def test_policy_can_block_access(self):
self.system.policies = [
self._fake_policy(u'view', lambda r: r.id == 1),
self._fake_policy(u'view', lambda r: True),
]
assert_true(self._has_permission(u'view', Resource('foo', 1)))
assert_false(self._has_permission(u'view', Resource('foo', 2)))
def test_can_tell_if_user_has_permission(self):
self.system.policies = [
self._fake_policy(u'view', lambda resource: resource.id == 1)
]
public_resource = Resource('foo', 1)
private_resource = Resource(u'foo', 42)
assert_true(self._has_permission(u'view', public_resource))
assert_false(self._has_permission(u'view', private_resource))
def test_queries_next_policy_if_first_does_not_decides(self):
def is_one_or_none(resource):
if resource.id == 1:
return True
return None
self.system.policies = [
self._fake_policy(u'view', is_one_or_none),
self._fake_policy(u'view', lambda r: r.id < 10),
]
assert_true(self._has_permission(u'view', Resource('foo', 1)))
assert_true(self._has_permission(u'view', Resource('foo', 5)))
assert_false(self._has_permission(u'view', Resource('foo', 20)))
def test_asks_only_applicable_policies(self):
self.system.policies = [
self._fake_policy(u'view', lambda resource: resource.id == 1)
]
resource = Resource('foo', 1)
assert_true(self._has_permission(u'view', resource))
assert_false(self._has_permission(u'unknown', resource))
def test_restricts_access_if_no_policies_present(self):
self.system.policies = []
assert_false(self._has_permission(u'view', Resource('foo', 1)))