Skip to content

Instantly share code, notes, and snippets.

@kezabelle

kezabelle/perms.py

Created December 9, 2011 15:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kezabelle/1451938 to your computer and use it in GitHub Desktop.
Save kezabelle/1451938 to your computer and use it in GitHub Desktop.
Download ZIP
Standalone demonstration of view restrictions issue.
Raw
perms.py
from django.contrib.auth.models import User, Group
from cms.api import create_page
from cms.models.permissionmodels import PagePermission
from cms.models import ACCESS_PAGE, ACCESS_DESCENDANTS, ACCESS_CHILDREN, ACCESS_PAGE_AND_CHILDREN, ACCESS_PAGE_AND_DESCENDANTS
template = "cms/default.html"
language = 'en-gb'
groups = []
users = []
for g in ['A', 'B', 'C']:
new_group, _ = Group.objects.get_or_create(name=g)
new_user, _ = User.objects.get_or_create(username=g.lower())
new_user.set_password(g.lower())
new_user.groups.add(new_group)
new_user.save()
groups.append(new_group)
users.append(new_user)
# Create the following cms.models.pagemodel.Page structure.
# page 1
# page 2
# page 3
# page 4 <-- We're going to find we have permissions here.
# page 5
# page 6 <-- We'll add our permissions to this.
page1 = create_page("page 1", template, language, published=True, in_navigation=True)
page2 = create_page("page 2", template, language, published=True, in_navigation=True, parent=page1)
page3 = create_page("page 3", template, language, published=True, in_navigation=True, parent=page2)
page4 = create_page("page 4", template, language, published=True, in_navigation=True, parent=page3)
page5 = create_page("page 5", template, language, published=True, in_navigation=True, parent=page1)
page6 = create_page("page 6", template, language, published=True, in_navigation=True, parent=page5)
# make sure the tree is as we've documented.
assert [u'page 1', u'page 5'] == [x.get_title() for x in page6.get_ancestors()]
assert [u'page 1', u'page 2', u'page 3'] == [x.get_title() for x in page4.get_ancestors()]
# These are the full set of available permissions. We exclusively want to test can_view.
view_perms = {
'can_change': False,
'can_add': False,
'can_delete': False,
'can_change_advanced_settings': False,
'can_publish': False,
'can_change_permissions': False,
'can_move_page': False,
'can_moderate': False,
'can_view': True,
}
perm_a, _ = PagePermission.objects.get_or_create(grant_on=ACCESS_PAGE_AND_DESCENDANTS, group=groups[0], page=page6, **view_perms)
perm_b, _ = PagePermission.objects.get_or_create(grant_on=ACCESS_PAGE_AND_CHILDREN, group=groups[2], page=page6, **view_perms)
# we've just added perm_a and perm_b to this page, so we would expect 2 results.
assert 2 == PagePermission.objects.for_page(page6).count()
# page 4 should be an entirely different set of permissions, as page 6 is not
# an ancestor, but is instead an ancestor's sibling.
assert 0 == PagePermission.objects.for_page(page4).count()
# doubly-verify by comparing the titles.
assert [u'page 6', u'page 6'] == [x.page.get_title() for x in PagePermission.objects.for_page(page4)]
# handle the two other descendent oriented choices.
perm_a.grant_on = ACCESS_DESCENDANTS
perm_a.save()
perm_b.grant_on = ACCESS_CHILDREN
perm_b.save()
# Same as previous asserts.
assert PagePermission.objects.for_page(page6).count() == 2
assert PagePermission.objects.for_page(page4).count() == 0
# the final one. The only one that works correctly is specifically current page only.
perm_a.grant_on = ACCESS_PAGE
perm_a.save()
perm_b.grant_on = ACCESS_PAGE
perm_b.save()
# is now correct.
assert PagePermission.objects.for_page(page6).count() == 2
assert PagePermission.objects.for_page(page4).count() == 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment