我们从Python开源项目中,提取了以下48个代码示例,用于说明如何使用django.contrib.auth.models.Group()。
def create(request): error = None group_name = '' if request.method == 'POST': group_name = request.POST.get('group_name', '') try: create_usergroup(request.user, group_name) msg = _('Group "{0}" was created.').format(group_name) messages.success(request, msg) return redirect('groups_show', group_name) except GroupError as e: error = e.message return TemplateResponse(request, 'groups/create.html', { 'error': error, 'group_name': group_name, })
def test_get_all_permissions_mixed_user_and_group(self): permissions = Permission.objects.filter(content_type__app_label='auth', codename__in=[ 'add_user', 'change_user', 'add_group', 'change_group' ]) user = User.objects.create_user(username='testuser', password='test123.') group = Group.objects.create(name='group') group.user_set.add(user) user.user_permissions.add(*permissions.filter(content_type__model='user')) group.permissions.add(*permissions.filter(content_type__model='group')) backend = ChemoPermissionsBackend() self.assertEqual( set(permissions.filter(content_type__model='group').values_list('codename', flat=True)), set(backend.get_all_permissions(user, group)) ) self.assertEqual( set(permissions.filter(content_type__model='user').values_list('codename', flat=True)), set(backend.get_all_permissions(user, user)) )
def invite(request, group_name): group = get_object_or_404(Group, name=group_name) if not group.properties.admins.filter(pk=request.user.pk): raise PermissionDenied() if request.method == 'POST': form = InvitationForm(request.POST, group=group, user=request.user) if form.is_valid(): subject = u'Neue Gruppeneinladung / new group invitation' invitations = form.get_invitations() for invitation in invitations: invitation.save() _send_invitation_mail(request, invitation, subject, 'new_invitation') messages.success(request, _('Invitation was sent.')) return redirect('groups_show', group_name) else: form = InvitationForm(group=group, user=request.user) return TemplateResponse(request, 'groups/invite.html', { 'group': group, 'form': form })
def resolve_user_or_group(self, old_id): """Resolve a user by its user id from old dudel.""" # connect to db conn = psycopg2.connect(self.conn_string) cursor = conn.cursor() cursor.execute('SELECT username FROM "user" WHERE id=%s', (old_id,)) username = cursor.fetchone() try: if username: return get_user_model().objects.get(username=username[0]) else: cursor.execute('SELECT name FROM "group" WHERE id=%s', (old_id,)) groupname = cursor.fetchone() if groupname: return Group.objects.get(name=groupname[0]) except ObjectDoesNotExist: return None
def test_unconfigured_group(self): with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=[]): # After login the user will be created self.client.get(reverse('shibauth_rit:shibauth_info'), **settings.SAMPLE_HEADERS) query = User.objects.all() # Ensure the user was created self.assertEqual(query.count(), 1) user = User.objects.get(username='rrcdis1') # The user should have no groups self.assertEqual(user.groups.all().count(), 0) # Create a group and add the user g = Group(name='Testgroup') g.save() # Now we should have exactly one group self.assertEqual(Group.objects.all().count(), 1) g.user_set.add(user) # Now the user should be in exactly one group self.assertEqual(user.groups.all().count(), 1) self.client.get(reverse('shibauth_rit:shibauth_info'), **settings.SAMPLE_HEADERS) # After a request the user should still be in the group. self.assertEqual(user.groups.all().count(), 1)
def get_form_kwargs(self, kwargs): kwargs.update({ 'save_button_name': getattr(self.view, 'save_button_name', 'Update'), 'delete_confirmation': getattr(self.view, 'delete_confirmation', settings.FORM_DELETE_CONFIRMATION), 'delete_url': getattr(self.view, 'delete_url', None), }) if not kwargs['delete_url'] and self.view.auto_delete_url: url_name = self.view.json_cfg['view_name'].replace('edit_', 'delete_') kwargs['delete_url'] = reverse(url_name, args=(self.view.object.pk,)) if hasattr(self.plugin.form_meta, 'success_url'): kwargs['delete_success_url'] = self.plugin.form_meta.success_url if not isinstance(self.view.object, Group) and not self.view.request.user.has_delete_perm(self.view.model): kwargs.pop('delete_url', None) return kwargs # noinspection PyCallingNonCallable, PyUnresolvedReferences
