Merge pull request #2 from PolicyStat/issue_2

Fix permission_required
2026-05-08 23:54:44 +00:00 · 2017-11-20 15:00:55 -05:00 · 2017-11-20 15:00:55 -05:00 · b64cc8729b
commit b64cc8729b
parent 796f3d6281 0c47ab2f4e
6 changed files with 57 additions and 37 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -7,10 +7,11 @@ cache:
 env:
  matrix:
  - TOXENV=py27-dj18
-  - TOXENV=py33-dj18
  - TOXENV=py34-dj18
  - TOXENV=py35-dj18
  - TOXENV=py27-dj111
+  - TOXENV=py34-dj111
+  - TOXENV=py35-dj111
 install:
 - pip install tox codecov
 script: tox -v
--- a/authority/views.py
+++ b/authority/views.py
@ -25,8 +25,9 @@ def add_permission(request, app_label, module_name, pk, approved=False,
                   template_name='authority/permission_form.html',
                   extra_context=None, form_class=UserPermissionForm):
    codename = request.POST.get('codename', None)
-    model = apps.get_model(app_label, module_name)
-    if model is None:
+    try:
+        model = apps.get_model(app_label, module_name)
+    except LookupError:
        return permission_denied(request)
    obj = get_object_or_404(model, pk=pk)
    next = get_next(request, obj)
@ -108,5 +109,8 @@ def permission_denied(request, template_name=None, extra_context=None):
    }
    if extra_context:
        context.update(extra_context)
-    return HttpResponseForbidden(loader.render_to_string(template_name,
-                                                         context, request))
+    return HttpResponseForbidden(loader.render_to_string(
+        template_name=template_name,
+        context=context,
+        request=request,
+    ))
--- a/example/exampleapp/tests.py
+++ b/example/exampleapp/tests.py
@ -1,23 +1,26 @@
-"""
-This file demonstrates two different styles of tests (one doctest and one
-unittest). These will both pass when you run "manage.py test".
-
-Replace these with more appropriate tests for your application.
-"""
-
+from django.core.urlresolvers import reverse
 from django.test import TestCase

-class SimpleTest(TestCase):
-    def test_basic_addition(self):
-        """
-        Tests that 1 + 1 always equals 2.
-        """
-        self.failUnlessEqual(1 + 1, 2)
+from authority.compat import get_user_model

-__test__ = {"doctest": """
-Another way to test that 1 + 1 is equal to 2.

->>> 1 + 1 == 2
-True
-"""}
+class AddPermissionTestCase(TestCase):
+    def test_add_permission_permission_denied_is_403(self):
+        user = get_user_model().objects.create(
+            username='foo',
+            email='foo@example.com',
+        )
+        user.set_password('pw')
+        user.save()

+        assert self.client.login(username='foo@example.com', password='pw')
+        url = reverse(
+            'authority-add-permission-request',
+            kwargs={
+                'app_label': 'foo',
+                'module_name': 'Bar',
+                'pk': 1,
+            },
+        )
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 403)
--- a/example/settings.py
+++ b/example/settings.py
@ -54,11 +54,6 @@ INTERNAL_IPS = ('127.0.0.1',)


 TEMPLATE_CONTEXT_PROCESSORS = (
-    'django.core.context_processors.auth',
-    'django.core.context_processors.debug',
-    'django.core.context_processors.i18n',
-    'django.core.context_processors.media',
-    'django.core.context_processors.request',
 )

 ROOT_URLCONF = 'example.urls'
@ -80,14 +75,28 @@ if VERSION >= (1, 5):
    INSTALLED_APPS = INSTALLED_APPS + ('example.users',)
    AUTH_USER_MODEL = 'users.User'

-TEMPLATE_LOADERS = (
-    'django.template.loaders.filesystem.load_template_source',
-    'django.template.loaders.app_directories.load_template_source',
-)
-
-TEMPLATE_DIRS = (
-    os.path.join(PROJECT_ROOT, "templates"),
-)
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [
+            # insert your TEMPLATE_DIRS here
+        ],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                # Insert your TEMPLATE_CONTEXT_PROCESSORS here or use this
+                # list if you haven't customized them:
+                'django.contrib.auth.context_processors.auth',
+                'django.template.context_processors.debug',
+                'django.template.context_processors.i18n',
+                'django.template.context_processors.media',
+                'django.template.context_processors.static',
+                'django.template.context_processors.tz',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]

 # Use local_settings.py for things to override privately
 try:
--- a/example/users/models.py
+++ b/example/users/models.py
@ -1,4 +1,5 @@
 from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
+from django.contrib.auth.models import UserManager
 from django.db import models
 from django.utils import timezone

@ -15,3 +16,5 @@ class User(AbstractBaseUser, PermissionsMixin):
    is_staff = models.BooleanField(default=False)
    is_active = models.BooleanField(default=True)
    date_joined = models.DateTimeField(default=timezone.now)
+
+    objects = UserManager()
--- a/tox.ini
+++ b/tox.ini
@ -12,7 +12,7 @@ basepython =
    py34: python3.4
    py35: python3.5
 usedevelop = true
-commands = python example/manage.py test authority
+commands = python example/manage.py test authority exampleapp
 deps =
    dj18: Django<1.9
    dj19: Django<1.10