Esempio n. 1
0
def test_dictionary_defination_usage():

    @authorization_method
    def authorize(user, abilities):

        if user.is_admin:
            # self.can_manage(ALL)
            abilities.append(MANAGE, ALL)
        else:
            abilities.append(READ, ALL)
            abilities.append(EDIT, Article, author=user)

    authorization_target(User)

    sally = User(name='sally', admin=False)
    billy = User(name='billy', admin=True)

    article = Article(author=sally)

    # check abilities
    assert sally.can(EDIT, article)

    billys_article = Article(author=billy)

    assert sally.cannot(EDIT, billys_article)
    assert billy.can(EDIT, billys_article)
Esempio n. 2
0
def test_using_class_strings():

    @authorization_method
    def authorize(user, they):
        they.can(EDIT, 'Article')

    authorization_target(User)

    sally = User(name='sally', admin=False)

    article = Article(author=sally)

    # Can edit articles in general
    assert sally.can(EDIT, Article)

    # Can edit specific article
    assert sally.can(EDIT, article)
Esempio n. 3
0
def test_finding_relivant_rules():

    @authorization_method
    def authorize(user, abilities):

        if user.is_admin:
            # self.can_manage(ALL)
            abilities.append(MANAGE, ALL)
        else:
            abilities.append(READ, ALL)

            def if_author(article):
                return article.author == user

            abilities.append(EDIT, Article, if_author)

            # Alternatively

            abilities.append(EDIT, BlogPost, author_id=user.id)
            abilities.append(READ, BlogPost, visible=True, active=True)

    authorization_target(User)

    # Test relevant_rules
    billy = User(name='billy', admin=True)

    ability = Ability(billy)
    relevant_rules = ability.relevant_rules_for_match(MANAGE, Article)
    assert len(relevant_rules) == 1
    assert relevant_rules[0].actions == [MANAGE]
    assert relevant_rules[0].subjects == [ALL]

    sally = User(name='sally', admin=False)
    ability = Ability(sally)
    relevant_rules = ability.relevant_rules_for_match(MANAGE, Article)
    assert len(relevant_rules) == 0

    relevant_rules = ability.relevant_rules_for_match(READ, Article)
    assert len(relevant_rules) == 1
    assert relevant_rules[0].actions == [READ]
    assert relevant_rules[0].subjects == [ALL]

    article = Article(author=sally)
    relevant_rules = ability.relevant_rules_for_match(EDIT, article)
    assert relevant_rules[0].actions == [EDIT]
    assert relevant_rules[0].subjects == [Article]
Esempio n. 4
0
def test_cannot_override():

    @authorization_method
    def authorize(user, they):
        they.can(MANAGE, ALL)
        they.cannot(DELETE, Article)

    authorization_target(User)

    sally = User(name='sally', admin=False)

    # test checks againsts a articles in general
    assert sally.can(READ, Article)
    assert sally.cannot(DELETE, Article)

    article = Article(author=sally)

    # test checks againsts a specific article
    assert sally.can(READ, article)
    assert sally.cannot(DELETE, article)