def _group_implicit_perms(cls, group, resource=None):
     group_id, resource_id = cls.entity_resource_id(group, resource)
     if group_id == resource_id:
         return allowed(Permission.SEE)  # Only return SEE, not ALL.
     elif resource is None:
         return allowed(Permission.CREATE),
     return ()
    def test_overwrite_and_delete_permissions(self):
        """Assert same objects are used when overwriting permissions."""
        # Allow
        self.allow(self.entities[0], Permission.SEE, self.resources[0])
        access_rule_allow = self.access_model.objects.get(
            entity=self.entities[0].id, perm=allowed(Permission.SEE),
            resource=self.resources[0].id)
        assert access_rule_allow

        # Deny
        self.deny(self.entities[0], Permission.SEE, self.resources[0])
        access_rule_deny = self.access_model.objects.get(
            entity=self.entities[0].id, perm=denied(Permission.SEE),
            resource=self.resources[0].id)
        assert access_rule_deny

        # Allow again
        self.allow(self.entities[0], Permission.SEE, self.resources[0])
        access_rule_allow_again = self.access_model.objects.get(
            entity=self.entities[0].id, perm=allowed(Permission.SEE),
            resource=self.resources[0].id)
        assert access_rule_allow_again

        assert access_rule_allow == access_rule_deny == access_rule_allow_again

        # Forget
        self.forget(self.entities[0], Permission.SEE, self.resources[0])
        with pytest.raises(self.access_model.DoesNotExist) as e:
            self.access_model.objects.get(
                entity=self.entities[0].id, perm=denied(Permission.SEE),
                resource=self.resources[0].id)
        assert 'matching query does not exist' in str(e.value)
 def test_permission_class(self):
     """Test conversions of permissions (allowed, denied)."""
     for perm in Permission.ALL:
         assert is_allowed(allowed(perm))
         assert is_denied(denied(perm))
     for perm in Permission.ALLOW_ALL:
         assert is_allowed(perm)
     for perm in Permission.DENY_ALL:
         assert is_denied(perm)
def implicit_perms(cls, entity, resource=None):
    """
    Implicit permissions based on IDs.

    If the entity has the same id than the resource, then we assume he has
    all permissions on the resource.

    If resource is None, then the entity has permission to create this
    type of resource.

    Else, he has no permissions at all.
    """
    entity_id, resource_id = cls.entity_resource_id(entity, resource)
    if entity_id == resource_id:
        return Permission.ALLOW_ALL
    elif resource is None:
        return allowed(Permission.CREATE),
    return ()
 def implicit_perms(cls, entity, resource=None):
     """Return some perms (always)."""
     return allowed(Permission.SEE), denied(Permission.CHANGE)