def wrapper(*args: Any, **kwargs: Any) -> Any:
username = get_session_username(str(request.cookies.get(SESSION_ID)))
authorization = Authorization(calendar_data=CalendarData(data_folder=current_app.config['DATA_FOLDER']))
if "calendar_id" not in kwargs:
raise ValueError("calendar_id")
calendar_id = str(kwargs["calendar_id"])
if not authorization.can_access(username=username, calendar_id=calendar_id):
abort(403)
return decorated_function(*args, **kwargs)
def authorization() -> Authorization:
return Authorization(calendar_data=CalendarData("test/fixtures"))
def test_authorized_if_calendar_user_in_list_using_calendar_data(
authorization: Authorization) -> None:
data = {"users": [EXISTING_USERNAME]}
assert authorization.can_access(username=EXISTING_USERNAME,
data=data) is True
def test_authorized_if_calendar_user_in_list(
authorization: Authorization) -> None:
assert authorization.can_access(username=EXISTING_USERNAME,
calendar_id="sample_data_file") is True
def test_unauthorized_if_calendar_user_not_in_list(
authorization: Authorization) -> None:
assert authorization.can_access(username="******",
calendar_id="sample_data_file") is False