def test_permissions_with_subject_list(): guard = Guard() role = Role() role.grant('index', Store) identity = Identity([role]) assert_true(guard.can(identity, 'index', [Store()])) assert_true(guard.can(identity, 'index', []))
def test_permissions_without_conditions(): guard = Guard() role = Role() role.grant('read', Store) identity = Identity([role]) assert_true(guard.can(identity, 'read', Store)) assert_true(guard.can(identity, 'read', Store())) assert_false(guard.cannot(identity, 'read', Store)) assert_false(guard.cannot(identity, 'read', Store()))
def test_permissions_with_is_the_same_condition(): guard = Guard() role = Role() role.grant('check_for_something', Store, is_the_same_condition) identity = Identity([role]) identity.something = 'check' store = Store() store.something = 'check' assert_true(guard.can(identity, 'check_for_something', store)) store.something = 2 assert_false(guard.can(identity, 'check_for_somethingone', store)) store.something = True assert_false(guard.can(identity, 'check_for_somethingone', store))
def test_predicate(): guard = Guard() store = Store(owner_id=1) role = Role() role.grant('delete', Store, condition=lambda store, identity: identity.id == store.owner_id) valid_identity = Identity([role]) valid_identity.id = 1 invalid_identity = Identity([role]) invalid_identity.id = 2 assert_true(guard.can(valid_identity, 'delete', store)) assert_false(guard.can(invalid_identity, 'delete', store))
def test_them_all(): class SomeActions(Actions): read = 'read' write = 'write' manage = Actions.alias(read, write) class Roles(object): anonymous = Role() anonymous.grant(SomeActions.read, Store) owner = Role(inherit=[anonymous]) owner.grant(SomeActions.manage, Store, is_the_same_condition) class SomethingIdentity(Identity): def __init__(self, roles, something): super(SomethingIdentity, self).__init__(roles) self.something = something guard = Guard() store = Store(something='check') identity = SomethingIdentity([Roles.anonymous], 'does not matter') assert_true(guard.can(identity, SomeActions.read, store)) assert_false(guard.can(identity, SomeActions.write, store)) identity = SomethingIdentity([Roles.owner], 'does matter') assert_true(guard.can(identity, SomeActions.read, store)) assert_false(guard.can(identity, SomeActions.write, store)) identity = SomethingIdentity([Roles.owner], 'check') assert_true(guard.can(identity, SomeActions.read, store)) assert_true(guard.can(identity, SomeActions.write, store))
def test_guard_with_multiple_roles(): guard = Guard() role = Role() role.grant('read', Store) role.grant('write', Store) role2 = Role() role2.grant('delete', 'product') identity = Identity([role, role2]) assert_true(guard.can(identity, 'read', Store)) assert_false(guard.can(identity, 'read', 'anything')) assert_false(guard.can(identity, 'write', 'something')) assert_true(guard.can(identity, 'write', Store)) assert_false(guard.can(identity, 'delete', Store)) assert_true(guard.can(identity, 'delete', 'product')) assert_false(guard.can(identity, 'write', 'product'))