Commits

Kai Diefenbach committed 5a63565

Changed API

  • Participants
  • Parent commits 8c17b85

Comments (0)

Files changed (4)

File permissions/backend.py

         obj
             The object for which the permission should be checked.
         """
-        return permissions.utils.has_permission(obj, permission_codename, user)
+        return permissions.utils.has_permission(obj, user, permission_codename)

File permissions/models.py

 from django.contrib.contenttypes.models import ContentType
 from django.utils.translation import ugettext_lazy as _
 
-class PermissionBase(models.Model):
+class PermissionBase(object):
     """Mix-in class for permissions.
     """
+    def grant_permission(self, role, permission):
+        """Grants passed permission to passed role. Returns True if the
+        permission was able to be added, otherwise False.
+
+        **Parameters:**
+
+        role
+            The role for which the permission should be granted.
+
+        permission
+            The permission which should be granted. Either a permission
+            object or the codename of a permission.
+        """
+        return permissions.utils.grant_permission(self, role, permission)
+
+    def remove_permission(self, role, permission):
+        """Removes passed permission from passed role. Returns True if the
+        permission has been removed.
+
+        **Parameters:**
+
+        role
+            The role for which a permission should be removed.
+
+        permission
+            The permission which should be removed. Either a permission object
+            or the codename of a permission.
+        """
+        return permissions.utils.remove_permission(self, role, permission)
+
+    def has_permission(self, user, permission, roles=[]):
+        """Checks whether the passed user has passed permission for this
+        instance.
+
+        **Parameters:**
+
+        permission
+            The permission's codename which should be checked. Must be a
+            string with a valid codename.
+
+        user
+            The user for which the permission should be checked.
+
+        roles
+            If passed, these roles will be assigned to the user temporarily
+            before the permissions are checked.
+        """
+        return permissions.utils.has_permission(self, user, permission, roles)
+
+    def add_inheritance_block(self, permission):
+        """Adds an inheritance block for the passed permission.
+
+        **Parameters:**
+
+        permission
+            The permission for which an inheritance block should be added.
+            Either a permission object or the codename of a permission.
+        """
+        return permissions.utils.add_inheritance_block(self, permission)
+
+    def remove_inheritance_block(self, permission):
+        """Removes a inheritance block for the passed permission.
+
+        **Parameters:**
+
+        permission
+            The permission for which an inheritance block should be removed.
+            Either a permission object or the codename of a permission.
+        """
+        return permissions.utils.remove_inheritance_block(self, permission)
+
+    def is_inherited(self, codename):
+        """Returns True if the passed permission is inherited.
+
+        **Parameters:**
+
+        codename
+            The permission which should be checked. Must be the codename of
+            the permission.
+        """
+        return permission.utils.is_inherited(self, codename)
+
     def add_role(self, principal, role):
+        """Adds a local role for the principal.
+
+        **Parameters:**
+
+        principal
+            The principal (user or group) which gets the role.
+
+        role
+            The role which is assigned.
+        """
+        return permissions.utils.add_local_role(self, principal, role)
+
+    def get_roles(self, principal):
+        """Returns local roles for passed principal (user or group).
+        """
+        return permissions.utils.get_local_roles(self, principal)
+
+    def remove_role(self, principal, role):
         """Adds a local role for the principal to the object.
+        
+        **Parameters:**
+
+        principal
+            The principal (user or group) from which the role is removed.
+
+        role
+            The role which is removed.
         """
-        permissions.utils.add_role(principal, role, self)
+        return permissions.utils.remove_local_role(self, principal, role)
 
     def remove_roles(self, principal):
         """Removes all local roles for the passed principal from the object.
+
+        **Parameters:**
+
+        principal
+            The principal (user or group) from which all local roles are 
+            removed.
         """
-        permissions.utils.remove_roles(principal, role, self)
+        return permissions.utils.remove_local_roles(self, principal, role)
 
 class Permission(models.Model):
     """A permission which can be granted to users/groups and objects.

