def test_permission_factory(app, db, action, permission_factory): """Test revisions.""" InvenioAccess(app) rec_uuid = uuid.uuid4() with db.session.begin_nested(): user_all = User(email='*****@*****.**') user_one = User(email='*****@*****.**') user_none = User(email='*****@*****.**') db.session.add(user_all) db.session.add(user_one) db.session.add(user_none) db.session.add(ActionUsers(action=action, user=user_all, argument=None)) db.session.add( ActionUsers(action=action, user=user_one, argument=str(rec_uuid))) record = Record.create({'title': 'permission test'}, id_=rec_uuid) # Create a record and assign permissions. permission = permission_factory(record) # Assert which permissions has access. assert permission.allows(FakeIdentity(UserNeed(user_all.id))) assert permission.allows(FakeIdentity(UserNeed(user_one.id))) assert not permission.allows(FakeIdentity(UserNeed(user_none.id)))
def test_invenio_access_permission_cache_redis(app): """Caching the user using redis.""" cache = RedisCache() InvenioAccess(app, cache=cache) with app.test_request_context(): user_can_all = User(email='*****@*****.**') user_can_open = User(email='*****@*****.**') db.session.add(user_can_all) db.session.add(user_can_open) db.session.add(ActionUsers(action='open', user=user_can_all)) db.session.flush() identity_open = FakeIdentity(UserNeed(user_can_open.id)) permission_open = DynamicPermission(ActionNeed('open')) assert not permission_open.allows(identity_open) assert current_access.get_action_cache('open') == (set( [Need(method='id', value=1)]), set([])) db.session.add(ActionUsers(action='open', user=user_can_open)) db.session.flush() permission_open = DynamicPermission(ActionNeed('open')) assert permission_open.allows(identity_open) assert current_access.get_action_cache('open') == (set( [Need(method='id', value=1), Need(method='id', value=2)]), set([]))
def test_invenio_access_permission_for_users(app): """User can access to an action allowed/denied to the user""" InvenioAccess(app) with app.test_request_context(): db.session.begin(nested=True) user_can_all = User(email='*****@*****.**') user_can_read = User(email='*****@*****.**') user_can_open = User(email='*****@*****.**') db.session.add(user_can_all) db.session.add(user_can_read) db.session.add(user_can_open) db.session.add(ActionUsers(action='open', user=user_can_all)) db.session.add(ActionUsers(action='open', user=user_can_open)) db.session.add(ActionUsers(action='read', user=user_can_all)) db.session.add(ActionUsers(action='read', user=user_can_read)) db.session.commit() permission_open = DynamicPermission(ActionNeed('open')) permission_read = DynamicPermission(ActionNeed('read')) identity_all = FakeIdentity(UserNeed(user_can_all.id)) identity_read = FakeIdentity(UserNeed(user_can_read.id)) identity_open = FakeIdentity(UserNeed(user_can_open.id)) assert permission_open.allows(identity_all) assert permission_read.allows(identity_all) assert permission_open.allows(identity_open) assert not permission_read.allows(identity_open) assert not permission_open.allows(identity_read) assert permission_read.allows(identity_read)
def base_app(): """Flask application fixture.""" app_ = Flask('testapp') app_.config.update( TESTING=True, JSON_AS_ASCII=True, SQLALCHEMY_TRACK_MODIFICATIONS=True, SQLALCHEMY_DATABASE_URI=os.environ.get( 'SQLALCHEMY_DATABASE_URI', 'sqlite:///:memory:'), SERVER_NAME='localhost', SECURITY_PASSWORD_SALT='TEST_SECURITY_PASSWORD_SALT', SECRET_KEY='TEST_SECRET_KEY', FILES_REST_MULTIPART_CHUNKSIZE_MIN=2, FILES_REST_MULTIPART_CHUNKSIZE_MAX=20, FILES_REST_MULTIPART_MAX_PARTS=100, FILES_REST_TASK_WAIT_INTERVAL=0.1, FILES_REST_TASK_WAIT_MAX_SECONDS=1, ) app.test_client_class = JsonClient InvenioDB(app_) InvenioAccounts(app_) InvenioAccess(app_) InvenioJSONSchemas(app_) return app_
