|
|
@@ -168,356 +168,6 @@ class ExternalAuthenticationTestCase(TestCase):
|
|
|
self.assertTrue(new_user.has_perms(['dcim.add_site', 'dcim.change_site']))
|
|
|
|
|
|
|
|
|
-class ObjectPermissionViewTestCase(TestCase):
|
|
|
-
|
|
|
- @classmethod
|
|
|
- def setUpTestData(cls):
|
|
|
-
|
|
|
- cls.sites = (
|
|
|
- Site(name='Site 1', slug='site-1'),
|
|
|
- Site(name='Site 2', slug='site-2'),
|
|
|
- Site(name='Site 3', slug='site-3'),
|
|
|
- )
|
|
|
- Site.objects.bulk_create(cls.sites)
|
|
|
-
|
|
|
- cls.prefixes = (
|
|
|
- Prefix(prefix=IPNetwork('10.0.0.0/24'), site=cls.sites[0]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.1.0/24'), site=cls.sites[0]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.2.0/24'), site=cls.sites[0]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.3.0/24'), site=cls.sites[1]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.4.0/24'), site=cls.sites[1]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.5.0/24'), site=cls.sites[1]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.6.0/24'), site=cls.sites[2]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.7.0/24'), site=cls.sites[2]),
|
|
|
- Prefix(prefix=IPNetwork('10.0.8.0/24'), site=cls.sites[2]),
|
|
|
- )
|
|
|
- Prefix.objects.bulk_create(cls.prefixes)
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_get_object(self):
|
|
|
-
|
|
|
- # Attempt to retrieve object without permission
|
|
|
- response = self.client.get(self.prefixes[0].get_absolute_url())
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['view']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Retrieve permitted object
|
|
|
- response = self.client.get(self.prefixes[0].get_absolute_url())
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
-
|
|
|
- # Attempt to retrieve non-permitted object
|
|
|
- response = self.client.get(self.prefixes[3].get_absolute_url())
|
|
|
- self.assertHttpStatus(response, 404)
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_list_objects(self):
|
|
|
-
|
|
|
- # Attempt to list objects without permission
|
|
|
- response = self.client.get(reverse('ipam:prefix_list'))
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['view']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Retrieve all objects. Only permitted objects should be returned.
|
|
|
- response = self.client.get(reverse('ipam:prefix_list'))
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertIn(str(self.prefixes[0].prefix), str(response.content))
|
|
|
- self.assertNotIn(str(self.prefixes[3].prefix), str(response.content))
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_create_object(self):
|
|
|
- initial_count = Prefix.objects.count()
|
|
|
- form_data = {
|
|
|
- 'prefix': '10.0.9.0/24',
|
|
|
- 'site': self.sites[1].pk,
|
|
|
- 'status': PrefixStatusChoices.STATUS_ACTIVE,
|
|
|
- }
|
|
|
-
|
|
|
- # Attempt to create an object without permission
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_add'),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': False, # Do not follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
- self.assertEqual(initial_count, Prefix.objects.count())
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['view', 'add']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Attempt to create a non-permitted object
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_add'),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': True, # Follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertEqual(Prefix.objects.count(), initial_count)
|
|
|
-
|
|
|
- # Create a permitted object
|
|
|
- form_data['site'] = self.sites[0].pk
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_add'),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': True, # Follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertEqual(Prefix.objects.count(), initial_count + 1)
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_edit_object(self):
|
|
|
- form_data = {
|
|
|
- 'prefix': '10.0.9.0/24',
|
|
|
- 'site': self.sites[0].pk,
|
|
|
- 'status': PrefixStatusChoices.STATUS_RESERVED,
|
|
|
- }
|
|
|
-
|
|
|
- # Attempt to edit an object without permission
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_edit', kwargs={'pk': self.prefixes[0].pk}),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': False, # Do not follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['view', 'change']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Attempt to edit a non-permitted object
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_edit', kwargs={'pk': self.prefixes[3].pk}),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': True, # Follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 404)
|
|
|
-
|
|
|
- # Edit a permitted object
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_edit', kwargs={'pk': self.prefixes[0].pk}),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': True, # Follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- prefix = Prefix.objects.get(pk=self.prefixes[0].pk)
