Ejemplo n.º 1
0
 def setUp(self):
     self.app = Flask('test')
     self.app.debug = True
     self.pundit = FlaskPundit(policies_path='tests.policies')
     self.pundit.init_app(self.app)
     self.client = self.app.test_client()
Ejemplo n.º 2
0
 def setUp(self):
     self.pundit = FlaskPundit()
Ejemplo n.º 3
0
class TestUsage(TestCase):
    def setUp(self):
        self.app = Flask('test')
        self.app.debug = True
        self.pundit = FlaskPundit(policies_path='tests.policies')
        self.pundit.init_app(self.app)
        self.client = self.app.test_client()

    def test_authorize_with_record_for_admin(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 200)

    def test_authorize_with_record_for_admin_with_params(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post, thing_id=1)

        @self.app.route('/test_authorize_admin_get')
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 403)

    def test_authorize_with_record_for_staff(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_staff_get')
        def admin_get_post():
            g.user = {'id': 2, 'role': 'staff'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_staff_get')
        eq_(resp.status_code, 403)

    def test_authorize_with_model_for_admin(self):
        def do_authorize_stuff():
            return self.pundit.authorize(Post, action='create')

        @self.app.route('/test_authorize_admin_create')
        def admin_create_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_admin_create')
        eq_(resp.status_code, 200)

    def test_authorize_with_policy_class_specified_for_admin(self):
        def do_authorize_stuff():
            return self.pundit.authorize(Comment)

        @self.app.route('/test_authorize_admin_get_comment')
        def admin_get_comment():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_admin_get_comment')
        eq_(resp.status_code, 200)

    def test_verify_authorized_decorator_success(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        @verify_authorized
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 200)

    def test_verify_authorized_decorator_raises_exception(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        @verify_authorized
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            return 'Success', 200

        assert_raises(RuntimeError, self.client.get,
                      '/test_authorize_admin_get')

    def test_verify_authorized_decorator_ignores_raised_exception(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        @verify_authorized
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            raise BadRequest()
            is_authorized = do_authorize_stuff()
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403

        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 400)

    def test_policy_scoped_admin(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_admin')
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            scoped_posts = do_policy_scope_stuff()
            ok_(self.pundit._verify_policy_scoped())
            return json.dumps({'posts': scoped_posts})

        resp = self.client.get('/test_policy_scope_admin')
        eq_(resp.data.decode(), '{"posts": [1, 2]}')

    def test_policy_scoped_staff(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_staff')
        def admin_get_post():
            g.user = {'id': 2, 'role': 'staff'}
            scoped_posts = do_policy_scope_stuff()
            ok_(self.pundit._verify_policy_scoped())
            return json.dumps({'posts': scoped_posts})

        resp = self.client.get('/test_policy_scope_staff')
        eq_(resp.data.decode(), '{"posts": [3, 4]}')

    def test_policy_scope_with_policy_class_specified_for_admin(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Comment)

        @self.app.route('/test_policy_scope_admin_get_comments')
        def admin_get_comments():
            g.user = {'id': 1, 'role': 'admin'}
            scoped_comments = do_policy_scope_stuff()
            ok_(self.pundit._verify_policy_scoped())
            return json.dumps({'comments': scoped_comments})

        resp = self.client.get('/test_policy_scope_admin_get_comments')
        eq_(resp.data.decode(), '{"comments": ["Hello"]}')

    def test_verify_policy_scoped_decorator_success(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_admin')
        @verify_policy_scoped
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            scoped_posts = do_policy_scope_stuff()
            return json.dumps({'posts': scoped_posts})

        resp = self.client.get('/test_policy_scope_admin')
        eq_(resp.data.decode(), '{"posts": [1, 2]}')

    def test_verify_policy_scoped_decorator_raises_exception(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_admin')
        @verify_policy_scoped
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            return json.dumps({'posts': []})

        assert_raises(RuntimeError, self.client.get,
                      '/test_policy_scope_admin')
Ejemplo n.º 4
0
class TestFlaskPundit(TestCase):
    def setUp(self):
        self.pundit = FlaskPundit()

    def get_flask_defaults(self):
        return {'g': {'user': '******'}, 'request.method': 'GET'}

    @patch('flask_pundit.flask')
    def test_authorize_with_record(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(get=lambda: True)
        policy_class = Mock(return_value=policy_class_instance)
        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        ok_(self.pundit.authorize(Mock()))

    @patch('flask_pundit.flask')
    def test_authorize_with_record_and_action(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(index=lambda: False)
        policy_class = Mock(return_value=policy_class_instance)
        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        ok_(not self.pundit.authorize(Mock(), 'index'))