def app(): """Create fixture app.""" # Set temporary instance path for sqlite instance_path = tempfile.mkdtemp() _app = Flask('testapp', instance_path=instance_path) InvenioAccess(_app) InvenioAccounts(_app) InvenioDB(_app) InvenioUserProfiles(_app) InvenioRecords(_app) InvenioFilesREST(_app) # UserProfile(_app) _app.config.update( SQLALCHEMY_DATABASE_URI=os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite:///test.db'), TESTING=True, SECRET_KEY='test', ) with _app.app_context(): yield _app # Teardown instance path. shutil.rmtree(instance_path)
def test_init_app(base_app): """Test extension initialization.""" app = base_app ext = InvenioAccess() assert 'invenio-access' not in app.extensions ext.init_app(app) assert 'invenio-access' in app.extensions
def test_load_permissions_on_request_loaded(app): """Checks that the needs are loaded during request in the user Identity.""" InvenioAccess(app) with app.test_request_context(): with app.test_client() as client: client.get('/') assert g.identity.provides == {any_user}
def test_load_permissions_on_identity_loaded(app): """Check that the needs are loaded properly in the user Identity.""" InvenioAccess(app) with app.test_request_context(): identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) assert g.identity.provides == {any_user} with app.test_request_context(): user = testutils.create_test_user('*****@*****.**') login_user(user) assert g.identity.provides == { any_user, authenticated_user, UserNeed(user.id) } logout_user() # FIXME: The user is still authenticatd when the identity loader # is called during logout. We could filter on AnonymousIdentity, but # This would be inconsistent as the UserNeed(user.id) is still there. # This will pass even if it is unexpected: # assert g.identity.provides == { # any_user, authenticated_user, UserNeed(user.id) # } # Forcing the identity to reload again cleans the mess. In practice # this won't be needed as the identity is reloaded between requests. identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) assert g.identity.provides == {any_user}
def test_dynamic_permission_needs_cache_invalidation(app): """Testing DynamicPermission refreshes needs. This is important when protecting a view with @permission.require(http_exception=403) If cache does not get invalidated, the needs will only be refreshed when the Python process restarts. """ cache = SimpleCache() InvenioAccess(app, cache=cache) with app.test_request_context(): user_can_all = User(email='*****@*****.**') user_can_open = User(email='*****@*****.**') db.session.add(user_can_all) db.session.add(user_can_open) db.session.add(ActionUsers(action='open', user=user_can_all)) db.session.flush() permission_open = DynamicPermission(ActionNeed('open')) assert permission_open.needs == set([Need(method='id', value=1)]) db.session.add(ActionUsers(action='open', user=user_can_open)) db.session.flush() assert permission_open.needs == set( [Need(method='id', value=1), Need(method='id', value=2)] )
def test_actions_entrypoint(): """Test if the entrypoint is registering actions properly.""" app = Flask('testapp') ext = InvenioAccess(app) assert len(ext.actions) == 2 assert ActionNeed('open') in ext.actions.values() assert ActionNeed('close') in ext.actions.values()
def test_invenio_access_permission_for_system_roles(app): """User can access to an action allowed/denied to their system roles.""" InvenioAccess(app) with app.test_request_context(): db.session.begin(nested=True) user = User(email='*****@*****.**') db.session.add(user) db.session.add(ActionSystemRoles.allow( action=ActionNeed('open'), role=authenticated_user)) db.session.add(ActionSystemRoles.allow( action=ActionNeed('write'), role_name='any_user')) db.session.commit() permission_open = DynamicPermission(ActionNeed('open')) permission_write = DynamicPermission(ActionNeed('write')) identity_anon_user = FakeIdentity(any_user) identity_auth_user = FakeIdentity(authenticated_user, any_user) assert not permission_open.allows(identity_anon_user) assert permission_open.allows(identity_auth_user) assert permission_write.allows(identity_anon_user) assert permission_write.allows(identity_auth_user)