File permissions/tests.py

         self.role_2 = permissions.utils.register_role("Role 2")
 
         self.user = User.objects.create(username="john")
+        self.group = Group.objects.create(name="brights")
 
         self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
         self.page_2 = FlatPage.objects.create(url="/page-1/", title="Page 2")
 
-    def test_global_roles(self):
+    def test_global_roles_user(self):
         """
         """
-        # Add role 1    
+        # Add role 1
         result = permissions.utils.add_role(self.user, self.role_1)
         self.assertEqual(result, True)
 
 
         result = permissions.utils.get_roles(self.user)
         self.assertEqual(result, [self.role_1, self.role_2])
-        
+
         # Remove role 1
         result = permissions.utils.remove_role(self.user, self.role_1)
         self.assertEqual(result, True)
         result = permissions.utils.get_roles(self.user)
         self.assertEqual(result, [])
 
+    def test_global_roles_group(self):
+        """
+        """
+        # Add role 1
+        result = permissions.utils.add_role(self.group, self.role_1)
+        self.assertEqual(result, True)
+
+        # Add role 1 again
+        result = permissions.utils.add_role(self.group, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_roles(self.group)
+        self.assertEqual(result, [self.role_1])
+
+        # Add role 2
+        result = permissions.utils.add_role(self.group, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.group)
+        self.assertEqual(result, [self.role_1, self.role_2])
+
+        # Remove role 1
+        result = permissions.utils.remove_role(self.group, self.role_1)
+        self.assertEqual(result, True)
+
+        # Remove role 1 again
+        result = permissions.utils.remove_role(self.group, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_roles(self.group)
+        self.assertEqual(result, [self.role_2])
+
+        # Remove role 2
+        result = permissions.utils.remove_role(self.group, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.group)
+        self.assertEqual(result, [])
+
+    def test_remove_roles_user(self):
+        """
+        """
+        # Add role 1
+        result = permissions.utils.add_role(self.user, self.role_1)
+        self.assertEqual(result, True)
+
+        # Add role 2
+        result = permissions.utils.add_role(self.user, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.user)
+        self.assertEqual(result, [self.role_1, self.role_2])
+
+        # Remove roles
+        result = permissions.utils.remove_roles(self.user)
+        self.assertEqual(result, True)
+        
+        result = permissions.utils.get_roles(self.user)
+        self.assertEqual(result, [])
+
+        # Remove roles
+        result = permissions.utils.remove_roles(self.user)
+        self.assertEqual(result, False)
+
+    def test_remove_roles_group(self):
+        """
+        """
+        # Add role 1
+        result = permissions.utils.add_role(self.group, self.role_1)
+        self.assertEqual(result, True)
+
+        # Add role 2
+        result = permissions.utils.add_role(self.group, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.group)
+        self.assertEqual(result, [self.role_1, self.role_2])
+
+        # Remove roles
+        result = permissions.utils.remove_roles(self.group)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_roles(self.group)
+        self.assertEqual(result, [])
+        
+        # Remove roles
+        result = permissions.utils.remove_roles(self.group)
+        self.assertEqual(result, False)
+
+    def test_local_role_user(self):
+        """
+        """
+        # Add local role to page 1
+        result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
+        self.assertEqual(result, True)
+
+        # Again
+        result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.user)
+        self.assertEqual(result, [self.role_1])
+
+        # Add local role 2
+        result = permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.user)
+        self.assertEqual(result, [self.role_1, self.role_2])
+
+        # Remove role 1
+        result = permissions.utils.remove_local_role(self.page_1, self.user, self.role_1)
+        self.assertEqual(result, True)
+
+        # Remove role 1 again
+        result = permissions.utils.remove_local_role(self.page_1, self.user, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.user)
+        self.assertEqual(result, [self.role_2])
+
+        # Remove role 2
+        result = permissions.utils.remove_local_role(self.page_1, self.user, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.user)
+        self.assertEqual(result, [])
+
+    def test_local_role_group(self):
+        """
+        """
+        # Add local role to page 1
+        result = permissions.utils.add_local_role(self.page_1, self.group, self.role_1)
+        self.assertEqual(result, True)
+
+        # Again
+        result = permissions.utils.add_local_role(self.page_1, self.group, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.group)
+        self.assertEqual(result, [self.role_1])
+
+        # Add local role 2
+        result = permissions.utils.add_local_role(self.page_1, self.group, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.group)
+        self.assertEqual(result, [self.role_1, self.role_2])
+
+        # Remove role 1
+        result = permissions.utils.remove_local_role(self.page_1, self.group, self.role_1)
+        self.assertEqual(result, True)
+
+        # Remove role 1 again
+        result = permissions.utils.remove_local_role(self.page_1, self.group, self.role_1)
+        self.assertEqual(result, False)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.group)
+        self.assertEqual(result, [self.role_2])
+
+        # Remove role 2
+        result = permissions.utils.remove_local_role(self.page_1, self.group, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.group)
+        self.assertEqual(result, [])
+    
+    def test_remove_local_roles_user(self):
+        """
+        """
+        # Add local role to page 1
+        result = permissions.utils.add_local_role(self.page_1, self.user, self.role_1)
+        self.assertEqual(result, True)
+
+        # Add local role 2
+        result = permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
+        self.assertEqual(result, True)
+
+        result = permissions.utils.get_local_roles(self.page_1, self.user)
+        self.assertEqual(result, [self.role_1, self.role_2])
+        
+        # Remove all local roles
+        result = permissions.utils.remove_local_roles(self.page_1, self.user)
+        self.assertEqual(result, True)
+        
+        result = permissions.utils.get_local_roles(self.page_1, self.user)
+        self.assertEqual(result, [])
+
+        # Remove all local roles again
+        result = permissions.utils.remove_local_roles(self.page_1, self.user)
+        self.assertEqual(result, False)
+        
 class PermissionTestCase(TestCase):
     """
     """
         self.page_2 = FlatPage.objects.create(url="/page-1/", title="Page 2")
 
