Commit 640e8430 authored by nano's avatar nano

implemented permission system

parent 72b043f2
Pipeline #76 passed with stage
in 1 minute and 1 second
# Generated by Django 2.1.3 on 2018-11-27 21:53
# Generated by Django 2.1.3 on 2018-12-07 11:36
import django.db.models.deletion
from django.conf import settings
......@@ -51,8 +51,9 @@ class Migration(migrations.Migration):
name='PermissionGranted',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('date_granted', models.DateField(null=True)),
('time_granted', models.DateTimeField(null=True)),
('exchange', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='fiexapp.Exchange')),
('permission', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='fiexapp.Permission')),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
),
......
This diff is collapsed.
# Copyright (c) David Leeuwestein 2018.
#
# Fiex project site: https://anonym-online.net/fiex
# Fiex projet mail: fiex@anonym-online.net
# Fiex project mail: fiex@anonym-online.net
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
......@@ -15,33 +15,35 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
import re
import os.path
from django.test import TestCase
from fiexapp.models import Exchange, gen_random_token, hash_password, Permission, File
from fiexapp.exceptions import OperationNotPermittedException
from django.utils import timezone
import re
from django.conf import settings
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import User
from django.core.exceptions import ValidationError
from django.test import TestCase
from django.utils import timezone
from fiexapp.exceptions import OperationNotPermittedException
from fiexapp.models import Exchange, gen_random_token, hash_password, Permission, File
FILTER_FUZZING = [ \
""""';alert(String.fromCharCode(88,83,83))//';""", \
"""alert(String.fromCharCode(88, 83, 83)) // ";""", \
""""alert(String.fromCharCode(88,83,83))//";""", \
"""'';!--"<XSS>=&{()}""", \
""""< script / src = data:, alert() >""", \
"""<IMG SRC=javascript:alert("XSS")>""", \
"""<IMG SRC=&#0000106&#0000097&#>""", \
"""<IMG SRC="jav ascript:alert('XSS');">""", \
"""¼script¾alert(¢XSS¢)¼/script¾""", \
"""<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->""", \
"""<A HREF="http://66.102.7.147/">XSS</A>""", \
"""<w contenteditable id=x onfocus=alert()>""", \
"""alert;pg("XSS")""", \
"""<svg/onload=%26%23097lert%26lpar;1337)>""", \
]
""""';alert(String.fromCharCode(88,83,83))//';""", \
"""alert(String.fromCharCode(88, 83, 83)) // ";""", \
""""alert(String.fromCharCode(88,83,83))//";""", \
"""'';!--"<XSS>=&{()}""", \
""""< script / src = data:, alert() >""", \
"""<IMG SRC=javascript:alert("XSS")>""", \
"""<IMG SRC=&#0000106&#0000097&#>""", \
"""<IMG SRC="jav ascript:alert('XSS');">""", \
"""¼script¾alert(¢XSS¢)¼/script¾""", \
"""<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->""", \
"""<A HREF="http://66.102.7.147/">XSS</A>""", \
"""<w contenteditable id=x onfocus=alert()>""", \
"""alert;pg("XSS")""", \
"""<svg/onload=%26%23097lert%26lpar;1337)>""", \
]
class ExchangeTestCase(TestCase):
......@@ -53,12 +55,17 @@ class ExchangeTestCase(TestCase):
self.exchange_creation_date = timezone.now()
self.test_user1 = User.objects.create(username="permtest1", email="permtest1@example.com",
password="verysecretpass")
self.test_user1.save()
self.test_user2 = User.objects.create(username="permtest2", email="permtest1@example.com",
password="verysecretpass")
self.test_user2.save()
self.test_user3 = User.objects.create(username="permtest3", email="permtest1@example.com",
password="verysecretpass")
self.test_user3.save()
self.test_exchange1 = Exchange.objects.create(description="permtest", creation_date=timezone.now(),
created_by=self.test_user1)
self.test_exchange1.save()
self.test_exchange1.create_initial_permissions()
def test_object_creation(self):
Exchange.objects.create(description=self.exchange_description, creation_date=self.exchange_creation_date,
......@@ -90,12 +97,10 @@ class ExchangeTestCase(TestCase):