def base_app(): """Flask application fixture.""" app_ = Flask('testapp') app_.config.update( TESTING=True, JSON_AS_ASCII=True, SQLALCHEMY_TRACK_MODIFICATIONS=True, SQLALCHEMY_DATABASE_URI=os.environ.get( 'SQLALCHEMY_DATABASE_URI', 'sqlite:///:memory:'), SERVER_NAME='localhost', SECURITY_PASSWORD_SALT='TEST_SECURITY_PASSWORD_SALT', SECRET_KEY='TEST_SECRET_KEY', FILES_REST_MULTIPART_CHUNKSIZE_MIN=2, FILES_REST_MULTIPART_CHUNKSIZE_MAX=20, FILES_REST_MULTIPART_MAX_PARTS=100, FILES_REST_TASK_WAIT_INTERVAL=0.1, FILES_REST_TASK_WAIT_MAX_SECONDS=1, TAXONOMY_SERVER_NAME='taxonomy-server.com', TAXONOMY_REDIS_URL='redis://localhost:6379/15', ) app.test_client_class = JsonClient InvenioDB(app_) InvenioAccounts(app_) InvenioAccess(app_) InvenioJSONSchemas(app_) OARepoReferences(app_) app_.extensions['oarepo-references'] = RecordReferencesStateMock(app_) return app_
def app(request): """Flask application fixture.""" instance_path = tempfile.mkdtemp() app = Flask('testapp', instance_path=instance_path) app.config.update( TESTING=True, SERVER_NAME='localhost:5000', SQLALCHEMY_DATABASE_URI=os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite:///test.db'), SQLALCHEMY_TRACK_MODIFICATIONS=True, RECORDS_REST_ENDPOINTS=config.RECORDS_REST_ENDPOINTS, # No permission checking RECORDS_REST_DEFAULT_CREATE_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_READ_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_UPDATE_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_DELETE_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_SEARCH_INDEX=ES_INDEX, RECORDS_REST_SORT_OPTIONS={ ES_INDEX: dict(year=dict(fields=['year'], )) }, ) app.config['RECORDS_REST_ENDPOINTS']['recid']['search_class'] = TestSearch # update the application with the configuration provided by the test if hasattr(request, 'param') and 'config' in request.param: app.config.update(**request.param['config']) FlaskCLI(app) InvenioDB(app) InvenioREST(app) InvenioRecords(app) InvenioPIDStore(app) InvenioSearch(app) InvenioAccess(app) InvenioRecordsREST(app) with app.app_context(): # Setup app if not database_exists(str(db.engine.url)) and \ app.config['SQLALCHEMY_DATABASE_URI'] != 'sqlite://': create_database(db.engine.url) db.drop_all() db.create_all() if current_search_client.indices.exists(ES_INDEX): current_search_client.indices.delete(ES_INDEX) current_search_client.indices.create(ES_INDEX) prepare_indexing(app) with app.app_context(): # Yield app in request context with app.test_request_context(): yield app with app.app_context(): # Teardown app db.drop_all() if app.config['SQLALCHEMY_DATABASE_URI'] != 'sqlite://': drop_database(db.engine.url) shutil.rmtree(instance_path)
def test_actions(base_app): """Test if the actions are registered properly.""" InvenioAccess(base_app, entry_point_actions=None) with base_app.app_context(): current_access.register_action(ActionNeed('action_a')) assert len(current_access.actions) == 1 current_access.register_action(ActionNeed('action_b')) assert len(current_access.actions) == 2
def test_system_roles(base_app): """Test if the system roles are registered properly.""" InvenioAccess(base_app, entry_point_system_roles=None) with base_app.app_context(): current_access.register_system_role(SystemRoleNeed('spn_a')) assert len(current_access.system_roles) == 1 current_access.register_system_role(SystemRoleNeed('spn_b')) assert len(current_access.system_roles) == 2
def test_invenio_access_permissions_deny(app): """User without any provides can't access to a place limited to user 0""" InvenioAccess(app) with app.test_request_context(): permission = DynamicPermission(UserNeed(0)) fake_identity = FakeIdentity() assert not permission.allows(fake_identity)
