1 from django
.conf
import settings
2 from django
.contrib
.auth
.models
import User
, Group
, Permission
, AnonymousUser
3 from django
.contrib
.contenttypes
.models
import ContentType
4 from django
.core
.exceptions
import ImproperlyConfigured
5 from django
.test
import TestCase
8 class BackendTest(TestCase
):
10 backend
= 'django.contrib.auth.backends.ModelBackend'
13 self
.curr_auth
= settings
.AUTHENTICATION_BACKENDS
14 settings
.AUTHENTICATION_BACKENDS
= (self
.backend
,)
15 User
.objects
.create_user('test', 'test@example.com', 'test')
16 User
.objects
.create_superuser('test2', 'test2@example.com', 'test')
19 settings
.AUTHENTICATION_BACKENDS
= self
.curr_auth
20 # The custom_perms test messes with ContentTypes, which will
21 # be cached; flush the cache to ensure there are no side effects
23 ContentType
.objects
.clear_cache()
25 def test_has_perm(self
):
26 user
= User
.objects
.get(username
='test')
27 self
.assertEqual(user
.has_perm('auth.test'), False)
30 self
.assertEqual(user
.has_perm('auth.test'), False)
31 user
.is_superuser
= True
33 self
.assertEqual(user
.has_perm('auth.test'), True)
35 user
.is_superuser
= False
37 self
.assertEqual(user
.has_perm('auth.test'), False)
39 user
.is_superuser
= True
40 user
.is_active
= False
42 self
.assertEqual(user
.has_perm('auth.test'), False)
44 def test_custom_perms(self
):
45 user
= User
.objects
.get(username
='test')
46 content_type
=ContentType
.objects
.get_for_model(Group
)
47 perm
= Permission
.objects
.create(name
='test', content_type
=content_type
, codename
='test')
48 user
.user_permissions
.add(perm
)
51 # reloading user to purge the _perm_cache
52 user
= User
.objects
.get(username
='test')
53 self
.assertEqual(user
.get_all_permissions() == set([u
'auth.test']), True)
54 self
.assertEqual(user
.get_group_permissions(), set([]))
55 self
.assertEqual(user
.has_module_perms('Group'), False)
56 self
.assertEqual(user
.has_module_perms('auth'), True)
57 perm
= Permission
.objects
.create(name
='test2', content_type
=content_type
, codename
='test2')
58 user
.user_permissions
.add(perm
)
60 perm
= Permission
.objects
.create(name
='test3', content_type
=content_type
, codename
='test3')
61 user
.user_permissions
.add(perm
)
63 user
= User
.objects
.get(username
='test')
64 self
.assertEqual(user
.get_all_permissions(), set([u
'auth.test2', u
'auth.test', u
'auth.test3']))
65 self
.assertEqual(user
.has_perm('test'), False)
66 self
.assertEqual(user
.has_perm('auth.test'), True)
67 self
.assertEqual(user
.has_perms(['auth.test2', 'auth.test3']), True)
68 perm
= Permission
.objects
.create(name
='test_group', content_type
=content_type
, codename
='test_group')
69 group
= Group
.objects
.create(name
='test_group')
70 group
.permissions
.add(perm
)
72 user
.groups
.add(group
)
73 user
= User
.objects
.get(username
='test')
74 exp
= set([u
'auth.test2', u
'auth.test', u
'auth.test3', u
'auth.test_group'])
75 self
.assertEqual(user
.get_all_permissions(), exp
)
76 self
.assertEqual(user
.get_group_permissions(), set([u
'auth.test_group']))
77 self
.assertEqual(user
.has_perms(['auth.test3', 'auth.test_group']), True)
79 user
= AnonymousUser()
80 self
.assertEqual(user
.has_perm('test'), False)
81 self
.assertEqual(user
.has_perms(['auth.test2', 'auth.test3']), False)
83 def test_has_no_object_perm(self
):
84 """Regressiontest for #12462"""
85 user
= User
.objects
.get(username
='test')
86 content_type
=ContentType
.objects
.get_for_model(Group
)
87 perm
= Permission
.objects
.create(name
='test', content_type
=content_type
, codename
='test')
88 user
.user_permissions
.add(perm
)
91 self
.assertEqual(user
.has_perm('auth.test', 'object'), False)
92 self
.assertEqual(user
.get_all_permissions('object'), set([]))
93 self
.assertEqual(user
.has_perm('auth.test'), True)
94 self
.assertEqual(user
.get_all_permissions(), set(['auth.test']))
96 def test_get_all_superuser_permissions(self
):
97 "A superuser has all permissions. Refs #14795"
98 user
= User
.objects
.get(username
='test2')
99 self
.assertEqual(len(user
.get_all_permissions()), len(Permission
.objects
.all()))
101 class TestObj(object):
105 class SimpleRowlevelBackend(object):
106 supports_inactive_user
= False
108 # This class also supports tests for anonymous user permissions, and
109 # inactive user permissions via subclasses which just set the
110 # 'supports_anonymous_user' or 'supports_inactive_user' attribute.
