def test_permissions_with_subject_list():
guard = Guard()
role = Role()
role.grant('index', Store)
identity = Identity([role])
assert_true(guard.can(identity, 'index', [Store()]))
assert_true(guard.can(identity, 'index', []))
def test_permissions_without_conditions():
guard = Guard()
role = Role()
role.grant('read', Store)
identity = Identity([role])
assert_true(guard.can(identity, 'read', Store))
assert_true(guard.can(identity, 'read', Store()))
assert_false(guard.cannot(identity, 'read', Store))
assert_false(guard.cannot(identity, 'read', Store()))
def test_permissions_with_is_the_same_condition():
guard = Guard()
role = Role()
role.grant('check_for_something', Store, is_the_same_condition)
identity = Identity([role])
identity.something = 'check'
store = Store()
store.something = 'check'
assert_true(guard.can(identity, 'check_for_something', store))
store.something = 2
assert_false(guard.can(identity, 'check_for_somethingone', store))
store.something = True
assert_false(guard.can(identity, 'check_for_somethingone', store))
def test_predicate():
guard = Guard()
store = Store(owner_id=1)
role = Role()
role.grant('delete', Store, condition=lambda store, identity: identity.id == store.owner_id)
valid_identity = Identity([role])
valid_identity.id = 1
invalid_identity = Identity([role])
invalid_identity.id = 2
assert_true(guard.can(valid_identity, 'delete', store))
assert_false(guard.can(invalid_identity, 'delete', store))
def test_them_all():
class SomeActions(Actions):
read = 'read'
write = 'write'
manage = Actions.alias(read, write)
class Roles(object):
anonymous = Role()
anonymous.grant(SomeActions.read, Store)
owner = Role(inherit=[anonymous])
owner.grant(SomeActions.manage, Store, is_the_same_condition)
class SomethingIdentity(Identity):
def __init__(self, roles, something):
super(SomethingIdentity, self).__init__(roles)
self.something = something
guard = Guard()
store = Store(something='check')
identity = SomethingIdentity([Roles.anonymous], 'does not matter')
assert_true(guard.can(identity, SomeActions.read, store))
assert_false(guard.can(identity, SomeActions.write, store))
identity = SomethingIdentity([Roles.owner], 'does matter')
assert_true(guard.can(identity, SomeActions.read, store))
assert_false(guard.can(identity, SomeActions.write, store))
identity = SomethingIdentity([Roles.owner], 'check')
assert_true(guard.can(identity, SomeActions.read, store))
assert_true(guard.can(identity, SomeActions.write, store))
def test_guard_with_multiple_roles():
guard = Guard()
role = Role()
role.grant('read', Store)
role.grant('write', Store)
role2 = Role()
role2.grant('delete', 'product')
identity = Identity([role, role2])
assert_true(guard.can(identity, 'read', Store))
assert_false(guard.can(identity, 'read', 'anything'))
assert_false(guard.can(identity, 'write', 'something'))
assert_true(guard.can(identity, 'write', Store))
assert_false(guard.can(identity, 'delete', Store))
assert_true(guard.can(identity, 'delete', 'product'))
assert_false(guard.can(identity, 'write', 'product'))