def test_invenio_access_permission_cache(app): """Caching the user using memory caching.""" cache = SimpleCache() InvenioAccess(app, cache=cache) with app.test_request_context(): user_can_all = User(email='*****@*****.**') user_can_open = User(email='*****@*****.**') user_can_open_1 = User(email='*****@*****.**') db.session.add(user_can_all) db.session.add(user_can_open) db.session.add(user_can_open_1) db.session.add(ActionUsers(action='open', user=user_can_all)) db.session.flush() permission_open = DynamicPermission(ActionNeed('open')) identity_open = FakeIdentity(UserNeed(user_can_open.id)) assert not permission_open.allows(identity_open) assert current_access.get_action_cache('open') == ( set([Need(method='id', value=1)]), set([]) ) db.session.add(ActionUsers(action='open', user=user_can_open)) db.session.flush() permission_open = DynamicPermission(ActionNeed('open')) assert permission_open.allows(identity_open) assert current_access.get_action_cache('open') == ( set([Need(method='id', value=1), Need(method='id', value=2)]), set([]) ) db.session.add(ActionUsers(action='open', argument=1, user=user_can_open_1)) db.session.flush() identity_open_1 = FakeIdentity(UserNeed(user_can_open_1.id)) permission_open_1 = DynamicPermission( ParameterizedActionNeed('open', '1')) assert not permission_open.allows(identity_open_1) assert permission_open_1.allows(identity_open_1) assert current_access.get_action_cache('open::1') == ( set([Need(method='id', value=1), Need(method='id', value=2), Need(method='id', value=3)]), set([]) ) assert current_access.get_action_cache('open') == ( set([Need(method='id', value=1), Need(method='id', value=2)]), set([]) )
def app(request): """Flask application fixture.""" instance_path = tempfile.mkdtemp() app = Flask('testapp', instance_path=instance_path) es_index = 'invenio_records_rest_test_index' app.config.update( TESTING=True, SERVER_NAME='localhost:5000', SQLALCHEMY_DATABASE_URI=os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite:///test.db'), SQLALCHEMY_TRACK_MODIFICATIONS=True, RECORDS_REST_ENDPOINTS=config.RECORDS_REST_ENDPOINTS, # No permission checking RECORDS_REST_DEFAULT_CREATE_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_READ_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_UPDATE_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_DELETE_PERMISSION_FACTORY=None, RECORDS_REST_DEFAULT_SEARCH_INDEX=es_index, RECORDS_REST_SORT_OPTIONS={ es_index: dict(year=dict(fields=['year'], )) }, SEARCH_QUERY_ENHANCERS=[filter_record_access_query_enhancer], ) app.config['RECORDS_REST_ENDPOINTS']['recid']['search_index'] = es_index # update the application with the configuration provided by the test if hasattr(request, 'param') and 'config' in request.param: app.config.update(**request.param['config']) FlaskCLI(app) InvenioDB(app) InvenioREST(app) InvenioRecords(app) InvenioPIDStore(app) InvenioSearch(app) InvenioAccess(app) InvenioRecordsREST(app) with app.app_context(): if not database_exists(str(db.engine.url)) and \ app.config['SQLALCHEMY_DATABASE_URI'] != 'sqlite://': create_database(db.engine.url) db.drop_all() db.create_all() if current_search_client.indices.exists(es_index): current_search_client.indices.delete(es_index) current_search_client.indices.create(es_index) prepare_indexing(app) def finalize(): with app.app_context(): db.drop_all() if app.config['SQLALCHEMY_DATABASE_URI'] != 'sqlite://': drop_database(db.engine.url) shutil.rmtree(instance_path) request.addfinalizer(finalize) return app
def cli_app(app): """Get CLI app object for testing CLI.""" action_open = ActionNeed('open') action_edit = ParameterizedActionNeed('edit', None) ext = InvenioAccess(app) ext.register_action(action_open) ext.register_action(action_edit) return app
def app(request): """Flask application fixture.""" app_ = Flask('testapp') app_.config.update( TESTING=True, CELERY_ALWAYS_EAGER=True, CELERY_CACHE_BACKEND="memory", CELERY_EAGER_PROPAGATES_EXCEPTIONS=True, CELERY_RESULT_BACKEND="cache", SQLALCHEMY_DATABASE_URI=os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite://'), SQLALCHEMY_TRACK_MODIFICATIONS=False, SECRET_KEY='mysecret', SUPPORT_EMAIL='*****@*****.