def init(cls): cls.admin = user.UserModel(username="******", email="*****@*****.**").put(force_validation=False) cls.admin_role = rbac.default_role("admin") rbac.add_role(cls.admin, cls.admin_role) rbac.register_permission("troll", "Trolling") rbac.register_permission("joke", "Make joke") rbac.register_permission("spam", "Spamming") rbac.allow(cls.admin_role, "joke")
def test_everything(self): parent_role_key = rbac.register_role("Employee") role_key = rbac.register_role("Boss", [parent_role_key]) rbac.add_role(self.user_key, role_key) self.assertEqual(rbac.get_roles(self.user_key), [role_key]) rbac.register_permission("access_acp", "Access the Admin CP") rbac.register_permission("another_perm", "An abitrary permission") rbac.allow(role_key, "access_acp") self.assertEqual(rbac.check_permission_role(role_key, "access_acp"), True) self.assertEqual(rbac.check_permission_role(role_key, "another_perm"), False) self.assertEqual(rbac.check_permission(self.user_key, "access_acp"), True) self.assertEqual(rbac.check_permission(self.user_key, "another_perm"), False) self.assertRaises(Exception, rbac.check_permission, self.user_key, "__DF_incorrect_perm___") #Now check the check_permission of multiple perms rbac.register_permission("troll", "Troll") rbac.allow(role_key, "troll") self.assertEqual(rbac.check_permission(self.user_key, ["troll", "access_acp"]), True) self.assertEqual(rbac.check_permission(self.user_key, ["access_acp", "another_perm"]), False) #Now test inheritance rbac.allow(parent_role_key, "another_perm") self.assertEqual(rbac.check_permission(self.user_key, "another_perm"), True) #Test the special Super Admin role super_admin = rbac.default_role("super_admin") self.assertEqual(super_admin.id(), "super_admin") new_user = user.UserModel(username="******", email="*****@*****.**")._put() rbac.add_role(new_user, super_admin) self.assertEqual(rbac.check_permission(self.user_key, "access_acp"), True) self.assertEqual(rbac.check_permission(new_user, "another_perm"), True)
def _check_permission(self): rbac.allow(Data.admin_role, "troll") #return self.rbac_check_permission(Data.admin, ["joke", "troll"]) return rbac.check_permission(Data.admin, "joke")