added permission tests

.gitignore

@@ -46,3 +46,11 @@ documents/urls.pyc
 nosetests.xml
 
 documents/views.pyc
+
+build/lib/documents/templates/documents/docinfo.html
+
+build/lib/documents/templates/documents/document_search.html
+
+build/lib/documents/templates/documents/document_upload.html
+
+build/lib/documents/templates/documents/newmaptpl.html

README.rst

@@ -25,21 +25,19 @@ Extras
 
 #. In order to have the documents directly linked in the main menu bar:
 
-	(basic) replace the page_layout.html file provided in the "extras" folder with the original one in your template folder.
+	(basic) replace the page_layout.html file provided in the "extras" folder with the original one in your template folder. (only use this if you have never modified the page_layout.html file)
 
 	(advanced) copy the content of the page_layout_snippet.html and insert it in your page_layout.html file in the "nav" block.
 
 #. In order to have the documents linked in the map detail template:
 
-	(basic) replace the mapinfo.html file in the "extras/maps" folder with the original one in your template folder.
+	(basic) replace the mapinfo.html file in the "extras/maps" folder with the original one in your template folder. (only use this if you have never modified the mapinfo.html file)
 
 	(advanced) copy the content of the mapinfo_snippet.html and insert it in your mapinfo.html file in the "sidebar" block.
 
 Features
 --------
 
-- (Planned) Upload form for document. It can either be attached to an existing map or a new one can be created with a custom widget to select the bounding box.
 - (Planned) Integration with GeoNetwork (maps and files registered in GeoNetwork)
-- (Planned) Easy installable on an existing GeoNode installation. Without having to alter existing tables / data.
 - (Planned) Auto pdf document creation after using the print button in the map composer.
 

documents/fixtures/initial_data.json

@@ -1,4 +1,40 @@
 [
+{
+    "pk": 1, 
+    "model": "auth.user", 
+    "fields": {
+        "username": "bobby", 
+        "first_name": "", 
+        "last_name": "", 
+        "is_active": true, 
+        "is_superuser": false, 
+        "is_staff": false, 
+        "last_login": "2010-06-10 16:59:13", 
+        "groups": [], 
+        "user_permissions": [], 
+        "password": "sha1$8d019$a84eea3f5093eed93bc68bf62fe400f14042ab06", 
+        "email": "bobby@bob.com", 
+        "date_joined": "2010-06-10 16:58:18"
+    }
+},
+{
+        "fields": {
+            "date_joined": "2010-07-20 13:31:27",
+            "email": "admin@admin.admin",
+            "first_name": "",
+            "groups": [],
+            "is_active": true,
+            "is_staff": true,
+            "is_superuser": true,
+            "last_login": "2010-07-20 17:26:12",
+            "last_name": "",
+            "password": "sha1$6c974$de67ee46336cb3b9bb9e90d53863c3a8d01ce944",
+            "user_permissions": [],
+            "username": "admin"
+        },
+        "model": "auth.user",
+        "pk": 2
+},
 {
     "pk": 7,
     "model": "core.objectrole",

documents/tests.py

@@ -7,20 +7,24 @@
 from django.conf import settings
 from geonode.maps.models import Map, MapLayer
 from documents.models import Document
+import documents.views
+import geonode.core
 from django.test.client import Client
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.contrib.auth.models import User
 import StringIO
+from django.contrib.auth.models import User, AnonymousUser
+import json
 
 LOGIN_URL = settings.SITEURL + "accounts/login/"
 
-superuser = User.objects.create_superuser('bobby', 'bobby@foo.com', 'bob')
+#superuser = User.objects.create_superuser('bobby', 'bobby@foo.com', 'bob')
 imgfile = StringIO.StringIO('GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00'
-	                            '\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00;')
+								'\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00;')
 def create_document():
 	f = SimpleUploadedFile('test_img_file.gif', imgfile.read(), 'image/gif')
 	m, __ = Map.objects.get_or_create(id=1, title='foo', projection='4326', zoom=2, center_x=0, center_y=0,
-	                                  owner=User.objects.get_or_create(username='foo')[0])
+									  owner=User.objects.get(username='bobby'))
 	for ord, lyr in enumerate(settings.MAP_BASELAYERS):
 		MapLayer.objects.from_viewer_config(
 			map=m,
@@ -29,13 +33,14 @@ def create_document():
 			ordering=ord
 		).save()
 	m.set_default_permissions()
+	superuser = User.objects.get(pk=2)
 	c, created = Document.objects.get_or_create(id=1, file=f,owner=superuser)
 	c.set_default_permissions()
 	c.maps.add(m)
 	return c, created
 
 class EventsTest(TestCase):
-
+		
 	def test_map_details(self):
 		"""/maps/1 -> Test accessing the detail view of a map"""
 		create_document()
@@ -64,12 +69,12 @@ def test_document_isuploaded(self):
 		"""/documents/upload -> Test uploading a document"""
 		f = SimpleUploadedFile('test_img_file.gif', imgfile.read(), 'image/gif')
 		m, __ = Map.objects.get_or_create(id=1, title='foo', projection='4326', zoom=2, center_x=0, center_y=0,
-		                                  owner=User.objects.get_or_create(username='foo')[0])
+										  owner=User.objects.get(username='bobby'))
 		c = Client()
 
