def wrapped(*args, **kwargs): # pylint: disable=missing-docstring user = getattr(request.authorization, "username", None) target = getattr(g, "username", None) checker = PermissionsChecker() # pylint: disable=undefined-variable checker.check_permission( PERMISSIONS.get(permission.get("permission")), user, target, getattr(g, "tournament_id", None) ) return func(*args, **kwargs)
def test_superuser(self): """check if a user is an organiser""" self.assertFalse(Account.query.\ filter_by(username=self.acc_1).first().is_superuser) checker = PermissionsChecker() Account.query.filter_by(username=self.acc_1).first().is_superuser = True self.injector.inject(self.tourn_1) self.assertTrue(checker.check_permission( 'enter_score', self.acc_1, None, self.tourn_1))
def all_tournaments_with_permission(action, username): """Find all tournaments where user has action. Returns list""" all_tournaments = TournamentDAO.query.\ filter(TournamentDAO.date >= date.today()).\ order_by(TournamentDAO.date.asc()).all() checker = PermissionsChecker() modifiable_tournaments = [] for tourn in all_tournaments: try: if checker.check_permission(action, username, None, tourn.name): modifiable_tournaments.append(tourn.name) except PermissionDeniedException: pass return modifiable_tournaments
def test_is_organiser(self): """check if a user is an organiser""" checker = PermissionsChecker() self.injector.inject(self.tourn_1) creator = '{}_creator'.format(self.tourn_1) options = [None, 'ranking_test', 'not_a_tournament', '', 'lisa', \ 'not_a_person', 'superman', 'permission_test', self.tourn_1, \ creator] self.assertTrue(checker.is_organiser(creator, self.tourn_1)) for user in options: for tourn in options: if user == creator and tourn == self.tourn_1: self.assertTrue(checker.is_organiser(user, tourn)) else: self.assertFalse(checker.is_organiser(user, tourn))
def test_remove_permissions(self): """Test that users can have their permissions removed""" checker = PermissionsChecker() self.injector.inject(self.tourn_1) player = '{}_player_1'.format(self.tourn_1) tourn_prot_obj = Tournament(self.tourn_1).get_dao().protected_object checker.add_permission(player, 'modify_application', tourn_prot_obj) prot_objs = ProtectedObject.query.count() prot_obj_actions = ProtObjAction.query.count() prot_obj_perms = ProtObjPerm.query.count() acc_perms = AccountProtectedObjectPerm.query.count() checker.remove_permission(player, 'modify_application', tourn_prot_obj) compare(prot_objs, ProtectedObject.query.count()) compare(prot_obj_actions, ProtObjAction.query.count()) compare(prot_obj_perms, ProtObjPerm.query.count()) # the one account should now have lost it's permissions compare(acc_perms - 1, AccountProtectedObjectPerm.query.count())
def test_check_permissions(self): """Test the entrypoint method""" checker = PermissionsChecker() self.injector.inject(self.tourn_1, num_players=2) t_player_1 = '{}_player_1'.format(self.tourn_1) # player for themselves self.assertTrue(checker.check_permission( 'enter_score', t_player_1, t_player_1, self.tourn_1)) # player for random user self.assertRaises(PermissionDeniedException, checker.check_permission, 'enter_score', t_player_1, self.acc_1, self.tourn_1) # player who is not superuser self.assertRaises(PermissionDeniedException, checker.check_permission, 'enter_score', t_player_1, None, self.tourn_1) # random user self.assertRaises(PermissionDeniedException, checker.check_permission, 'enter_score', self.acc_1, None, self.tourn_1)