**', WTF_CSRF_ENABLED=False, SERVER_NAME='test.it', RECORDS_UI_ENDPOINTS=dict( recid=dict( pid_type='recid', route='/records/<pid_value>', template='invenio_records_ui/detail.html', ), recid_access_request=dict( pid_type='recid', route='/records/<pid_value>/accessrequest', template='zenodo_accessrequests/access_request.html', view_imp='zenodo_accessrequests.views.requests.access_request', methods=['GET', 'POST'], ), recid_access_request_email_confirm=dict( pid_type='recid', route='/records/<pid_value>/accessrequest/<token>/confirm', # template='invenio_records_ui/detail.html', view_imp='zenodo_accessrequests.views.requests.confirm', ), ), ) InvenioFormatter(app_) Babel(app_) InvenioDB(app_) InvenioAccounts(app_) InvenioRecords(app_) FlaskMenu(app_) Mail(app_) InvenioRecordsUI(app_) InvenioAccess(app_) ZenodoAccessRequests(app_) InvenioPIDStore(app_) app_.register_blueprint(request_blueprint) app_.register_blueprint(settings_blueprint) app_.register_blueprint(blueprint_user) app_.register_blueprint(create_blueprint_from_app(app_)) with app_.app_context(): yield app_
def script_info(app): """Get ScriptInfo object for testing CLI.""" action_open = ActionNeed('open') action_edit = ParameterizedActionNeed('edit', None) ext = InvenioAccess(app) ext.register_action(action_open) ext.register_action(action_edit) return ScriptInfo(create_app=lambda info: app)
def app(): """Flask application fixture.""" instance_path = tempfile.mkdtemp() app_ = Flask(__name__, instance_path=instance_path) app_.config.update( CELERY_ALWAYS_EAGER=True, CELERY_CACHE_BACKEND='memory', CELERY_EAGER_PROPAGATES_EXCEPTIONS=True, CELERY_RESULT_BACKEND='cache', JSONSCHEMAS_URL_SCHEME='http', SECRET_KEY='CHANGE_ME', SECURITY_PASSWORD_SALT='CHANGE_ME_ALSO', SQLALCHEMY_DATABASE_URI=os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite:///test.db'), SQLALCHEMY_TRACK_MODIFICATIONS=True, SQLALCHEMY_ECHO=False, TESTING=True, WTF_CSRF_ENABLED=False, DEPOSIT_SEARCH_API='/api/search', SECURITY_PASSWORD_HASH='plaintext', SECURITY_PASSWORD_SCHEMES=['plaintext'], SECURITY_DEPRECATED_PASSWORD_SCHEMES=[], OAUTHLIB_INSECURE_TRANSPORT=True, OAUTH2_CACHE_TYPE='simple', ) app_.url_map.converters['pid'] = PIDConverter FlaskCLI(app_) Babel(app_) FlaskCeleryExt(app_) InvenioDB(app_) Breadcrumbs(app_) InvenioAccounts(app_) InvenioAccess(app_) app_.register_blueprint(accounts_blueprint) InvenioAssets(app_) InvenioJSONSchemas(app_) InvenioSearch(app_) InvenioRecords(app_) app_.url_map.converters['pid'] = PIDConverter InvenioRecordsREST(app_) InvenioPIDStore(app_) InvenioIndexer(app_) InvenioDeposit(app_) InvenioSearchUI(app_) InvenioRecordsUI(app_) InvenioFilesREST(app_) OAuth2Provider(app_) InvenioOAuth2Server(app_) InvenioOAuth2ServerREST(app_) app_.register_blueprint(oauth2server_settings_blueprint) InvenioDepositREST(app_) with app_.app_context(): yield app_ shutil.rmtree(instance_path)
def test_entrypoints(): """Test if the entrypoints are registering actions and roles properly.""" app = Flask('testapp') ext = InvenioAccess(app) assert len(ext.actions) == 2 assert ActionNeed('open') in ext.actions.values() assert ActionNeed('close') in ext.actions.values() assert len(ext.system_roles) == 2 assert SystemRoleNeed('any_user') in ext.system_roles.values() assert SystemRoleNeed('authenticated_user') in ext.system_roles.values()
def test_init(): """Test extension initialization.""" app = Flask('testapp') Babel(app) Mail(app) InvenioDB(app) InvenioAccounts(app) ext = InvenioAccess(app) assert 'invenio-access' in app.extensions app = Flask('testapp') Babel(app) Mail(app) InvenioDB(app) InvenioAccounts(app) ext = InvenioAccess() assert 'invenio-access' not in app.extensions ext.init_app(app) assert 'invenio-access' in app.extensions
def app(base_app): """Flask application fixture.""" InvenioAccounts(base_app) InvenioAccess(base_app) base_app.register_blueprint(accounts_blueprint) InvenioFilesREST(base_app) base_app.register_blueprint(blueprint) with base_app.app_context(): yield base_app
def script_info_cli_list(base_app, request): """Get ScriptInfo object for testing CLI list command.""" action_open = ActionNeed('open') action_edit = ParameterizedActionNeed('edit', None) app_ = app(base_app, request) ext = InvenioAccess(app_) ext.register_action(action_open) ext.register_action(action_edit) return ScriptInfo(create_app=lambda info: app_)
