def test_bracket_evaluate():
"""Test evaluating three expressions in a complex structure using a bracket."""
instructions = parse(
tokenise(
'obj allow user edit and (user has_role admin or user has_role superuser)'
))
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(True, 'admin')
})
assert result
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(True, 'superuser')
})
assert result
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(False, 'admin')
})
assert result is False
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(False, 'superuser')
})
assert result is False
def test_and_or_evaluate():
"""Test evaluating three expressions joined by and and or."""
instructions = parse(
tokenise(
'obj allow user edit and user has_role admin or user has_role superuser'
))
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(True, 'admin')
})
assert result
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(False, 'admin')
})
assert result is False
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(True, 'superuser')
})
assert result
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(False, 'superuser')
})
assert result
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(False, 'nobody')
})
assert result is False
def test_invalid_evaluate_too_few_parameters():
"""Test exception handling for too few function parameters."""
with pytest.raises(PermissionException) as exc_info:
evaluate(parse(tokenise('obj allow user')), {
'obj': ExampleObject(),
'user': ExampleUser(True, 'admin')
})
assert exc_info.value.message == 'Too few parameters for method "allow" on "obj"'
def test_invalid_evaluate_missing_function():
"""Test exception handling for a missing function."""
with pytest.raises(PermissionException) as exc_info:
evaluate(parse(tokenise('obj allowed user edit')), {
'obj': ExampleObject(),
'user': ExampleUser(True, 'admin')
})
assert exc_info.value.message == 'Object "obj" has no method "allowed"'
def test_invalid_evaluate_missing_expression_1():
"""Test exception handling for an invalid boolean permission expression."""
with pytest.raises(PermissionException) as exc_info:
evaluate(parse(tokenise('obj allow user edit and')), {
'obj': ExampleObject(),
'user': ExampleUser(True, 'admin')
})
assert exc_info.value.message == 'Missing expression for boolean operator'
def test_basic_evaluate():
"""Test evaluating a basic single expression."""
instructions = parse(tokenise('obj allow user edit'))
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(True, 'admin')
})
assert result
result = evaluate(instructions, {
'obj': ExampleObject(),
'user': ExampleUser(False, 'admin')
})
assert result is False
def test_none_evaluate():
"""Test evaluating three expressions in a complex structure using a bracket."""
instructions = parse(tokenise('obj allow user edit'))
result = evaluate(instructions, {
'obj': None,
'user': ExampleUser(True, 'admin')
})
assert result is False
def check_permission(request, instructions, base_values):
"""Checks the permission ``instructions``, substituting the ``base_values`` with data taken from the
``request``."""
values = {}
for key, value in base_values.items():
if isinstance(value, tuple):
values[key] = request.dbsession.query(value[0]).filter(
getattr(value[0], value[1]) == request.matchdict[
value[2]]).first()
elif value == 'current_user':
values[key] = request.current_user
return evaluate(instructions, values)
def test_empty_evaluate():
"""Test evaluating an empty expression."""
result = evaluate(parse(tokenise('')), {})
assert result is False
def test_invalid_missing_object():
"""Test exception handling for a missing subsitution object."""
with pytest.raises(PermissionException) as exc_info:
evaluate(parse(tokenise('obj allow user edit')),
{'user': ExampleUser(True, 'admin')})
assert exc_info.value.message == 'Object "obj" not found in the values'
def test_invalid_evaluate_missing_expression_2():
"""Test exception handling for an invalid boolean permission expression."""
with pytest.raises(PermissionException) as exc_info:
evaluate(parse(tokenise('and')), {})
assert exc_info.value.message == 'Missing expression for boolean operator'