def test_dictionary_defination_usage(): @authorization_method def authorize(user, abilities): if user.is_admin: # self.can_manage(ALL) abilities.append(MANAGE, ALL) else: abilities.append(READ, ALL) abilities.append(EDIT, Article, author=user) authorization_target(User) sally = User(name='sally', admin=False) billy = User(name='billy', admin=True) article = Article(author=sally) # check abilities assert sally.can(EDIT, article) billys_article = Article(author=billy) assert sally.cannot(EDIT, billys_article) assert billy.can(EDIT, billys_article)
def test_cannot_override(): @authorization_method def authorize(user, they): they.can(MANAGE, ALL) they.cannot(DELETE, Article) authorization_target(User) sally = User(name='sally', admin=False) # test checks againsts a articles in general assert sally.can(READ, Article) assert sally.cannot(DELETE, Article) article = Article(author=sally) # test checks againsts a specific article assert sally.can(READ, article) assert sally.cannot(DELETE, article)