Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Debian New Member Process
nm.debian.org
Commits
b895c2ff
Commit
b895c2ff
authored
May 31, 2016
by
Enrico Zini
Browse files
More permission tweaks
parent
36a1d357
Changes
3
Hide whitespace changes
Inline
Side-by-side
backend/models.py
View file @
b895c2ff
...
@@ -62,24 +62,6 @@ class PersonVisitorPermissions(object):
...
@@ -62,24 +62,6 @@ class PersonVisitorPermissions(object):
if
p
.
advocates
.
filter
(
pk
=
self
.
visitor
.
pk
).
exists
():
return
True
if
p
.
advocates
.
filter
(
pk
=
self
.
visitor
.
pk
).
exists
():
return
True
return
False
return
False
@
cached_property
def
_is_current_am
(
self
):
"""
Return True if the visitor is the am of any active process not in
FD/DAM hands
"""
if
self
.
visitor
is
None
:
return
False
try
:
am
=
self
.
visitor
.
am
except
AM
.
DoesNotExist
:
return
False
for
p
in
self
.
processes
:
if
not
p
.
is_active
:
continue
if
p
.
progress
in
self
.
fddam_states
:
continue
if
p
.
manager
==
am
:
return
True
return
False
@
cached_property
@
cached_property
def
_can_edit_bio
(
self
):
def
_can_edit_bio
(
self
):
"""
"""
...
@@ -89,7 +71,7 @@ class PersonVisitorPermissions(object):
...
@@ -89,7 +71,7 @@ class PersonVisitorPermissions(object):
if
self
.
visitor
.
is_admin
:
return
True
if
self
.
visitor
.
is_admin
:
return
True
if
self
.
person
.
pending
:
return
False
if
self
.
person
.
pending
:
return
False
if
self
.
visitor
.
pk
==
self
.
person
.
pk
:
return
True
if
self
.
visitor
.
pk
==
self
.
person
.
pk
:
return
True
return
self
.
_
is
_current_advocate
or
self
.
_is_current
_am
return
self
.
v
is
itor
.
is_active
_am
@
cached_property
@
cached_property
def
_can_update_keycheck
(
self
):
def
_can_update_keycheck
(
self
):
...
@@ -100,7 +82,7 @@ class PersonVisitorPermissions(object):
...
@@ -100,7 +82,7 @@ class PersonVisitorPermissions(object):
if
self
.
visitor
.
is_admin
:
return
True
if
self
.
visitor
.
is_admin
:
return
True
if
self
.
person
.
pending
:
return
False
if
self
.
person
.
pending
:
return
False
if
self
.
visitor
.
pk
==
self
.
person
.
pk
:
return
True
if
self
.
visitor
.
pk
==
self
.
person
.
pk
:
return
True
return
self
.
_
is
_current_advocate
or
self
.
_is_current_a
m
return
self
.
v
is
itor
.
is_active_am
or
self
.
_is_current_a
dvocate
@
cached_property
@
cached_property
def
_has_ldap_record
(
self
):
def
_has_ldap_record
(
self
):
...
@@ -127,7 +109,7 @@ class PersonVisitorPermissions(object):
...
@@ -127,7 +109,7 @@ class PersonVisitorPermissions(object):
# Only the person themselves, or an am, can potentially edit LDAP
# Only the person themselves, or an am, can potentially edit LDAP
# fields
# fields
if
self
.
person
.
pk
!=
self
.
visitor
.
pk
and
not
self
.
_is_current
_am
:
return
False
if
self
.
person
.
pk
!=
self
.
visitor
.
pk
and
not
self
.
visitor
.
is_active
_am
:
return
False
# Check if there is some process in a state for which nobody should
# Check if there is some process in a state for which nobody should
# interfere
# interfere
...
@@ -520,6 +502,13 @@ class Person(PermissionsMixin, models.Model):
...
@@ -520,6 +502,13 @@ class Person(PermissionsMixin, models.Model):
def
is_am
(
self
):
def
is_am
(
self
):
return
"am"
in
self
.
perms
return
"am"
in
self
.
perms
@
property
def
is_active_am
(
self
):
try
:
return
self
.
am
.
is_am
except
AM
.
DoesNotExist
:
return
False
@
property
@
property
def
is_admin
(
self
):
def
is_admin
(
self
):
return
"admin"
in
self
.
perms
return
"admin"
in
self
.
perms
...
...
backend/tests/test_perms.py
View file @
b895c2ff
...
@@ -276,7 +276,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -276,7 +276,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dc_ga"
)
expected
.
patch_advs
(
"adv"
,
"-dc_ga"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -310,7 +310,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -310,7 +310,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dc_ga"
)
expected
.
patch_advs
(
"adv"
,
"-dc_ga"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -374,7 +374,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -374,7 +374,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dm_ga"
)
expected
.
patch_advs
(
"adv"
,
"-dm_ga"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -406,7 +406,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -406,7 +406,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dm"
)
expected
.
patch_advs
(
"adv"
,
"-dm"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -439,7 +439,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -439,7 +439,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -471,7 +471,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -471,7 +471,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -503,7 +503,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -503,7 +503,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -535,7 +535,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -535,7 +535,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -568,7 +568,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -568,7 +568,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
@@ -600,7 +600,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
...
