def test_only_match_allow_admin():
ut = UserToken(username='******',
email='',
photo_url='',
app_meta={},
user_meta={},
admin=True,
staff=True,
scopes={
'users': {
'actions': ['w']
}
}).to_dict()
pv = PermissionInspector(user={
'req': 'staff',
'match': 'min'
},
rule={
'path': 'scopes.users.actions',
'op': 'in',
'value': 'w'
},
allow_super=False)
assert pv.verify(ut) is False
def test_get_permissions_user_2():
ut = UserToken(username='******',
email='',
admin=False,
staff=False,
special='').to_dict()
pv = PermissionInspector()
assert pv.get_user_type(ut) == 'user'
def test_not_allow_if_user_is_not_set():
ut = UserToken(username='******',
email='',
photo_url='',
app_meta={},
user_meta={},
admin=False,
staff=False,
scopes={}).to_dict()
pv = PermissionInspector(user={}, rule={}, allow_super=False)
assert pv.verify(ut) is False
def test_allow_just_with_token():
ut = UserToken(username='******',
email='',
photo_url='',
app_meta={},
user_meta={},
admin=False,
staff=False,
scopes={}).to_dict()
pv = PermissionInspector(user={'req': 'user'}, rule={}, allow_super=False)
assert pv.verify(ut) is True
def test_staff_need_permissions():
ut = UserToken(username='******',
email='',
photo_url='',
app_meta={},
user_meta={},
admin=False,
staff=True,
scopes={}).to_dict()
pv = PermissionInspector(user={'req': 'staff'},
rule={
'path': 'scopes.users.actions',
'op': 'in',
'value': 'w'
},
allow_super=False)
assert pv.verify(ut) is False
def test_admin_cannot_do_anything_if_is_not_allow():
scopes = {'users': {'actions': ['w', 'r', 'd', 'u']}}
ut = UserToken(username='******',
email='',
photo_url='',
app_meta={},
user_meta={},
admin=True,
staff=False,
scopes=scopes).to_dict()
pv = PermissionInspector(user={'req': 'staff'},
rule={
'path': 'scopes.users.actions',
'op': 'in',
'value': 'w'
},
allow_super=False)
assert pv.verify(ut) is False
def test_get_permissions_admin():
ut = UserToken(username='******', email='', admin=True, staff=True,
special=1).to_dict()
pv = PermissionInspector()
assert pv.get_user_type(ut) == 'admin'