         self.permission = permissions.utils.register_permission("View", "view")
+    
+    def test_add_permissions(self):
+        """
+        """
+        # Add per object
+        result = permissions.utils.grant_permission(self.page_1, self.role_1, self.permission)
+        self.assertEqual(result, True)
+        
+        # Add per codename
+        result = permissions.utils.grant_permission(self.page_1, self.role_1, "view")
+        self.assertEqual(result, True)
+        
+        # Add ermission which does not exist
+        result = permissions.utils.grant_permission(self.page_1, self.role_1, "hurz")
+        self.assertEqual(result, False)
+    
+    def test_remove_permission(self):
+        """
+        """
+        # Add
+        result = permissions.utils.grant_permission(self.page_1, self.role_1, "view")
+        self.assertEqual(result, True)
+        
+        # Remove
+        result = permissions.utils.remove_permission(self.page_1, self.role_1, "view")
+        self.assertEqual(result, True)
 
+        # Remove again
+        result = permissions.utils.remove_permission(self.page_1, self.role_1, "view")
+        self.assertEqual(result, False)
+        
     def test_has_permission_role(self):
         """
         """
-        result = permissions.utils.has_permission(self.page_1, "view", self.user)
+        result = permissions.utils.has_permission(self.page_1, self.user, "view")
         self.assertEqual(result, False)
 
-        result = permissions.utils.grant_permission(self.page_1, self.permission, self.role_1)
+        result = permissions.utils.grant_permission(self.page_1, self.role_1, self.permission)
         self.assertEqual(result, True)
 
-        result = permissions.utils.has_permission(self.page_1, "view", self.user)
+        result = permissions.utils.has_permission(self.page_1, self.user, "view")
         self.assertEqual(result, True)
 
-        result = permissions.utils.remove_permission(self.page_1, "view", self.role_1)
+        result = permissions.utils.remove_permission(self.page_1, self.role_1, "view")
         self.assertEqual(result, True)
 
-        result = permissions.utils.has_permission(self.page_1, "view", self.user)
+        result = permissions.utils.has_permission(self.page_1, self.user, "view")
         self.assertEqual(result, False)
 
     def test_has_permission_owner(self):
         """
         creator = User.objects.create(username="jane")
 
