From 329e21853a14b76e7f718dfe66b00e96d9d3beb9 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Pasquier <contact@jbpasquier.eu>
Date: Wed, 24 Jul 2019 20:28:12 +0200
Subject: [PATCH] update: Add tests & correct default permissions
---
djangoldp/serializers.py | 3 +-
djangoldp/tests/models.py | 43 ++++++++++++++++++-
.../tests/tests_anonymous_permissions.py | 12 ++----
djangoldp/tests/tests_user_permissions.py | 9 ++--
djangoldp/urls.py | 3 +-
djangoldp/views.py | 3 +-
6 files changed, 55 insertions(+), 18 deletions(-)
diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py
index 91972b0b..4412e880 100644
--- a/djangoldp/serializers.py
+++ b/djangoldp/serializers.py
@@ -21,6 +21,7 @@ from rest_framework.utils.serializer_helpers import ReturnDict
from djangoldp.fields import LDPUrlField, IdURLField
from djangoldp.models import Model
+from djangoldp.permissions import LDPPermissions
class LDListMixin:
@@ -253,7 +254,7 @@ class LDPSerializer(HyperlinkedModelSerializer):
serializer_generator = LDPViewSet(model=model_class,
lookup_field=Model.get_meta(model_class, 'lookup_field', 'pk'),
permission_classes=Model.get_meta(model_class,
- 'permission_classes', []),
+ 'permission_classes', [LDPPermissions]),
fields=Model.get_meta(model_class, 'serializer_fields', []),
nested_fields=Model.get_meta(model_class, 'nested_fields', []))
parent_depth = max(getattr(self.parent.Meta, "depth", 0) - 1, 0)
diff --git a/djangoldp/tests/models.py b/djangoldp/tests/models.py
index 8bda453d..c7e65f87 100644
--- a/djangoldp/tests/models.py
+++ b/djangoldp/tests/models.py
@@ -4,7 +4,6 @@ from django.db import models
from django.utils.datetime_safe import date
from djangoldp.models import Model
-from djangoldp.permissions import AnonymousReadOnly
class Skill(Model):
@@ -17,6 +16,9 @@ class Skill(Model):
return self.joboffer_set.filter(date__gte=date.today())
class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
serializer_fields = ["@id", "title", "recent_jobs"]
lookup_field = 'slug'
@@ -31,6 +33,9 @@ class JobOffer(Model):
return self.skills.filter(date__gte=date.today())
class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
nested_fields = ["skills"]
serializer_fields = ["@id", "title", "skills", "recent_skills"]
container_path = "job-offers/"
@@ -42,12 +47,20 @@ class Conversation(models.Model):
author_user = models.ForeignKey(settings.AUTH_USER_MODEL)
peer_user = models.ForeignKey(settings.AUTH_USER_MODEL, blank=True, null=True, related_name="peers_conv")
+ class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
+
class UserProfile(Model):
description = models.CharField(max_length=255, blank=True, null=True)
user = models.OneToOneField(settings.AUTH_USER_MODEL)
class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit']
+ owner_perms = ['inherit', 'change', 'control']
depth = 1
@@ -56,15 +69,30 @@ class Message(models.Model):
conversation = models.ForeignKey(Conversation, on_delete=models.DO_NOTHING)
author_user = models.ForeignKey(settings.AUTH_USER_MODEL)
+ class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
+
class Dummy(models.Model):
some = models.CharField(max_length=255, blank=True, null=True)
slug = models.SlugField(blank=True, null=True, unique=True)
+ class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
+
class LDPDummy(Model):
some = models.CharField(max_length=255, blank=True, null=True)
+ class Meta:
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
+
class Invoice(Model):
title = models.CharField(max_length=255, blank=True, null=True)
@@ -72,7 +100,9 @@ class Invoice(Model):
class Meta:
depth = 2
- permission_classes = [AnonymousReadOnly]
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
nested_fields = ["batches"]
@@ -82,6 +112,9 @@ class Batch(Model):
class Meta:
serializer_fields = ['@id', 'title', 'invoice', 'tasks']
+ anonymous_perms = ['view', 'add']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
nested_fields = ["tasks", 'invoice']
@@ -91,6 +124,9 @@ class Task(models.Model):
class Meta:
serializer_fields = ['@id', 'title', 'batch']
+ anonymous_perms = ['view']
+ authenticated_perms = ['inherit', 'add']
+ owner_perms = ['inherit', 'change', 'delete', 'control']
class Post(Model):
@@ -100,6 +136,9 @@ class Post(Model):
class Meta:
auto_author = 'author'
+ anonymous_perms = ['view', 'add', 'delete', 'add', 'change', 'control']
+ authenticated_perms = ['inherit']
+ owner_perms = ['inherit']
get_user_model()._meta.serializer_fields = ['@id', 'username', 'first_name', 'last_name', 'email', 'userprofile', 'conversation_set',]
diff --git a/djangoldp/tests/tests_anonymous_permissions.py b/djangoldp/tests/tests_anonymous_permissions.py
index f1ace746..78b7f578 100644
--- a/djangoldp/tests/tests_anonymous_permissions.py
+++ b/djangoldp/tests/tests_anonymous_permissions.py
@@ -4,7 +4,6 @@ from rest_framework.test import APIRequestFactory
from guardian.shortcuts import get_anonymous_user
-from djangoldp.permissions import AnonymousReadOnly
from djangoldp.tests.models import JobOffer
from djangoldp.views import LDPViewSet
@@ -22,15 +21,14 @@ class TestAnonymousUserPermissions(TestCase):
request.user = self.user
my_view = LDPViewSet.as_view({'get': 'list'},
