def test_set_get_session(): from sqlalchemy_oso.session import set_get_session from oso import Oso def get_session(): engine = create_engine("sqlite://") Base.metadata.create_all(engine) Session = sessionmaker(bind=engine) session = Session() load_fixture_data(session) return session oso = Oso() set_get_session(oso, get_session) register_models(oso, Base) test_str = """get_repo(name: String) if session = OsoSession.get() and repo = session.query(Repository).filter_by(name: name).first() and repo.name = name; """ oso.load_str(test_str) results = oso.query_rule("get_repo", "Abbey Road") assert next(results) results = oso.query_rule("get_repo", "Abbey Road") assert next(results)
def test_quickstart_policy_3(): oso = Oso() oso.register_class(Expense) oso.load_file("../polar/expenses-03-py.polar") expense = EXPENSES[1] assert oso.is_allowed("*****@*****.**", "GET", expense) assert not oso.is_allowed("*****@*****.**", "GET", expense)
def test_quickstart_policy_4(): oso = Oso() oso.register_class(Expense) oso.load_file("../polar/expenses-04.polar") assert oso.is_allowed("*****@*****.**", "GET", EXPENSES[1]) assert not oso.is_allowed("*****@*****.**", "GET", EXPENSES[3]) assert not oso.is_allowed("*****@*****.**", "GET", EXPENSES[1]) assert oso.is_allowed("*****@*****.**", "GET", EXPENSES[3])
def init_oso(app): base_oso = Oso() oso = FlaskOso(base_oso) register_models(base_oso, Base) set_get_session(base_oso, lambda: g.session) base_oso.load_file("app/authorization.polar") app.oso = oso
def test_oso(): oso = Oso() oso.register_class(Actor, name="test_oso::Actor") oso.register_class(Widget, name="test_oso::Widget") oso.register_class(Company, name="test_oso::Company") oso.load_file(Path(__file__).parent / "test_oso.polar") return oso
def test_oso(): oso = Oso() oso.register_class(Jwt) oso.register_class(Actor) oso.register_class(Widget) oso.register_class(Company) oso.load_file(Path(__file__).parent / "test_oso.polar") return oso
def test_quickstart_policy_2(): oso = Oso() alice = "*****@*****.**" expense = EXPENSES[1] assert not oso.is_allowed(alice, "GET", expense) oso.register_class(Expense) oso.load_file("../polar/expenses-02.polar") assert oso.is_allowed(alice, "GET", expense) assert not oso.is_allowed("*****@*****.**", "GET", expense)
class Oso(models.AbstractModel): _name = "oso" _description = "global oso state" oso = Oso() def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) policy = get_resource_path("oso_auth", "security", "base.polar") self.oso.load_file(policy)
def load_oso(): """Loads and returns the oso policy""" oso = Oso() policy_path = Path(__file__).resolve().parent.parent / "policies" # Role definitions oso.load_file(policy_path / "rbac.polar") # ABAC policy oso.load_file(policy_path / "abac.polar") return oso
def load_oso(): """Loads and returns the oso policy""" oso = Oso() policy_path = Path(__file__).resolve().parent.parent / "expenses" ## Policy Data oso.load_file(policy_path / "data.polar") ## Role definitions oso.load_file(policy_path / "roles.polar") ## ABAC policy oso.load_file(policy_path / "abac.polar") return oso
def init_oso(db: Session): oso = Oso() register_models(oso, Base) set_get_session(oso, lambda: db) oso.load_file("app/authorization/rules/role_basics.polar") oso.load_file("app/authorization/rules/organization_permissions.polar") oso.load_file("app/authorization/rules/team_permissions.polar") oso.load_file("app/authorization/rules/dataroom_permissions.polar") enable_roles(oso) return oso
def rmdir(path): import shutil import getpass from oso import Oso oso = Oso() oso.register_class(PathAttributes) oso.load_files(["rmdir.polar"]) path_attributes = get_path_attributes(path) user_id = getpass.getuser() if oso.is_allowed(user_id, "can_remove", path_attributes): shutil.rmtree(path) else: raise PermissionError(f"You cannot delete {path}")
def test_multi(): oso = Oso() oso.load_str("allow(x, y) if x == y;") tp = ThreadPoolExecutor(max_workers=8) futures = [] for _ in range(32): futures.append(tp.submit(torch_oso, oso)) for i, future in enumerate(concurrent.futures.as_completed(futures)): future.result() # If we got here none of these crashed. assert True
def init_oso(app): from .expense import Expense from .organization import Organization from .user import Actor, Guest, User oso = Oso() oso.register_class(Actor) oso.register_class(Guest) oso.register_class(User) oso.register_class(Expense) oso.register_class(Organization) for policy in app.config.get("OSO_POLICIES", []): oso.load_file(policy) app.oso = oso
def main(): # parser = argparse.ArgumentParser(description="An epic Polar adventure.") # parser.add_argument( # "-l", "--load", type=str, nargs=1, help="the filename of a saved game" # ) # args = parser.parse_args() # if args.load: # GAME.load_saved(args.load) oso = Oso() oso.register_class(Game) oso.register_class(Room) oso.register_class(Passage) oso.register_class(Player) oso.register_class(Collection) oso.register_class(Object) oso.register_class(Animal) oso.register_class(Food) oso.register_class(Container) oso.register_class(Takeable) oso.register_class(Mushroomy) oso.register_class(Soup) oso.register_class(Source) oso.register_class(Wand) oso.register_class(Wet) oso.register_class(OnFire) oso.register_class(Leafy) oso.register_constant(GAME, "GAME") oso.register_constant(PLAYER, "PLAYER") oso.register_constant(ROOMS, "Rooms") oso.register_constant(PASSAGES, "Passages") oso.register_constant(OBJECTS, "Objects") oso.load_file("world.polar") oso.load_file("commands.polar") oso.load_file("tests.polar") oso.repl()
def oso_with_session(test_db_session): oso = Oso() set_get_session(oso, lambda: test_db_session) register_models(oso, Base) return oso
def oso(): return Oso()
def setup_oso(): oso = Oso() return oso
import math import os from polar.exceptions import UnrecognizedEOF from oso import Oso, OsoException, Variable oso = Oso() # Application class with default kwargs constructor, registered with the # decorator. class A: def __init__(self, x): self.x = x def foo(self): return -1 oso.register_class(A) # Test inheritance; doesn't need to be registered. class D(A): pass # Namespaced application class (to be aliased) with custom # constructor. class B: class C: def __init__(self, y):
return None def is_authenticated(self): return self.id is not None def is_active(self): return self.id is not None def is_anonymous(self): return self.id is None def get_id(self): return self.id base_oso = Oso() base_oso.register_class(User) base_oso.load_file("policies.polar") @login_manager.user_loader def load_user(user_id): return User.get(user_id) @app.route("/login", methods=["POST"]) def login(): username = request.json.get("username") # no password check user = User(username) login_user(user, remember=True)
def oso(): oso = Oso() register_models(oso, ModelBase) return oso