def new_student() -> User: # ???? username = random_string()[:30] salt = random_string()[:5] password = "malalaoshi" user = User(username=username) user.email = "" user.password = make_password(password, salt) user.save() student_group = Group.objects.get(name="??") user.groups.add(student_group) # ?????? profile = Profile(user=user) profile.save() student = Student(user=user) student.save() # ???? user.save() profile.save() student.save() ret_user = authenticate(username=username, password=password) return ret_user
def new_parent()->User: # ???? username = random_string()[:30] salt = random_string()[:5] password = "malalaoshi" user = User(username=username) user.email = "" user.password = make_password(password, salt) user.save() parent_group = Group.objects.get(name="??") user.groups.add(parent_group) # ?????? profile = Profile(user=user) profile.save() parent = Parent(user=user) parent.save() # ???? user.save() profile.save() parent.save() ret_user = authenticate(username=username, password=password) return ret_user
def create_auth(sender, instance, created, **kwargs): """ A hook that run when we create a new network that creates an auth user and token that BTSs on the network use to authenticate. """ if not instance.auth_group or not instance.auth_user: instance.auth_group, created_group = Group.objects.get_or_create(name='network_%s' % instance.pk) if created_group: assign_perm('view_network', instance.auth_group, instance) post_save.disconnect(UserProfile.new_user_hook, sender=User) instance.auth_user, created_user = User.objects.get_or_create(username='network_%s' % instance.pk) if created_user: Token.objects.create(user=instance.auth_user) instance.auth_group.user_set.add(instance.auth_user) post_save.connect(UserProfile.new_user_hook, sender=User) instance.save()
def test_write_property(self): """Push Group users should be able to POST new properties. """ url = reverse('property-list') data = { 'listing_type': FOR_SALE, 'price': 1234, 'raw_address': '125 Fake St', 'size_units': METRIC, 'listing_timestamp': timezone.now() } response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(Property.objects.count(), 2)
def test_edit_property(self): """Push Group users should not be able to PUT new properties. """ url = reverse('property-detail', kwargs={'pk':1}) data = { 'listing_type': FOR_SALE, 'price': 1235, 'raw_address': '125 Fake St', 'size_units': METRIC, 'listing_timestamp': timezone.now() } response = self.client.put(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(Property.objects.count(), 1) self.assertEqual(Property.objects.filter(price=1000).count(), 1) self.assertEqual(Property.objects.filter(price=1235).count(), 0)
def test_write_property(self): """Flagging Group users should not be able to POST new properties. """ url = reverse('property-list') data = { 'listing_type': FOR_SALE, 'price': 1234, 'raw_address': '125 Fake St', 'size_units': METRIC, 'listing_timestamp': timezone.now() } response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(Property.objects.count(), 1)
def test_edit_property(self): """Flagging Group users should not be able to PUT new properties. """ url = reverse('property-detail', kwargs={'pk':1}) data = { 'listing_type': FOR_SALE, 'price': 1235, 'raw_address': '125 Fake St', 'size_units': METRIC, 'listing_timestamp': timezone.now() } response = self.client.put(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(Property.objects.count(), 1) self.assertEqual(Property.objects.filter(price=1000).count(), 1) self.assertEqual(Property.objects.filter(price=1235).count(), 0)
