from django.test import override_settings
from django.utils import timezone
from guardian.shortcuts import assign_perm
+from guardian.shortcuts import get_perms
from rest_framework import status
from rest_framework.test import APITestCase
from whoosh.writing import AsyncWriter
status.HTTP_200_OK,
)
- def test_object_permissions(self):
+ def test_api_get_object_permissions(self):
user1 = User.objects.create_user(username="test1")
user2 = User.objects.create_user(username="test2")
user1.user_permissions.add(*Permission.objects.filter(codename="view_document"))
status.HTTP_404_NOT_FOUND,
)
- def test_api_set_permissions(self):
+ def test_api_default_owner(self):
"""
GIVEN:
- - API request to create an object (Tag) that supplies set_permissions object
+ - API request to create an object (Tag)
WHEN:
- - owner is passed as null or as a user id
- - view > users is set
+ - owner is not set at all
THEN:
- - Object permissions are set appropriately
+ - Object created with current user as owner
"""
user1 = User.objects.create_superuser(username="user1")
- user2 = User.objects.create(username="user2")
self.client.force_authenticate(user1)
{
"name": "test1",
"matching_algorithm": MatchingModel.MATCH_AUTO,
- "set_permissions": {
- "owner": None,
- "view": {
- "users": None,
- "groups": None,
- },
- "change": {
- "users": None,
- "groups": None,
- },
- },
+ },
+ ),
+ content_type="application/json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+ tag1 = Tag.objects.filter(name="test1").first()
+ self.assertEqual(tag1.owner, user1)
+
+ def test_api_set_no_owner(self):
+ """
+ GIVEN:
+ - API request to create an object (Tag)
+ WHEN:
+ - owner is passed as None
+ THEN:
+ - Object created with no owner
+ """
+ user1 = User.objects.create_superuser(username="user1")
+
+ self.client.force_authenticate(user1)
+
+ response = self.client.post(
+ "/api/tags/",
+ json.dumps(
+ {
+ "name": "test1",
+ "matching_algorithm": MatchingModel.MATCH_AUTO,
+ "owner": None,
},
),
content_type="application/json",
tag1 = Tag.objects.filter(name="test1").first()
self.assertEqual(tag1.owner, None)
+ def test_api_set_owner_w_permissions(self):
+ """
+ GIVEN:
+ - API request to create an object (Tag) that supplies set_permissions object
+ WHEN:
+ - owner is passed as user id
+ - view > users is set & view > groups is set
+ THEN:
+ - Object permissions are set appropriately
+ """
+ user1 = User.objects.create_superuser(username="user1")
+ user2 = User.objects.create(username="user2")
+ group1 = Group.objects.create(name="group1")
+
+ self.client.force_authenticate(user1)
+
response = self.client.post(
"/api/tags/",
json.dumps(
{
- "name": "test2",
+ "name": "test1",
"matching_algorithm": MatchingModel.MATCH_AUTO,
+ "owner": user1.id,
"set_permissions": {
- "owner": user1.id,
"view": {
"users": [user2.id],
- "groups": None,
+ "groups": [group1.id],
},
"change": {
"users": None,
content_type="application/json",
)
- tag2 = Tag.objects.filter(name="test2").first()
+ self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+ tag1 = Tag.objects.filter(name="test1").first()
from guardian.core import ObjectPermissionChecker
checker = ObjectPermissionChecker(user2)
- self.assertEqual(checker.has_perm("view_tag", tag2), True)
+ self.assertEqual(checker.has_perm("view_tag", tag1), True)
+ self.assertIn("view_tag", get_perms(group1, tag1))
def test_dynamic_permissions_fields(self):
user1 = User.objects.create_user(username="user1")
projects / thirdparty / paperless-ngx.git / commitdiff
