def setUp(self): self.app = Flask('test') self.app.debug = True self.pundit = FlaskPundit(policies_path='tests.policies') self.pundit.init_app(self.app) self.client = self.app.test_client()
def setUp(self): self.pundit = FlaskPundit()
class TestUsage(TestCase): def setUp(self): self.app = Flask('test') self.app.debug = True self.pundit = FlaskPundit(policies_path='tests.policies') self.pundit.init_app(self.app) self.client = self.app.test_client() def test_authorize_with_record_for_admin(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 200) def test_authorize_with_record_for_admin_with_params(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post, thing_id=1) @self.app.route('/test_authorize_admin_get') def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 403) def test_authorize_with_record_for_staff(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_staff_get') def admin_get_post(): g.user = {'id': 2, 'role': 'staff'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_staff_get') eq_(resp.status_code, 403) def test_authorize_with_model_for_admin(self): def do_authorize_stuff(): return self.pundit.authorize(Post, action='create') @self.app.route('/test_authorize_admin_create') def admin_create_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_create') eq_(resp.status_code, 200) def test_authorize_with_policy_class_specified_for_admin(self): def do_authorize_stuff(): return self.pundit.authorize(Comment) @self.app.route('/test_authorize_admin_get_comment') def admin_get_comment(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get_comment') eq_(resp.status_code, 200) def test_verify_authorized_decorator_success(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') @verify_authorized def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 200) def test_verify_authorized_decorator_raises_exception(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') @verify_authorized def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} return 'Success', 200 assert_raises(RuntimeError, self.client.get, '/test_authorize_admin_get') def test_verify_authorized_decorator_ignores_raised_exception(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') @verify_authorized def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} raise BadRequest() is_authorized = do_authorize_stuff() if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 400) def test_policy_scoped_admin(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_admin') def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} scoped_posts = do_policy_scope_stuff() ok_(self.pundit._verify_policy_scoped()) return json.dumps({'posts': scoped_posts}) resp = self.client.get('/test_policy_scope_admin') eq_(resp.data.decode(), '{"posts": [1, 2]}') def test_policy_scoped_staff(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_staff') def admin_get_post(): g.user = {'id': 2, 'role': 'staff'} scoped_posts = do_policy_scope_stuff() ok_(self.pundit._verify_policy_scoped()) return json.dumps({'posts': scoped_posts}) resp = self.client.get('/test_policy_scope_staff') eq_(resp.data.decode(), '{"posts": [3, 4]}') def test_policy_scope_with_policy_class_specified_for_admin(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Comment) @self.app.route('/test_policy_scope_admin_get_comments') def admin_get_comments(): g.user = {'id': 1, 'role': 'admin'} scoped_comments = do_policy_scope_stuff() ok_(self.pundit._verify_policy_scoped()) return json.dumps({'comments': scoped_comments}) resp = self.client.get('/test_policy_scope_admin_get_comments') eq_(resp.data.decode(), '{"comments": ["Hello"]}') def test_verify_policy_scoped_decorator_success(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_admin') @verify_policy_scoped def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} scoped_posts = do_policy_scope_stuff() return json.dumps({'posts': scoped_posts}) resp = self.client.get('/test_policy_scope_admin') eq_(resp.data.decode(), '{"posts": [1, 2]}') def test_verify_policy_scoped_decorator_raises_exception(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_admin') @verify_policy_scoped def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} return json.dumps({'posts': []}) assert_raises(RuntimeError, self.client.get, '/test_policy_scope_admin')
