Exemplo n.º 1
0
async def test_crud_perm_query_disallow_and_allow_simple():
    db, MUsers, MTopics, MTopics2 = crud_db_init()

    permission = {
        'visitor': RoleDefine({
            User: TablePerm({
                User.id: {A.READ},
                User.password: {A.READ}
            })
        }, match=None),
        'user': RoleDefine({
            User: TablePerm({
                User.id: {A.READ, A.QUERY},
                User.password: {A.READ}
            })
        }),
    }

    c = PeeweeCrud(permission, {User: MUsers}, db)
    info = QueryInfo.from_json(User, {
        'id.eq': 5,
    })

    ret = await c.get_list_with_perm(info, perm=PermInfo(True, None, permission['visitor']))
    assert len(ret) == 5

    # 注意这里,权限过滤会改变info内部的样子
    info = QueryInfo.from_json(User, {
        'id.eq': 5,
    })
    ret = await c.get_list_with_perm(info, perm=PermInfo(True, None, permission['user']))
    assert len(ret) == 1
Exemplo n.º 2
0
def test_role_perm_based_on():
    class User(RecordMapping):
        id: int
        time: int
        gender: str

    rp0 = RoleDefine({
        User:
        TablePerm({
            User.id: {A.UPDATE},
            User.time: {A.READ}
        },
                  default_perm={A.READ, A.QUERY},
                  append_perm={A.UPDATE})
    })

    rp = RoleDefine(
        {
            User:
            TablePerm({
                User.id: {A.READ},
                User.time: {A.READ}
            },
                      append_perm={A.UPDATE})
        }, rp0)

    assert rp._ability_table[User][A.READ] == {User.id, User.time, User.gender}
    assert rp._ability_table[User][A.UPDATE] == {
        User.id, User.time, User.gender
    }
    assert rp._ability_table[User][A.QUERY] == {User.gender}
Exemplo n.º 3
0
async def test_crud_perm_write():
    db, MUsers, MTopics, MTopics2 = crud_db_init()

    permission = {
        'visitor': RoleDefine({
            User: TablePerm({
                User.id: {A.READ, A.QUERY},
                User.nickname: {A.READ},
                User.password: {A.READ}
            })
        }, match=None),
        'user': RoleDefine({
            User: TablePerm({
                User.id: {A.READ, A.QUERY},
                User.nickname: {A.READ, A.UPDATE},
                User.password: {A.READ}
            })
        }, match=None)
    }

    c = PeeweeCrud(permission, {User: MUsers}, db)

    # perm visitor
    with pytest.raises(InvalidQueryValue):
        ret = await c.update_with_perm(
            QueryInfo.from_json(User, {'id.eq': 5}),
            ValuesToWrite({'nickname': 'aaa'}, User).bind(),
            perm=PermInfo(True, None, permission['visitor'])
        )
        assert len(ret) == 0  # all filtered

    # not check
    ret = await c.update_with_perm(
        QueryInfo.from_json(User, {'id.eq': 5}),
        ValuesToWrite({'nickname': 'aaa'}, User).bind(),
        perm=PermInfo(False, None, permission['visitor'])
    )
    assert len(ret) == 1
    assert ret[0] == 5

    # perm user
    ret = await c.update_with_perm(
        QueryInfo.from_json(User, {'id.eq': 5}),
        ValuesToWrite({'nickname': 'ccc'}, User).bind(),
        perm=PermInfo(True, None, permission['user'])
    )
    assert len(ret) == 1
    assert ret[0] == 5

    # returning
    ret = await c.update_with_perm(
        QueryInfo.from_json(User, {'id.eq': 5}),
        ValuesToWrite({'nickname': 'ccc'}, User).bind(),
        perm=PermInfo(True, None, permission['user']),
        returning=True
    )
    assert len(ret) == 1
    assert isinstance(ret[0], QueryResultRow)
Exemplo n.º 4
0
def test_role_perm_default_and_append():
    class User(RecordMapping):
        id: int
        time: int
        gender: str

    class Test(RecordMapping):
        id: str

    rp = RoleDefine({
        User:
        TablePerm({
            User.id: {A.UPDATE},
            User.time: {A.READ}
        },
                  default_perm={A.READ, A.QUERY},
                  append_perm={A.UPDATE})
    })

    assert rp._ability_table[User][A.READ] == {User.time, User.gender}
    assert rp._ability_table[User][A.UPDATE] == {
        User.id, User.time, User.gender
    }
    assert rp._ability_table[User][A.QUERY] == {User.gender}

    assert rp.get_perm_avail(User,
                             A.UPDATE) == {User.id, User.time, User.gender}
    assert rp.get_perm_avail(Test, A.UPDATE) == set()
Exemplo n.º 5
0
def test_role_perm_simple():
    class User(RecordMapping):
        id: int