@@ -600,7 +600,7 @@ class TestVisitApplicant(ProcessFixtureMixin, TestVisitPersonMixin, TestCase):
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
assertApplicantPermsInitialProcess
(
expected
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
self
.
processes
.
app
.
advocates
.
add
(
self
.
persons
.
adv
)
expected
.
set_perms
(
"adv"
,
"update_keycheck
edit_bio
view_person_audit_log view_mbox"
)
expected
.
set_perms
(
"adv"
,
"update_keycheck view_person_audit_log view_mbox"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
expected
.
patch_advs
(
"adv"
,
"-dd_nu -dd_u"
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
self
.
assertApplicantPermsHasAdvocate
(
expected
)
...
...
fprs/tests/test_views.py
View file @
b895c2ff
...
@@ -98,10 +98,8 @@ class TestPersonFingerprints(PersonFixtureMixin, TestCase):
...
@@ -98,10 +98,8 @@ class TestPersonFingerprints(PersonFixtureMixin, TestCase):
@
classmethod
@
classmethod
def
setUpClass
(
cls
):
def
setUpClass
(
cls
):
super
(
TestPersonFingerprints
,
cls
).
setUpClass
()
super
(
TestPersonFingerprints
,
cls
).
setUpClass
()
cls
.
persons
.
create
(
"app"
,
status
=
const
.
STATUS_DC
,
alioth
=
True
,
fd_comment
=
"FD_COMMENTS"
)
cls
.
persons
.
create
(
"adv"
,
status
=
const
.
STATUS_DD_NU
)
cls
.
persons
.
create
(
"am"
,
status
=
const
.
STATUS_DD_NU
)
cls
.
persons
.
create
(
"am"
,
status
=
const
.
STATUS_DD_NU
)
#
cls.
processe
s.create("a
pp
", person=cls.persons.a
pp, applying_for=const.STATUS_DD_NU, progress=const.PROGRESS_AM, manager=cls.persons.am, advocates=[cls.persons.adv]
)
cls
.
am
s
.
create
(
"a
m
"
,
person
=
cls
.
persons
.
a
m
)
@
classmethod
@
classmethod
def
__add_extra_tests__
(
cls
):
def
__add_extra_tests__
(
cls
):
...
@@ -118,13 +116,16 @@ class TestPersonFingerprints(PersonFixtureMixin, TestCase):
...
@@ -118,13 +116,16 @@ class TestPersonFingerprints(PersonFixtureMixin, TestCase):
cls
.
_add_method
(
cls
.
_test_get_forbidden
,
person
,
person
)
cls
.
_add_method
(
cls
.
_test_get_forbidden
,
person
,
person
)
cls
.
_add_method
(
cls
.
_test_post_forbidden
,
person
,
person
)
cls
.
_add_method
(
cls
.
_test_post_forbidden
,
person
,
person
)
# Only applicant, advocate, am, fd and dam can see and edit the keys of an applicant
# active ams, fd and dam can see and edit the keys of anyone who is not in LDAP
for
person
in
(
"app"
,
"am"
,
"fd"
,
"dam"
):
for
visitor
in
(
"am"
,
"fd"
,
"dam"
):
cls
.
_add_method
(
cls
.
_test_get_success
,
person
,
"app"
)
for
visited
in
(
"dc"
,
"dm"
):
cls
.
_add_method
(
cls
.
_test_post_success
,
person
,
"app"
)
cls
.
_add_method
(
cls
.
_test_get_success
,
visitor
,
visited
)
for
person
in
(
"pending"
,
"dc"
,
"dc_ga"
,
"dm"
,
"dm_ga"
,
"adv"
,
"dd_nu"
,
"dd_u"
):
cls
.
_add_method
(
cls
.
_test_post_success
,
visitor
,
visited
)
cls
.
_add_method
(
cls
.
_test_get_forbidden
,
person
,
"app"
)
for
visitor
in
(
"pending"
,
"dc"
,
"dc_ga"
,
"dm"
,
"dm_ga"
,
"dd_nu"
,
"dd_u"
):
cls
.
_add_method
(
cls
.
_test_post_forbidden
,
person
,
"app"
)
for
visited
in
(
"dc"
,
"dm"
):
if
visitor
==
visited
:
continue
cls
.
_add_method
(
cls
.
_test_get_forbidden
,
visitor
,
visited
)
cls
.
_add_method
(
cls
.
_test_post_forbidden
,
visitor
,
visited
)
def
_test_get_success
(
self
,
visitor
,
visited
):
def
_test_get_success
(
self
,
visitor
,
visited
):
client
=
self
.
make_test_client
(
visitor
)
client
=
self
.
make_test_client
(
visitor
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment