def test_overwritten_get(): app = Flask("overwritten") bouncer = Bouncer(app) OverwrittenView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(OverwrittenView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True) nancy = User(name='nancy', admin=False) # admins should be able to view with user_set(app, jonathan): resp = client.get("/overwritten/1234") eq_(b"Get 1234", resp.data) # Non admins not be able to do this with user_set(app, nancy): resp = client.get("/overwritten/1234") eq_(resp.status_code, 401)
def test_overwritten_get(): app = Flask("overwritten") bouncer = Bouncer(app) OverwrittenView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(OverwrittenView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True) nancy = User(name='nancy', admin=False) # admins should be able to view with user_set(app, jonathan): resp = client.get("/overwritten/1234") eq_(b"Get 1234", resp.data) # Non admins not be able to do this with user_set(app, nancy): resp = client.get("/overwritten/1234") eq_(resp.status_code, 401)
from flask import Flask, url_for from flask_bouncer import Bouncer, bounce from test_flask_bouncer.models import Article, User from test_flask_bouncer.helpers import user_set from bouncer.constants import * from .view_classes import ArticleView, OverwrittenView from nose.tools import * app = Flask("classy") bouncer = Bouncer(app) ArticleView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(ArticleView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True) nancy = User(name='nancy', admin=False)
from flask import Flask, url_for from flask_bouncer import Bouncer, bounce from test_flask_bouncer.models import Article, User from test_flask_bouncer.helpers import user_set from bouncer.constants import * from .view_classes import ArticleView, OverwrittenView from nose.tools import * app = Flask("classy") bouncer = Bouncer(app) ArticleView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(ArticleView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True)