model=JobOffer,
- nested_fields=["skills"],
- permission_classes=[AnonymousReadOnly])
+ nested_fields=["skills"])
response = my_view(request)
self.assertEqual(response.status_code, 200)
def test_post_request_for_anonymousUser(self):
data = {'title': 'new idea'}
request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json')
- my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"], permission_classes=[AnonymousReadOnly])
+ my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"])
response = my_view(request, pk=1)
self.assertEqual(response.status_code, 403)
@@ -38,8 +36,7 @@ class TestAnonymousUserPermissions(TestCase):
request = self.factory.put("/job-offers/")
my_view = LDPViewSet.as_view({'put': 'update'},
model=JobOffer,
- nested_fields=["skills"],
- permission_classes=[AnonymousReadOnly])
+ nested_fields=["skills"])
response = my_view(request, pk=self.job.pk)
self.assertEqual(response.status_code, 403)
@@ -47,7 +44,6 @@ class TestAnonymousUserPermissions(TestCase):
request = self.factory.patch("/job-offers/")
my_view = LDPViewSet.as_view({'patch': 'partial_update'},
model=JobOffer,
- nested_fields=["skills"],
- permission_classes=[AnonymousReadOnly])
+ nested_fields=["skills"])
response = my_view(request, pk=self.job.pk)
self.assertEqual(response.status_code, 403)
diff --git a/djangoldp/tests/tests_user_permissions.py b/djangoldp/tests/tests_user_permissions.py
index 5bda0e58..1feef258 100644
--- a/djangoldp/tests/tests_user_permissions.py
+++ b/djangoldp/tests/tests_user_permissions.py
@@ -1,7 +1,6 @@
from django.contrib.auth.models import User
from rest_framework.test import APIRequestFactory, APIClient, APITestCase
-from djangoldp.permissions import AnonymousReadOnly
from .models import JobOffer
from djangoldp.views import LDPViewSet
@@ -22,7 +21,7 @@ class TestUserPermissions(APITestCase):
def test_get_for_authenticated_user(self):
request = self.factory.get('/job-offers/')
request.user = self.user
- my_view = LDPViewSet.as_view({'get': 'list'}, model=JobOffer, permission_classes=[AnonymousReadOnly])
+ my_view = LDPViewSet.as_view({'get': 'list'}, model=JobOffer)
response = my_view(request)
self.assertEqual(response.status_code, 200)
@@ -30,7 +29,7 @@ class TestUserPermissions(APITestCase):
data = {'title': 'new idea'}
request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json')
request.user = self.user
- my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"], permission_classes=[AnonymousReadOnly])
+ my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"])
response = my_view(request, pk=1)
self.assertEqual(response.status_code, 201)
@@ -38,13 +37,13 @@ class TestUserPermissions(APITestCase):
# data = {'title':"job_updated"}
# request = self.factory.put('/job-offers/' + str(self.job.pk) + "/", data)
# request.user = self.user
- # my_view = LDPViewSet.as_view({'put': 'update'}, model=JobOffer, permission_classes=[AnonymousReadOnly])
+ # my_view = LDPViewSet.as_view({'put': 'update'}, model=JobOffer)
# response = my_view(request, pk=self.job.pk)
# self.assertEqual(response.status_code, 200)
#
# def test_request_patch_for_authenticated_user(self):
# request = self.factory.patch('/job-offers/' + str(self.job.pk) + "/")
# request.user = self.user
- # my_view = LDPViewSet.as_view({'patch': 'partial_update'}, model=JobOffer, permission_classes=[AnonymousReadOnly])
+ # my_view = LDPViewSet.as_view({'patch': 'partial_update'}, model=JobOffer)
# response = my_view(request, pk=self.job.pk)
# self.assertEqual(response.status_code, 200)
\ No newline at end of file
diff --git a/djangoldp/urls.py b/djangoldp/urls.py
index fb01b36f..31aa8312 100644
--- a/djangoldp/urls.py
+++ b/djangoldp/urls.py
@@ -5,6 +5,7 @@ from django.conf.urls import url, include
from djangoldp.models import LDPSource, Model
from djangoldp.views import LDPSourceViewSet
+from djangoldp.permissions import LDPPermissions
def __clean_path(path):
@@ -34,7 +35,7 @@ for class_name in model_classes:
urlpatterns.append(url(r'^' + path, include(
urls_fct(model=model_class,
lookup_field=Model.get_meta(model_class, 'lookup_field', 'pk'),
- permission_classes=Model.get_meta(model_class, 'permission_classes', []),
+ permission_classes=Model.get_meta(model_class, 'permission_classes', [LDPPermissions]),
fields=Model.get_meta(model_class, 'serializer_fields', []),
nested_fields=Model.get_meta(model_class, 'nested_fields', [])))))
diff --git a/djangoldp/views.py b/djangoldp/views.py
index b20cd12c..6b2ecc5e 100644
--- a/djangoldp/views.py
+++ b/djangoldp/views.py
@@ -15,6 +15,7 @@ from rest_framework.renderers import JSONRenderer
from rest_framework.viewsets import ModelViewSet
from djangoldp.models import LDPSource, Model
+from djangoldp.permissions import LDPPermissions
class JSONLDRenderer(JSONRenderer):
@@ -206,7 +207,7 @@ class LDPNestedViewSet(LDPViewSet):
parent_lookup_field=cls.get_lookup_arg(**kwargs),
model_prefix=cls.get_model(**kwargs)._meta.object_name.lower(),
permission_classes=Model.get_permission_classes(related_field.related_model,
- kwargs.get('permission_classes', ())),
+ kwargs.get('permission_classes', [LDPPermissions])),
lookup_url_kwarg=related_field.related_model._meta.object_name.lower() + '_id')
--
GitLab