def test_overwritten_get(): app = Flask("overwritten") bouncer = Bouncer(app) OverwrittenView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(OverwrittenView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True) nancy = User(name='nancy', admin=False) # admins should be able to view with user_set(app, jonathan): resp = client.get("/overwritten/1234") eq_(b"Get 1234", resp.data) # Non admins not be able to do this with user_set(app, nancy): resp = client.get("/overwritten/1234") eq_(resp.status_code, 401)
def test_lock_it_down_raise_exception(): app = Flask("test_lock_it_down_raise_exception") app.debug = True bouncer = Bouncer(app, ensure_authorization=True) @bouncer.authorization_method def define_authorization(user, they): they.can('browse', Article) # Non decorated route -- should raise an Unauthorized @app.route("/articles") def articles_index(): return "A bunch of articles" client = app.test_client() jonathan = User(name='jonathan', admin=False) with user_set(app, jonathan): resp = client.get('/articles')
def test_non_standard_names(): app = Flask("advanced") app.debug = True bouncer = Bouncer(app) @bouncer.authorization_method def define_authorization(user, they): they.can('browse', Article) @app.route("/articles") @requires('browse', Article) def articles_index(): return "A bunch of articles" client = app.test_client() jonathan = User(name='jonathan', admin=False) with user_set(app, jonathan): resp = client.get('/articles') eq_(b"A bunch of articles", resp.data)
def test_ensure_and_requires_while_locked_down(): app = Flask("test_ensure_and_requires_while_locked_down") app.debug = True bouncer = Bouncer(app, ensure_authorization=True) @bouncer.authorization_method def define_authorization(user, they): they.can(READ, Article) they.can(EDIT, Article, author_id=user.id) @app.route("/articles") @requires(READ, Article) def articles_index(): return "A bunch of articles" @app.route("/article/<int:post_id>", methods=['POST']) def edit_post(post_id): # Find an article form a db -- faking for testing jonathan = User(name='jonathan', admin=False, id=1) article = Article(author_id=jonathan.id) # bounce them out if they do not have access ensure(EDIT, article) # edit the post return "successfully edited post" client = app.test_client() jonathan = User(name='jonathan', admin=False, id=1) with user_set(app, jonathan): resp = client.get('/articles') eq_(b"A bunch of articles", resp.data) resp = client.post('/article/1') eq_(b"successfully edited post", resp.data)
def test_blueprints(): app = Flask("blueprints") app.debug = True bouncer = Bouncer(app) @bouncer.authorization_method def define_authorization(user, they): they.can('browse', Article) bp = Blueprint('bptest', 'bptest') @bp.route("/articles") @requires('browse', Article) def articles_index(): return "A bunch of articles" app.register_blueprint(bp) client = app.test_client() jonathan = User(name='jonathan', admin=False) with user_set(app, jonathan): resp = client.get('/articles') eq_(b"A bunch of articles", resp.data)
from celery import Celery from flask_mail import Mail import string import random from flask_login import LoginManager, user_logged_in from flask_sqlalchemy import SQLAlchemy from .configuration import config from .impersonation import Impersonation # initialize database db = SQLAlchemy(session_options={'expire_on_commit': False}) # initialize Flask-Bouncer bouncer = Bouncer() # initialize Flask-Login login_manager = LoginManager() # initialize impersonation impersonation = Impersonation() # initialize celery celery = Celery( backend=config.get("CELERY_RESULT_BACKEND"), broker=config.get("CELERY_BROKER_URL"), result_expires=(30 * 60), # 30 minutes ) # initialize Flask-Mail
def test_base_registration(): app = Flask(__name__) bouncer = Bouncer(app) eq_(bouncer.get_app(), app)
def test_delayed_init(): app = Flask(__name__) bouncer = Bouncer() bouncer.init_app(app) eq_(bouncer.get_app(), app)
from flask import Flask , render_template , request, redirect, url_for from flask_bouncer import requires, ensure, Bouncer import csv # from repos.api import get_user # from repos.exceptions import GitHubApiException app = Flask(__name__) bouncer = Bouncer(app) selected_users = ['aaman123'] @bouncer.authorization_method def define_authorization(user, they): if user.is_admin: they.can(MANAGE, ALL) else: they.can(login, ('Article', 'BlogPost')) @app.route("/" , methods = ['GET', 'POST']) def index(): return render_template("register.html") @app.route("/login" , methods = ['GET', 'POST']) def login(): return render_template("login.html")
from flask import Flask, url_for from flask_bouncer import Bouncer, bounce from test_flask_bouncer.models import Article, User from test_flask_bouncer.helpers import user_set from bouncer.constants import * from .view_classes import ArticleView, OverwrittenView from nose.tools import * app = Flask("classy") bouncer = Bouncer(app) ArticleView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(ArticleView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True) nancy = User(name='nancy', admin=False)
from flask import Flask, url_for from flask_bouncer import Bouncer, bounce from test_flask_bouncer.models import Article, User from test_flask_bouncer.helpers import user_set from bouncer.constants import * from .view_classes import ArticleView, OverwrittenView from nose.tools import * app = Flask("classy") bouncer = Bouncer(app) ArticleView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(ArticleView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True)