-        result = permissions.utils.has_permission(self.page_1, "view", creator)
+        result = permissions.utils.has_permission(self.page_1, creator, "view")
         self.assertEqual(result, False)
 
         owner = permissions.utils.register_role("Owner")
-        permissions.utils.grant_permission(self.page_1, "view", owner)
+        permissions.utils.grant_permission(self.page_1, owner, "view")
 
-        result = permissions.utils.has_permission(self.page_1, "view", creator, [owner])
+        result = permissions.utils.has_permission(self.page_1, creator, "view", [owner])
         self.assertEqual(result, True)
 
     def test_local_role(self):
         """
         """
-        result = permissions.utils.has_permission(self.page_1, "view", self.user)
+        result = permissions.utils.has_permission(self.page_1, self.user, "view")
         self.assertEqual(result, False)
 
-        permissions.utils.grant_permission(self.page_1, self.permission, self.role_2)
+        permissions.utils.grant_permission(self.page_1, self.role_2, self.permission)
         permissions.utils.add_local_role(self.page_1, self.user, self.role_2)
 
-        result = permissions.utils.has_permission(self.page_1, "view", self.user)
+        result = permissions.utils.has_permission(self.page_1, self.user, "view")
         self.assertEqual(result, True)
 
     def test_ineritance(self):
         """
         result = permissions.utils.is_inherited(self.page_1, "view")
         self.assertEqual(result, True)
-
+        
+        # per permission
         permissions.utils.add_inheritance_block(self.page_1, self.permission)
 
         result = permissions.utils.is_inherited(self.page_1, "view")
         self.assertEqual(result, False)
 
+        permissions.utils.remove_inheritance_block(self.page_1, self.permission)
+
+        result = permissions.utils.is_inherited(self.page_1, "view")
+        self.assertEqual(result, True)
+        
+        # per codename
+        permissions.utils.add_inheritance_block(self.page_1, "view")
+
+        result = permissions.utils.is_inherited(self.page_1, "view")
+        self.assertEqual(result, False)
+
+        permissions.utils.remove_inheritance_block(self.page_1, "view")
+
+        result = permissions.utils.is_inherited(self.page_1, "view")
+        self.assertEqual(result, True)
+
     def test_unicode(self):
         """
         """
         self.assertEqual(self.permission.__unicode__(), "View (view)")
 
         # ObjectPermission
-        permissions.utils.grant_permission(self.page_1, self.permission, self.role_1)
+        permissions.utils.grant_permission(self.page_1, self.role_1, self.permission)
         opr = ObjectPermission.objects.get(permission=self.permission, role=self.role_1)
         self.assertEqual(opr.__unicode__(), "View / Role 1 / flat page - 1")
 

File permissions/utils.py

 # django imports
 from django.db import IntegrityError
 from django.contrib.auth.models import User
+from django.contrib.auth.models import Group
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ObjectDoesNotExist
 
         The principal (user or group) from which the role is removed.
 
     role
-        The role which is assigned.
+        The role which is removed.
     """
     try:
         ctype = ContentType.objects.get_for_model(obj)
     return True
 
 def remove_roles(principal):
-    """Removes all local roles from passed object and principal (user or
-    group).
+    """Removes all local roles passed principal (user or group).
 
     **Parameters:**
 
     principal
         The principal (user or group) from which all roles are removed.
     """
-    try:
-        if obj is None:
-            if isinstance(principal, User):
-                ppr = PrincipalRoleRelation.objects.filter(
-                    user=principal, content_id=None, content_type=None)
-            else:
-                ppr = PrincipalRoleRelation.objects.filter(
-                    group=principal, content_id=None, content_type=None)
+    if isinstance(principal, User):
+        ppr = PrincipalRoleRelation.objects.filter(
+            user=principal, content_id=None, content_type=None)
+    else:
+        ppr = PrincipalRoleRelation.objects.filter(
+            group=principal, content_id=None, content_type=None)
 