def test_permission(app): """Test permission control to records.""" app.config.update( WTF_CSRF_ENABLED=False, SECRET_KEY='CHANGEME', SECURITY_PASSWORD_SALT='CHANGEME', # conftest switches off permission checking, so re-enable it for this # app. RECORDS_UI_DEFAULT_PERMISSION_FACTORY='helpers:' 'only_authenticated_users', ) Menu(app) InvenioRecordsUI(app) accounts = InvenioAccounts(app) app.register_blueprint(accounts_blueprint) InvenioAccess(app) setup_record_fixture(app) # Create admin with app.app_context(): accounts.datastore.create_user( email='*****@*****.**', password=encrypt_password('123456'), active=True, ) # Get record 1 r = Resolver(pid_type='recid', object_type='rec', getter=Record.get_record) dummy_pid, record = r.resolve('1') db.session.commit() with app.test_request_context(): login_url = url_for('security.login') record_url = url_for('invenio_records_ui.recid', pid_value='1') # Access record 1 as admin with app.test_client() as client: res = client.get(record_url) assert res.status_code == 302 res = client.post(login_url, data={ 'email': '*****@*****.**', 'password': '******' }) assert res.status_code == 302 res = client.get(record_url) res.status_code == 200 # Access record 1 as anonymous with app.test_client() as client: res = client.get(record_url) res.status_code == 403
def test_invenio_access_permission_for_users(app): """User can access to an action allowed/denied to the user""" InvenioAccess(app) with app.test_request_context(): db.session.begin(nested=True) superuser = User(email='*****@*****.**') user_can_all = User(email='*****@*****.**') user_can_read = User(email='*****@*****.**') user_can_open = User(email='*****@*****.**') db.session.add(superuser) db.session.add(user_can_all) db.session.add(user_can_read) db.session.add(user_can_open) db.session.add(ActionUsers(action='superuser-access', user=superuser)) db.session.add(ActionUsers(action='open', user=user_can_all)) db.session.add(ActionUsers(action='open', user=user_can_open)) db.session.add(ActionUsers(action='read', user=user_can_all)) db.session.add(ActionUsers(action='read', user=user_can_read)) db.session.add(ActionUsers(action='not_logged', user=user_can_all)) db.session.commit() permission_open = DynamicPermission(ActionNeed('open')) permission_read = DynamicPermission(ActionNeed('read')) permission_not_logged = DynamicPermission(ActionNeed('not_logged')) identity_superuser = FakeIdentity(UserNeed(superuser.id)) identity_all = FakeIdentity(UserNeed(user_can_all.id)) identity_read = FakeIdentity(UserNeed(user_can_read.id)) identity_open = FakeIdentity(UserNeed(user_can_open.id)) identity_unknown = AnonymousIdentity() # global permissions assert permission_open.allows(identity_superuser) assert permission_read.allows(identity_superuser) assert permission_open.allows(identity_all) assert permission_read.allows(identity_all) assert permission_not_logged.allows(identity_all) assert permission_open.allows(identity_open) assert not permission_read.allows(identity_open) assert not permission_not_logged.allows(identity_open) assert not permission_open.allows(identity_read) assert permission_read.allows(identity_read) assert not permission_not_logged.allows(identity_read) assert not permission_open.allows(identity_unknown) assert not permission_read.allows(identity_unknown)
def test_disabled_loader(app): """Check that system role loading function can be disabled.""" app.config.update(ACCESS_LOAD_SYSTEM_ROLE_NEEDS=False) InvenioAccess(app) assert load_permissions_on_identity_loaded not in \ identity_loaded.receivers.values() with app.test_request_context(): identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) assert g.identity.provides == set()
def factory(**config): app = Flask('testapp') app.config.update(SERVER_NAME='localhost', **config) InvenioDB(app) InvenioAccounts(app) InvenioAccess(app) InvenioFilesREST(app) InvenioIIIFAPI(app) app.register_blueprint(blueprint) return app