def test_undefined(acl):
# test denied undefined rule
roles = ['user', 'actived_user', 'writer', 'manager', 'editor']
for resource in ['comment', 'post', 'news', 'infor', 'event']:
for role in roles:
assert not acl.is_allowed(role, 'x', resource)
assert not acl.is_allowed(role, '', resource)
assert not acl.is_allowed(role, None, resource)
assert not acl.is_any_allowed(roles, 'x', resource)
assert not acl.is_any_allowed(roles, '', resource)
assert not acl.is_any_allowed(roles, None, resource)
# test `None` defined rule
for resource in ['comment', 'post', 'news', 'infor', 'event', None]:
for op in ['undefined', 'x', '', None]:
assert acl.is_allowed('super', op, resource)
def test_undefined(acl):
# test denied undefined rule
roles = ['user', 'actived_user', 'writer', 'manager', 'editor']
for resource in ['comment', 'post', 'news', 'infor', 'event']:
for role in roles:
assert not acl.is_allowed(role, 'x', resource)
assert not acl.is_allowed(role, '', resource)
assert not acl.is_allowed(role, None, resource)
assert not acl.is_any_allowed(roles, 'x', resource)
assert not acl.is_any_allowed(roles, '', resource)
assert not acl.is_any_allowed(roles, None, resource)
# test `None` defined rule
for resource in ['comment', 'post', 'news', 'infor', 'event', None]:
for op in ['undefined', 'x', '', None]:
assert acl.is_allowed('super', op, resource)
def test_deny(acl):
# add allowed rule and denied rule
acl.allow('actived_user', 'new', 'comment')
acl.deny('manager', 'new', 'comment')
# test allowed rules
roles = ['actived_user', 'writer']
for role in roles:
assert acl.is_allowed(role, 'new', 'comment')
assert acl.is_any_allowed(roles, 'new', 'comment')
# test denied rules
roles = ['manager', 'editor']
for role in roles:
assert not acl.is_allowed(role, 'new', 'comment')
assert not acl.is_any_allowed(roles, 'new', 'comment')
def test_deny(acl):
# add allowed rule and denied rule
acl.allow('actived_user', 'new', 'comment')
acl.deny('manager', 'new', 'comment')
# test allowed rules
roles = ['actived_user', 'writer']
for role in roles:
assert acl.is_allowed(role, 'new', 'comment')
assert acl.is_any_allowed(roles, 'new', 'comment')
# test denied rules
roles = ['manager', 'editor']
for role in roles:
assert not acl.is_allowed(role, 'new', 'comment')
assert not acl.is_any_allowed(roles, 'new', 'comment')
def test_allow(acl):
# add allowed rules
acl.allow('actived_user', 'view', 'news')
acl.allow('writer', 'new', 'news')
# test 'view' operation
roles = ['actived_user', 'writer', 'manager', 'editor']
for role in roles:
for resource in ['news', 'event']:
assert acl.is_allowed(role, 'view', resource)
for resource in ['post', 'infor']:
assert not acl.is_allowed(role, 'view', resource)
for resource in ['news', 'event']:
assert acl.is_any_allowed(roles, 'view', resource)
for resource in ['post', 'infor']:
assert not acl.is_any_allowed(roles, 'view', resource)
for resource in ['post', 'news', 'infor', 'event']:
assert not acl.is_allowed('user', 'view', resource)
assert acl.is_allowed('super', 'view', resource)
assert acl.is_allowed('super', 'new', resource)
assert acl.is_any_allowed(['user', 'super'], 'view', resource)
# test 'new' operation
roles = ['writer', 'editor']
for role in roles:
for resource in ['news', 'event']:
assert acl.is_allowed(role, 'new', resource)
for resource in ['post', 'infor']:
assert not acl.is_allowed(role, 'new', resource)
for resource in ['news', 'event']:
assert acl.is_any_allowed(roles, 'new', resource)
for resource in ['post', 'infor']:
assert not acl.is_any_allowed(roles, 'new', resource)
roles = ['user', 'manager']
for role in roles:
for resource in ['news', 'event', 'post', 'infor']:
assert not acl.is_allowed(role, 'new', resource)
for resource in ['news', 'event', 'post', 'infor']:
assert not acl.is_any_allowed(roles, 'new', resource)
def test_allow(acl):
# add allowed rules
acl.allow('actived_user', 'view', 'news')
acl.allow('writer', 'new', 'news')
# test 'view' operation
roles = ['actived_user', 'writer', 'manager', 'editor']
for role in roles:
for resource in ['news', 'event']:
assert acl.is_allowed(role, 'view', resource)
for resource in ['post', 'infor']:
assert not acl.is_allowed(role, 'view', resource)
for resource in ['news', 'event']:
assert acl.is_any_allowed(roles, 'view', resource)
for resource in ['post', 'infor']:
assert not acl.is_any_allowed(roles, 'view', resource)
for resource in ['post', 'news', 'infor', 'event']:
assert not acl.is_allowed('user', 'view', resource)
assert acl.is_allowed('super', 'view', resource)
assert acl.is_allowed('super', 'new', resource)
assert acl.is_any_allowed(['user', 'super'], 'view', resource)
# test 'new' operation
roles = ['writer', 'editor']
for role in roles:
for resource in ['news', 'event']:
assert acl.is_allowed(role, 'new', resource)
for resource in ['post', 'infor']:
assert not acl.is_allowed(role, 'new', resource)
for resource in ['news', 'event']:
assert acl.is_any_allowed(roles, 'new', resource)
for resource in ['post', 'infor']:
assert not acl.is_any_allowed(roles, 'new', resource)
roles = ['user', 'manager']
for role in roles:
for resource in ['news', 'event', 'post', 'infor']:
assert not acl.is_allowed(role, 'new', resource)
for resource in ['news', 'event', 'post', 'infor']:
assert not acl.is_any_allowed(roles, 'new', resource)