Fix: Fix permission check for tastypie / update to 0.14.1

2026-02-04 21:49:26 +01:00 · 2018-08-26 03:35:14 -07:00
parent 913a0ba08d
commit fe1439b2a2
5 changed files with 81 additions and 40 deletions
--- a/users/auth/backends.py
+++ b/users/auth/backends.py
@@ -33,11 +33,3 @@ class CombinedAuthBackend(object):
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None
-
-    def has_perm(self, user, perm, obj=None):
-        """
-        A very simplistic authorization mechanism for now. Basically a pin owner can do anything with the pin.
-        """
-        if obj and isinstance(obj, Pin):
-            return obj.submitter == user
-        return False
--- a/users/tests.py
+++ b/users/tests.py
@@ -34,21 +34,6 @@ class CombinedAuthBackendTest(TestCase):
    def test_authenticate_unknown_user(self):
        self.assertIsNone(self.backend.authenticate(username='wrong-username', password='wrong-password'))

-    @mock.patch('requests.get', mock_requests_get)
-    def test_has_perm_on_pin(self):
-        image = Image.objects.create_for_url('http://testserver/mocked/screenshot.png')
-        user = User.objects.get(username=self.username)
-        pin = Pin.objects.create(submitter=user, image=image)
-        self.assertTrue(self.backend.has_perm(user, 'add_pin', pin))
-
-    @mock.patch('requests.get', mock_requests_get)
-    def test_has_perm_on_pin_unauthorized(self):
-        image = Image.objects.create_for_url('http://testserver/mocked/screenshot.png')
-        user = User.objects.get(username=self.username)
-        other_user = User.objects.create_user('test', 'test@example.com', 'test')
-        pin = Pin.objects.create(submitter=user, image=image)
-        self.assertFalse(self.backend.has_perm(other_user, 'add_pin', pin))
-

 class CreateUserTest(TestCase):
    def test_create_post(self):