-        else:
-            ctype = ContentType.objects.get_for_model(obj)
-
-            if isinstance(principal, User):
-                ppr = PrincipalRoleRelation.objects.filter(
-                    user=principal, content_id=obj.id, content_type=ctype)
-            else:
-                ppr = PrincipalRoleRelation.objects.filter(
-                    group=principal, content_id=obj.id, content_type=ctype)
-
-    except PrincipalRoleRelation.DoesNotExist:
+    if ppr:
+        ppr.delete()
+        return True
+    else:
         return False
-    else:
-        ppr.delete()
-
-    return True
 
 def remove_local_roles(obj, principal):
     """Removes all local roles from passed object and principal (user or
     principal
         The principal (user or group) from which the roles are removed.
     """
-    try:
-        ctype = ContentType.objects.get_for_model(obj)
+    ctype = ContentType.objects.get_for_model(obj)
 
-        if isinstance(principal, User):
-            ppr = PrincipalRoleRelation.objects.filter(
-                user=principal, content_id=obj.id, content_type=ctype)
-        else:
-            ppr = PrincipalRoleRelation.objects.filter(
-                group=principal, content_id=obj.id, content_type=ctype)
+    if isinstance(principal, User):
+        ppr = PrincipalRoleRelation.objects.filter(
+            user=principal, content_id=obj.id, content_type=ctype)
+    else:
+        ppr = PrincipalRoleRelation.objects.filter(
+            group=principal, content_id=obj.id, content_type=ctype)
 
-    except PrincipalRoleRelation.DoesNotExist:
+    if ppr:
+        ppr.delete()
+        return True
+    else:
         return False
-    else:
-        ppr.delete()
-
-    return True
 
 def get_roles(principal, obj=None):
     """Returns all roles of passed user for passed content object. This takes
 
 # Permissions ################################################################
 
-def grant_permission(obj, permission, role):
-    """Adds passed permission to passed group and object. Returns True if the
-    permission was able to be added, otherwise False.
+def grant_permission(obj, role, permission):
+    """Grants passed permission to passed role. Returns True if the permission
+    was able to be added, otherwise False.
 
     **Parameters:**
 
     obj
         The content object for which the permission should be granted.
 
+    role
+        The role for which the permission should be granted.
+
     permission
         The permission which should be granted. Either a permission
         object or the codename of a permission.
-
-    role
-        The role for which the permission should be granted.
     """
     if not isinstance(permission, Permission):
         try:
     try:
         ObjectPermission.objects.get(role=role, content_type = ct, content_id=obj.id, permission=permission)
     except ObjectPermission.DoesNotExist:
-        try:
-            result = ObjectPermission.objects.create(role=role, content=obj, permission=permission)
-        except IntegrityError:
-            return False
+        ObjectPermission.objects.create(role=role, content=obj, permission=permission)
 
     return True
 
-def remove_permission(obj, permission, role):
+def remove_permission(obj, role, permission):
     """Removes passed permission from passed role and object. Returns True if
     the permission has been removed.
 
     obj
         The content object for which a permission should be removed.
 
+    role
+        The role for which a permission should be removed.
+
     permission
         The permission which should be removed. Either a permission object
         or the codename of a permission.
-
-    role
-        The role for which a permission should be removed.
     """
     if not isinstance(permission, Permission):
         try:
     op.delete()
     return True
 
-def has_permission(obj, codename, user, roles=[]):
+def has_permission(obj, user, codename, roles=[]):
     """Checks whether the passed user has passed permission for passed object.
 
     **Parameters:**
     else:
         return False
 
-def get_role(name):
-    """Returns the role with given name or None if it doesn't exit.
+def get_group(id):
+    """Returns the group with passed id or None.
     """
     try:
-        return Role.objects.get(name=name)
+        return Group.objects.get(pk=id)
+    except Group.DoesNotExist:
+        return None
+
+def get_role(id):
+    """Returns the role with passed id or None.
+    """
+    try:
+        return Role.objects.get(pk=id)
+    except Role.DoesNotExist:
+        return None
+
+def get_user(id):
+    """Returns the user with passed id or None.
+    """
+    try:
+        return User.objects.get(pk=id)
     except Role.DoesNotExist:
         return None