ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4834/python/rule.adoc
Fred Tingaud 51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
2023-06-22 10:38:01 +02:00

99 lines
2.8 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
# limiting access via "has_perm" and adding permission with "user_permissions.add"
from django.contrib.auth.models import Permission, User, Group
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import get_object_or_404
from django.core.exceptions import PermissionDenied
def test_permissions(request, user_id): # Sensitive. This method checks permissions/authentication or changes permissions
user = get_object_or_404(User, pk=user_id)
# Or
user = request.user
user.has_perm('thisis.a_perm') # Check permission
user.has_perms(['thisis.a_perm']) # Check permission
request.user.is_authenticated # Check permission
content_type = ContentType.objects.get_for_model(User)
permission = Permission.objects.get(
codename='change_something',
content_type=content_type,
)
user.user_permissions.add(permission) # Changes permissions
user.user_permissions.set([permission]) # Changes permissions
user.user_permissions.remove(permission) # Changes permissions
user.user_permissions.clear() # Changes permissions
group, created = Group.objects.get_or_create(name='mygroup')
group = Group.objects.get(name='mygroup') # Or
group.permissions.add(permission) # Changes permissions
group.permissions.set([permission]) # Changes permissions
group.permissions.remove(permission) # Changes permissions
group.permissions.clear() # Changes permissions
user.groups.set([group]) # Changes permissions
user.groups.add(group) # Changes permissions
user.groups.remove(group) # Changes permissions
user.groups.clear() # Changes permissions
raise PermissionDenied # Denies permission
# limiting access to the models with Model->Meta->permissions
from django.db import models
class Person(models.Model):
class Meta:
permissions = (('can_sleep_in_bed', 'Can sleep in bed'),) # Sensitive.
# Limiting access with the decorators
from django.contrib.auth.decorators import permission_required, login_required
@login_required # Checks authentication
@permission_required('app.can_sleep') # Checks permission
def index(request): # Sensitive.
pass
# Limiting access with "PermissionRequiredMixin"
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.views.generic import View
class MyView(PermissionRequiredMixin, View):
permission_required = ('app.can_sleep', 'app.can_drive') # Sensitive.
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
=== Highlighting
secondary location on XXX
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink