def test_scope_permission_safe_methods(method, mocker, factories): view = mocker.Mock(required_scope="write:profile", anonymous_policy=False) request = mocker.Mock(method=method) p = permissions.ScopePermission() assert p.has_permission(request, view) is True
def test_scope_permission_anonymous_policy(policy, preference, expected, preferences, mocker, anonymous_user): preferences["common__api_authentication_required"] = preference view = mocker.Mock(required_scope="libraries", anonymous_policy=policy, anonymous_scopes=set()) request = mocker.Mock(method="GET", user=anonymous_user, actor=None) p = permissions.ScopePermission() assert p.has_permission(request, view) is expected
def test_scope_permission_token_anonymous_user_auth_required( mocker, factories, anonymous_user, preferences): preferences["common__api_authentication_required"] = True should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", user=anonymous_user, actor=None) view = mocker.Mock(required_scope="profile", anonymous_policy=False) p = permissions.ScopePermission() assert p.has_permission(request, view) is False should_allow.assert_not_called()
def test_scope_permission_token_no_user(mocker, factories, now): token = factories["users.AccessToken"]( scope="profile:write playlists:read", user=None) should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", auth=token) view = mocker.Mock(required_scope="profile", anonymous_policy=False) p = permissions.ScopePermission() assert p.has_permission(request, view) is False should_allow.assert_not_called()
def test_scope_permission_dict_no_required(mocker, anonymous_user): view = mocker.Mock( required_scope={"read": None, "write": "write:profile"}, anonymous_policy=True, action="read", anonymous_scopes=set(), ) request = mocker.Mock(method="GET", user=anonymous_user, actor=None, scopes=None) p = permissions.ScopePermission() assert p.has_permission(request, view) is True
def test_scope_permission_request_scopes(mocker, factories): should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", scopes=["write:profile", "read:playlists"]) view = mocker.Mock(required_scope="profile", anonymous_policy=False) p = permissions.ScopePermission() assert p.has_permission(request, view) == should_allow.return_value should_allow.assert_called_once_with( required_scope="write:profile", request_scopes={"write:profile", "read:playlists"}, )
def test_scope_permission_actor(mocker, factories, anonymous_user): should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", actor=factories["federation.Actor"](), user=anonymous_user) view = mocker.Mock(required_scope="profile", anonymous_policy=False) p = permissions.ScopePermission() assert p.has_permission(request, view) == should_allow.return_value should_allow.assert_called_once_with( required_scope="write:profile", request_scopes=scopes.FEDERATION_REQUEST_SCOPES)
def test_scope_permission_token_honor_app_scopes(mocker, factories, now): # token contains read access, but app scope only allows profile:write token = factories["users.AccessToken"](scope="write:profile read", application__scope="write:profile") should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", auth=token) view = mocker.Mock(required_scope="profile", anonymous_policy=False) p = permissions.ScopePermission() assert p.has_permission(request, view) == should_allow.return_value should_allow.assert_called_once_with(required_scope="write:profile", request_scopes={"write:profile"})
def test_scope_permission_token_anonymous_user_auth_not_required( mocker, factories, anonymous_user, preferences): preferences["common__api_authentication_required"] = False should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", user=anonymous_user, actor=None) view = mocker.Mock(required_scope="profile", anonymous_policy="setting", anonymous_scopes=set()) p = permissions.ScopePermission() assert p.has_permission(request, view) == should_allow.return_value should_allow.assert_called_once_with( required_scope="write:profile", request_scopes=scopes.ANONYMOUS_SCOPES)
def test_scope_permission_user(required_scope, method, action, expected_scope, mocker, factories): user = factories["users.User"]() should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method=method, user=user, actor=None) view = mocker.Mock(required_scope=required_scope, anonymous_policy=False, action=action) p = permissions.ScopePermission() assert p.has_permission(request, view) == should_allow.return_value should_allow.assert_called_once_with( required_scope=expected_scope, request_scopes=scopes.get_from_permissions(**user.get_permissions()), )
def test_scope_permission_token(mocker, factories): token = factories["users.AccessToken"]( scope="write:profile read:playlists", application__scope="write:profile read:playlists", ) should_allow = mocker.patch.object(permissions, "should_allow") request = mocker.Mock(method="POST", auth=token) view = mocker.Mock(required_scope="profile", anonymous_policy=False) p = permissions.ScopePermission() assert p.has_permission(request, view) == should_allow.return_value should_allow.assert_called_once_with( required_scope="write:profile", request_scopes={"write:profile", "read:playlists"}, )