all_permissions(), exp)
|
|
|
|
self.assertEqual(user.get_group_permissions(), set([u'auth.test_group']))
|
|
|
|
self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True)
|
|
|
|
|
|
|
|
user = AnonymousUser()
|
|
|
|
self.assertEqual(user.has_perm('test'), False)
|
|
|
|
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
|
|
|
|
|
2009-12-31 06:12:57 +08:00
|
|
|
def test_has_no_object_perm(self):
|
|
|
|
"""Regressiontest for #12462"""
|
|
|
|
user = User.objects.get(username='test')
|
|
|
|
content_type=ContentType.objects.get_for_model(Group)
|
|
|
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
|
|
|
user.user_permissions.add(perm)
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
self.assertEqual(user.has_perm('auth.test', 'object'), False)
|
|
|
|
self.assertEqual(user.get_all_permissions('object'), set([]))
|
|
|
|
self.assertEqual(user.has_perm('auth.test'), True)
|
|
|
|
self.assertEqual(user.get_all_permissions(), set(['auth.test']))
|
|
|
|
|
2010-12-04 13:59:56 +08:00
|
|
|
def test_get_all_superuser_permissions(self):
|
|
|
|
"A superuser has all permissions. Refs #14795"
|
|
|
|
user = User.objects.get(username='test2')
|
|
|
|
self.assertEqual(len(user.get_all_permissions()), len(Permission.objects.all()))
|
2009-12-31 06:12:57 +08:00
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
class TestObj(object):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class SimpleRowlevelBackend(object):
|
2010-12-22 03:18:12 +08:00
|
|
|
supports_inactive_user = False
|
|
|
|
|
|
|
|
# This class also supports tests for anonymous user permissions, and
|
|
|
|
# inactive user permissions via subclasses which just set the
|
|
|
|
# 'supports_anonymous_user' or 'supports_inactive_user' attribute.
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
def has_perm(self, user, perm, obj=None):
|
|
|
|
if not obj:
|
|
|
|
return # We only support row level perms
|
|
|
|
|
|
|
|
if isinstance(obj, TestObj):
|
|
|
|
if user.username == 'test2':
|
|
|
|
return True
|
2010-01-28 09:47:23 +08:00
|
|
|
elif user.is_anonymous() and perm == 'anon':
|
2009-12-10 09:05:35 +08:00
|
|
|
return True
|
2010-12-22 03:18:12 +08:00
|
|
|
elif not user.is_active and perm == 'inactive':
|
|
|
|
return True
|
2009-12-10 09:05:35 +08:00
|
|
|
return False
|
|
|
|
|
2010-01-28 09:47:23 +08:00
|
|
|
def has_module_perms(self, user, app_label):
|
2010-12-22 03:18:12 +08:00
|
|
|
if not user.is_anonymous() and not user.is_active:
|
|
|
|
return False
|
2010-01-28 09:47:23 +08:00
|
|
|
return app_label == "app1"
|
|
|
|
|
2009-12-10 09:05:35 +08:00
|
|
|
def get_all_permissions(self, user, obj=None):
|
|
|
|
if not obj:
|
|
|
|
return [] # We only support row level perms
|
|
|
|
|
|
|
|
if not isinstance(obj, TestObj):
|
|
|
|
return ['none']
|
|
|
|
|
2010-01-28 09:47:23 +08:00
|
|
|
if user.is_anonymous():
|
|
|
|
return ['anon']
|
2009-12-10 09:05:35 +08:00
|
|
|
if user.username == 'test2':
|
|
|
|
return ['simple', 'advanced']
|
|
|
|
else:
|
|
|
|
return ['simple']
|
|
|
|
|
|
|
|
def get_group_permissions(self, user, obj=None):
|
|
|
|
if not obj:
|
|
|
|
return # We only support row level perms
|
|
|
|
|
|
|
|
if not isinstance(obj, TestObj):
|
|
|
|
return ['none']
|
|
|
|
|
|
|
|
if 'test_group' in [group.name for group in user.groups.all()]:
|
|
|
|
return ['group_perm']
|
|
|
|
else:
|
|
|
|
return ['none']
|
|
|
|
|
|
|
|
|
|
|
|
class RowlevelBackendTest(TestCase):
|
2010-01-28 09:47:23 +08:00
|
|
|
"""
|
|
|
|
Tests for auth backend that supports object level permissions
|
|
|
|
"""
|
2009-12-10 09:05:35 +08:00
|
|
|
backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.curr_auth = settings.AUTHENTICATION_BACKENDS
|
2010-11-01 00:25:29 +08:00
|
|
|
settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
|
2009-12-10 09:05:35 +08:00
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
self.user2 = User.objects.create_user('test2', 'test2@example.com', 'test')
|
2010-01-28 09:47:23 +08:00
|
|
|
self.user3 = User.objects.create_user('test3', 'test3@example.com', 'test')
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
settings.AUTHENTICATION_BACKENDS = self.curr_auth
|
2011-01-14 00:22:03 +08:00
|
|
|
# The get_group_permissions test messes with ContentTypes, which will
|
|
|
|
# be cached; flush the cache to ensure there are no side effects
|
|
|
|
# Refs #14975, #14925
|
|
|
|
ContentType.objects.clear_cache()
|
2009-12-10 09:05:35 +08:00
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
|
|
|
self.assertEqual(self.user2.has_perm('perm', TestObj()), True)
|
|
|
|
self.assertEqual(self.user2.has_perm('perm'), False)
|
|
|
|
self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True)
|
|
|
|
self.assertEqual(self.user3.has_perm('perm', TestObj()), False)
|
|
|
|
self.assertEqual(self.user3.has_perm('anon', TestObj()), False)
|
|
|
|
self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False)
|
|
|
|
|
|
|
|
def test_get_all_permissions(self):
|
|
|
|
self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['simple']))
|
|
|
|
self.assertEqual(self.user2.get_all_permissions(TestObj()), set(['simple', 'advanced']))
|
|
|
|
self.assertEqual(self.user2.get_all_permissions(), set([]))
|
|
|
|
|
|
|
|
def test_get_group_permissions(self):
|
|
|
|
content_type=ContentType.objects.get_for_model(Group)
|
|
|
|
group = Group.objects.create(name='test_group')
|
2010-01-28 09:47:23 +08:00
|
|
|
self.user3.groups.add(group)
|
|
|
|
self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm']))
|
|
|
|
|
|
|
|
|
|
|
|
class AnonymousUserBackend(SimpleRowlevelBackend):
|
2010-12-22 03:18:12 +08:00
|
|
|
supports_inactive_user = False
|
2010-01-28 09:47:23 +08:00
|
|
|
|
|
|
|
|
|
|
|
class AnonymousUserBackendTest(TestCase):
|
|
|
|
"""
|
2011-09-11 05:00:32 +08:00
|
|
|
Tests for AnonymousUser delegating to backend.
