mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Disable built-in model permissions

Browse Source
This commit is contained in:
Jeremy Stretch
2020-05-27 10:48:56 -04:00
parent 03da9348e5
commit 5dddf6846b
6 changed files with 197 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

250
netbox/utilities/testing/testcases.py
View File

@ -159,15 +159,15 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(self.client.get(instance.get_absolute_url()), 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_get_object_with_model_permission(self):
instance = self.model.objects.first()
# Add model-level permission
self.add_permissions(get_permission_for_model(self.model, 'view'))
# Try GET with model-level permission
self.assertHttpStatus(self.client.get(instance.get_absolute_url()), 200)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_get_object_with_model_permission(self):
# instance = self.model.objects.first()
#
# # Add model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'view'))
#
# # Try GET with model-level permission
# self.assertHttpStatus(self.client.get(instance.get_absolute_url()), 200)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_get_object_with_object_permission(self):
@ -217,24 +217,24 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(response, 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_create_object_with_model_permission(self):
initial_count = self.model.objects.count()
# Assign model-level permission
self.add_permissions(get_permission_for_model(self.model, 'add'))
# Try GET with model-level permission
self.assertHttpStatus(self.client.get(self._get_url('add')), 200)
# Try POST with model-level permission
request = {
'path': self._get_url('add'),
'data': post_data(self.form_data),
}
self.assertHttpStatus(self.client.post(**request), 302)
self.assertEqual(initial_count + 1, self.model.objects.count())
self.assertInstanceEqual(self.model.objects.order_by('pk').last(), self.form_data)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_create_object_with_model_permission(self):
# initial_count = self.model.objects.count()
#
# # Assign model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'add'))
#
# # Try GET with model-level permission
# self.assertHttpStatus(self.client.get(self._get_url('add')), 200)
#
# # Try POST with model-level permission
# request = {
# 'path': self._get_url('add'),
# 'data': post_data(self.form_data),
# }
# self.assertHttpStatus(self.client.post(**request), 302)
# self.assertEqual(initial_count + 1, self.model.objects.count())
# self.assertInstanceEqual(self.model.objects.order_by('pk').last(), self.form_data)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_create_object_with_object_permission(self):
@ -296,23 +296,23 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(self.client.post(**request), 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_edit_object_with_model_permission(self):
instance = self.model.objects.first()
# Assign model-level permission
self.add_permissions(get_permission_for_model(self.model, 'change'))
# Try GET with model-level permission
self.assertHttpStatus(self.client.get(self._get_url('edit', instance)), 200)
# Try POST with model-level permission
request = {
'path': self._get_url('edit', instance),
'data': post_data(self.form_data),
}
self.assertHttpStatus(self.client.post(**request), 302)
self.assertInstanceEqual(self.model.objects.get(pk=instance.pk), self.form_data)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_edit_object_with_model_permission(self):
# instance = self.model.objects.first()
#
# # Assign model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'change'))
#
# # Try GET with model-level permission
# self.assertHttpStatus(self.client.get(self._get_url('edit', instance)), 200)
#
# # Try POST with model-level permission
# request = {
# 'path': self._get_url('edit', instance),
# 'data': post_data(self.form_data),
# }
# self.assertHttpStatus(self.client.post(**request), 302)
# self.assertInstanceEqual(self.model.objects.get(pk=instance.pk), self.form_data)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_edit_object_with_object_permission(self):
@ -368,24 +368,24 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(self.client.post(**request), 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_delete_object_with_model_permission(self):
instance = self.model.objects.first()
# Assign model-level permission
self.add_permissions(get_permission_for_model(self.model, 'delete'))
# Try GET with model-level permission
self.assertHttpStatus(self.client.get(self._get_url('delete', instance)), 200)
# Try POST with model-level permission
request = {
'path': self._get_url('delete', instance),
'data': post_data({'confirm': True}),
}
self.assertHttpStatus(self.client.post(**request), 302)
with self.assertRaises(ObjectDoesNotExist):
self.model.objects.get(pk=instance.pk)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_delete_object_with_model_permission(self):
# instance = self.model.objects.first()
#
# # Assign model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'delete'))
#
# # Try GET with model-level permission
# self.assertHttpStatus(self.client.get(self._get_url('delete', instance)), 200)
#
# # Try POST with model-level permission
# request = {
# 'path': self._get_url('delete', instance),
# 'data': post_data({'confirm': True}),
# }
# self.assertHttpStatus(self.client.post(**request), 302)
# with self.assertRaises(ObjectDoesNotExist):
# self.model.objects.get(pk=instance.pk)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_delete_object_with_object_permission(self):
@ -434,20 +434,20 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(self.client.get(self._get_url('list')), 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_list_objects_with_model_permission(self):
