def can(action, subject): current_user = _bouncer.get_current_user() ability = Ability(current_user) ability.authorization_method = _bouncer.get_authorization_method() ability.aliased_actions = _bouncer.alias_actions request._authorized = ability.can(action, subject) return request._authorized
def ensure(action, subject): current_user = current_app.bouncer.get_current_user() ability = Ability(current_user) ability.authorization_method = current_app.bouncer.get_authorization_method() ability.aliased_actions = current_app.bouncer.alias_actions if ability.cannot(action, subject): msg = "{} does not have {} access to {}".format(current_user, action, subject) raise Unauthorized(msg)
def ensure(action, subject): request._authorized = True current_user = _bouncer.get_current_user() ability = Ability(current_user) ability.authorization_method = _bouncer.get_authorization_method() ability.aliased_actions = _bouncer.alias_actions if ability.cannot(action, subject): msg = "{0} does not have {1} access to {2}".format(current_user, action, subject) raise Unauthorized(msg)
def ensure(action, subject): request._authorized = True current_user = _bouncer.get_current_user() ability = Ability(current_user) ability.authorization_method = _bouncer.get_authorization_method() ability.aliased_actions = _bouncer.alias_actions if ability.cannot(action, subject): msg = "{0} does not have {1} access to {2}".format( current_user, action, subject) raise Unauthorized(msg)
def test_finding_relivant_rules(): @authorization_method def authorize(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append(READ, ALL) def if_author(article): return article.author == user abilities.append(EDIT, Article, if_author) # Alternatively abilities.append(EDIT, BlogPost, author_id=user.id) abilities.append(READ, BlogPost, visible=True, active=True) authorization_target(User) # Test relevant_rules billy = User(name='billy', admin=True) ability = Ability(billy) relevant_rules = ability.relevant_rules_for_match(MANAGE, Article) assert len(relevant_rules) == 1 assert relevant_rules[0].actions == [MANAGE] assert relevant_rules[0].subjects == [ALL] sally = User(name='sally', admin=False) ability = Ability(sally) relevant_rules = ability.relevant_rules_for_match(MANAGE, Article) assert len(relevant_rules) == 0 relevant_rules = ability.relevant_rules_for_match(READ, Article) assert len(relevant_rules) == 1 assert relevant_rules[0].actions == [READ] assert relevant_rules[0].subjects == [ALL] article = Article(author=sally) relevant_rules = ability.relevant_rules_for_match(EDIT, article) assert relevant_rules[0].actions == [EDIT] assert relevant_rules[0].subjects == [Article]