-		c.login(username='bobby', password='bob')
+		c.login(username='admin', password='admin')
 		response = c.post("/documents/upload", {'file': f, 'title': 'uploaded_document', 'map': m.id},
-		                  follow=True)
+						  follow=True)
 		self.assertEquals(response.status_code, 200)
 
 	def test_newmap_template(self):
@@ -86,8 +91,106 @@ def test_document_creation(self):
 		"""
 		f = SimpleUploadedFile('test_img_file.gif', imgfile.read(), 'image/gif')
 		m, __ = Map.objects.get_or_create(id=1, title='foo', projection='4326', zoom=2, center_x=0, center_y=0,
-	                                  owner=User.objects.get_or_create(username='foo')[0])
+									  owner=User.objects.get(username='bobby'))
 		m.set_default_permissions()
 		d,created = Document.objects.get_or_create(id=1, file=f)
 		d.maps.add(m)
-		self.assertTrue(created)
+		self.assertTrue(created)
+
+	# Permissions Tests
+
+	# Users
+	# - admin (pk=2)
+	# - bobby (pk=1)
+
+	# Inherited
+	# - LEVEL_NONE = _none
+
+	# Layer
+	# - LEVEL_READ = document_read
+	# - LEVEL_WRITE = document_readwrite
+	# - LEVEL_ADMIN = document_admin
+
+
+	# FIXME: Add a comprehensive set of permissions specifications that allow us 
+	# to test as many conditions as is possible/necessary
+
+	# If anonymous and/or authenticated are not specified, 
+	# should set_layer_permissions remove any existing perms granted??
+
+	perm_spec = {"anonymous":"_none","authenticated":"_none","users":[["bobby","document_readwrite"]]}
+
+	def test_set_document_permissions(self):
+		"""Verify that the set_document_permissions view is behaving as expected
+		"""
+		create_document()
+		# Get a document to work with
+		document = Document.objects.all()[0]
+
+		# Save the Layers current permissions
+		current_perms = document.get_all_level_info() 
+
+		# Set the Permissions
+		documents.views.set_document_permissions(document, self.perm_spec)
+
+		# Test that the Permissions for ANONYMOUS_USERS and AUTHENTICATED_USERS were set correctly		  
+		self.assertEqual(document.get_gen_level(geonode.core.models.ANONYMOUS_USERS), document.LEVEL_NONE) 
+		self.assertEqual(document.get_gen_level(geonode.core.models.AUTHENTICATED_USERS), document.LEVEL_NONE)
+
+		# Test that previous permissions for users other than ones specified in
+		# the perm_spec (and the document owner) were removed
+		users = [n for (n, p) in self.perm_spec['users']]
+		levels = document.get_user_levels().exclude(user__username__in = users + [document.owner])
+		self.assertEqual(len(levels), 0)
+
+		# Test that the User permissions specified in the perm_spec were applied properly
+		for username, level in self.perm_spec['users']:
+			user = geonode.maps.models.User.objects.get(username=username)
+			self.assertEqual(document.get_user_level(user), level)	  
+
+	def test_ajax_document_permissions(self):
+		"""Verify that the ajax_document_permissions view is behaving as expected
+		"""
+
+		# Setup some document names to work with 
+		create_document()
+		document_id = Document.objects.all()[0].id
+		invalid_document_id = 5
+
+		c = Client()
+
+		# Test that an invalid layer.typename is handled for properly
+		response = c.post("/documents/%s/ajax-permissions" % invalid_document_id, 
+							data=json.dumps(self.perm_spec),
+							content_type="application/json")
+		self.assertEquals(response.status_code, 404) 
+
+		# Test that POST is required
+		response = c.get("/documents/%s/ajax-permissions" % document_id)
+		self.assertEquals(response.status_code, 405)
+
+		# Test that a user is required to have maps.change_layer_permissions
+
+		# First test un-authenticated
+		response = c.post("/documents/%s/ajax-permissions" % document_id, 
+							data=json.dumps(self.perm_spec),
+							content_type="application/json")
+		self.assertEquals(response.status_code, 401) 
+
+		# Next Test with a user that does NOT have the proper perms
+		logged_in = c.login(username='bobby', password='bob')
+		self.assertEquals(logged_in, True) 
+		response = c.post("/documents/%s/ajax-permissions" % document_id, 
+							data=json.dumps(self.perm_spec),
+							content_type="application/json")
+		self.assertEquals(response.status_code, 401) 
+
+		# Login as a user with the proper permission and test the endpoint
+		logged_in = c.login(username='admin', password='admin')
+		self.assertEquals(logged_in, True)
+		response = c.post("/documents/%s/ajax-permissions" % document_id, 
+							data=json.dumps(self.perm_spec),
+							content_type="application/json")
+
+		# Test that the method returns 200		   
+		self.assertEquals(response.status_code, 200)