def test_permission_difference_denial(): p1 = Denial(('a', 'b'), ('a', 'c')) p2 = Denial(('a', 'c'), ('d', 'e')) p3 = p1.difference(p2) assert p3.deny == set([('a', 'b')]) p4 = p2.difference(p1) assert p4.deny == set([('d', 'e')])
def perm_edit_record(record): if record.is_agg_final(): return Denial(need.everybody) return Permission( need.admin, *get_roles_for_subject('reporter', record.subject) + get_roles_for_subject('reviewer', record.subject))
def vote(self): needs = [ UserNeed(User.query.get(user_id).username) for user_id in self.votes ] needs.append(UserNeed(self.author.username)) return auth & Denial(*needs)
def perm_delete_comment(comment): if comment.cons_status not in EDITABLE_STATUS_LIST: return Permission(need.impossible) if comment.cons_status == APPROVED_STATUS: return Denial(need.everybody) elif comment.cons_user_id: return Permission(need.admin, need.user_id(comment.cons_user_id)) else: return Permission(need.admin)
def vote(self): needs = [UserNeed(user_id) for user_id in self.obj.votes] needs.append(UserNeed(self.obj.author_id)) return auth & Denial(*needs)
def test_permission_union_denial(): p1 = Permission(('a', 'b')) p2 = Denial(('a', 'c')) p3 = p1.union(p2) assert p1.issubset(p3) assert p2.issubset(p3)
# -*- coding: utf-8 -*- from flask.ext.principal import RoleNeed, Permission, identity_loaded, Denial user_permission = Permission(RoleNeed('user')) org_permission = Permission(RoleNeed('org')) anonymous_permission = Denial(RoleNeed('user'), RoleNeed('org')) def config_identity(app): @identity_loaded.connect_via(app) def on_identity_loaded(sender, identity): if identity.id: if u'o' in identity.id: identity.provides.add(RoleNeed('org')) elif u'u' in identity.id: identity.provides.add(RoleNeed('user'))