def wrapped(*args, **kwargs): # pylint: disable=missing-docstring user = getattr(request.authorization, "username", None) target = getattr(g, "username", None) checker = PermissionsChecker() # pylint: disable=undefined-variable checker.check_permission( PERMISSIONS.get(permission.get("permission")), user, target, getattr(g, "tournament_id", None) ) return func(*args, **kwargs)
def test_superuser(self): """check if a user is an organiser""" self.assertFalse(Account.query.\ filter_by(username=self.acc_1).first().is_superuser) checker = PermissionsChecker() Account.query.filter_by(username=self.acc_1).first().is_superuser = True self.injector.inject(self.tourn_1) self.assertTrue(checker.check_permission( 'enter_score', self.acc_1, None, self.tourn_1))
def all_tournaments_with_permission(action, username): """Find all tournaments where user has action. Returns list""" all_tournaments = TournamentDAO.query.\ filter(TournamentDAO.date >= date.today()).\ order_by(TournamentDAO.date.asc()).all() checker = PermissionsChecker() modifiable_tournaments = [] for tourn in all_tournaments: try: if checker.check_permission(action, username, None, tourn.name): modifiable_tournaments.append(tourn.name) except PermissionDeniedException: pass return modifiable_tournaments
def test_check_permissions(self): """Test the entrypoint method""" checker = PermissionsChecker() self.injector.inject(self.tourn_1, num_players=2) t_player_1 = '{}_player_1'.format(self.tourn_1) # player for themselves self.assertTrue(checker.check_permission( 'enter_score', t_player_1, t_player_1, self.tourn_1)) # player for random user self.assertRaises(PermissionDeniedException, checker.check_permission, 'enter_score', t_player_1, self.acc_1, self.tourn_1) # player who is not superuser self.assertRaises(PermissionDeniedException, checker.check_permission, 'enter_score', t_player_1, None, self.tourn_1) # random user self.assertRaises(PermissionDeniedException, checker.check_permission, 'enter_score', self.acc_1, None, self.tourn_1)