|
|
|
- self.assertEqual(prefix.status, PrefixStatusChoices.STATUS_RESERVED)
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_delete_object(self):
|
|
|
- form_data = {
|
|
|
- 'confirm': True
|
|
|
- }
|
|
|
-
|
|
|
- # Attempt to delete object without permission
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_delete', kwargs={'pk': self.prefixes[0].pk}),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['view', 'delete']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Delete permitted object
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_delete', kwargs={'pk': self.prefixes[0].pk}),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': True, # Follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertFalse(Prefix.objects.filter(pk=self.prefixes[0].pk).exists())
|
|
|
-
|
|
|
- # Attempt to delete non-permitted object
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_delete', kwargs={'pk': self.prefixes[3].pk}),
|
|
|
- 'data': form_data,
|
|
|
- 'follow': True, # Follow 302 redirects
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 404)
|
|
|
- self.assertTrue(Prefix.objects.filter(pk=self.prefixes[3].pk).exists())
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_bulk_import_objects(self):
|
|
|
- initial_count = Prefix.objects.count()
|
|
|
- form_data = {
|
|
|
- 'csv': "prefix,status,site\n"
|
|
|
- "10.0.9.0/24,Active,Site 1\n"
|
|
|
- "10.0.10.0/24,Active,Site 2\n"
|
|
|
- "10.0.11.0/24,Active,Site 3\n",
|
|
|
- }
|
|
|
-
|
|
|
- # Attempt to import objects without permission
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_import'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
- self.assertEqual(initial_count, Prefix.objects.count())
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['add']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Attempt to create non-permitted objects
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_import'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertEqual(Prefix.objects.count(), initial_count)
|
|
|
-
|
|
|
- # Create a permitted object
|
|
|
- form_data = {
|
|
|
- 'csv': "prefix,status,site\n"
|
|
|
- "10.0.9.0/24,Active,Site 1\n"
|
|
|
- "10.0.10.0/24,Active,Site 1\n"
|
|
|
- "10.0.11.0/24,Active,Site 1\n",
|
|
|
- }
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_import'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertEqual(Prefix.objects.count(), initial_count + 3)
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_bulk_edit_objects(self):
|
|
|
- form_data = {
|
|
|
- 'pk': [p.pk for p in self.prefixes],
|
|
|
- 'status': 'reserved',
|
|
|
- '_apply': True,
|
|
|
- }
|
|
|
-
|
|
|
- # Attempt to edit objects without permission
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_bulk_edit'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['change']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Attempt to edit non-permitted objects
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_bulk_edit'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 302)
|
|
|
- self.assertEqual(Prefix.objects.get(pk=self.prefixes[3].pk).status, 'active')
|
|
|
-
|
|
|
- # Edit permitted objects
|
|
|
- form_data['pk'] = [p.pk for p in self.prefixes[:3]]
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_bulk_edit'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 302)
|
|
|
- self.assertEqual(Prefix.objects.get(pk=self.prefixes[0].pk).status, 'reserved')
|
|
|
-
|
|
|
- @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
|
|
|
- def test_bulk_delete_objects(self):
|
|
|
- form_data = {
|
|
|
- 'pk': [p.pk for p in self.prefixes],
|
|
|
- 'confirm': True,
|
|
|
- '_confirm': True,
|
|
|
- }
|
|
|
-
|
|
|
- # Attempt to delete objects without permission
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_bulk_delete'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 403)
|
|
|
-
|
|
|
- # Assign object permission
|
|
|
- obj_perm = ObjectPermission(
|
|
|
- constraints={'site__name': 'Site 1'},
|
|
|
- actions=['view', 'delete']
|
|
|
- )
|
|
|
- obj_perm.save()
|
|
|
- obj_perm.users.add(self.user)
|
|
|
- obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
|
|
-
|
|
|
- # Attempt to delete non-permitted object
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_bulk_delete'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 200)
|
|
|
- self.assertTrue(Prefix.objects.filter(pk=self.prefixes[3].pk).exists())
|
|
|
-
|
|
|
- # Delete permitted objects
|
|
|
- form_data['pk'] = [p.pk for p in self.prefixes[:3]]
|
|
|
- request = {
|
|
|
- 'path': reverse('ipam:prefix_bulk_delete'),
|
|
|
- 'data': form_data,
|
|
|
- }
|
|
|
- response = self.client.post(**request)
|
|
|
- self.assertHttpStatus(response, 302)
|
|
|
- self.assertFalse(Prefix.objects.filter(pk=self.prefixes[0].pk).exists())
|
|
|
-
|
|
|
-
|
|
|
class ObjectPermissionAPIViewTestCase(TestCase):
|
|
|
client_class = APIClient
|
|
|
|
Jeremy Stretch