def can(action, subject):
current_user = _bouncer.get_current_user()
ability = Ability(current_user)
ability.authorization_method = _bouncer.get_authorization_method()
ability.aliased_actions = _bouncer.alias_actions
request._authorized = ability.can(action, subject)
return request._authorized
def can(action, subject):
current_user = _bouncer.get_current_user()
ability = Ability(current_user)
ability.authorization_method = _bouncer.get_authorization_method()
ability.aliased_actions = _bouncer.alias_actions
request._authorized = ability.can(action, subject)
return request._authorized
def ensure(action, subject):
current_user = current_app.bouncer.get_current_user()
ability = Ability(current_user)
ability.authorization_method = current_app.bouncer.get_authorization_method()
ability.aliased_actions = current_app.bouncer.alias_actions
if ability.cannot(action, subject):
msg = "{} does not have {} access to {}".format(current_user, action, subject)
raise Unauthorized(msg)
def ensure(action, subject):
request._authorized = True
current_user = _bouncer.get_current_user()
ability = Ability(current_user)
ability.authorization_method = _bouncer.get_authorization_method()
ability.aliased_actions = _bouncer.alias_actions
if ability.cannot(action, subject):
msg = "{0} does not have {1} access to {2}".format(current_user, action, subject)
raise Unauthorized(msg)
def ensure(action, subject):
request._authorized = True
current_user = _bouncer.get_current_user()
ability = Ability(current_user)
ability.authorization_method = _bouncer.get_authorization_method()
ability.aliased_actions = _bouncer.alias_actions
if ability.cannot(action, subject):
msg = "{0} does not have {1} access to {2}".format(
current_user, action, subject)
raise Unauthorized(msg)
def test_finding_relivant_rules():
@authorization_method
def authorize(user, abilities):
if user.is_admin:
# self.can_manage(ALL)
abilities.append(MANAGE, ALL)
else:
abilities.append(READ, ALL)
def if_author(article):
return article.author == user
abilities.append(EDIT, Article, if_author)
# Alternatively
abilities.append(EDIT, BlogPost, author_id=user.id)
abilities.append(READ, BlogPost, visible=True, active=True)
authorization_target(User)
# Test relevant_rules
billy = User(name='billy', admin=True)
ability = Ability(billy)
relevant_rules = ability.relevant_rules_for_match(MANAGE, Article)
assert len(relevant_rules) == 1
assert relevant_rules[0].actions == [MANAGE]
assert relevant_rules[0].subjects == [ALL]
sally = User(name='sally', admin=False)
ability = Ability(sally)
relevant_rules = ability.relevant_rules_for_match(MANAGE, Article)
assert len(relevant_rules) == 0
relevant_rules = ability.relevant_rules_for_match(READ, Article)
assert len(relevant_rules) == 1
assert relevant_rules[0].actions == [READ]
assert relevant_rules[0].subjects == [ALL]
article = Article(author=sally)
relevant_rules = ability.relevant_rules_for_match(EDIT, article)
assert relevant_rules[0].actions == [EDIT]
assert relevant_rules[0].subjects == [Article]