class TestFlaskPundit(TestCase): def setUp(self): self.pundit = FlaskPundit() def get_flask_defaults(self): return {'g': {'user': '******'}, 'request.method': 'GET'} @patch('flask_pundit.flask') def test_authorize_with_record(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(get=lambda: True) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) ok_(self.pundit.authorize(Mock())) @patch('flask_pundit.flask') def test_authorize_with_record_and_action(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(index=lambda: False) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) ok_(not self.pundit.authorize(Mock(), 'index')) @patch('flask_pundit.flask') def test_authorize_with_record_and_action_and_user(self, flask): flask.configure_mock(**(self.get_flask_defaults())) user = {'id': 1, 'role': 'admin'} policy_class_instance = Mock(get=lambda: True) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) record = Mock() ok_(self.pundit.authorize(record, user=user)) ok_(policy_class_instance.called_once_with(record, user)) @patch('flask_pundit.flask') def test_authorize_raises_exception_missing_action(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(spec=['index']) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) record = Mock() assert_raises(AttributeError, self.pundit.authorize, record, 'update') @patch('flask_pundit.flask') def test_policy_scope_triggers_scope_action(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(scope=lambda: [1, 2, 3]) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) eq_(self.pundit.policy_scope(Mock()), [1, 2, 3]) def test_get_policy_clazz_raises_exception_record_none(self): assert_raises(RuntimeError, self.pundit._get_policy_clazz, None) def test_get_model_class_with_object(self): record_class = Mock(__name__='Record') record = Mock(__class__=record_class) eq_(self.pundit._get_model_class(record), record_class) def test_get_model_class_with_class(self): eq_(self.pundit._get_model_class(PostPolicy), PostPolicy) def test_get_model_class_with_child_class(self): class ChildPostPolicy(PostPolicy): pass eq_(self.pundit._get_model_class(ChildPostPolicy), ChildPostPolicy) def test_get_policy_clazz_from_model(self): self.pundit._get_model_class = Mock(return_value=Mock( __policy_class__=PostPolicy)) eq_(self.pundit._get_policy_clazz_from_model(Mock()), PostPolicy)
class TestFlaskPundit(TestCase): def setUp(self): self.pundit = FlaskPundit() def get_flask_defaults(self): return {'g': {'user': '******'}, 'request.method': 'GET'} @patch('flask_pundit.flask') def test_authorize_with_record(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(get=lambda: True) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) ok_(self.pundit.authorize(Mock())) @patch('flask_pundit.flask') def test_authorize_with_record_and_action(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(index=lambda: False) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) ok_(not self.pundit.authorize(Mock(), 'index')) @patch('flask_pundit.flask') def test_authorize_with_record_and_action_and_user(self, flask): flask.configure_mock(**(self.get_flask_defaults())) user = {'id': 1, 'role': 'admin'} policy_class_instance = Mock(get=lambda: True) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) record = Mock() ok_(self.pundit.authorize(record, user=user)) ok_(policy_class_instance.called_once_with(record, user)) @patch('flask_pundit.flask') def test_authorize_raises_exception_missing_action(self, flask): flask.configure_mock(**(self.get_flask_defaults())) policy_class_instance = Mock(spec=['index']) policy_class = Mock(return_value=policy_class_instance) self.pundit._get_policy_clazz = Mock(return_value=policy_class) record = Mock() assert_raises(AttributeError, self.pundit.authorize, record, 'update') @patch('flask_pundit.flask') def test_policy_scope_triggers_resolve_action(self, flask): flask.configure_mock(**(self.get_flask_defaults())) scope_class_instance = Mock(resolve=lambda: [1, 2, 3]) scope_class = Mock(return_value=scope_class_instance) policy_class = Mock(Scope=scope_class) self.pundit._get_policy_clazz = Mock(return_value=policy_class) eq_(self.pundit.policy_scope(Mock()), [1, 2, 3]) def test_get_policy_clazz_raises_exception_record_none(self): assert_raises(RuntimeError, self.pundit._get_policy_clazz, None) def test_get_model_class_with_object(self): record_class = Mock(__name__='Record') record = Mock(__class__=record_class) eq_(self.pundit._get_model_class(record), record_class) def test_get_model_class_with_class(self): eq_(self.pundit._get_model_class(PostPolicy), PostPolicy) def test_get_model_class_with_child_class(self): class ChildPostPolicy(PostPolicy): pass eq_(self.pundit._get_model_class(ChildPostPolicy), ChildPostPolicy) def test_get_policy_clazz_from_model(self): self.pundit._get_model_class = Mock( return_value=Mock(__policy_class__=PostPolicy)) eq_(self.pundit._get_policy_clazz_from_model(Mock()), PostPolicy)
