def can(self, permission, obj, **kwargs): """Check if we can do something with an object. :param permission: The permission to look for. :param obj: The object to check the ACL of. :param **kwargs: The context to pass to predicates. >>> auth.can('read', some_object) >>> auth.can('write', another_object, group=some_group) """ context = {'user': current_user} for func in self.context_processors: context.update(func()) context.update(get_object_context(obj)) context.update(kwargs) return check(permission, iter_object_acl(obj), **context)
def can(self, permission, obj, **kwargs): """Check if we can do something with an object. :param permission: The permission to look for. :param obj: The object to check the ACL of. :param **kwargs: The context to pass to predicates. >>> auth.can('read', some_object) >>> auth.can('write', another_object, group=some_group) """ context = {'user': current_user} for func in self._context_processors: context.update(func()) context.update(get_object_context(obj)) context.update(kwargs) return check(permission, iter_object_acl(obj), **context)
def test_empty(self): self.assertIs(None, check('permission', []))
def test_always_deny(self): with self.client: self.client.get('/') self.assertIs(False, check('permission', ''' DENY ANY ALL '''))
def test_always_allow(self): with self.client: self.client.get('/') self.assertIs(True, check('permission', ''' ALLOW ANY ALL '''))