NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-19 17:59:11 -06:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fix permission assignment in tests

Browse Source
This commit is contained in:
Jeremy Stretch 2020-05-27 16:53:30 -04:00
parent fb7446487e
commit ce46512c74
4 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
netbox/extras/tests/test_customfields.py
View File

@ -1,7 +1,6 @@
from datetime import date from datetime import date
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.test import Client, TestCase
from django.urls import reverse from django.urls import reverse
from rest_framework import status from rest_framework import status
@ -9,7 +8,7 @@ from dcim.forms import SiteCSVForm
from dcim.models import Site from dcim.models import Site
from extras.choices import * from extras.choices import *
from extras.models import CustomField, CustomFieldValue, CustomFieldChoice from extras.models import CustomField, CustomFieldValue, CustomFieldChoice
from utilities.testing import APITestCase, create_test_user from utilities.testing import APITestCase, TestCase
from virtualization.models import VirtualMachine from virtualization.models import VirtualMachine
@ -470,17 +469,10 @@ class CustomFieldChoiceAPITest(APITestCase):
class CustomFieldImportTest(TestCase): class CustomFieldImportTest(TestCase):
user_permissions = (
def setUp(self):
user = create_test_user(
permissions=[
'dcim.view_site', 'dcim.view_site',
'dcim.add_site', 'dcim.add_site',
]
) )
self.client = Client()
self.client.force_login(user)
@classmethod @classmethod
def setUpTestData(cls): def setUpTestData(cls):

2
netbox/netbox/settings.py
View File

@ -338,8 +338,8 @@ TEMPLATES = [
# Set up authentication backends # Set up authentication backends
AUTHENTICATION_BACKENDS = [ AUTHENTICATION_BACKENDS = [
'utilities.auth_backends.ObjectPermissionBackend',
REMOTE_AUTH_BACKEND, REMOTE_AUTH_BACKEND,
'utilities.auth_backends.ObjectPermissionBackend',
] ]
# Internationalization # Internationalization

8
netbox/utilities/auth_backends.py
View File

@ -1,7 +1,7 @@
import logging import logging
from django.conf import settings from django.conf import settings
from django.contrib.auth.backends import BaseBackend, ModelBackend from django.contrib.auth.backends import ModelBackend, RemoteUserBackend as _RemoteUserBackend
from django.contrib.auth.models import Group, Permission from django.contrib.auth.models import Group, Permission
from django.db.models import Q from django.db.models import Q
@ -88,7 +88,7 @@ class ObjectPermissionBackend(ModelBackend):
return model.objects.filter(attrs, pk=obj.pk).exists() return model.objects.filter(attrs, pk=obj.pk).exists()
class RemoteUserBackend(BaseBackend): class RemoteUserBackend(_RemoteUserBackend):
""" """
Custom implementation of Django's RemoteUserBackend which provides configuration hooks for basic customization. Custom implementation of Django's RemoteUserBackend which provides configuration hooks for basic customization.
""" """
@ -124,7 +124,11 @@ class RemoteUserBackend(BaseBackend):
"<app>.<action>_<model>. (Example: dcim.add_site)" "<app>.<action>_<model>. (Example: dcim.add_site)"
) )
if permissions_list: if permissions_list:
# TODO: Create an ObjectPermission
user.user_permissions.add(*permissions_list) user.user_permissions.add(*permissions_list)
logger.debug(f"Assigned permissions to remotely-authenticated user {user}: {permissions_list}") logger.debug(f"Assigned permissions to remotely-authenticated user {user}: {permissions_list}")
return user return user
def has_perm(self, user_obj, perm, obj=None):
return False

35
netbox/utilities/testing/testcases.py
View File

@ -33,18 +33,31 @@ class TestCase(_TestCase):
Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>. Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.
""" """
for name in names: for name in names:
app, codename = name.split('.') app_label, codename = name.split('.')
perm = Permission.objects.get(content_type__app_label=app, codename=codename) action, model_name = codename.split('_')
self.user.user_permissions.add(perm)
kwargs = {
'model': ContentType.objects.get(app_label=app_label, model=model_name),
f'can_{action}': True
}
obj_perm = ObjectPermission(**kwargs)
obj_perm.save()
obj_perm.users.add(self.user)
def remove_permissions(self, *names): def remove_permissions(self, *names):
""" """
Remove a set of permissions from the test user, if assigned. Remove a set of permissions from the test user, if assigned.
""" """
for name in names: for name in names:
app, codename = name.split('.') app_label, codename = name.split('.')
perm = Permission.objects.get(content_type__app_label=app, codename=codename) action, model_name = codename.split('_')
self.user.user_permissions.remove(perm)
kwargs = {
'user': self.user,
'model': ContentType.objects.get(app_label=app_label, model=model_name),
f'can_{action}': True
}
ObjectPermission.objects.filter(**kwargs).delete()
# #
# Convenience methods # Convenience methods
@ -493,10 +506,14 @@ class ViewTestCases:
with disable_warnings('django.request'): with disable_warnings('django.request'):
self.assertHttpStatus(self.client.post(**request), 403) self.assertHttpStatus(self.client.post(**request), 403)
# Assign the required permission and submit again # Assign object-level permission
self.add_permissions( obj_perm = ObjectPermission(
'{}.add_{}'.format(self.model._meta.app_label, self.model._meta.model_name) model=ContentType.objects.get_for_model(self.model),
can_add=True
) )
obj_perm.save()
obj_perm.users.add(self.user)
response = self.client.post(**request) response = self.client.post(**request)
self.assertHttpStatus(response, 302) self.assertHttpStatus(response, 302)