|
2010-01-28 09:47:23 +08:00
|
|
|
"""
|
|
|
|
|
|
|
|
backend = 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.curr_auth = settings.AUTHENTICATION_BACKENDS
|
|
|
|
settings.AUTHENTICATION_BACKENDS = (self.backend,)
|
|
|
|
self.user1 = AnonymousUser()
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
settings.AUTHENTICATION_BACKENDS = self.curr_auth
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
|
|
|
self.assertEqual(self.user1.has_perm('anon', TestObj()), True)
|
|
|
|
|
|
|
|
def test_has_perms(self):
|
|
|
|
self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True)
|
|
|
|
self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False)
|
|
|
|
|
|
|
|
def test_has_module_perms(self):
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app1"), True)
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app2"), False)
|
|
|
|
|
|
|
|
def test_get_all_permissions(self):
|
|
|
|
self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['anon']))
|
|
|
|
|
|
|
|
|
2010-12-04 12:47:59 +08:00
|
|
|
|
2010-12-22 03:18:12 +08:00
|
|
|
|
2010-12-04 12:47:59 +08:00
|
|
|
class NoBackendsTest(TestCase):
|
|
|
|
"""
|
|
|
|
Tests that an appropriate error is raised if no auth backends are provided.
|
|
|
|
"""
|
|
|
|
def setUp(self):
|
|
|
|
self.old_AUTHENTICATION_BACKENDS = settings.AUTHENTICATION_BACKENDS
|
|
|
|
settings.AUTHENTICATION_BACKENDS = []
|
|
|
|
self.user = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
settings.AUTHENTICATION_BACKENDS = self.old_AUTHENTICATION_BACKENDS
|
|
|
|
|
|
|
|
def test_raises_exception(self):
|
|
|
|
self.assertRaises(ImproperlyConfigured, self.user.has_perm, ('perm', TestObj(),))
|
2010-12-22 03:18:12 +08:00
|
|
|
|
|
|
|
|
|
|
|
class InActiveUserBackend(SimpleRowlevelBackend):
|
|
|
|
supports_inactive_user = True
|
|
|
|
|
|
|
|
|
|
|
|
class NoInActiveUserBackend(SimpleRowlevelBackend):
|
|
|
|
supports_inactive_user = False
|
|
|
|
|
|
|
|
|
|
|
|
class InActiveUserBackendTest(TestCase):
|
|
|
|
"""
|
|
|
|
Tests for a inactive user delegating to backend if it has 'supports_inactive_user' = True
|
|
|
|
"""
|
|
|
|
|
|
|
|
backend = 'django.contrib.auth.tests.auth_backends.InActiveUserBackend'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.curr_auth = settings.AUTHENTICATION_BACKENDS
|
|
|
|
settings.AUTHENTICATION_BACKENDS = (self.backend,)
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
self.user1.is_active = False
|
|
|
|
self.user1.save()
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
settings.AUTHENTICATION_BACKENDS = self.curr_auth
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
|
|
|
self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
|
|
|
|
|
|
|
|
def test_has_module_perms(self):
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app1"), False)
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app2"), False)
|
|
|
|
|
|
|
|
|
|
|
|
class NoInActiveUserBackendTest(TestCase):
|
|
|
|
"""
|
|
|
|
Tests that an inactive user does not delegate to backend if it has 'supports_inactive_user' = False
|
|
|
|
"""
|
|
|
|
backend = 'django.contrib.auth.tests.auth_backends.NoInActiveUserBackend'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.curr_auth = settings.AUTHENTICATION_BACKENDS
|
|
|
|
settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
|
|
|
|
self.user1 = User.objects.create_user('test', 'test@example.com', 'test')
|
|
|
|
self.user1.is_active = False
|
|
|
|
self.user1.save()
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
settings.AUTHENTICATION_BACKENDS = self.curr_auth
|
|
|
|
|
|
|
|
def test_has_perm(self):
|
|
|
|
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
2011-11-13 01:23:07 +08:00
|
|
|
self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
|
2010-12-22 03:18:12 +08:00
|
|
|
|
|
|
|
def test_has_module_perms(self):
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app1"), False)
|
|
|
|
self.assertEqual(self.user1.has_module_perms("app2"), False)
|
|
|
|
|