def add_proj_manager(request, pk): obj = get_object_or_404( Project, pk=pk) group = Group.objects.get(name__exact="Project Manager") role_obj = UserRole(project=obj, group=group) scenario = 'Assign' if request.method == 'POST': form = SetProjectManagerForm(data=request.POST, instance=role_obj, request=request) if form.is_valid(): role_obj = form.save(commit=False) user_id = request.POST.get('user') role_obj.user_id = int(user_id) role_obj.save() messages.add_message(request, messages.INFO, 'Project Manager Added') return HttpResponseRedirect(reverse("fieldsight:project-dashboard", kwargs={'pk': obj.pk})) else: form = SetProjectManagerForm(instance=role_obj, request=request) return render(request, "fieldsight/add_project_manager.html", {'obj':obj,'form':form, 'scenario':scenario})
def add_supervisor(request, pk): obj = get_object_or_404( Site, pk=int(pk)) group = Group.objects.get(name__exact="Site Supervisor") role_obj = UserRole(site=obj, group=group) if request.method == 'POST': form = SetSupervisorForm(data=request.POST, instance=role_obj, request=request) if form.is_valid(): role_obj = form.save(commit=False) user_id = request.POST.get('user') role_obj.user_id = int(user_id) role_obj.save() messages.add_message(request, messages.INFO, 'Site Supervisor Added') return HttpResponseRedirect(reverse("fieldsight:site-dashboard", kwargs={'pk': obj.pk})) else: form = SetSupervisorForm(instance=role_obj, request=request) return render(request, "fieldsight/add_supervisor.html", {'obj':obj,'form':form})
def add_central_engineer(request, pk): obj = get_object_or_404( Project, pk=pk) group = Group.objects.get(name__exact="Reivewer") role_obj = UserRole(project=obj, group=group) scenario = 'Assign' if request.method == 'POST': form = SetProjectRoleForm(data=request.POST, instance=role_obj, request=request) if form.is_valid(): role_obj = form.save(commit=False) user_id = request.POST.get('user') role_obj.user_id = int(user_id) role_obj.save() messages.add_message(request, messages.INFO, 'Reviewer Added') return HttpResponseRedirect(reverse("fieldsight:project-dashboard", kwargs={'pk': obj.pk})) else: form = SetProjectRoleForm(instance=role_obj, request=request,) return render(request, "fieldsight/add_central_engineer.html", {'obj':obj,'form':form, 'scenario':scenario})
def test_invalid_config(self): try: IncludeExcludeSchema(Group) self.fail('Invalid schema with include & exclude raises no error') except DjangoQLSchemaError: pass try: IncludeUserGroupSchema(Book) self.fail('Schema was initialized with a model excluded from it') except DjangoQLSchemaError: pass try: IncludeUserGroupSchema(User()) self.fail('Schema was initialized with an instance of a model') except DjangoQLSchemaError: pass
def test_update_raw_node_property(self): group = Group.objects.create(name='group') node = get_node_for_object(group) # Set a custom attribute on the node and make sure it's saved on the node result, _ = list(flatten(db.cypher_query('MATCH (n) WHERE ID(n) = %d ' 'SET n.foo = "bar", n.baz = "qux" RETURN n' % node.id))) self.assertTrue(all(i in result.properties for i in ('foo', 'baz'))) self.assertEqual(result.properties['foo'], 'bar') self.assertEqual(result.properties['baz'], 'qux') self.assertFalse(all(hasattr(node, i) for i in ('foo', 'baz'))) node.__update_raw_node__() # Make sure the custom attribute has been deleted result, _ = list(flatten(db.cypher_query('MATCH (n) WHERE ID(n) = %d RETURN n' % node.id))) self.assertFalse(all(i in result.properties for i in ('foo', 'baz')))
def test_update_raw_node_relationship(self): group1, group2 = Group.objects.create(name='group1'), Group.objects.create(name='group2') node1, node2 = get_node_for_object(group1), get_node_for_object(group2) # Create a custom relationship between group1 and group2 results, _ = db.cypher_query( 'MATCH (a), (b) WHERE ID(a) = %d AND ID(b) = %d ' 'CREATE (a)-[r1:RELATION]->(b), (b)-[r2:RELATION]->(a) ' 'RETURN r1, r2' % (node1.id, node2.id) ) results = list(flatten(results)) self.assertEqual(len(results), 2) self.assertTrue(all([r.type == 'RELATION' for r in results])) node1.__update_raw_node__() # Make sure custom relationship is deleted results, _ = db.cypher_query('MATCH (n)-[r]->() WHERE ID(n) = %d RETURN r' % node1.id) self.assertEqual(len(results), 0) # The other relationship should still be intact results, _ = db.cypher_query('MATCH (n)-[r]->() WHERE ID(n) = %d RETURN r' % node2.id) results = list(flatten(results)) self.assertEqual(len(results), 1)
