def test_ActiveUserRolePermission_authenticated_user(authenticated_user_instance):
authenticated_user_instance.is_active = True
with permissions.ActiveUserRolePermission():
pass
authenticated_user_instance.is_active = False
with pytest.raises(HTTPException):
with permissions.ActiveUserRolePermission():
pass
def decorator(func_or_class):
"""
A helper wrapper.
"""
if isinstance(func_or_class, type):
# Handle Resource classes decoration
# pylint: disable=protected-access
func_or_class._apply_decorator_to_methods(decorator)
return func_or_class
else:
func = func_or_class
# Avoid circilar dependency
from app.extensions import oauth2
from app.modules.users import permissions
# Automatically apply `permissions.ActiveUserRolePermisson`
# guard if none is yet applied.
if getattr(func, '_role_permission_applied', False):
protected_func = func
else:
protected_func = self.permission_required(
permissions.ActiveUserRolePermission()
)(func)
# Ignore the current OAuth2 scopes if another @login_required
# decorator was applied and just copy the already applied scopes.
if hasattr(protected_func, '__apidoc__') \
and 'security' in protected_func.__apidoc__ \
and '__oauth__' in protected_func.__apidoc__['security']:
_oauth_scopes = protected_func.__apidoc__['security']['__oauth__']['scopes']
else:
_oauth_scopes = oauth_scopes
oauth_protection_decorator = oauth2.require_oauth(*_oauth_scopes)
self._register_access_restriction_decorator(protected_func, oauth_protection_decorator)
oauth_protected_func = oauth_protection_decorator(protected_func)
return self.doc(
security={
# This is a temporary configuration which is overriden in
# `Api.add_namespace`.
'__oauth__': {
'type': 'oauth',
'scopes': _oauth_scopes,
}
}
)(
self.response(
code=HTTPStatus.UNAUTHORIZED.value,
description=(
"Authentication is required"
if not oauth_scopes else
"Authentication with %s OAuth scope(s) is required" % (
', '.join(oauth_scopes)
)
),
)(oauth_protected_func)
)
def decorator(func_or_class):
"""
A helper wrapper.
"""
if isinstance(func_or_class, type):
# Handle Resource classes decoration
# pylint: disable=protected-access
func_or_class._apply_decorator_to_methods(decorator)
return func_or_class
else:
func = func_or_class
# Avoid circilar dependency
from app.extensions import oauth2
from app.modules.users import permissions
# This way we will avoid unnecessary checks if the decorator is
# applied several times, e.g. when Resource class is decorated.
func.__dict__['__latest_oauth_decorator_id__'] = id(decorator)
# Automatically apply `permissions.ActiveUserRolePermisson`
# guard if none is yet applied.
if getattr(func, '_role_permission_applied', False):
protected_func = func
else:
protected_func = self.permission_required(
permissions.ActiveUserRolePermission())(func)
# Accumulate OAuth2 scopes if @login_required decorator is applied
# several times
if hasattr(protected_func, '__apidoc__') \
and 'security' in protected_func.__apidoc__ \
and '__oauth__' in protected_func.__apidoc__['security']:
_oauth_scopes = (oauth_scopes +
protected_func.__apidoc__['security']
['__oauth__']['scopes'])
else:
_oauth_scopes = oauth_scopes
def oauth_protection_decorator(func):
"""
This helper decorator is necessary to be able to skip redundant
checks when Resource class is also decorated.
"""
oauth_protected_func = oauth2.require_oauth(
*_oauth_scopes)(func)
@wraps(oauth_protected_func)
def wrapper(self, *args, **kwargs):
"""
This wrapper decides whether OAuth2.require_oauth should be
executed to avoid unnecessary calls when ``login_required``
decorator is applied several times.
"""
latest_oauth_decorator_id = getattr(
getattr(self, func.__name__),
'__latest_oauth_decorator_id__', None)
if id(decorator) == latest_oauth_decorator_id:
_func = oauth_protected_func
else:
_func = func
return _func(self, *args, **kwargs)
return wrapper
self._register_access_restriction_decorator(
protected_func, oauth_protection_decorator)
oauth_protected_func = oauth_protection_decorator(protected_func)
return self.doc(
security={
# This is a temporary configuration which is overriden in
# `Api.add_namespace`.
'__oauth__': {
'type': 'oauth',
'scopes': _oauth_scopes,
}
})(self.response(
code=http_exceptions.Unauthorized.code,
description=(
"Authentication is required" if not _oauth_scopes else
"Authentication with %s OAuth scope(s) is required" %
(', '.join(_oauth_scopes))),
)(oauth_protected_func))
def test_ActiveUserRolePermission_anonymous_user(anonymous_user_instance):
# pylint: disable=unused-argument
with pytest.raises(HTTPException):
with permissions.ActiveUserRolePermission():
pass
def decorator(func_or_class):
"""
A helper wrapper.
"""
if isinstance(func_or_class, type):
# Handle Resource classes decoration
# pylint: disable=protected-access
func_or_class._apply_decorator_to_methods(decorator)
return func_or_class
func = func_or_class
# Avoid circular dependency
from app.extensions import oauth2
from app.modules.users import permissions
# Automatically apply `permissions.ActiveUserRolePermisson`
# guard if none is yet applied.
if getattr(func, '_role_permission_applied', False):
protected_func = func
else:
protected_func = self.permission_required(
permissions.ActiveUserRolePermission())(func)
# Ignore the current OAuth2 scopes if another @login_required
# decorator was applied and just copy the already applied scopes.
if (hasattr(protected_func, '__apidoc__')
and 'security' in protected_func.__apidoc__
and '__oauth__' in protected_func.__apidoc__['security']):
_oauth_scopes = protected_func.__apidoc__['security'][
'__oauth__']['scopes']
else:
_oauth_scopes = oauth_scopes
oauth_protection_decorator = oauth2.require_oauth(
*_oauth_scopes, locations=locations)
self._register_access_restriction_decorator(
protected_func, oauth_protection_decorator)
oauth_protected_func = oauth_protection_decorator(protected_func)
if 'form' in locations:
oauth_protected_func = self.param(
name='access_token',
description=
('This is an alternative way of passing the access_token, useful for '
'making authenticated requests from the browser native forms.'
),
_in='formData',
type='string',
required=False,
)(oauth_protected_func)
return self.doc(
security={
# This is a temporary (namespace) configuration which gets
# overriden on a namespace registration (in `Api.add_namespace`).
'__oauth__': {
'type': 'oauth',
'scopes': _oauth_scopes
}
})(self.response(
code=HTTPStatus.UNAUTHORIZED.value,
description=(
'Authentication is required' if not oauth_scopes else
'Authentication with %s OAuth scope(s) is required' %
(', '.join(oauth_scopes))),
)(oauth_protected_func))
