Python IfRestricted Examples

Example #1

def test_ifrestricted_needs(field, record_fun, expected_needs_fun):
    """Test the IfRestricted generator."""
    generator = IfRestricted(field,
                             then_=[AuthenticatedUser(),
                                    SystemProcess()],
                             else_=[AnyUser(), SystemProcess()])
    assert generator.needs(record=record_fun()) == expected_needs_fun()
    assert generator.excludes(record=record_fun()) == set()

Example #2

def test_ifrestricted_query():
    """Test the query generation."""
    generator = IfRestricted(
            "record",
            then_=[AuthenticatedUser()],
            else_=[AnyUser()]
    )
    assert generator.query_filter(identity=any_user).to_dict() == {
        'bool': {
            'should': [
                {'match': {'access.record': 'restricted'}},
                {'match': {'access.record': 'public'}}
            ]
        }
    }

Example #3

class TestRDMPermissionPolicy(RecordPermissionPolicy):
    """Define permission policies for RDM Records."""
    can_search = [AnyUser(), SystemProcess()]
    can_create = [AuthenticatedUser(), SystemProcess()]
    can_update = [Disable()]
    can_delete = [Disable()]
    can_read = [
        IfRestricted('record',
                     then_=[RecordOwners()],
                     else_=[AnyUser(), SystemProcess()])
    ]
    can_read_files = [
        IfRestricted('files',
                     then_=[RecordOwners()],
                     else_=[AnyUser(), SystemProcess()])
    ]
    can_update_files = [Disable()]
    can_read_draft = [RecordOwners()]
    can_update_draft = [RecordOwners()]
    can_delete_draft = [RecordOwners()]
    can_read_draft_files = [RecordOwners()]
    can_read_update_files = [RecordOwners()]
    can_publish = [RecordOwners()]
    can_manage = [RecordOwners()]