コード例 #1
0
ファイル: test_policy.py プロジェクト: yayanheeh/api 
def test_policy_should_grant_update_for_specified_fields():
    account = mock.Mock()
    entity = mock.Mock()
    fields = Fields('one', 'two', 'six')
    grant = Grant(account, Update, entity, fields)
    rule = mock.MagicMock(return_value=grant)
    entity.__acl__ = (rule,)
    fields = ('one', 'two', 'six')
    policy = Policy(None, None)
    policy.grant_update(account, entity, fields)
    assert rule.call_args[0][:-1] == (account, Update, entity)
    assert rule.call_args[0][-1] in Fields(*fields)
コード例 #2
0
ファイル: test_policy.py プロジェクト: yayanheeh/api 
def test_policy_should_grant_query_for_specified_fields(db):
    account = mock.Mock()
    fields = Fields('one', 'two', 'six')
    grant = Grant(account, Query, MyModel, fields)
    rule = mock.MagicMock(return_value=grant)
    MyModel.__acl__ = (rule,)
    kw = {'one': 1, 'two': 2, 'six': 6}
    policy = Policy(db, None)
    policy.grant_query(account, MyModel, kw)
    c_principal, c_action, c_target, c_fields = rule.call_args[0]
    assert c_principal == account
    assert c_action == Query
    assert isinstance(c_target, MyModel)
    assert c_fields in Fields(*fields)
コード例 #3
0
ファイル: policy.py プロジェクト: ynplayer/api 
 def grant(account, action, target, fields):
     if fields is not Available and not isinstance(fields, Fields):
         fields = Fields(*fields)
     for rule in target.__acl__:
         grant = rule(account, action, target, fields)
         if grant:
             return grant
     raise PolicyViolation(404, 'no grant issued')
コード例 #4
0
ファイル: test_policy.py プロジェクト: yayanheeh/api 
def test_policy_grant_should_invoke_rules():
    account = mock.Mock()
    action = mock.Mock(__call__=lambda s, _: s)
    target = mock.Mock(__call__=lambda s, _: s)
    fields = Fields('one', 'two', 'three')
    r1 = mock.MagicMock(return_value=None)
    r2 = mock.MagicMock(side_effect=PolicyViolation)
    target.__acl__ = (r1, r2)
    with pytest.raises(PolicyViolation):
        Policy.grant(account, action, target, fields)
    r1.assert_called_once_with(account, action, target, fields)
    r2.assert_called_once_with(account, action, target, fields)
コード例 #5
0
def test_allow_should_return_grant_if_rule_matches_else_none():
    yay = ArgMocker(True)
    nay = ArgMocker(False)
    rule = Allow(yay, yay, yay)
    account = mock.Mock()
    action = mock.MagicMock()
    target = mock.MagicMock()
    fields = Fields('one', 'four', 'eight')
    grant = rule(account, action, target, fields)
    assert grant.principal is account
    assert grant.action is action
    assert grant.target is target
    assert grant.fields is fields

    arg_list = list(itertools.product([yay, nay], repeat=3))
    arg_list.remove((yay, yay, yay))
    for args in arg_list:
        rule = Allow(*args)
        assert not rule(
            mock.Mock(), mock.MagicMock(), mock.MagicMock, mock.MagicMock())