def test_filter_get_detail(self): group1, group2 = (Group.objects.get(name='group1'), Group.objects.get(name='group2')) self.user.user_permissions.add(self.perm) self.user.groups.add(group1) self.access_rule.permissions.add(self.perm) request = factory.get(path='', format='json') force_authenticate(request, self.user) response = self.view.as_view(actions={'get': 'retrieve'})(request, pk=group1.pk) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], group1.name) response = self.view.as_view(actions={'get': 'retrieve'})(request, pk=group2.pk) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(response.data, {'detail': 'Not found.'})
def test_get_all_permissions_user(self): permissions = Permission.objects.filter(content_type__app_label='auth', codename__in=[ 'add_user', 'change_user', 'add_group', 'change_group' ]) user = User.objects.create_user(username='testuser', password='test123.') group = Group.objects.create(name='group') user.user_permissions.add(*permissions) backend = ChemoPermissionsBackend() self.assertEqual( set(permissions.filter(content_type__model='group').values_list('codename', flat=True)), set(backend.get_all_permissions(user, group)) ) self.assertEqual( set(permissions.filter(content_type__model='user').values_list('codename', flat=True)), set(backend.get_all_permissions(user, user)) )
def test_check_permission(self): user = User.objects.create_user(username='testuser', password='test123.') group = Group.objects.create(name='group') group.user_set.add(user) access_rule = AccessRule.objects.create( ctype_source=ContentType.objects.get_for_model(User), ctype_target=ContentType.objects.get_for_model(Group), relation_types=[{'GROUPS': None}] ) perm = Permission.objects.get(content_type__app_label='auth', codename='add_group') group.permissions.add(perm) access_rule.permissions.add(perm) backend = ChemoPermissionsBackend() self.assertTrue(backend.has_perm(user, 'add_group', group)) # Permission codename only self.assertTrue(backend.has_perm(user, 'auth.add_group', group)) # Full permission string
def post(self, *args, **kwargs): group_id = self.request.POST.get('group') faculty_group_id = self.request.POST.get('faculty_group') course_context = self.lti.course_context(self.request) title = self.lti.course_title(self.request) (ctx, created) = LTICourseContext.objects.get_or_create( group=get_object_or_404(Group, id=group_id), faculty_group=get_object_or_404(Group, id=faculty_group_id), lms_course_context=course_context) messages.add_message( self.request, messages.INFO, '<strong>Success!</strong> {} is connected to {}.'.format( title, settings.LTI_TOOL_CONFIGURATION.get('title'))) url = reverse('lti-landing-page', args=[course_context]) return HttpResponseRedirect(url)
def check_init_user(): from django.contrib.auth.models import User, Group from config import INIT_USER_SETTINGS from .permissions import GROUP_NAME_ROOT print('Checking initial user ...', end='') if INIT_USER_SETTINGS is None: print(' skipped') elif User.objects.filter(username=INIT_USER_SETTINGS['username']).exists(): print(' done') else: print(' initial user does not exist') print('Creating initial user ...') user = User(username=INIT_USER_SETTINGS['username']) user.set_password(INIT_USER_SETTINGS['password']) user.first_name = INIT_USER_SETTINGS.get('first_name', '?') user.last_name = INIT_USER_SETTINGS.get('last_name', '??') user.email = INIT_USER_SETTINGS.get('email', 'Unknown') user.is_staff = True user.save() user.groups.add(Group.objects.get(name=GROUP_NAME_ROOT)) print(' done')
def test_when_model_admin_is_not_provided_it_is_derived_from_admin_registry(): session_obj = Session() ck_explicit_admin = CacheKey(result=Group(), model_admin=session_obj) assert ck_explicit_admin.model_admin == session_obj ck_derived_admin = CacheKey(result=Group()) assert ck_derived_admin.model_admin == site._registry[Group] orig_admin = site._registry[Group] try: admin_obj = object() site._registry[Group] = admin_obj ck_derived_admin = CacheKey(result=Group()) assert ck_derived_admin.model_admin == site._registry[Group] finally: site._registry[Group] = orig_admin