    @patch('flask_pundit.flask')
    def test_authorize_with_record_and_action_and_user(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        user = {'id': 1, 'role': 'admin'}

        policy_class_instance = Mock(get=lambda: True)
        policy_class = Mock(return_value=policy_class_instance)

        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        record = Mock()
        ok_(self.pundit.authorize(record, user=user))
        ok_(policy_class_instance.called_once_with(record, user))

    @patch('flask_pundit.flask')
    def test_authorize_raises_exception_missing_action(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(spec=['index'])
        policy_class = Mock(return_value=policy_class_instance)

        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        record = Mock()
        assert_raises(AttributeError, self.pundit.authorize, record, 'update')

    @patch('flask_pundit.flask')
    def test_policy_scope_triggers_scope_action(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(scope=lambda: [1, 2, 3])
        policy_class = Mock(return_value=policy_class_instance)

        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        eq_(self.pundit.policy_scope(Mock()), [1, 2, 3])

    def test_get_policy_clazz_raises_exception_record_none(self):
        assert_raises(RuntimeError, self.pundit._get_policy_clazz, None)

    def test_get_model_class_with_object(self):
        record_class = Mock(__name__='Record')
        record = Mock(__class__=record_class)
        eq_(self.pundit._get_model_class(record), record_class)

    def test_get_model_class_with_class(self):
        eq_(self.pundit._get_model_class(PostPolicy), PostPolicy)

    def test_get_model_class_with_child_class(self):
        class ChildPostPolicy(PostPolicy):
            pass

        eq_(self.pundit._get_model_class(ChildPostPolicy), ChildPostPolicy)

    def test_get_policy_clazz_from_model(self):
        self.pundit._get_model_class = Mock(return_value=Mock(
            __policy_class__=PostPolicy))
        eq_(self.pundit._get_policy_clazz_from_model(Mock()), PostPolicy)
Ejemplo n.º 5
0
 def setUp(self):
     self.pundit = FlaskPundit()
Ejemplo n.º 6
0
class TestFlaskPundit(TestCase):
    def setUp(self):
        self.pundit = FlaskPundit()

    def get_flask_defaults(self):
        return {'g': {'user': '******'}, 'request.method': 'GET'}

    @patch('flask_pundit.flask')
    def test_authorize_with_record(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(get=lambda: True)
        policy_class = Mock(return_value=policy_class_instance)
        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        ok_(self.pundit.authorize(Mock()))

    @patch('flask_pundit.flask')
    def test_authorize_with_record_and_action(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(index=lambda: False)
        policy_class = Mock(return_value=policy_class_instance)
        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        ok_(not self.pundit.authorize(Mock(), 'index'))

    @patch('flask_pundit.flask')
    def test_authorize_with_record_and_action_and_user(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        user = {'id': 1, 'role': 'admin'}

        policy_class_instance = Mock(get=lambda: True)
        policy_class = Mock(return_value=policy_class_instance)

        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        record = Mock()
        ok_(self.pundit.authorize(record, user=user))
        ok_(policy_class_instance.called_once_with(record, user))

    @patch('flask_pundit.flask')
    def test_authorize_raises_exception_missing_action(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        policy_class_instance = Mock(spec=['index'])
        policy_class = Mock(return_value=policy_class_instance)

        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        record = Mock()
        assert_raises(AttributeError, self.pundit.authorize, record, 'update')

    @patch('flask_pundit.flask')
    def test_policy_scope_triggers_resolve_action(self, flask):
        flask.configure_mock(**(self.get_flask_defaults()))
        scope_class_instance = Mock(resolve=lambda: [1, 2, 3])
        scope_class = Mock(return_value=scope_class_instance)
        policy_class = Mock(Scope=scope_class)

        self.pundit._get_policy_clazz = Mock(return_value=policy_class)
        eq_(self.pundit.policy_scope(Mock()), [1, 2, 3])

    def test_get_policy_clazz_raises_exception_record_none(self):
        assert_raises(RuntimeError, self.pundit._get_policy_clazz, None)

    def test_get_model_class_with_object(self):
        record_class = Mock(__name__='Record')
        record = Mock(__class__=record_class)
        eq_(self.pundit._get_model_class(record), record_class)

    def test_get_model_class_with_class(self):
        eq_(self.pundit._get_model_class(PostPolicy), PostPolicy)

    def test_get_model_class_with_child_class(self):
        class ChildPostPolicy(PostPolicy):
            pass
        eq_(self.pundit._get_model_class(ChildPostPolicy), ChildPostPolicy)

