def test_set_get_session():
from sqlalchemy_oso.session import set_get_session
from oso import Oso
def get_session():
engine = create_engine("sqlite://")
Base.metadata.create_all(engine)
Session = sessionmaker(bind=engine)
session = Session()
load_fixture_data(session)
return session
oso = Oso()
set_get_session(oso, get_session)
register_models(oso, Base)
test_str = """get_repo(name: String) if
session = OsoSession.get() and
repo = session.query(Repository).filter_by(name: name).first() and
repo.name = name;
"""
oso.load_str(test_str)
results = oso.query_rule("get_repo", "Abbey Road")
assert next(results)
results = oso.query_rule("get_repo", "Abbey Road")
assert next(results)
def test_quickstart_policy_3():
oso = Oso()
oso.register_class(Expense)
oso.load_file("../polar/expenses-03-py.polar")
expense = EXPENSES[1]
assert oso.is_allowed("*****@*****.**", "GET", expense)
assert not oso.is_allowed("*****@*****.**", "GET", expense)
def test_quickstart_policy_4():
oso = Oso()
oso.register_class(Expense)
oso.load_file("../polar/expenses-04.polar")
assert oso.is_allowed("*****@*****.**", "GET", EXPENSES[1])
assert not oso.is_allowed("*****@*****.**", "GET", EXPENSES[3])
assert not oso.is_allowed("*****@*****.**", "GET", EXPENSES[1])
assert oso.is_allowed("*****@*****.**", "GET", EXPENSES[3])
def init_oso(app):
base_oso = Oso()
oso = FlaskOso(base_oso)
register_models(base_oso, Base)
set_get_session(base_oso, lambda: g.session)
base_oso.load_file("app/authorization.polar")
app.oso = oso
def test_oso():
oso = Oso()
oso.register_class(Actor, name="test_oso::Actor")
oso.register_class(Widget, name="test_oso::Widget")
oso.register_class(Company, name="test_oso::Company")
oso.load_file(Path(__file__).parent / "test_oso.polar")
return oso
def test_oso():
oso = Oso()
oso.register_class(Jwt)
oso.register_class(Actor)
oso.register_class(Widget)
oso.register_class(Company)
oso.load_file(Path(__file__).parent / "test_oso.polar")
return oso
def test_quickstart_policy_2():
oso = Oso()
alice = "*****@*****.**"
expense = EXPENSES[1]
assert not oso.is_allowed(alice, "GET", expense)
oso.register_class(Expense)
oso.load_file("../polar/expenses-02.polar")
assert oso.is_allowed(alice, "GET", expense)
assert not oso.is_allowed("*****@*****.**", "GET", expense)
class Oso(models.AbstractModel):
_name = "oso"
_description = "global oso state"
oso = Oso()
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
policy = get_resource_path("oso_auth", "security", "base.polar")
self.oso.load_file(policy)
def load_oso():
"""Loads and returns the oso policy"""
oso = Oso()
policy_path = Path(__file__).resolve().parent.parent / "policies"
# Role definitions
oso.load_file(policy_path / "rbac.polar")
# ABAC policy
oso.load_file(policy_path / "abac.polar")
return oso
def load_oso():
"""Loads and returns the oso policy"""
oso = Oso()
policy_path = Path(__file__).resolve().parent.parent / "expenses"
## Policy Data
oso.load_file(policy_path / "data.polar")
## Role definitions
oso.load_file(policy_path / "roles.polar")
## ABAC policy
oso.load_file(policy_path / "abac.polar")
return oso
def init_oso(db: Session):
oso = Oso()
register_models(oso, Base)
set_get_session(oso, lambda: db)
oso.load_file("app/authorization/rules/role_basics.polar")
oso.load_file("app/authorization/rules/organization_permissions.polar")
oso.load_file("app/authorization/rules/team_permissions.polar")
oso.load_file("app/authorization/rules/dataroom_permissions.polar")
enable_roles(oso)
return oso
def rmdir(path):
import shutil
import getpass
from oso import Oso
oso = Oso()
oso.register_class(PathAttributes)
oso.load_files(["rmdir.polar"])
path_attributes = get_path_attributes(path)
user_id = getpass.getuser()
if oso.is_allowed(user_id, "can_remove", path_attributes):
shutil.rmtree(path)
else:
raise PermissionError(f"You cannot delete {path}")
def test_multi():
oso = Oso()
oso.load_str("allow(x, y) if x == y;")
tp = ThreadPoolExecutor(max_workers=8)
futures = []
for _ in range(32):
futures.append(tp.submit(torch_oso, oso))
for i, future in enumerate(concurrent.futures.as_completed(futures)):
future.result()
# If we got here none of these crashed.
assert True
def init_oso(app):
from .expense import Expense
from .organization import Organization
from .user import Actor, Guest, User
oso = Oso()
oso.register_class(Actor)
oso.register_class(Guest)
oso.register_class(User)
oso.register_class(Expense)
oso.register_class(Organization)
for policy in app.config.get("OSO_POLICIES", []):
oso.load_file(policy)
app.oso = oso
def main():
# parser = argparse.ArgumentParser(description="An epic Polar adventure.")
# parser.add_argument(
# "-l", "--load", type=str, nargs=1, help="the filename of a saved game"
# )
# args = parser.parse_args()
# if args.load:
# GAME.load_saved(args.load)
oso = Oso()
oso.register_class(Game)
oso.register_class(Room)
oso.register_class(Passage)
oso.register_class(Player)
oso.register_class(Collection)
oso.register_class(Object)
oso.register_class(Animal)
oso.register_class(Food)
oso.register_class(Container)
oso.register_class(Takeable)
oso.register_class(Mushroomy)
oso.register_class(Soup)
oso.register_class(Source)
oso.register_class(Wand)
oso.register_class(Wet)
oso.register_class(OnFire)
oso.register_class(Leafy)
oso.register_constant(GAME, "GAME")
oso.register_constant(PLAYER, "PLAYER")
oso.register_constant(ROOMS, "Rooms")
oso.register_constant(PASSAGES, "Passages")
oso.register_constant(OBJECTS, "Objects")
oso.load_file("world.polar")
oso.load_file("commands.polar")
oso.load_file("tests.polar")
oso.repl()
def oso_with_session(test_db_session):
oso = Oso()
set_get_session(oso, lambda: test_db_session)
register_models(oso, Base)
return oso
def oso():
return Oso()
def setup_oso():
oso = Oso()
return oso
import math
import os
from polar.exceptions import UnrecognizedEOF
from oso import Oso, OsoException, Variable
oso = Oso()
# Application class with default kwargs constructor, registered with the
# decorator.
class A:
def __init__(self, x):
self.x = x
def foo(self):
return -1
oso.register_class(A)
# Test inheritance; doesn't need to be registered.
class D(A):
pass
# Namespaced application class (to be aliased) with custom
# constructor.
class B:
class C:
def __init__(self, y):
return None
def is_authenticated(self):
return self.id is not None
def is_active(self):
return self.id is not None
def is_anonymous(self):
return self.id is None
def get_id(self):
return self.id
base_oso = Oso()
base_oso.register_class(User)
base_oso.load_file("policies.polar")
@login_manager.user_loader
def load_user(user_id):
return User.get(user_id)
@app.route("/login", methods=["POST"])
def login():
username = request.json.get("username")
# no password check
user = User(username)
login_user(user, remember=True)
def oso():
oso = Oso()
register_models(oso, ModelBase)
return oso
