Ejemplo n.º 1
0
def test_model_guard_controller_read():
    role = Role()
    role.grant('read', SomeModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    compare(SomeModelGuardController().read(SomeModels.one.id, ctx), SomeModels.one)
Ejemplo n.º 2
0
def test_permissions_with_subject_list():
    guard = Guard()
    role = Role()
    role.grant('index', Store)
    identity = Identity([role])

    assert_true(guard.can(identity, 'index', [Store()]))
    assert_true(guard.can(identity, 'index', []))
Ejemplo n.º 3
0
def test_create_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.create, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.create({'name': u'Red Pants', 'product_type_id': ProductTypes.pants.id, 'store_id': Stores.virtusize.id}, ctx)
Ejemplo n.º 4
0
def test_model_guard_controller_index_unauthorized():
    role = Role()
    role.grant('something_else', SomeModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    SomeModelGuardController().index(ctx)
Ejemplo n.º 5
0
def test_index_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.index, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.index(ctx)
Ejemplo n.º 6
0
def test_update_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.update, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.update(1, {'name': u'Blue Shirt', 'product_type_id': ProductTypes.shirt.id}, ctx)
Ejemplo n.º 7
0
def test_model_guard_controller_index():
    role = Role()
    role.grant('index', SomeModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    assert_equal(len(SomeModelGuardController().index(ctx)), 2)
    assert_equal(len(SomeModelGuardController().index(ctx=ctx)), 2)
Ejemplo n.º 8
0
def test_base_controller_authorize_successful():
    bc = BaseController()
    model = SomeModel()
    bc.guard = Guard()
    bc.model = SomeModel
    ctx = Context()
    role = Role()
    role.grant('read', SomeModel)
    ctx.identity = Identity([role])
    bc.authorize(ctx, 'read', model)
Ejemplo n.º 9
0
def test_permissions_without_conditions():
    guard = Guard()
    role = Role()
    role.grant('read', Store)
    identity = Identity([role])

    assert_true(guard.can(identity, 'read', Store))
    assert_true(guard.can(identity, 'read', Store()))

    assert_false(guard.cannot(identity, 'read', Store))
    assert_false(guard.cannot(identity, 'read', Store()))
Ejemplo n.º 10
0
def test_empty_list_index_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.index, Product)
        role.grant(ControllerActions.delete, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.delete(1, ctx)

        compare(c.index(ctx), [])
Ejemplo n.º 11
0
def test_model_guard_controller_index_wrong_model():
    class OtherModel(Model):
        pass

    role = Role()
    role.grant('read', OtherModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    SomeModelGuardController().index(ctx)
Ejemplo n.º 12
0
def test_permissions_with_is_the_same_condition():
    guard = Guard()
    role = Role()
    role.grant('check_for_something', Store, is_the_same_condition)
    identity = Identity([role])
    identity.something = 'check'

    store = Store()
    store.something = 'check'
    assert_true(guard.can(identity, 'check_for_something', store))
    store.something = 2
    assert_false(guard.can(identity, 'check_for_somethingone', store))
    store.something = True
    assert_false(guard.can(identity, 'check_for_somethingone', store))
Ejemplo n.º 13
0
def test_predicate():
    guard = Guard()
    store = Store(owner_id=1)

    role = Role()
    role.grant('delete', Store, condition=lambda store, identity: identity.id == store.owner_id)

    valid_identity = Identity([role])
    valid_identity.id = 1

    invalid_identity = Identity([role])
    invalid_identity.id = 2

    assert_true(guard.can(valid_identity, 'delete', store))
    assert_false(guard.can(invalid_identity, 'delete', store))
Ejemplo n.º 14
0
def test_role_inheritance():
    role = Role()
    role.grant(['read', 'write'], Store)

    another_role = Role(inherit=[role])
    another_role.grant(['update', 'delete', 'query'], Store)

    assert_equal(len(role.permissions), 2)
    assert_equal(len(another_role.permissions), 5)
Ejemplo n.º 15
0
def test_exclude_action_filter():

    dct = {
        'name': 'John',
        'full_name': 'John Doe',
        'secret': 123
    }

    role = Role()
    role.grant('read_secrets', 'user')

    valid_identity = Identity([role])
    invalid_identity = Identity([])

    ctx = Context()
    ctx.subject = 'user'
    ctx.identity = valid_identity

    result = ExcludeActionFilter(
        exclude=['secret'],
        action='read_secrets',
        guard=Guard()
    ).filter(dct, ctx)

    assert_true('secret' in result)
    assert_equal(result['secret'], 123)

    ctx.identity = invalid_identity

    result = ExcludeActionFilter(
        exclude=['secret'],
        action='read_secrets',
        guard=Guard()
    ).filter(dct, ctx)

    assert_false('secret' in result)
Ejemplo n.º 16
0
def test_guard_with_multiple_roles():
    guard = Guard()

    role = Role()
    role.grant('read', Store)
    role.grant('write', Store)

    role2 = Role()
    role2.grant('delete', 'product')

    identity = Identity([role, role2])

    assert_true(guard.can(identity, 'read', Store))
    assert_false(guard.can(identity, 'read', 'anything'))
    assert_false(guard.can(identity, 'write', 'something'))
    assert_true(guard.can(identity, 'write', Store))
    assert_false(guard.can(identity, 'delete', Store))
    assert_true(guard.can(identity, 'delete', 'product'))
    assert_false(guard.can(identity, 'write', 'product'))
Ejemplo n.º 17
0
def test_idendity():
    role = Role()
    role.grant('read', Store)

    i = Identity([role])

    assert_equal(len(i.roles), 1)
    compare(i.roles[0], role)

    role = Role()
    role.grant('write', Store)
    i.roles.append(role)

    assert_equal(len(i.roles), 2)
    compare(i.roles[1], role)
Ejemplo n.º 18
0
def test_basic_role():
    role = Role()
    role.grant('read', Store)

    assert_equal(len(role.permissions), 1)
Ejemplo n.º 19
0
def test_multiple_actions_role():
    role = Role()
    role.grant(['read', 'write'], Store)

    assert_equal(len(role.permissions), 2)