    rp = RoleDefine({User: TablePerm({
        User.id: {A.UPDATE},
    })})

    assert rp._ability_table[User][A.UPDATE] == {User.id}
Exemplo n.º 6
0
def test_role_delete_inherit():
    user1 = RoleDefine({
        User: TablePerm({
            User.id: {A.READ, A.QUERY}
        })
    })

    user2 = RoleDefine({
        User: TablePerm({
            User.id: {A.READ, A.QUERY}
        }, allow_delete=True)
    })

    user1_1 = RoleDefine({}, based_on=user1)
    user2_1 = RoleDefine({}, based_on=user2)
    user2_1_1 = RoleDefine({}, based_on=user2_1)

    assert user1_1.can_delete(User) == False
    assert user2.can_delete(User)
    assert user2_1.can_delete(User)
    assert user2_1_1.can_delete(User)
Exemplo n.º 7
0
async def test_crud_perm_delete():
    db, MUsers, MTopics, MTopics2 = crud_db_init()

    role_visitor = RoleDefine({
        User: TablePerm({
            User.id: {A.READ, A.QUERY},
            User.nickname: {A.READ},
            User.password: {A.READ}
        })
    }, match=None)

    role_user = RoleDefine({
        User: TablePerm({
            User.id: {A.READ, A.QUERY},
            User.nickname: {A.READ, A.UPDATE},
            User.password: {A.READ}
        }, allow_delete=True)
    }, match=None)

    c = PeeweeCrud(None, {User: MUsers}, db)

    # perm visitor
    with pytest.raises(PermissionException):
        await c.delete_with_perm(
            QueryInfo.from_json(User, {}),
            perm=PermInfo(True, None, role_visitor)
        )

    # perm user
    assert len(await c.get_list(QueryInfo(User))) == 5
    ret = await c.delete_with_perm(
        QueryInfo.from_json(User, {}),
        perm=PermInfo(True, None, role_user)
    )
    assert len(ret) == 5
    assert len(await c.get_list(QueryInfo(User))) == 0
Exemplo n.º 8
0
async def test_crud_perm_read():
    db, MUsers, MTopics, MTopics2 = crud_db_init()

    permission = {
        'visitor': RoleDefine({
            User: TablePerm({
                User.id: {A.READ},
                User.password: {A.READ}
            })
        }, match=None),
    }

    c = PeeweeCrud(permission, {User: MUsers}, db)
    info = QueryInfo.from_json(User, {})

    ret = await c.get_list_with_perm(info, perm=PermInfo(True, None, permission['visitor']))
    for i in ret:
        assert i.to_dict().keys() == {'id', 'password'}
Exemplo n.º 9
0
async def test_crud_perm_insert():
    db, MUsers, MTopics, MTopics2 = crud_db_init()

    role_visitor = RoleDefine({
        User: TablePerm({
            User.id: {A.READ, A.QUERY},
            User.nickname: {A.READ},
            User.password: {A.READ}
        })
    }, match=None)

    role_user = RoleDefine({
        User: TablePerm({
            User.id: {A.READ, A.QUERY},
            User.username: {A.CREATE},
            User.nickname: {A.READ, A.UPDATE, A.CREATE},
            User.password: {A.READ, A.CREATE}
        }, allow_delete=True)
    }, match=None)

    c = PeeweeCrud(None, {User: MUsers}, db)

    # perm visitor
    with pytest.raises(ValidationError):
        ret = await c.insert_many_with_perm(
            User,
            [ValuesToWrite({'id': 10, 'nickname': 'aaa', 'username': '******'}, User)],
            perm=PermInfo(True, None, role_visitor)
        )
        assert len(ret) == 0  # all filtered

    # perm user
    ret = await c.insert_many_with_perm(
        User,
        [ValuesToWrite({'id': 10, 'nickname': 'aaa', 'username': '******'})],
        perm=PermInfo(True, None, role_user)
    )
    assert len(ret) == 1

    ret2 = await c.get_list(QueryInfo.from_json(User, {'id.eq': ret[0]}))
    assert ret2[0].to_dict()['id'] == ret[0]

    # perm not check
    ret = await c.insert_many_with_perm(
        User,
        [ValuesToWrite({'nickname': 'qqqq', 'username': '******'}, User).bind(True)],
        perm=PermInfo(False, None, role_visitor)
    )
    assert len(ret) == 1

    # with returning
    ret = await c.insert_many_with_perm(
        User,
        [ValuesToWrite({'nickname': 'wwww', 'username': '******'}, User).bind(check_insert=True)],
        perm=PermInfo(False, None, role_visitor),
        returning=True
    )

    assert len(ret) == 1
    d = ret[0].to_dict()
    assert d['username'] == 'u2'
    assert d['nickname'] == 'wwww'