    def test_get_policy_clazz_from_model(self):
        self.pundit._get_model_class = Mock(
            return_value=Mock(__policy_class__=PostPolicy))
        eq_(self.pundit._get_policy_clazz_from_model(Mock()), PostPolicy)
Ejemplo n.º 7
0
 def setUp(self):
     self.app = Flask('test')
     self.app.debug = True
     self.pundit = FlaskPundit(policies_path='tests.policies')
     self.pundit.init_app(self.app)
     self.client = self.app.test_client()
Ejemplo n.º 8
0
class TestUsage(TestCase):
    def setUp(self):
        self.app = Flask('test')
        self.app.debug = True
        self.pundit = FlaskPundit(policies_path='tests.policies')
        self.pundit.init_app(self.app)
        self.client = self.app.test_client()

    def test_authorize_with_record_for_admin(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403
        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 200)

    def test_authorize_with_record_for_admin_with_params(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post, thing_id=1)

        @self.app.route('/test_authorize_admin_get')
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403
        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 403)

    def test_authorize_with_record_for_staff(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_staff_get')
        def admin_get_post():
            g.user = {'id': 2, 'role': 'staff'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403
        resp = self.client.get('/test_authorize_staff_get')
        eq_(resp.status_code, 403)

    def test_authorize_with_model_for_admin(self):
        def do_authorize_stuff():
            return self.pundit.authorize(Post, action='create')

        @self.app.route('/test_authorize_admin_create')
        def admin_create_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403
        resp = self.client.get('/test_authorize_admin_create')
        eq_(resp.status_code, 200)

    def test_authorize_with_policy_class_specified_for_admin(self):
        def do_authorize_stuff():
            return self.pundit.authorize(Comment)

        @self.app.route('/test_authorize_admin_get_comment')
        def admin_get_comment():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            ok_(self.pundit._verify_authorized())
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403
        resp = self.client.get('/test_authorize_admin_get_comment')
        eq_(resp.status_code, 200)

    def test_verify_authorized_decorator_success(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        @verify_authorized
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            is_authorized = do_authorize_stuff()
            if is_authorized:
                return 'Success', 200
            else:
                return 'Forbidden', 403
        resp = self.client.get('/test_authorize_admin_get')
        eq_(resp.status_code, 200)

    def test_verify_authorized_decorator_raises_exception(self):
        def do_authorize_stuff():
            post = Post(1)
            return self.pundit.authorize(post)

        @self.app.route('/test_authorize_admin_get')
        @verify_authorized
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            return 'Success', 200
        assert_raises(RuntimeError, self.client.get,
                      '/test_authorize_admin_get')

    def test_policy_scoped_admin(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_admin')
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            scoped_posts = do_policy_scope_stuff()
            ok_(self.pundit._verify_policy_scoped())
            return json.dumps({'posts': scoped_posts})
        resp = self.client.get('/test_policy_scope_admin')
        eq_(resp.data, '{"posts": [1, 2]}')

    def test_policy_scoped_staff(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_staff')
        def admin_get_post():
            g.user = {'id': 2, 'role': 'staff'}
            scoped_posts = do_policy_scope_stuff()
            ok_(self.pundit._verify_policy_scoped())
            return json.dumps({'posts': scoped_posts})
        resp = self.client.get('/test_policy_scope_staff')
        eq_(resp.data, '{"posts": [3, 4]}')

    def test_policy_scope_with_policy_class_specified_for_admin(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Comment)

        @self.app.route('/test_policy_scope_admin_get_comments')
        def admin_get_comments():
            g.user = {'id': 1, 'role': 'admin'}
            scoped_comments = do_policy_scope_stuff()
            ok_(self.pundit._verify_policy_scoped())
            return json.dumps({'comments': scoped_comments})
        resp = self.client.get('/test_policy_scope_admin_get_comments')
        eq_(resp.data, '{"comments": ["Hello"]}')

    def test_verify_policy_scoped_decorator_success(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_admin')
        @verify_policy_scoped
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            scoped_posts = do_policy_scope_stuff()
            return json.dumps({'posts': scoped_posts})
        resp = self.client.get('/test_policy_scope_admin')
        eq_(resp.data, '{"posts": [1, 2]}')

    def test_verify_policy_scoped_decorator_raises_exception(self):
        def do_policy_scope_stuff():
            return self.pundit.policy_scope(Post)

        @self.app.route('/test_policy_scope_admin')
        @verify_policy_scoped
        def admin_get_post():
            g.user = {'id': 1, 'role': 'admin'}
            return json.dumps({'posts': []})
        assert_raises(RuntimeError, self.client.get,
                      '/test_policy_scope_admin')