def create_ugroup(groupname,persetlist,usersetlist): group = Group(name=groupname) group.save() perli = Permission.objects.filter(codename__in=persetlist) userli = User.objects.filter(username__in=usersetlist) for i in perli: try: group.permissions.add(i) except Exception,e: pass for i in userli : try: group.user_set.add(i) except Exception,e: pass return perli,userli
def delete(request, contest_id, group_id): if not request.user.has_perm('manage_contest', Contest.objects.get(pk=contest_id)): raise PermissionDenied return HttpResponseRedirect(reverse('contest_details', args=[contest_id])) else: try: Group.objects.get(pk=group_id).delete() messages.add_message(request, messages.SUCCESS, "Group has been successfully deleted.") except ObjectDoesNotExist: messages.add_message(request, messages.ERROR, "Group does not exists.") return HttpResponseRedirect(reverse('contest_details', args=[contest_id]))
def test_form_add(self): # GET the import form response = self.client.get('/admin/auth/group/add/') self.assertEqual(response.status_code, 200) data = { 'name': 'editors', 'permissions': ('1', '2', '3'), 'users': ('1',), } response = self.client.post('/admin/auth/group/add/', data, follow=True) self.assertEqual(response.status_code, 200) group = Group.objects.all().last() self.assertTrue(group.name == 'editors') self.assertTrue(group.permissions.all().count() == 3) self.assertTrue(group.user_set.first() == self.admin)
def test_form_edit(self): if VERSION <= (1, 9): url = '/admin/auth/group/1/' else: url = '/admin/auth/group/1/change/' # GET the import form response = self.client.get(url) self.assertEqual(response.status_code, 200) data = { 'name': 'admins', 'permissions': ('1', '2'), 'users': ('1',), } response = self.client.post(url, data, follow=True) self.assertEqual(response.status_code, 200) group = Group.objects.all().last() self.assertTrue(group.name == 'admins') self.assertTrue(group.permissions.all().count() == 2) self.assertTrue(group.user_set.first() == self.admin)
def test_admin_logging(monkeypatch, admin_client): """Spot check that we receive logs around Group edits""" monkeypatch.setattr(apps, 'logger', MockLogger()) admin_client.post('/admin/auth/group/add/', { 'name': 'Looking For', 'permissions': '1'}) group = Group.objects.get(name='Looking For') admin_client.post('/admin/auth/group/{0}/change/'.format(group.pk), { 'name': 'Looking For Group', 'permissions': ['2'] }) logs = '\n'.join(apps.logger.logs) assert "permissions given to group 'Looking For'" in logs assert "admin created group 'Looking For'" in logs assert "<Permission:" in logs assert "Changed name" in logs assert "permissions removed from group 'Looking For Group'" in logs
def test_session_schema_change_clears_permissions_caches(self): schema = Schema.objects.mass_create('a')[0] user = User.objects.create_user(username='username', password='password') user.schemata.add(schema) schema.activate() user.groups.add(Group.objects.create(name='Group')) user.user_permissions.add(Permission.objects.all()[0]) user.get_all_permissions() class Request(object): pass request = Request() request.user = user request.session = SessionStore() change_schema(request=request, schema='a') with self.assertRaises(AttributeError): user._perm_cache with self.assertRaises(AttributeError): user._user_perm_cache with self.assertRaises(AttributeError): user._group_perm_cache
def test_session_schema_change_clears_permissions_caches(self): schema = Schema.objects.mass_create('a')[0] user = User.objects.create_user(username='username', password='password') schema.activate() user.groups.add(Group.objects.create(name='Group')) user.user_permissions.add(Permission.objects.all()[0]) user.get_all_permissions() session_schema_changed.send(user=user, session=None, sender=None) with self.assertRaises(AttributeError): user._perm_cache with self.assertRaises(AttributeError): user._user_perm_cache with self.assertRaises(AttributeError): user._group_perm_cache
