Exemplo n.º 1
0
def test_record_patron_access(db, users, access, action, is_allowed):
    """Test patron access."""
    login_user(users["patron1"])
    id = uuid.uuid4()
    record = Record.create(access, id_=id)
    factory = RecordPermission(record, action)
    assert factory.can() if is_allowed else not factory.can()
Exemplo n.º 2
0
def test_record_patron_create(db, users, access, action, is_allowed):
    """Test patron create."""
    # create role to be able to create records
    role = Role(name="records-creators")
    db.session.add(role)
    db.session.commit()
    # assign role to the action "create-records"
    ar = ActionRoles.allow(create_records_action, role_id=role.id)
    db.session.add(ar)
    db.session.commit()

    @identity_loaded.connect
    def mock_identity_provides(sender, identity):
        """Provide additional role to the user."""
        roles = [RoleNeed(role.name)]
        # Gives the user additional roles, f.e. based on his groups
        identity.provides |= set(roles)

    login_user(users["patron1"])

    id = uuid.uuid4()
    record = Record.create(access, id_=id)
    factory = RecordPermission(record, action)

    assert factory.can() if is_allowed else not factory.can()
Exemplo n.º 3
0
def test_record_patron_create(client, db, users, with_role_creator):
    """Test patron create."""

    tests = [
        ({
            "foo": "bar"
        }, "create", True),
        ({
            "foo": "bar"
        }, "update", False),
        ({
            "foo": "bar"
        }, "delete", False),
    ]

    @identity_loaded.connect
    def add_roles_to_identity(sender, identity):
        """Provide additional role to the user."""
        roles = [RoleNeed("records-creators")]
        identity.provides |= set(roles)

    for access, action, is_allowed in tests:
        # create role to be able to create records
        user_login(client, "patron1", users)

        id = uuid.uuid4()
        record = Record.create(access, id_=id)
        factory = RecordPermission(record, action)

        assert factory.can() if is_allowed else not factory.can()
Exemplo n.º 4
0
def test_record_librarian_access(db, users, access, action, is_allowed):
    """Test Librarian access."""
    login_user(User.query.get(3))
    id = uuid.uuid4()
    record = Record.create(access, id_=id)
    factory = RecordPermission(record, action)
    assert factory.can() if is_allowed else not factory.can()
Exemplo n.º 5
0
 def login_and_test(username):
     user = user_login(client, username, users)
     # Create record
     id = uuid.uuid4()
     record = Record.create(access, id_=id)
     factory = RecordPermission(record, action)
     if user.has_role("admin"):
         # super user can do EVERYTHING
         assert factory.can()
     elif user.has_role("librarian") and action != "delete":
         # librarian should be able to update, create, and read everything
         assert factory.can()
     else:
         assert factory.can() if is_allowed else not factory.can()
Exemplo n.º 6
0
 def login_and_test(user_id):
     login_user(User.query.get(user_id))
     # Create record
     user = User.query.get(user_id)
     id = uuid.uuid4()
     record = Record.create(access, id_=id)
     factory = RecordPermission(record, action)
     if user.has_role('admin'):
         # super user can do EVERYTHING
         assert factory.can()
     elif user.has_role('librarian') and action != 'delete':
         # librarian should be able to update, create, and read everything
         assert factory.can()
     else:
         assert factory.can() if is_allowed else not factory.can()
Exemplo n.º 7
0
def test_record_patron_create(db, users, access, action, is_allowed):
    """Test patron create."""
    @identity_loaded.connect
    def mock_identity_provides(sender, identity):
        """Provide additional role to the user."""
        roles = [ActionNeed('create-records')]
        # Gives the user additional roles, f.e. based on his groups
        identity.provides |= set(roles)

    login_user(users["patron1"])

    id = uuid.uuid4()
    record = Record.create(access, id_=id)
    factory = RecordPermission(record, action)

    assert factory.can() if is_allowed else not factory.can()