diff --git a/authrole/auth/backends.py b/authrole/auth/backends.py index 2896099..0d9f77b 100644 --- a/authrole/auth/backends.py +++ b/authrole/auth/backends.py @@ -1,7 +1,6 @@ from __future__ import unicode_literals from django.contrib.auth.backends import ModelBackend -from django.contrib.auth.models import Permission class BaseAuthRoleBackend(ModelBackend): @@ -16,14 +15,11 @@ def get_role_permissions(self, user_obj, obj=None): Returns a set of permission strings that this user has through his/her role. """ - if user_obj.is_anonymous() or obj is not None: + if user_obj.is_superuser: return set() if not hasattr(user_obj, '_role_perm_cache'): - if user_obj.is_superuser: - perms = Permission.objects.all() - else: - perms = self.fetch_role_permissions(user_obj) - perms = perms.values_list('content_type__app_label', 'codename') \ + perms = self.fetch_role_permissions(user_obj) \ + .values_list('content_type__app_label', 'codename') \ .order_by() user_obj._role_perm_cache = set(['%s.%s' % (ct, name) for ct, name in perms]) diff --git a/tests/fixtures/role.yaml b/tests/fixtures/role.yaml index 095df6a..aeda34b 100644 --- a/tests/fixtures/role.yaml +++ b/tests/fixtures/role.yaml @@ -84,6 +84,14 @@ is_active: true is_superuser: false is_staff: false +- pk: 3 + model: 'auth.User' + fields: + username: 'user3' + password: 'pbkdf2_sha256$10000$vkRy7QauoLLj$ry+3xm3YX+YrSXbri8s3EcXDIrx5ceM+xQjtpLdw2oE=' + is_active: true + is_superuser: true + is_staff: true - pk: 1 model: 'tests.MyUser' diff --git a/tests/tests.py b/tests/tests.py index 9697045..744dd8e 100644 --- a/tests/tests.py +++ b/tests/tests.py @@ -1,5 +1,5 @@ import django -from django.contrib.auth.models import Permission +from django.contrib.auth.models import Permission, AnonymousUser from django.test.testcases import TestCase from authrole.auth.backends import BaseAuthRoleBackend @@ -9,26 +9,26 @@ class MyBackend(BaseAuthRoleBackend): def fetch_role_permissions(self, user_obj): return Permission.objects.filter(group__roles__myusers__user=user_obj) -backend = MyBackend() - -class BackendTestCase(TestCase): +class MyBackendTestCase(TestCase): fixtures = ['role'] - def test_1(self): + backend = MyBackend() + + def test_empty_role(self): if django.VERSION[:2] < (1, 11): - user = backend.authenticate('user1', 'test') + user = self.backend.authenticate('user1', 'test') else: - user = backend.authenticate(None, 'user1', 'test') - permissions = backend.get_all_permissions(user) + user = self.backend.authenticate(None, 'user1', 'test') + permissions = self.backend.get_all_permissions(user) self.assertSetEqual(permissions, set()) - def test_2(self): + def test_role(self): if django.VERSION[:2] < (1, 11): - user = backend.authenticate('user2', 'test') + user = self.backend.authenticate('user2', 'test') else: - user = backend.authenticate(None, 'user2', 'test') - permissions = backend.get_all_permissions(user) + user = self.backend.authenticate(None, 'user2', 'test') + permissions = self.backend.get_all_permissions(user) self.assertSetEqual(permissions, { 'app.can_add_model1', 'app.can_update_model1', @@ -37,3 +37,17 @@ def test_2(self): 'app.can_update_model2', 'app.can_delete_model2', }) + + def test_unauthorized(self): + user = AnonymousUser() + permissions = self.backend.get_all_permissions(user) + self.assertSetEqual(permissions, set()) + + def test_superuser(self): + if django.VERSION[:2] < (1, 11): + user = self.backend.authenticate('user3', 'test') + else: + user = self.backend.authenticate(None, 'user3', 'test') + permissions = self.backend.get_all_permissions(user) + all_permissions = Permission.objects.all().count() + self.assertEqual(len(permissions), all_permissions)