def test_model_guard_controller_read(): role = Role() role.grant('read', SomeModel) identity = Identity([role]) ctx = Context() ctx.identity = identity compare(SomeModelGuardController().read(SomeModels.one.id, ctx), SomeModels.one)
def test_update_permission(): with db(), fixtures(Products, fixture_loader=fixture_loader): ctx = Context() role = Role() role.grant(ControllerActions.update, Product) ctx.identity = Identity([role]) c = ProductController() c.update(1, {'name': u'Blue Shirt', 'product_type_id': ProductTypes.shirt.id}, ctx)
def test_permissions_with_subject_list(): guard = Guard() role = Role() role.grant('index', Store) identity = Identity([role]) assert_true(guard.can(identity, 'index', [Store()])) assert_true(guard.can(identity, 'index', []))
def test_model_guard_controller_index_unauthorized(): role = Role() role.grant('something_else', SomeModel) identity = Identity([role]) ctx = Context() ctx.identity = identity SomeModelGuardController().index(ctx)
def test_index_permission(): with db(), fixtures(Products, fixture_loader=fixture_loader): ctx = Context() role = Role() role.grant(ControllerActions.index, Product) ctx.identity = Identity([role]) c = ProductController() c.index(ctx)
def test_create_permission(): with db(), fixtures(Products, fixture_loader=fixture_loader): ctx = Context() role = Role() role.grant(ControllerActions.create, Product) ctx.identity = Identity([role]) c = ProductController() c.create({'name': u'Red Pants', 'product_type_id': ProductTypes.pants.id, 'store_id': Stores.virtusize.id}, ctx)
def test_role_inheritance(): role = Role() role.grant(['read', 'write'], Store) another_role = Role(inherit=[role]) another_role.grant(['update', 'delete', 'query'], Store) assert_equal(len(role.permissions), 2) assert_equal(len(another_role.permissions), 5)
def test_model_guard_controller_index(): role = Role() role.grant('index', SomeModel) identity = Identity([role]) ctx = Context() ctx.identity = identity assert_equal(len(SomeModelGuardController().index(ctx)), 2) assert_equal(len(SomeModelGuardController().index(ctx=ctx)), 2)
def test_base_controller_authorize_successful(): bc = BaseController() model = SomeModel() bc.guard = Guard() bc.model = SomeModel ctx = Context() role = Role() role.grant('read', SomeModel) ctx.identity = Identity([role]) bc.authorize(ctx, 'read', model)
def test_permissions_without_conditions(): guard = Guard() role = Role() role.grant('read', Store) identity = Identity([role]) assert_true(guard.can(identity, 'read', Store)) assert_true(guard.can(identity, 'read', Store())) assert_false(guard.cannot(identity, 'read', Store)) assert_false(guard.cannot(identity, 'read', Store()))
def test_empty_list_index_permission(): with db(), fixtures(Products, fixture_loader=fixture_loader): ctx = Context() role = Role() role.grant(ControllerActions.index, Product) role.grant(ControllerActions.delete, Product) ctx.identity = Identity([role]) c = ProductController() c.delete(1, ctx) compare(c.index(ctx), [])
def test_model_guard_controller_index_wrong_model(): class OtherModel(Model): pass role = Role() role.grant('read', OtherModel) identity = Identity([role]) ctx = Context() ctx.identity = identity SomeModelGuardController().index(ctx)
def test_permissions_with_is_the_same_condition(): guard = Guard() role = Role() role.grant('check_for_something', Store, is_the_same_condition) identity = Identity([role]) identity.something = 'check' store = Store() store.something = 'check' assert_true(guard.can(identity, 'check_for_something', store)) store.something = 2 assert_false(guard.can(identity, 'check_for_somethingone', store)) store.something = True assert_false(guard.can(identity, 'check_for_somethingone', store))
def test_idendity(): role = Role() role.grant('read', Store) i = Identity([role]) assert_equal(len(i.roles), 1) compare(i.roles[0], role) role = Role() role.grant('write', Store) i.roles.append(role) assert_equal(len(i.roles), 2) compare(i.roles[1], role)
def test_predicate(): guard = Guard() store = Store(owner_id=1) role = Role() role.grant('delete', Store, condition=lambda store, identity: identity.id == store.owner_id) valid_identity = Identity([role]) valid_identity.id = 1 invalid_identity = Identity([role]) invalid_identity.id = 2 assert_true(guard.can(valid_identity, 'delete', store)) assert_false(guard.can(invalid_identity, 'delete', store))
def test_exclude_action_filter(): dct = { 'name': 'John', 'full_name': 'John Doe', 'secret': 123 } role = Role() role.grant('read_secrets', 'user') valid_identity = Identity([role]) invalid_identity = Identity([]) ctx = Context() ctx.subject = 'user' ctx.identity = valid_identity result = ExcludeActionFilter( exclude=['secret'], action='read_secrets', guard=Guard() ).filter(dct, ctx) assert_true('secret' in result) assert_equal(result['secret'], 123) ctx.identity = invalid_identity result = ExcludeActionFilter( exclude=['secret'], action='read_secrets', guard=Guard() ).filter(dct, ctx) assert_false('secret' in result)
def test_guard_with_multiple_roles(): guard = Guard() role = Role() role.grant('read', Store) role.grant('write', Store) role2 = Role() role2.grant('delete', 'product') identity = Identity([role, role2]) assert_true(guard.can(identity, 'read', Store)) assert_false(guard.can(identity, 'read', 'anything')) assert_false(guard.can(identity, 'write', 'something')) assert_true(guard.can(identity, 'write', Store)) assert_false(guard.can(identity, 'delete', Store)) assert_true(guard.can(identity, 'delete', 'product')) assert_false(guard.can(identity, 'write', 'product'))
def test_basic_role(): role = Role() role.grant('read', Store) assert_equal(len(role.permissions), 1)
def test_multiple_actions_role(): role = Role() role.grant(['read', 'write'], Store) assert_equal(len(role.permissions), 2)