# Add model-level permission
self.add_permissions(get_permission_for_model(self.model, 'view'))
# Try GET with model-level permission
self.assertHttpStatus(self.client.get(self._get_url('list')), 200)
# Built-in CSV export
if hasattr(self.model, 'csv_headers'):
response = self.client.get('{}?export'.format(self._get_url('list')))
self.assertHttpStatus(response, 200)
self.assertEqual(response.get('Content-Type'), 'text/csv')
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_list_objects_with_model_permission(self):
#
# # Add model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'view'))
#
# # Try GET with model-level permission
# self.assertHttpStatus(self.client.get(self._get_url('list')), 200)
#
# # Built-in CSV export
# if hasattr(self.model, 'csv_headers'):
# response = self.client.get('{}?export'.format(self._get_url('list')))
# self.assertHttpStatus(response, 200)
# self.assertEqual(response.get('Content-Type'), 'text/csv')
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_list_objects_with_object_permission(self):
@ -528,22 +528,22 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(response, 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_bulk_import_objects_with_model_permission(self):
initial_count = self.model.objects.count()
data = {
'csv': self._get_csv_data(),
}
# Assign model-level permission
self.add_permissions(get_permission_for_model(self.model, 'add'))
# Try GET with model-level permission
self.assertHttpStatus(self.client.get(self._get_url('import')), 200)
# Test POST with permission
self.assertHttpStatus(self.client.post(self._get_url('import'), data), 200)
self.assertEqual(self.model.objects.count(), initial_count + len(self.csv_data) - 1)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_bulk_import_objects_with_model_permission(self):
# initial_count = self.model.objects.count()
# data = {
# 'csv': self._get_csv_data(),
# }
#
# # Assign model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'add'))
#
# # Try GET with model-level permission
# self.assertHttpStatus(self.client.get(self._get_url('import')), 200)
#
# # Test POST with permission
# self.assertHttpStatus(self.client.post(self._get_url('import'), data), 200)
# self.assertEqual(self.model.objects.count(), initial_count + len(self.csv_data) - 1)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_bulk_import_objects_with_object_permission(self):
@ -589,24 +589,24 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_bulk_edit_objects_with_model_permission(self):
pk_list = self.model.objects.values_list('pk', flat=True)[:3]
data = {
'pk': pk_list,
'_apply': True, # Form button
}
# Append the form data to the request
data.update(post_data(self.bulk_edit_data))
# Assign model-level permission
self.add_permissions(get_permission_for_model(self.model, 'change'))
# Try POST with model-level permission
self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 302)
for i, instance in enumerate(self.model.objects.filter(pk__in=pk_list)):
self.assertInstanceEqual(instance, self.bulk_edit_data)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_bulk_edit_objects_with_model_permission(self):
# pk_list = self.model.objects.values_list('pk', flat=True)[:3]
# data = {
# 'pk': pk_list,
# '_apply': True, # Form button
# }
#
# # Append the form data to the request
# data.update(post_data(self.bulk_edit_data))
#
# # Assign model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'change'))
#
# # Try POST with model-level permission
# self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 302)
# for i, instance in enumerate(self.model.objects.filter(pk__in=pk_list)):
# self.assertInstanceEqual(instance, self.bulk_edit_data)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_bulk_edit_objects_with_object_permission(self):
@ -656,21 +656,21 @@ class ViewTestCases:
with disable_warnings('django.request'):
self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 403)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_bulk_delete_objects_with_model_permission(self):
pk_list = self.model.objects.values_list('pk', flat=True)
data = {
'pk': pk_list,
'confirm': True,
'_confirm': True, # Form button
}
# Assign model-level permission
self.add_permissions(get_permission_for_model(self.model, 'delete'))
# Try POST with model-level permission
self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 302)
self.assertEqual(self.model.objects.count(), 0)
# @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
# def test_bulk_delete_objects_with_model_permission(self):
# pk_list = self.model.objects.values_list('pk', flat=True)
# data = {
# 'pk': pk_list,
# 'confirm': True,
# '_confirm': True, # Form button
# }
#
# # Assign model-level permission
# self.add_permissions(get_permission_for_model(self.model, 'delete'))
#
# # Try POST with model-level permission
# self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 302)
# self.assertEqual(self.model.objects.count(), 0)
@override_settings(EXEMPT_VIEW_PERMISSIONS=[])
def test_bulk_delete_objects_with_object_permission(self):