def test_authorized_sessionmaker_relationship(engine, oso, fixture_data):
oso.load_str('allow("user", "read", post: Post) if post.id = 1;')
# Post with creator id = 1
oso.load_str('allow("user", "read", post: Post) if post.id = 7;')
oso.load_str('allow("user", "read", user: User) if user.id = 0;')
Session = authorized_sessionmaker(
get_oso=lambda: oso,
get_user=lambda: "user",
get_action=lambda: "read",
bind=engine,
)
session = Session()
posts = session.query(Post)
assert posts.count() == 2
users = session.query(User)
assert users.count() == 1
post_1 = posts.get(1)
# Authorized created by field.
assert post_1.created_by == users.get(0)
post_7 = posts.get(7)
# created_by isn't actually none, but we can't see it
assert post_7.created_by is None
def create_session(self, options):
return authorized_sessionmaker(get_oso=self._get_oso,
get_user=self._get_user,
get_action=self._get_action,
class_=SignallingSession,
db=self,
**options)
def test_null_with_partial(engine, oso):
oso.load_str("allow(_, _, post: Post) if post.contents = nil;")
Session = authorized_sessionmaker(
get_oso=lambda: oso,
get_user=lambda: "user",
get_action=lambda: "read",
bind=engine,
)
posts = Session().query(Post)
assert str(posts) == (
"SELECT posts.id AS posts_id, posts.contents AS posts_contents, posts.title AS posts_title, "
+ "posts.access_level AS posts_access_level, posts.created_by_id AS posts_created_by_id, "
+ "posts.needs_moderation AS posts_needs_moderation \nFROM posts \nWHERE posts.contents IS NULL"
)
assert posts.count() == 0
def test_authorized_sessionmaker_user_change(engine, oso, fixture_data):
"""Ensure that query fails if the user changes."""
oso.load_str('allow("user", "read", post: Post) if post.id = 1;')
user = ["user"]
Session = authorized_sessionmaker(
get_oso=lambda: oso,
get_user=lambda: user[0],
get_action=lambda: "read",
bind=engine,
)
session = Session()
posts = session.query(Post).count()
assert posts == 1
user[0] = "moderator"
with pytest.raises(Exception, match="user"):
posts = session.query(Post).count()