def can(self, permission, obj, **kwargs):
"""Check if we can do something with an object.
:param permission: The permission to look for.
:param obj: The object to check the ACL of.
:param **kwargs: The context to pass to predicates.
>>> auth.can('read', some_object)
>>> auth.can('write', another_object, group=some_group)
"""
context = {'user': current_user}
for func in self.context_processors:
context.update(func())
context.update(get_object_context(obj))
context.update(kwargs)
return check(permission, iter_object_acl(obj), **context)
def can(self, permission, obj, **kwargs):
"""Check if we can do something with an object.
:param permission: The permission to look for.
:param obj: The object to check the ACL of.
:param **kwargs: The context to pass to predicates.
>>> auth.can('read', some_object)
>>> auth.can('write', another_object, group=some_group)
"""
context = {'user': current_user}
for func in self._context_processors:
context.update(func())
context.update(get_object_context(obj))
context.update(kwargs)
return check(permission, iter_object_acl(obj), **context)
def test_empty(self):
self.assertIs(None, check('permission', []))
def test_always_deny(self):
with self.client:
self.client.get('/')
self.assertIs(False, check('permission', '''
DENY ANY ALL
'''))
def test_always_allow(self):
with self.client:
self.client.get('/')
self.assertIs(True, check('permission', '''
ALLOW ANY ALL
'''))