112 def has_perm(self
, user
, perm
, obj
=None):
114 return # We only support row level perms
116 if isinstance(obj
, TestObj
):
117 if user
.username
== 'test2':
119 elif user
.is_anonymous() and perm
== 'anon':
121 elif not user
.is_active
and perm
== 'inactive':
125 def has_module_perms(self
, user
, app_label
):
126 if not user
.is_anonymous() and not user
.is_active
:
128 return app_label
== "app1"
130 def get_all_permissions(self
, user
, obj
=None):
132 return [] # We only support row level perms
134 if not isinstance(obj
, TestObj
):
137 if user
.is_anonymous():
139 if user
.username
== 'test2':
140 return ['simple', 'advanced']
144 def get_group_permissions(self
, user
, obj
=None):
146 return # We only support row level perms
148 if not isinstance(obj
, TestObj
):
151 if 'test_group' in [group
.name
for group
in user
.groups
.all()]:
152 return ['group_perm']
157 class RowlevelBackendTest(TestCase
):
159 Tests for auth backend that supports object level permissions
161 backend
= 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'
164 self
.curr_auth
= settings
.AUTHENTICATION_BACKENDS
165 settings
.AUTHENTICATION_BACKENDS
= tuple(self
.curr_auth
) + (self
.backend
,)
166 self
.user1
= User
.objects
.create_user('test', 'test@example.com', 'test')
167 self
.user2
= User
.objects
.create_user('test2', 'test2@example.com', 'test')
168 self
.user3
= User
.objects
.create_user('test3', 'test3@example.com', 'test')
171 settings
.AUTHENTICATION_BACKENDS
= self
.curr_auth
172 # The get_group_permissions test messes with ContentTypes, which will
173 # be cached; flush the cache to ensure there are no side effects
174 # Refs #14975, #14925
175 ContentType
.objects
.clear_cache()
177 def test_has_perm(self
):
178 self
.assertEqual(self
.user1
.has_perm('perm', TestObj()), False)
179 self
.assertEqual(self
.user2
.has_perm('perm', TestObj()), True)
180 self
.assertEqual(self
.user2
.has_perm('perm'), False)
181 self
.assertEqual(self
.user2
.has_perms(['simple', 'advanced'], TestObj()), True)
182 self
.assertEqual(self
.user3
.has_perm('perm', TestObj()), False)
183 self
.assertEqual(self
.user3
.has_perm('anon', TestObj()), False)
184 self
.assertEqual(self
.user3
.has_perms(['simple', 'advanced'], TestObj()), False)
186 def test_get_all_permissions(self
):
187 self
.assertEqual(self
.user1
.get_all_permissions(TestObj()), set(['simple']))
188 self
.assertEqual(self
.user2
.get_all_permissions(TestObj()), set(['simple', 'advanced']))
189 self
.assertEqual(self
.user2
.get_all_permissions(), set([]))
191 def test_get_group_permissions(self
):
192 content_type
=ContentType
.objects
.get_for_model(Group
)
193 group
= Group
.objects
.create(name
='test_group')
194 self
.user3
.groups
.add(group
)
195 self
.assertEqual(self
.user3
.get_group_permissions(TestObj()), set(['group_perm']))
198 class AnonymousUserBackend(SimpleRowlevelBackend
):
199 supports_inactive_user
= False
202 class AnonymousUserBackendTest(TestCase
):
