if i[1] == SQL_OP.EQ and i[2] == user.id.hex():
query.select.add('email')
inactive_user.add_query_condition('user', func=func)
normal_user.add_query_condition('user', func=func)
def check_is_user(ability, user, action, record: DataRecord, available_columns: list):
if user:
if record.get('id') != user.id:
available_columns.clear()
return True
normal_user.add_record_check((A.WRITE,), 'user', func=check_is_user)
# upload
def func(ability, user, query: 'SQLQueryInfo'):
query.add_condition('user_id', '==', user.id)
normal_user.add_query_condition('upload', func=func)
# topic
visitor.add_query_condition('topic', [
('state', '>', POST_VISIBLE.HIDE),
('state', '<', POST_VISIBLE.USER_ONLY),
])
def rule1_func1(ability, user, action, available_columns: Set):
available_columns.update(['a', 'b', 'c'])
def rule1_func2(ability, user, action, record: DataRecord,
available_columns: Set):
pass
def rule1_func3(ability, user, action, record: DataRecord,
available_columns: Set):
available_columns.clear()
ab.add_common_check([A.CREATE, A.READ], 'rule_test1', func=rule1_func1)
ab.add_record_check([A.WRITE], 'rule_test1', func=rule1_func2)
ab.add_record_check([A.DELETE], 'rule_test1', func=rule1_func3)
def rule2_func1(ability, user, action, available_columns: Set):
available_columns.update(['a', 'b'])
ab.add_common_check([A.CREATE, A.READ], 'rule_test2', func=rule2_func1)
def test_no_wildcard():
for t in ['user', 'account']:
for c in ['username', 'nickname', 'password']:
for i in ['query', 'read']:
assert ab.can_with_columns(None, i, t, [c])