self.assertTrue(self.test_exchange1.has_permission(self.test_user1, Permission.READ_PERMISSION))
self.assertTrue(self.test_exchange1.has_permission(self.test_user1, Permission.WRITE_PERMISSION))
self.assertTrue(self.test_exchange1.has_permission(self.test_user1, Permission.CHANGE_PERMISSION))
self.assertTrue(self.test_exchange1.has_permission(self.test_user1, Permission.DELETE_PERMISSION))
self.assertFalse(self.test_exchange1.has_permission(self.test_user2, Permission.WRITE_PERMISSION))
self.assertFalse(self.test_exchange1.has_permission(self.test_user2, Permission.CHANGE_PERMISSION))
self.assertFalse(self.test_exchange1.has_permission(self.test_user2, Permission.READ_PERMISSION))
self.assertFalse(self.test_exchange1.has_permission(self.test_user2, Permission.DELETE_PERMISSION))
def test_grant_permission(self):
self.test_exchange1.change_permission(self.test_user2, Permission.READ_PERMISSION, True)
......@@ -107,38 +112,44 @@ class ExchangeTestCase(TestCase):
self.test_exchange1.change_permission(self.test_user2, Permission.CHANGE_PERMISSION, True)
self.assertTrue(self.test_exchange1.has_permission(self.test_user2, Permission.CHANGE_PERMISSION))
self.test_exchange1.change_permission(self.test_user2, Permission.DELETE_PERMISSION, True)
self.assertTrue(self.test_exchange1.has_permission(self.test_user2, Permission.DELETE_PERMISSION))
def test_exchange_data_dir_path(self):
exchange_data_dir_path = self.test_exchange1.data_store_dir_path()
exchange_data_dir_path = self.test_exchange1._data_store_dir_path()
self.assertTrue(os.path.commonprefix([settings.FIEX_DATA_FOLDER, exchange_data_dir_path]))
def test_path_from_exchange_data_dir_root(self):
self.assertEqual(self.test_exchange1.path_from_exchange_data_dir_root('test' + os.sep + 'a'),
os.path.join(self.test_exchange1.data_store_dir_path(), 'test' + os.sep + 'a'))
self.assertEqual(self.test_exchange1._path_from_exchange_data_dir_root('test' + os.sep + 'a'),
os.path.join(self.test_exchange1._data_store_dir_path(), 'test' + os.sep + 'a'))
with self.assertRaises(OperationNotPermittedException):
self.test_exchange1.path_from_exchange_data_dir_root('/test' + os.sep + 'a')
self.test_exchange1._path_from_exchange_data_dir_root('/test' + os.sep + 'a')
with self.assertRaises(OperationNotPermittedException):
self.test_exchange1.path_from_exchange_data_dir_root('test' + os.sep + '..' + os.sep + '..' + os.sep + 'a')
class PermissionTestCase(TestCase):
def setUp(self):
pass
class FileTest(TestCase):
def setUp(self):
self.test_user1 = User.objects.create(username="permtest1", email="permtest1@example.com",
password="verysecretpass")
self.test_exchange1 = Exchange.objects.create(description="permtest", creation_date=timezone.now(),
created_by=self.test_user1)
self.test_file1 = File.objects.create(path=('test' + os.sep + 'test.txt'), created_by_user=self.test_user1,
belongs_to_exchange=self.test_exchange1)
def test_object_destruction(self):
self.test_file1.delete()
self.test_exchange1._path_from_exchange_data_dir_root('test' + os.sep + '..' + os.sep + '..' + os.sep + 'a')
def test_folder_creation(self):
self.test_exchange1.mkdir('test_folder_creation')
def test_folder_destruction(self):
self.test_exchange1.mkdir('test_folder_creation')
self.test_exchange1.delete_dir('test_folder_creation', False)
class PermissionTestCase(TestCase):
def setUp(self):
pass
class FileTest(TestCase):
def setUp(self):
self.test_user1 = User.objects.create(username="permtest1", email="permtest1@example.com",
password="verysecretpass")
self.test_user1.save()
self.test_exchange1 = Exchange.objects.create(description="permtest", creation_date=timezone.now(),
created_by=self.test_user1)
self.test_exchange1.save()
self.test_file1 = File.objects.create(path=('test' + os.sep + 'test.txt'),
created_by_user=self.test_user1,
belongs_to_exchange=self.test_exchange1)
self.test_file1.save()
def test_object_destruction(self):
self.test_file1.delete()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment