Django

Code

Changeset 4055

Show
Ignore:
Timestamp:
11/08/06 17:53:19 (2 years ago)
Author:
jkocherhans
Message:

[generic-auth] Added a simple role based permission checker in the tests

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/branches/generic-auth/tests/regressiontests/generic_auth/models.py

    r4030 r4055  
    11from django.db import models 
     2from django.contrib.auth.models import User 
    23 
    34class Person(models.Model): 
    45    name = models.CharField(maxlength=20) 
     6 
     7class Article(models.Model): 
     8    name = models.CharField(maxlength=100) 
     9    body = models.TextField() 
     10    creator = models.ForeignKey(User) 

  • django/branches/generic-auth/tests/regressiontests/generic_auth/tests.py

    r4030 r4055  
    1010>>> create_permissions(app, [], 0) 
    1111 
    12 Create and register an authorization handler that acts like Django's model 
    13 level permissions 
     12Create and register an authorization handler that acts similarly to Django's  
     13model level permissions. This version doesn't take group permissions into  
     14account however. 
    1415 
    1516>>> def default_has_permission(user, permission, obj): 
    16 ...     p_name = "%s.%s" % (permission.content_type.app_label, permission.codename) 
    17 ...     return user.has_perm(p_name) 
     17...    if not user.is_active: 
     18...        return False 
     19...    if user.is_superuser: 
     20...        return True 
     21...    return permission in user.user_permissions.select_related() 
    1822...      
    1923>>> has_permission.register(default_has_permission, User, Permission, Person) 
     
    7175False 
    7276 
     77 
     78Let's create a simple role-based implementation of has_permission that allows  
     79change and delete access to the creator of an object, but denies access to  
     80everyone else. The creator is just a foreign key from the object in question 
     81to the django.contrib.auth.models.User model. 
     82 
     83First, we create the actual implementation. 
     84 
     85>>> def is_creator(user, permission, object): 
     86...     if user.is_superuser: 
     87...         return True 
     88...     # if no object was provided, fall back to Model level permissions 
     89...     if not object: 
     90...         return permission in user.user_permissions.select_related() 
     91...     return user == object.creator 
     92... 
     93 
     94 
     95The we register is_creator to handle calls to has_permission for the 
     96appropriate models (in this case User, Permision, and Article). 
     97 
     98>>> from django.contrib.auth.models import User, Permission 
     99>>> from django.contrib.auth import has_permission 
     100>>> from regressiontests.generic_auth.models import Article 
     101 
     102>>> has_permission.register(is_creator, User, Permission, Article) 
     103 
     104 
     105Create an Article for our tests, and set it's `owner` attribute to the user we 
     106created above. 
     107 
     108>>> article = Article(name='test', body='test', creator=user) 
     109>>> article.save() 
     110 
     111 
     112Set up some convenient reverences to the various permission objects. 
     113 
     114>>> add_permission = Article._meta.get_add_permission() 
     115>>> change_permission = Article._meta.get_change_permission() 
     116>>> delete_permission = Article._meta.get_delete_permission() 
     117 
     118Adding isn't tied to a particular object, and we haven't given the user 
     119permission to add Articles yet, so this should fail. 
     120 
     121>>> has_permission(user, add_permission) 
     122False 
     123 
     124But the user *is* the creator of `article`, so they *should* have change and 
     125delete permissions for that article. 
     126 
     127>>> has_permission(user, change_permission, article) 
     128True 
     129>>> has_permission(user, delete_permission, article) 
     130True 
     131 
     132 
     133Give the user add Article permissions. 
     134 
     135>>> user.user_permissions.add(add_permission) 
     136>>> user.save() 
     137 
     138 
     139Make sure it worked. 
     140 
     141>>> has_permission(user, add_permission, article) 
     142True 
     143 
     144 
    73145"""