Example #1
0
def test_base_controller_authorize_no_role():
    bc = BaseController()
    model = 'something'
    bc.guard = Guard()
    ctx = Context()
    ctx.identity = Identity([])
    bc.authorize(ctx, 'read', model)
Example #2
0
def test_index_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.index, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.index(ctx)
Example #3
0
def test_create_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.create, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.create({'name': u'Red Pants', 'product_type_id': ProductTypes.pants.id, 'store_id': Stores.virtusize.id}, ctx)
Example #4
0
def test_update_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.update, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.update(1, {'name': u'Blue Shirt', 'product_type_id': ProductTypes.shirt.id}, ctx)
Example #5
0
def test_model_guard_controller_index_unauthorized():
    role = Role()
    role.grant('something_else', SomeModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    SomeModelGuardController().index(ctx)
Example #6
0
def test_model_guard_controller_read():
    role = Role()
    role.grant('read', SomeModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    compare(SomeModelGuardController().read(SomeModels.one.id, ctx), SomeModels.one)
Example #7
0
def test_model_guard_controller_index():
    role = Role()
    role.grant('index', SomeModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    assert_equal(len(SomeModelGuardController().index(ctx)), 2)
    assert_equal(len(SomeModelGuardController().index(ctx=ctx)), 2)
Example #8
0
def test_base_controller_authorize_successful():
    bc = BaseController()
    model = SomeModel()
    bc.guard = Guard()
    bc.model = SomeModel
    ctx = Context()
    role = Role()
    role.grant('read', SomeModel)
    ctx.identity = Identity([role])
    bc.authorize(ctx, 'read', model)
Example #9
0
def test_empty_list_index_permission():
    with db(), fixtures(Products, fixture_loader=fixture_loader):
        ctx = Context()
        role = Role()
        role.grant(ControllerActions.index, Product)
        role.grant(ControllerActions.delete, Product)
        ctx.identity = Identity([role])
        c = ProductController()
        c.delete(1, ctx)

        compare(c.index(ctx), [])
Example #10
0
def test_model_guard_controller_index_wrong_model():
    class OtherModel(Model):
        pass

    role = Role()
    role.grant('read', OtherModel)
    identity = Identity([role])
    ctx = Context()
    ctx.identity = identity

    SomeModelGuardController().index(ctx)
Example #11
0
def test_ctx():
    ctx = Context()
    assert_is_none(ctx.not_existing)
    assert_is_none(ctx['not_existing'])
    assert_false('not_existing' in ctx)

    ctx.something = 'foo'

    assert_equal(ctx.something, 'foo')
    assert_equal(ctx.something, ctx['something'])
    assert_true('something' in ctx)

    ctx['something'] = 'bar'

    assert_equal(ctx.something, 'bar')
    assert_equal(ctx.something, ctx['something'])
    assert_true('something' in ctx)

    compare(list(ctx), ctx.__dict__.keys())
Example #12
0
def test_exclude_action_filter():

    dct = {
        'name': 'John',
        'full_name': 'John Doe',
        'secret': 123
    }

    role = Role()
    role.grant('read_secrets', 'user')

    valid_identity = Identity([role])
    invalid_identity = Identity([])

    ctx = Context()
    ctx.subject = 'user'
    ctx.identity = valid_identity

    result = ExcludeActionFilter(
        exclude=['secret'],
        action='read_secrets',
        guard=Guard()
    ).filter(dct, ctx)

    assert_true('secret' in result)
    assert_equal(result['secret'], 123)

    ctx.identity = invalid_identity

    result = ExcludeActionFilter(
        exclude=['secret'],
        action='read_secrets',
        guard=Guard()
    ).filter(dct, ctx)

    assert_false('secret' in result)