This repository has been archived by the owner on Aug 26, 2022. It is now read-only.
/
test_models.py
70 lines (58 loc) · 2.51 KB
/
test_models.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
from kuma.core.tests import KumaTestCase, ok_
from kuma.users.tests import user
from ..utils import allow_add_attachment_by
class AttachmentTests(KumaTestCase):
def test_permissions(self):
"""Ensure that the negative and positive permissions for adding
attachments work."""
# Get the negative and positive permissions
ct = ContentType.objects.get(app_label='attachments', model='attachment')
p1 = Permission.objects.get(codename='disallow_add_attachment',
content_type=ct)
p2 = Permission.objects.get(codename='add_attachment',
content_type=ct)
# Create a group with the negative permission.
g1, created = Group.objects.get_or_create(name='cannot_attach')
g1.permissions = [p1]
g1.save()
# Create a group with the positive permission.
g2, created = Group.objects.get_or_create(name='can_attach')
g2.permissions = [p2]
g2.save()
# User with no explicit permission is allowed
u2 = user(username='test_user2', save=True)
ok_(allow_add_attachment_by(u2))
# User in group with negative permission is disallowed
u3 = user(username='test_user3', save=True)
u3.groups = [g1]
u3.save()
ok_(not allow_add_attachment_by(u3))
# Superusers can do anything, despite group perms
u1 = user(username='test_super', is_superuser=True, save=True)
u1.groups = [g1]
u1.save()
ok_(allow_add_attachment_by(u1))
# User with negative permission is disallowed
u4 = user(username='test_user4', save=True)
u4.user_permissions.add(p1)
u4.save()
ok_(not allow_add_attachment_by(u4))
# User with positive permission overrides group
u5 = user(username='test_user5', save=True)
u5.groups = [g1]
u5.user_permissions.add(p2)
u5.save()
ok_(allow_add_attachment_by(u5))
# Group with positive permission takes priority
u6 = user(username='test_user6', save=True)
u6.groups = [g1, g2]
u6.save()
ok_(allow_add_attachment_by(u6))
# positive permission takes priority, period.
u7 = user(username='test_user7', save=True)
u7.user_permissions.add(p1)
u7.user_permissions.add(p2)
u7.save()
ok_(allow_add_attachment_by(u7))