stash

core/authentication/api_v2.py

@@ -14,9 +14,21 @@ from authentication.models import ExtendedUser
 
 
 class UserSerializer(serializers.ModelSerializer):
+    permissions = serializers.SerializerMethodField()
+
     class Meta:
         model = ExtendedUser
-        fields = ('id', 'username', 'email', 'first_name', 'last_name')
+        fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
+        read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions')
+
+    def collect_permissions(self, obj):
+        for permission in obj.get_all_permissions():
+            yield "*:" + permission
+        for permission in obj.event_permissions.all():
+            yield permission.event.slug + ":" + permission.permission.codename
+
+    def get_permissions(self, obj):
+        return list(self.collect_permissions(obj))
 
 
 @receiver(post_save, sender=ExtendedUser)
@@ -30,7 +42,7 @@ class UserViewSet(viewsets.ModelViewSet):
     serializer_class = UserSerializer
 
 
-@api_view(['POST'])
+@api_view(['GET'])
 @permission_classes([IsAuthenticated])
 def selfUser(request):
     serializer = UserSerializer(request.user)

core/authentication/tests/v2/test_permissions.py

@@ -65,7 +65,6 @@ class PermissionsTestCase(TestCase):
         user.event_permissions.create(permission=Permission.objects.get(codename='view_item'), event=Event.objects.get(slug='testevent2'))
         user.event_permissions.create(permission=Permission.objects.get(codename='add_item'), event=Event.objects.get(slug='testevent1'))
         user.save()
-        print(user.get_all_permissions())
         #self.assertTrue(user.has_perm('inventory.view_event', Event.objects.get(slug='testevent1')))
         #self.assertTrue(user.has_perm('inventory.view_event', Event.objects.get(slug='testevent2')))
         #self.assertFalse(user.has_perm('inventory.add_event', Event.objects.get(slug='testevent1')))

core/authentication/tests/v2/test_users.py

@@ -1,17 +1,30 @@
 from django.test import TestCase, Client
-from django.contrib.auth.models import Permission
+from django.contrib.auth.models import Permission, Group
 
 from knox.models import AuthToken
 
-from authentication.models import ExtendedUser
+from authentication.models import ExtendedUser, EventPermission
 from core import settings
+from inventory.models import Event
 
 
 class UserApiTest(TestCase):
 
     def setUp(self):
+        self.event = Event.objects.create(name='testevent', slug='testevent')
+        self.group1 = Group.objects.create(name='testgroup1')
+        self.group2 = Group.objects.create(name='testgroup2')
+        self.group1.permissions.add(Permission.objects.get(codename='add_item'))
+        self.group1.permissions.add(Permission.objects.get(codename='view_item'))
+        self.group2.permissions.add(Permission.objects.get(codename='view_event'))
+        self.group2.permissions.add(Permission.objects.get(codename='view_item'))
         self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
-        self.user.user_permissions.add(*Permission.objects.all())
+        self.user.user_permissions.add(Permission.objects.get(codename='add_event'))
+        self.user.groups.add(self.group1)
+        self.user.groups.add(self.group2)
+        self.user.save()
+        EventPermission.objects.create(event=self.event, user=self.user,
+                                       permission=Permission.objects.get(codename='delete_item'))
         self.user.save()
         self.token = AuthToken.objects.create(user=self.user)
         self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
@@ -31,12 +44,14 @@ class UserApiTest(TestCase):
         self.assertEqual(response.json()[1]['last_name'], '')
 
     def test_self_user(self):
-        response = self.client.post('/api/2/self/')
+        response = self.client.get('/api/2/self/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json()['username'], 'testuser')
         self.assertEqual(response.json()['email'], 'test')
         self.assertEqual(response.json()['first_name'], '')
         self.assertEqual(response.json()['last_name'], '')
+        permissions = response.json()['permissions']
+        self.assertEqual(len(permissions), 5)
 
     def test_register_user(self):
         anonymous = Client()