def test_unknown_class_check(article):
from authorizeme import Authorization, RuleError
authorization = Authorization()
with pytest.raises(RuleError):
authorization.allows(article.author, 'edit', article)
def test_unknown_class_check(article):
from authorizeme import Authorization, RuleError
authorization = Authorization()
with pytest.raises(RuleError):
authorization.allows(article.author, 'edit', article)
def authorization(request):
from authorizeme import Authorization
class BlogRule(object):
def can_add_article(self, user, obj):
return user.is_writer
class ArticleRule(object):
def can_read(self, user, obj):
return True
def can_change(self, user, obj):
return obj.author is user
def can_rate(self, user, obj):
return obj.author is not user
authz = Authorization()
if request.param['configuration_type'] == 'declarative':
authz.rule_for(Article)(ArticleRule)
authz.rule_for(Blog)(BlogRule)
else:
authz.add_rule(Article, ArticleRule)
authz.add_rule(Blog, BlogRule)
return authz
def authorization(request):
configuration_type = request.param
from authorizeme import Authorization
authz = Authorization()
class AppRule(object):
def can_add_blog(self, user):
return user.is_admin
class BlogRule(object):
def can_add_article(self, user, obj):
return user in obj.writers
def can_add_author(self, user, obj):
return user.is_admin
class ArticleRule(object):
def can_read(self, user, obj):
return True
def can_change(self, user, obj):
return obj.author is user
def can_rate(self, user, obj):
return obj.author is not user
if configuration_type == 'declarative':
authz.rule(AppRule)
authz.rule_for(Article)(ArticleRule)
authz.rule_for([BookReview, MovieReview])(ArticleRule)
authz.rule_for(Blog)(BlogRule)
else:
authz.add_rule(AppRule)
authz.add_rule(ArticleRule, Article)
authz.add_rule(ArticleRule, [BookReview, MovieReview])
authz.add_rule(BlogRule, Blog)
return authz
def authorization(request):
configuration_type = request.param
from authorizeme import Authorization
authz = Authorization()
class AppRule(object):
def can_add_blog(self, user):
return user.is_admin
class BlogRule(object):
def can_add_article(self, user, obj):
return user in obj.writers
def can_add_author(self, user, obj):
return user.is_admin
class ArticleRule(object):
def can_read(self, user, obj):
return True
def can_change(self, user, obj):
return obj.author is user
def can_rate(self, user, obj):
return obj.author is not user
if configuration_type == 'declarative':
authz.rule(AppRule)
authz.rule_for(Article)(ArticleRule)
authz.rule_for([BookReview, MovieReview])(ArticleRule)
authz.rule_for(Blog)(BlogRule)
else:
authz.add_rule(AppRule)
authz.add_rule(ArticleRule, Article)
authz.add_rule(ArticleRule, [BookReview, MovieReview])
authz.add_rule(BlogRule, Blog)
return authz