def test_doesnt_generate_duplicate_follow_records(self): g = Group.objects.get_or_create(name='DupGroup')[0] s = User.objects.get_or_create(username='dupuser')[0] f1 = follow(s, g) self.assertTrue(f1 is not None, "Should have received a new follow " "record") self.assertTrue(isinstance(f1, Follow), "Returns a Follow object") self.assertEquals(1, Follow.objects.filter(user=s, object_id=g.pk, content_type=ContentType.objects.get_for_model(g)).count(), "Should only have 1 follow record here") f2 = follow(s, g) self.assertEquals(1, Follow.objects.filter(user=s, object_id=g.pk, content_type=ContentType.objects.get_for_model(g)).count(), "Should still only have 1 follow record here") self.assertTrue(f2 is not None, "Should have received a Follow object") self.assertTrue(isinstance(f2, Follow), "Returns a Follow object") self.assertEquals(f1, f2, "Should have received the same Follow " "object that I first submitted")
def _create_group_and_flag(cls): ''' Creates cls.GROUP_1, and restricts cls.PROD_1 only to users who are members of the group. Likewise GROUP_2 and PROD_2 ''' groups = [] products = [cls.PROD_1, cls.PROD_2] for i, product in enumerate(products): group = Group.objects.create(name="TEST GROUP" + str(i)) flag = conditions.GroupMemberFlag.objects.create( description="Group member flag " + str(i), condition=conditions.FlagBase.ENABLE_IF_TRUE, ) flag.group.add(group) flag.products.add(product) groups.append(group) cls.GROUP_1 = groups[0] cls.GROUP_2 = groups[1]
def test_list_different_cts(self): """different contentypes in list""" logged_user = self.user faved_users = [mommy.make(User, username='user-{0}'.format(i)) for i in xrange(5)] faved_groups = [mommy.make(Group, name='group-{0}'.format(i)) for i in xrange(5)] user_ct = ContentType.objects.get_for_model(User) group_ct = ContentType.objects.get_for_model(Group) for user in faved_users: Favorite.objects.create(user=logged_user, content_type=user_ct, object_id=user.id) for group in faved_groups: Favorite.objects.create(user=logged_user, content_type=group_ct, object_id=group.id) response = self.client.get(reverse('users_favorites_list')) self.assertEqual(200, response.status_code) for user in faved_users: self.assertContains(response, user) for user in faved_groups: self.assertContains(response, user)
def test_favorite_deleted_after_action_deleted(self): """test favorite is delete if object is deleted""" the_models = ( models.Action, models.Entity, models.Contact, models.Group, models.Opportunity, Emailing, Search ) for model_class in the_models: obj = mommy.make(model_class) logged_user = self.user content_type = ContentType.objects.get_for_model(model_class) Favorite.objects.create(user=logged_user, content_type=content_type, object_id=obj.id) self.assertEqual(1, Favorite.objects.count()) obj.delete() self.assertEqual(0, Favorite.objects.count())
def leave(request, group_name): group = get_object_or_404(Group, name=group_name) group_proxy = GroupProxy(group) try: group_proxy.remove_member(request.user, check_sole_admin=True) messages.success(request, _('You left the group.')) except GroupError as e: messages.error(request, e.message) return redirect('groups_index')
def group_action(request, group_name, member_pk): group = get_object_or_404(Group, name=group_name) if not group.properties.admins.filter(pk=request.user.pk): raise PermissionDenied() User = get_user_model() try: member = group.user_set.get(pk=member_pk) except User.DoesNotExist: raise Http404 group_proxy = GroupProxy(group) if 'kick' in request.POST: try: group_proxy.remove_member(member, check_sole_admin=True) messages.success(request, _('User was removed from group')) except GroupError as e: messages.errror(request, e.message) elif 'grant_admin' in request.POST: group_proxy.grant_admin(member) messages.success(request, _('User was granted group admin.')) elif 'revoke_admin' in request.POST: try: group_proxy.revoke_admin(member) messages.success(request, _('Revoked group admin rights from user.')) except GroupError as e: messages.errror(request, e.message) return redirect('groups_show', group.name)
