Skip to content

Commit

Permalink
creates correct permissions and tests them
Browse files Browse the repository at this point in the history
  • Loading branch information
@hugobessa
hugobessa committed Aug 30, 2017
1 parent e95da97 commit 773a905
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 6 deletions.
14 changes: 14 additions & 0 deletions shared_schema_tenants/permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
from rest_framework.permissions import DjangoModelPermissions


class DjangoTenantModelPermissions(DjangoModelPermissions):

def has_object_permission(self, request, view, obj):
if hasattr(obj, 'tenant'):
kwargs = {'tenant': obj.tenant}
elif hasattr(obj, 'tenants'):
kwargs = {'tenant__in': obj.tenants.all()}
else:
return False

return request.user.relationships.filter(**kwargs).exists()
13 changes: 7 additions & 6 deletions shared_schema_tenants/views.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
from rest_framework import generics, views, response, status, permissions
from rest_framework import generics, views, response, status
from django.db import transaction

from shared_schema_tenants.models import Tenant, TenantSite
from shared_schema_tenants.permissions import DjangoTenantModelPermissions
from shared_schema_tenants.utils import import_class
from shared_schema_tenants.settings import (
TENANT_SERIALIZER, TENANT_SITE_SERIALIZER,
Expand All @@ -16,7 +17,7 @@

class TenantListView(generics.ListCreateAPIView):
serializer_class = TenantSerializer
permission_classes = [permissions.DjangoModelPermissions]
permission_classes = [DjangoTenantModelPermissions]

def get_queryset(self):
if self.request.user.is_authenticated:
Expand All @@ -28,7 +29,7 @@ def get_queryset(self):

class TenantDetailsView(generics.RetrieveUpdateDestroyAPIView):
serializer_class = TenantSerializer
permission_classes = [permissions.DjangoModelPermissions]
permission_classes = [DjangoTenantModelPermissions]

def get_queryset(self):
if self.request.user.is_authenticated:
Expand All @@ -43,7 +44,7 @@ def get_object(self):

class TenantSettingsDetailsView(views.APIView):
serializer_class = TenantSettingsSerializer
permission_classes = [permissions.DjangoModelPermissions]
permission_classes = [DjangoTenantModelPermissions]

def get(self, request, *args, **kwargs):
serializer = self.get_serializer_class(
Expand All @@ -64,7 +65,7 @@ def post(self, request, *args, **kwargs):

class TenantSiteListView(generics.ListCreateAPIView):
serializer_class = TenantSiteSerializer
permission_classes = [permissions.DjangoModelPermissions]
permission_classes = [DjangoTenantModelPermissions]

def get_queryset(self):
return TenantSite.objects.filter().distinct()
Expand All @@ -78,7 +79,7 @@ def get_serializer(self, *args, **kwargs):

class TenantSiteDetailsView(generics.DestroyAPIView):
serializer_class = TenantSiteSerializer
permission_classes = [permissions.DjangoModelPermissions]
permission_classes = [DjangoTenantModelPermissions]

def get_queryset(self):
return TenantSite.objects.filter().distinct()
Expand Down
47 changes: 47 additions & 0 deletions tests/test_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
import mock
from django.test import RequestFactory
from model_mommy import mommy

from tests.utils import SharedSchemaTenantsTestCase
from shared_schema_tenants.permissions import DjangoTenantModelPermissions

try:
from django.urls import reverse
except ImportError:
from django.core.urlresolvers import reverse


class DjangoTenantModelPermissionsTests(SharedSchemaTenantsTestCase):

def setUp(self):
super(DjangoTenantModelPermissionsTests, self).setUp()
factory = RequestFactory()
self.request = factory.post(reverse('shared_schema_tenants:tenant_list'))
self.request.user = self.user
self.permission = DjangoTenantModelPermissions()

def test_has_object_permission_with_created_tenant_single_tenant_object(self):
obj = mock.Mock(spec=['tenant'])
obj.tenant = self.tenant
self.assertTrue(self.permission.has_object_permission(self.request, None, obj))

def test_has_object_permission_with_created_tenant_multi_tenant_object(self):
obj = mock.Mock(spec=['tenants'])
obj.tenants = mock.Mock(spec=['all'])
obj.tenants.all = lambda: [self.tenant]
self.assertTrue(self.permission.has_object_permission(self.request, None, obj))

def test_has_object_permission_with_new_tenant_single_tenant_object(self):
obj = mock.Mock(spec=['tenant'])
obj.tenant = mommy.make('shared_schema_tenants.Tenant')
self.assertFalse(self.permission.has_object_permission(self.request, None, obj))

def test_has_object_permission_with_new_tenant_multi_tenant_object(self):
obj = mock.Mock(spec=['tenants'])
obj.tenants = mock.Mock(spec=['all'])
obj.tenants.all = lambda: [mommy.make('shared_schema_tenants.Tenant')]
self.assertFalse(self.permission.has_object_permission(self.request, None, obj))

def test_has_object_permission_without_tenant_attributes(self):
obj = mock.Mock(spec=['test_not_tenant_attribute'])
self.assertFalse(self.permission.has_object_permission(self.request, None, obj))

0 comments on commit 773a905

Please sign in to comment.