def test_authorized_scopes():
permissions = Permissions()
for scope in permissions.authorized_scopes:
permissions.grant(scope, 'persona', 'topic')
assert permissions.authorize(scope, 'persona', 'topic') is True
assert permissions.authorize('*unknown*', 'persona', 'topic') is False
assert permissions.authorize(scope, '*unknown*', 'topic') is False
assert permissions.authorize(scope, 'persona', '*unknown*') is False
def test_grant_and_authorize():
permissions = Permissions(authorized_scopes=['scope'])
assert permissions.count() == 0
assert permissions.authorize(
scope='scope', persona='persona', topic='topic') is False
permissions.grant(scope='scope', persona='persona', topic='topic')
assert permissions.count() == 1
assert permissions.authorize(
scope='scope', persona='persona', topic='topic') is True
assert permissions.authorize(
scope='*unknown*', persona='persona', topic='topic') is False
assert permissions.authorize(
scope='scope', persona='*unknown*', topic='topic') is False
assert permissions.authorize(
scope='scope', persona='persona', topic='*unknown*') is False
def test_grant_all():
scopes = ['alpha', 'beta', 'gamma']
items = [
dict(topic='with_list', personas=['a', 'b', 'c']),
dict(topic='with_item', persona='a'),
]
permissions = Permissions(authorized_scopes=scopes)
for scope in scopes: # nothing is authorized
assert permissions.authorize(scope, 'a', 'with_list') is False
assert permissions.authorize(scope, 'b', 'with_list') is False
assert permissions.authorize(scope, 'c', 'with_list') is False
assert permissions.authorize(scope, 'x', 'with_list') is False
assert permissions.authorize(scope, 'a', 'with_item') is False
assert permissions.authorize(scope, 'x', 'with_item') is False
for scope in scopes: # set permissions
permissions.grant_all(scope, items)
for scope in scopes: # some actions are authorized
assert permissions.authorize(scope, 'a', 'with_list') is True
assert permissions.authorize(scope, 'b', 'with_list') is True
assert permissions.authorize(scope, 'c', 'with_list') is True
assert permissions.authorize(scope, 'x', 'with_list') is False
assert permissions.authorize(scope, 'a', 'with_item') is True
assert permissions.authorize(scope, 'x', 'with_item') is False
with py_raises(ValueError) as error:
permissions.grant_all(scope='*alien*', items=items)
def test_load_file():
store = Permissions()
store.load(open('fixtures/permissions.yaml', 'r'))
assert store.authorize('access-content', 'x', 'universe') is False
assert store.authorize('access-content', 'x', 'community') is False
assert store.authorize('access-content', 'x', 'board') is False
assert store.authorize('access-content', 'leader', 'universe') is True
assert store.authorize('access-content', 'leader', 'community') is True
assert store.authorize('access-content', 'leader', 'board') is True
assert store.authorize('manage-content', 'member', 'universe') is False
assert store.authorize('manage-content', 'member', 'community') is False
assert store.authorize('manage-content', 'member', 'board') is False
assert store.authorize('manage-content', 'leader', 'universe') is True
assert store.authorize('manage-content', 'leader', 'community') is True
assert store.authorize('manage-content', 'leader', 'board') is True
assert store.authorize('manage-identities', 'leader', 'member') is False
assert store.authorize('manage-identities', 'leader', 'leader') is False
assert store.authorize('manage-identities', 'leader', 'support') is False
assert store.authorize('manage-identities', 'leader', 'robot') is False
assert store.authorize('manage-identities', 'support', 'member') is True
assert store.authorize('manage-identities', 'support', 'leader') is True
assert store.authorize('manage-identities', 'support', 'support') is False
assert store.authorize('manage-identities', 'support', 'robot') is True
assert store.authorize('manage-identities', 'leader',
'update-any-to-registered') is True
assert store.authorize('manage-identities', 'leader',
'update-any-to-leader') is True
assert store.authorize('manage-identities', 'leader',
'update-any-to-support') is False
assert store.authorize('manage-identities', 'leader',
'update-any- to-robot') is False
