def test_exclude_action_filter():
dct = {
'name': 'John',
'full_name': 'John Doe',
'secret': 123
}
role = Role()
role.grant('read_secrets', 'user')
valid_identity = Identity([role])
invalid_identity = Identity([])
ctx = Context()
ctx.subject = 'user'
ctx.identity = valid_identity
result = ExcludeActionFilter(
exclude=['secret'],
action='read_secrets',
guard=Guard()
).filter(dct, ctx)
assert_true('secret' in result)
assert_equal(result['secret'], 123)
ctx.identity = invalid_identity
result = ExcludeActionFilter(
exclude=['secret'],
action='read_secrets',
guard=Guard()
).filter(dct, ctx)
assert_false('secret' in result)