class TestUsage(TestCase): def setUp(self): self.app = Flask('test') self.app.debug = True self.pundit = FlaskPundit(policies_path='tests.policies') self.pundit.init_app(self.app) self.client = self.app.test_client() def test_authorize_with_record_for_admin(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 200) def test_authorize_with_record_for_admin_with_params(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post, thing_id=1) @self.app.route('/test_authorize_admin_get') def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 403) def test_authorize_with_record_for_staff(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_staff_get') def admin_get_post(): g.user = {'id': 2, 'role': 'staff'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_staff_get') eq_(resp.status_code, 403) def test_authorize_with_model_for_admin(self): def do_authorize_stuff(): return self.pundit.authorize(Post, action='create') @self.app.route('/test_authorize_admin_create') def admin_create_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_create') eq_(resp.status_code, 200) def test_authorize_with_policy_class_specified_for_admin(self): def do_authorize_stuff(): return self.pundit.authorize(Comment) @self.app.route('/test_authorize_admin_get_comment') def admin_get_comment(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() ok_(self.pundit._verify_authorized()) if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get_comment') eq_(resp.status_code, 200) def test_verify_authorized_decorator_success(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') @verify_authorized def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} is_authorized = do_authorize_stuff() if is_authorized: return 'Success', 200 else: return 'Forbidden', 403 resp = self.client.get('/test_authorize_admin_get') eq_(resp.status_code, 200) def test_verify_authorized_decorator_raises_exception(self): def do_authorize_stuff(): post = Post(1) return self.pundit.authorize(post) @self.app.route('/test_authorize_admin_get') @verify_authorized def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} return 'Success', 200 assert_raises(RuntimeError, self.client.get, '/test_authorize_admin_get') def test_policy_scoped_admin(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_admin') def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} scoped_posts = do_policy_scope_stuff() ok_(self.pundit._verify_policy_scoped()) return json.dumps({'posts': scoped_posts}) resp = self.client.get('/test_policy_scope_admin') eq_(resp.data, '{"posts": [1, 2]}') def test_policy_scoped_staff(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_staff') def admin_get_post(): g.user = {'id': 2, 'role': 'staff'} scoped_posts = do_policy_scope_stuff() ok_(self.pundit._verify_policy_scoped()) return json.dumps({'posts': scoped_posts}) resp = self.client.get('/test_policy_scope_staff') eq_(resp.data, '{"posts": [3, 4]}') def test_policy_scope_with_policy_class_specified_for_admin(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Comment) @self.app.route('/test_policy_scope_admin_get_comments') def admin_get_comments(): g.user = {'id': 1, 'role': 'admin'} scoped_comments = do_policy_scope_stuff() ok_(self.pundit._verify_policy_scoped()) return json.dumps({'comments': scoped_comments}) resp = self.client.get('/test_policy_scope_admin_get_comments') eq_(resp.data, '{"comments": ["Hello"]}') def test_verify_policy_scoped_decorator_success(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_admin') @verify_policy_scoped def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} scoped_posts = do_policy_scope_stuff() return json.dumps({'posts': scoped_posts}) resp = self.client.get('/test_policy_scope_admin') eq_(resp.data, '{"posts": [1, 2]}') def test_verify_policy_scoped_decorator_raises_exception(self): def do_policy_scope_stuff(): return self.pundit.policy_scope(Post) @self.app.route('/test_policy_scope_admin') @verify_policy_scoped def admin_get_post(): g.user = {'id': 1, 'role': 'admin'} return json.dumps({'posts': []}) assert_raises(RuntimeError, self.client.get, '/test_policy_scope_admin')