Permalink
Browse files

add cyder admin to tests, expanded documentation on perms backend

  • Loading branch information...
1 parent 19c769e commit 97d3ed8a2553d483e358ef8ecf903cfe179ef51a Kevin Ngo committed Apr 13, 2012
Showing with 33 additions and 7 deletions.
  1. +2 −0 README.md
  2. +15 −6 cyder/core/cyuser/backends.py
  3. +16 −1 cyder/core/cyuser/tests.py
View
@@ -9,6 +9,8 @@ CREATE USER 'cyder'@'localhost' IDENTIFIED BY '****';
GRANT ALL PRIVILEGES ON *.* TO 'cyder'@'localhost';
create database cyder;
+pip install coverage
+
pip install -e git+https://github.com/toastdriven/django-haystack.git@master#egg=django-haystack
pip install ipaddr
@@ -10,12 +10,21 @@ def has_perm(self, request, obj, action):
given object (``obj``) within the current session CTNR. Permissions will
depend on whether the object is within the user's current CTNR and
the user's permissions level within that CTNR. Plebs are people that don't
- have any permissions except for dynamic registrations. Guests of a CTNR
- have view access to all objects within the CTNR. Users have full access
- to objects within the CTNR, except for several types of objects and the
- CTNR itself. CTNR admins are like users except they can modify the CTNR itself
- and assign permissions to other users. Cyder admins are CTNR admins to
- every CTNR. Superusers (Uber-admins/Elders) have complete access to everything
+ have any permissions except for dynamic registrations.
+
+ Guests of a CTNR have view access to all objects within the current CTNR.
+
+ Users have full access to objects within the current CTNR, except
+ for exceptional types of objects (domains, SOAs) and the CTNR itself.
+
+ CTNR admins are like users except they can modify the CTNR itself
+ and assign permissions to other users.
+
+ Cyder admins are CTNR admins to every CTNR. Though the object has to
+ be within the CURRENT CTNR for permissions to be granted, for purposes
+ of encapsulation.
+
+ Superusers (Uber-admins/Elders) have complete access to everything
including the ability to create top-level domains, SOAs, and global DHCP
objects.
@@ -60,12 +60,17 @@ class PermissionsTest(TestCase):
def setUp(self):
self.test_user = User.objects.get_or_create(username='test_user', password='test_user')[0]
-
self.setup_request()
# superuser
self.super_user = User.objects.get(username='development')
+ # cyder admin
+ self.cyder_admin = User.objects.get_or_create(username='cyder_admin', password='cyder_admin')[0]
+ self.ctnr_global = Ctnr.objects.get(id=1)
+ self.ctnr_user_cyder_admin = CtnrUser(id=None, ctnr=self.ctnr_global, user=self.cyder_admin, level=2)
+ self.ctnr_user_cyder_admin.save()
+
# admin
self.ctnr_admin = Ctnr(id=None, name="admin")
self.ctnr_admin.save()
@@ -211,7 +216,16 @@ def assert_perms(self, obj):
"""
Utility function for checking permissions
"""
+ # cyder admin
+ self.request.user = self.cyder_admin
+ self.request.session['ctnr'] = self.ctnr_guest
+ has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'create')
+ has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'view')
+ has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'update')
+ has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'delete')
+
# admin
+ self.request.user = self.test_user
self.request.session['ctnr'] = self.ctnr_admin
has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'create')
has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'view')
@@ -238,3 +252,4 @@ def assert_perms(self, obj):
has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'view')
has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'update')
has_perm = self.test_user.get_profile().has_perm(self.request, obj, 'delete')
+

0 comments on commit 97d3ed8

Please sign in to comment.