def test_bracket_evaluate(): """Test evaluating three expressions in a complex structure using a bracket.""" instructions = parse( tokenise( 'obj allow user edit and (user has_role admin or user has_role superuser)' )) result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(True, 'admin') }) assert result result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(True, 'superuser') }) assert result result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(False, 'admin') }) assert result is False result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(False, 'superuser') }) assert result is False
def test_and_or_evaluate(): """Test evaluating three expressions joined by and and or.""" instructions = parse( tokenise( 'obj allow user edit and user has_role admin or user has_role superuser' )) result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(True, 'admin') }) assert result result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(False, 'admin') }) assert result is False result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(True, 'superuser') }) assert result result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(False, 'superuser') }) assert result result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(False, 'nobody') }) assert result is False
def test_invalid_evaluate_too_few_parameters(): """Test exception handling for too few function parameters.""" with pytest.raises(PermissionException) as exc_info: evaluate(parse(tokenise('obj allow user')), { 'obj': ExampleObject(), 'user': ExampleUser(True, 'admin') }) assert exc_info.value.message == 'Too few parameters for method "allow" on "obj"'
def test_invalid_evaluate_missing_function(): """Test exception handling for a missing function.""" with pytest.raises(PermissionException) as exc_info: evaluate(parse(tokenise('obj allowed user edit')), { 'obj': ExampleObject(), 'user': ExampleUser(True, 'admin') }) assert exc_info.value.message == 'Object "obj" has no method "allowed"'
def test_invalid_evaluate_missing_expression_1(): """Test exception handling for an invalid boolean permission expression.""" with pytest.raises(PermissionException) as exc_info: evaluate(parse(tokenise('obj allow user edit and')), { 'obj': ExampleObject(), 'user': ExampleUser(True, 'admin') }) assert exc_info.value.message == 'Missing expression for boolean operator'
def test_basic_evaluate(): """Test evaluating a basic single expression.""" instructions = parse(tokenise('obj allow user edit')) result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(True, 'admin') }) assert result result = evaluate(instructions, { 'obj': ExampleObject(), 'user': ExampleUser(False, 'admin') }) assert result is False
def test_none_evaluate(): """Test evaluating three expressions in a complex structure using a bracket.""" instructions = parse(tokenise('obj allow user edit')) result = evaluate(instructions, { 'obj': None, 'user': ExampleUser(True, 'admin') }) assert result is False
def check_permission(request, instructions, base_values): """Checks the permission ``instructions``, substituting the ``base_values`` with data taken from the ``request``.""" values = {} for key, value in base_values.items(): if isinstance(value, tuple): values[key] = request.dbsession.query(value[0]).filter( getattr(value[0], value[1]) == request.matchdict[ value[2]]).first() elif value == 'current_user': values[key] = request.current_user return evaluate(instructions, values)
def test_empty_evaluate(): """Test evaluating an empty expression.""" result = evaluate(parse(tokenise('')), {}) assert result is False
def test_invalid_missing_object(): """Test exception handling for a missing subsitution object.""" with pytest.raises(PermissionException) as exc_info: evaluate(parse(tokenise('obj allow user edit')), {'user': ExampleUser(True, 'admin')}) assert exc_info.value.message == 'Object "obj" not found in the values'
def test_invalid_evaluate_missing_expression_2(): """Test exception handling for an invalid boolean permission expression.""" with pytest.raises(PermissionException) as exc_info: evaluate(parse(tokenise('and')), {}) assert exc_info.value.message == 'Missing expression for boolean operator'