def test_group_creation(self): with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=["ritEduMemberOfUid"]): # Test for group creation self.client.get(reverse('shibauth_rit:shibauth_info'), **settings.SAMPLE_HEADERS) user = User.objects.get(username='rrcdis1') self.assertEqual(Group.objects.all().count(), 3) self.assertEqual(user.groups.all().count(), 3)
def test_group_creation_list(self): # Test for group creation from a list of group attributes with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=["ritEduMemberOfUid", "ritEduAffiliation"]): self.client.get(reverse('shibauth_rit:shibauth_info'), **settings.SAMPLE_HEADERS) user = User.objects.get(username='rrcdis1') self.assertEqual(Group.objects.all().count(), 8) self.assertEqual(user.groups.all().count(), 8)
def test_empty_group_attribute(self): # Test everthing is working even if the group attribute is missing in the shibboleth data with self.settings(SHIBAUTH_GROUP_ATTRIBUTES=['SomeNonExistingAttribute']): self.client.get(reverse('shibauth_rit:shibauth_info'), **settings.SAMPLE_HEADERS) user = User.objects.get(username='rrcdis1') self.assertEqual(Group.objects.all().count(), 0) self.assertEqual(user.groups.all().count(), 0)
def test_group_removal(self): user, _ = User.objects.get_or_create(username='rrcdis1') user.set_password('12345') user.is_active = True user.save() g, _ = Group.objects.get_or_create(name='should_be_removed') g2, _ = Group.objects.get_or_create(name='should_not_be_removed') g.user_set.add(user) g2.user_set.add(user) headers = settings.SAMPLE_HEADERS headers["ritEduAffiliation"] = "should_not_be_removed;Student" self.client.get(reverse('shibauth_rit:shibauth_info'), **settings.SAMPLE_HEADERS) user = User.objects.get(username='rrcdis1') self.assertTrue(g not in user.groups.all())
def __str__(self): if self.folder: name = '%s' % self.folder else: name = 'All Folders' ug = [] if self.everybody: ug.append('Everybody') else: if self.group: ug.append("Group: %s" % self.group) if self.user: ug.append("User: %s" % self.user) usergroup = " ".join(ug) perms = [] for s in ['can_edit', 'can_read', 'can_add_children']: perm = getattr(self, s) if perm == self.ALLOW: perms.append(s) elif perm == self.DENY: perms.append('!%s' % s) perms = ', '.join(perms) return "Folder: '%s'->%s [%s] [%s]" % ( name, self.get_type_display(), perms, usergroup)
def __get_id_list(self, attr, **kw): allow_list = set() deny_list = set() if kw.has_key('user'): user = kw['user'] if user.is_superuser or not filer_settings.FILER_ENABLE_PERMISSIONS: return 'All' else: group_ids = user.groups.all().values_list('id', flat=True) # q = Q(user=user) | Q(group__in=group_ids) | Q(everybody=True) elif kw.has_key('group'): group = kw['group'] group_ids = Group.objects.filter(name=group) else: return 'Guest' q = Q(groups__in=group_ids) | Q(everybody=True) # perms = self.filter(q).order_by('folder__tree_id', 'folder__level', # 'folder__lft') perms = self.filter(q) for perm in perms: p = getattr(perm, attr) if p is None: # Not allow nor deny, we continue with the next permission continue file_ids = perm.file_set.all().values_list('id', flat=True) if p == FilePermission.ALLOW: allow_list.update(file_ids) else: deny_list.update(file_ids) return allow_list - deny_list
def __str__(self): return self.name # if self.file: # name = '%s' % self.file # else: # name = 'All Files' # ug = [] # if self.everybody: # ug.append('Everybody') # else: # if self.groups.all().exists(): # for group in self.groups.all(): # ug.append("Group: %s" % group) # # if self.user: # # ug.append("User: %s" % self.user) # usergroup = " ".join(ug) # perms = [] # for s in ['can_edit', 'can_read']: # perm = getattr(self, s) # if perm == self.ALLOW: # perms.append(s) # elif perm == self.DENY: # perms.append('!%s' % s) # perms = ', '.join(perms) # return "Perm: '%s'->[%s] [%s]" % ( # self.name, perms, ug)
def create_fake_group(): group, _ = Group.objects.get_or_create(name='Products Manager') group.permissions.add(Permission.objects.get(codename='edit_product')) group.permissions.add(Permission.objects.get(codename='view_product')) group.save() return group
def create_groups(): group = create_fake_group() return 'Group: %s' % (group.name)