def test_user_has_resource_api_permission(self):
resolver = RulePermissionsResolver()
# Admin user, should always return true
user_db = self.users['admin']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Observer, should return false
user_db = self.users['observer']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertFalse(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# No roles, should return false
user_db = self.users['no_roles']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertFalse(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with no permission grants, should return false
user_db = self.users['1_custom_role_no_permissions']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertFalse(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_create" grant on parent pack
user_db = self.users['rule_pack_rule_create_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_all" grant on the parent pack
user_db = self.users['rule_pack_rule_all_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_create" grant directly on the resource
user_db = self.users['rule_rule_create_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_all" grant directly on the resource
user_db = self.users['rule_rule_all_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(
resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
def test_user_has_resource_api_permission(self):
resolver = RulePermissionsResolver()
# Admin user, should always return true
user_db = self.users['admin']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Observer, should return false
user_db = self.users['observer']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertFalse(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# No roles, should return false
user_db = self.users['no_roles']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertFalse(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with no permission grants, should return false
user_db = self.users['1_custom_role_no_permissions']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertFalse(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_create" grant on parent pack
user_db = self.users['rule_pack_rule_create_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_all" grant on the parent pack
user_db = self.users['rule_pack_rule_all_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_create" grant directly on the resource
user_db = self.users['rule_rule_create_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
# Custom role with "rule_all" grant directly on the resource
user_db = self.users['rule_rule_all_grant']
resource_db = self.resources['rule_1']
resource_api = RuleAPI.from_model(resource_db)
self.assertTrue(resolver.user_has_resource_api_permission(
user_db=user_db,
resource_api=resource_api,
permission_type=PermissionType.RULE_CREATE))
