def test_permission_difference_denial():
p1 = Denial(('a', 'b'), ('a', 'c'))
p2 = Denial(('a', 'c'), ('d', 'e'))
p3 = p1.difference(p2)
assert p3.deny == set([('a', 'b')])
p4 = p2.difference(p1)
assert p4.deny == set([('d', 'e')])
def perm_edit_record(record):
if record.is_agg_final():
return Denial(need.everybody)
return Permission(
need.admin,
*get_roles_for_subject('reporter', record.subject) +
get_roles_for_subject('reviewer', record.subject))
def vote(self):
needs = [
UserNeed(User.query.get(user_id).username)
for user_id in self.votes
]
needs.append(UserNeed(self.author.username))
return auth & Denial(*needs)
def perm_delete_comment(comment):
if comment.cons_status not in EDITABLE_STATUS_LIST:
return Permission(need.impossible)
if comment.cons_status == APPROVED_STATUS:
return Denial(need.everybody)
elif comment.cons_user_id:
return Permission(need.admin, need.user_id(comment.cons_user_id))
else:
return Permission(need.admin)
def vote(self):
needs = [UserNeed(user_id) for user_id in self.obj.votes]
needs.append(UserNeed(self.obj.author_id))
return auth & Denial(*needs)
def test_permission_union_denial():
p1 = Permission(('a', 'b'))
p2 = Denial(('a', 'c'))
p3 = p1.union(p2)
assert p1.issubset(p3)
assert p2.issubset(p3)
# -*- coding: utf-8 -*-
from flask.ext.principal import RoleNeed, Permission, identity_loaded, Denial
user_permission = Permission(RoleNeed('user'))
org_permission = Permission(RoleNeed('org'))
anonymous_permission = Denial(RoleNeed('user'), RoleNeed('org'))
def config_identity(app):
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
if identity.id:
if u'o' in identity.id:
identity.provides.add(RoleNeed('org'))
elif u'u' in identity.id:
identity.provides.add(RoleNeed('user'))
