Ne pas filtrer le queryset lorsqu'on a affaire à un superuser
authorEric Mc Sween <eric.mcsween@auf.org>
Wed, 25 Jul 2012 20:28:55 +0000 (16:28 -0400)
committerEric Mc Sween <eric.mcsween@auf.org>
Wed, 25 Jul 2012 20:28:55 +0000 (16:28 -0400)
auf/django/permissions/__init__.py
tests/simpletests/__init__.py
tests/simpletests/models.py
tests/simpletests/tests.py

index afa0012..fc331d1 100644 (file)
@@ -104,6 +104,10 @@ def queryset_with_perm(queryset, user, perm):
     Filters ``queryset``, leaving only objects on which ``user`` has the
     permission ``perm``.
     """
+    # Special case: superusers have all permissions on all objects.
+    if user.is_superuser:
+        return queryset
+
     roles = get_roles(user)
     query = None
     for role in roles:
index 61af87f..42aa460 100644 (file)
@@ -9,16 +9,26 @@ from tests.simpletests.models import Food
 def role_provider(user):
     if user.username == 'alice':
         return [VegetarianRole()]
+    elif user.username == 'bob':
+        return [HippieRole()]
     else:
         return []
 
 
 class VegetarianRole(Role):
 
-    def has_perm(self, perm):
-        return perm in ('eat', 'pray', 'love')
-
     def get_filter_for_perm(self, perm, model):
-        if model is Food and perm == 'eat':
-            return Q(is_meat=False)
+        if model is Food:
+            if perm == 'eat':
+                return Q(is_meat=False)
+            elif perm == 'buy':
+                return True
+            elif perm == 'throw':
+                return False
         return False
+
+
+class HippieRole(Role):
+
+    def has_perm(self, perm):
+        return perm in ('eat', 'pray', 'love')
index 0da9de0..2cb4b80 100644 (file)
@@ -3,3 +3,6 @@ from django.db import models
 
 class Food(models.Model):
     is_meat = models.BooleanField()
+
+    def __unicode__(self):
+        return u'Food #%d' % self.id
index db4c441..d8bf7f6 100644 (file)
@@ -10,20 +10,45 @@ class HasPermTestCase(TransactionTestCase):
 
     def setUp(self):
         self.alice = User.objects.create(username='alice')
+        self.bob = User.objects.create(username='bob')
+        self.superman = User.objects.create(
+            username='superman', is_superuser=True
+        )
         self.carrot = Food.objects.create(is_meat=False)
         self.celery = Food.objects.create(is_meat=False)
         self.steak = Food.objects.create(is_meat=True)
 
     def test_global_permissions(self):
-        self.assertTrue(self.alice.has_perm('eat'))
-        self.assertFalse(self.alice.has_perm('sleep'))
+        self.assertTrue(self.bob.has_perm('eat'))
+        self.assertFalse(self.bob.has_perm('sleep'))
+        self.assertFalse(self.alice.has_perm('eat'))
 
     def test_object_permissions(self):
         self.assertTrue(self.alice.has_perm('eat', self.carrot))
+        self.assertFalse(self.alice.has_perm('throw', self.carrot))
         self.assertFalse(self.alice.has_perm('eat', self.steak))
+        self.assertTrue(self.alice.has_perm('buy', self.steak))
 
     def test_queryset_filtering(self):
-        actual = Food.objects.with_perm(self.alice, 'eat') \
-                .values_list('id', flat=True)
-        expected = [x.id for x in (self.carrot, self.celery)]
-        self.assertItemsEqual(actual, expected)
+        self.assertEqual(
+            set(Food.objects.with_perm(self.alice, 'eat')),
+            set([self.carrot, self.celery])
+        )
+        self.assertEqual(
+            set(Food.objects.with_perm(self.alice, 'throw')),
+            set()
+        )
+        self.assertEqual(
+            set(Food.objects.with_perm(self.alice, 'buy')),
+            set(Food.objects.all())
+        )
+        self.assertEqual(
+            set(Food.objects.with_perm(self.bob, 'eat')),
+            set()
+        )
+
+    def test_superuser_queryset_filtering(self):
+        self.assertEqual(
+            set(Food.objects.with_perm(self.superman, 'eat')),
+            set(Food.objects.all())
+        )