def test_overwritten_get(): app = Flask("overwritten") bouncer = Bouncer(app) OverwrittenView.register(app) # Which classy views do you want to lock down, you can pass multiple bouncer.monitor(OverwrittenView) @bouncer.authorization_method def define_authorization(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append([READ, CREATE], Article) abilities.append(EDIT, Article, author_id=user.id) client = app.test_client() jonathan = User(name='jonathan', admin=True) nancy = User(name='nancy', admin=False) # admins should be able to view with user_set(app, jonathan): resp = client.get("/overwritten/1234") eq_(b"Get 1234", resp.data) # Non admins not be able to do this with user_set(app, nancy): resp = client.get("/overwritten/1234") eq_(resp.status_code, 401)
def test_custom_read_method(): # admins should be able to view with user_set(app, jonathan): resp = client.get("/article/custom_read_method/") eq_(b"Custom Method", resp.data) # Non admins should be able to view with user_set(app, nancy): resp = client.get("/article/custom_read_method/") eq_(b"Custom Method", resp.data)
def test_get(): # admins should be able to view with user_set(app, jonathan): resp = client.get("/article/1234") eq_(b"Get 1234", resp.data) # Non admins should be able to view with user_set(app, nancy): resp = client.get("/article/1234") eq_(b"Get 1234", resp.data)
def test_delete(): # Admin should be able to delete articles with user_set(app, jonathan): resp = client.delete("/article/1234") eq_(b"Delete 1234", resp.data) # Non Admins should NOT be able to delete articles with user_set(app, nancy): resp = client.delete("/article/1234") eq_(resp.status_code, 401)
def test_index(): # Admin should be able to view all articles with user_set(app, jonathan): resp = client.get("/article/") eq_(b"Index", resp.data) # Non Admin should be able to view all articles with user_set(app, nancy): resp = client.get("/article/") eq_(b"Index", resp.data)
def test_post(): # Admin should be able to create articles # with user_set(app, jonathan): # resp = client.post("/article/") # eq_(b"Post", resp.data) # Basic Users should be able to create articles with user_set(app, nancy): resp = client.post("/article/") eq_(b"Post", resp.data)
def test_patch(): # admins should be able to view with user_set(app, jonathan): resp = client.patch("/article/1234") eq_(b"Patch 1234", resp.data)