204 Tests for AnonymousUser delegating to backend.
207 backend
= 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend'
210 self
.curr_auth
= settings
.AUTHENTICATION_BACKENDS
211 settings
.AUTHENTICATION_BACKENDS
= (self
.backend
,)
212 self
.user1
= AnonymousUser()
215 settings
.AUTHENTICATION_BACKENDS
= self
.curr_auth
217 def test_has_perm(self
):
218 self
.assertEqual(self
.user1
.has_perm('perm', TestObj()), False)
219 self
.assertEqual(self
.user1
.has_perm('anon', TestObj()), True)
221 def test_has_perms(self
):
222 self
.assertEqual(self
.user1
.has_perms(['anon'], TestObj()), True)
223 self
.assertEqual(self
.user1
.has_perms(['anon', 'perm'], TestObj()), False)
225 def test_has_module_perms(self
):
226 self
.assertEqual(self
.user1
.has_module_perms("app1"), True)
227 self
.assertEqual(self
.user1
.has_module_perms("app2"), False)
229 def test_get_all_permissions(self
):
230 self
.assertEqual(self
.user1
.get_all_permissions(TestObj()), set(['anon']))
235 class NoBackendsTest(TestCase
):
237 Tests that an appropriate error is raised if no auth backends are provided.
240 self
.old_AUTHENTICATION_BACKENDS
= settings
.AUTHENTICATION_BACKENDS
241 settings
.AUTHENTICATION_BACKENDS
= []
242 self
.user
= User
.objects
.create_user('test', 'test@example.com', 'test')
245 settings
.AUTHENTICATION_BACKENDS
= self
.old_AUTHENTICATION_BACKENDS
247 def test_raises_exception(self
):
248 self
.assertRaises(ImproperlyConfigured
, self
.user
.has_perm
, ('perm', TestObj(),))
251 class InActiveUserBackend(SimpleRowlevelBackend
):
252 supports_inactive_user
= True
255 class NoInActiveUserBackend(SimpleRowlevelBackend
):
256 supports_inactive_user
= False
259 class InActiveUserBackendTest(TestCase
):
261 Tests for a inactive user delegating to backend if it has 'supports_inactive_user' = True
264 backend
= 'django.contrib.auth.tests.auth_backends.InActiveUserBackend'
267 self
.curr_auth
= settings
.AUTHENTICATION_BACKENDS
268 settings
.AUTHENTICATION_BACKENDS
= (self
.backend
,)
269 self
.user1
= User
.objects
.create_user('test', 'test@example.com', 'test')
270 self
.user1
.is_active
= False
274 settings
.AUTHENTICATION_BACKENDS
= self
.curr_auth
276 def test_has_perm(self
):
277 self
.assertEqual(self
.user1
.has_perm('perm', TestObj()), False)
278 self
.assertEqual(self
.user1
.has_perm('inactive', TestObj()), True)
280 def test_has_module_perms(self
):
281 self
.assertEqual(self
.user1
.has_module_perms("app1"), False)
282 self
.assertEqual(self
.user1
.has_module_perms("app2"), False)
285 class NoInActiveUserBackendTest(TestCase
):
287 Tests that an inactive user does not delegate to backend if it has 'supports_inactive_user' = False
289 backend
= 'django.contrib.auth.tests.auth_backends.NoInActiveUserBackend'
292 self
.curr_auth
= settings
.AUTHENTICATION_BACKENDS
293 settings
.AUTHENTICATION_BACKENDS
= tuple(self
.curr_auth
) + (self
.backend
,)
294 self
.user1
= User
.objects
.create_user('test', 'test@example.com', 'test')
295 self
.user1
.is_active
= False
299 settings
.AUTHENTICATION_BACKENDS
= self
.curr_auth
301 def test_has_perm(self
):
302 self
.assertEqual(self
.user1
.has_perm('perm', TestObj()), False)
303 self
.assertEqual(self
.user1
.has_perm('inactive', TestObj()), False)
305 def test_has_module_perms(self
):
306 self
.assertEqual(self
.user1
.has_module_perms("app1"), False)
307 self
.assertEqual(self
.user1
.has_module_perms("app2"), False)