def setUp(self):
self.app = Flask('test')
self.app.debug = True
self.pundit = FlaskPundit(policies_path='tests.policies')
self.pundit.init_app(self.app)
self.client = self.app.test_client()
def setUp(self):
self.pundit = FlaskPundit()
class TestUsage(TestCase):
def setUp(self):
self.app = Flask('test')
self.app.debug = True
self.pundit = FlaskPundit(policies_path='tests.policies')
self.pundit.init_app(self.app)
self.client = self.app.test_client()
def test_authorize_with_record_for_admin(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 200)
def test_authorize_with_record_for_admin_with_params(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post, thing_id=1)
@self.app.route('/test_authorize_admin_get')
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 403)
def test_authorize_with_record_for_staff(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_staff_get')
def admin_get_post():
g.user = {'id': 2, 'role': 'staff'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_staff_get')
eq_(resp.status_code, 403)
def test_authorize_with_model_for_admin(self):
def do_authorize_stuff():
return self.pundit.authorize(Post, action='create')
@self.app.route('/test_authorize_admin_create')
def admin_create_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_create')
eq_(resp.status_code, 200)
def test_authorize_with_policy_class_specified_for_admin(self):
def do_authorize_stuff():
return self.pundit.authorize(Comment)
@self.app.route('/test_authorize_admin_get_comment')
def admin_get_comment():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get_comment')
eq_(resp.status_code, 200)
def test_verify_authorized_decorator_success(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
@verify_authorized
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 200)
def test_verify_authorized_decorator_raises_exception(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
@verify_authorized
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
return 'Success', 200
assert_raises(RuntimeError, self.client.get,
'/test_authorize_admin_get')
def test_verify_authorized_decorator_ignores_raised_exception(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
@verify_authorized
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
raise BadRequest()
is_authorized = do_authorize_stuff()
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 400)
def test_policy_scoped_admin(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_admin')
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
scoped_posts = do_policy_scope_stuff()
ok_(self.pundit._verify_policy_scoped())
return json.dumps({'posts': scoped_posts})
resp = self.client.get('/test_policy_scope_admin')
eq_(resp.data.decode(), '{"posts": [1, 2]}')
def test_policy_scoped_staff(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_staff')
def admin_get_post():
g.user = {'id': 2, 'role': 'staff'}
scoped_posts = do_policy_scope_stuff()
ok_(self.pundit._verify_policy_scoped())
return json.dumps({'posts': scoped_posts})
resp = self.client.get('/test_policy_scope_staff')
eq_(resp.data.decode(), '{"posts": [3, 4]}')
def test_policy_scope_with_policy_class_specified_for_admin(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Comment)
@self.app.route('/test_policy_scope_admin_get_comments')
def admin_get_comments():
g.user = {'id': 1, 'role': 'admin'}
scoped_comments = do_policy_scope_stuff()
ok_(self.pundit._verify_policy_scoped())
return json.dumps({'comments': scoped_comments})
resp = self.client.get('/test_policy_scope_admin_get_comments')
eq_(resp.data.decode(), '{"comments": ["Hello"]}')
def test_verify_policy_scoped_decorator_success(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_admin')
@verify_policy_scoped
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
scoped_posts = do_policy_scope_stuff()
return json.dumps({'posts': scoped_posts})
resp = self.client.get('/test_policy_scope_admin')
eq_(resp.data.decode(), '{"posts": [1, 2]}')
def test_verify_policy_scoped_decorator_raises_exception(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_admin')
@verify_policy_scoped
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
return json.dumps({'posts': []})
assert_raises(RuntimeError, self.client.get,
'/test_policy_scope_admin')
class TestFlaskPundit(TestCase):
def setUp(self):
self.pundit = FlaskPundit()
def get_flask_defaults(self):
return {'g': {'user': '******'}, 'request.method': 'GET'}
@patch('flask_pundit.flask')
def test_authorize_with_record(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(get=lambda: True)
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
ok_(self.pundit.authorize(Mock()))
@patch('flask_pundit.flask')
def test_authorize_with_record_and_action(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(index=lambda: False)
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
ok_(not self.pundit.authorize(Mock(), 'index'))
@patch('flask_pundit.flask')
def test_authorize_with_record_and_action_and_user(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
user = {'id': 1, 'role': 'admin'}
policy_class_instance = Mock(get=lambda: True)
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
record = Mock()
ok_(self.pundit.authorize(record, user=user))
ok_(policy_class_instance.called_once_with(record, user))
@patch('flask_pundit.flask')
def test_authorize_raises_exception_missing_action(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(spec=['index'])
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
record = Mock()
assert_raises(AttributeError, self.pundit.authorize, record, 'update')
@patch('flask_pundit.flask')
def test_policy_scope_triggers_scope_action(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(scope=lambda: [1, 2, 3])
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
eq_(self.pundit.policy_scope(Mock()), [1, 2, 3])
def test_get_policy_clazz_raises_exception_record_none(self):
assert_raises(RuntimeError, self.pundit._get_policy_clazz, None)
def test_get_model_class_with_object(self):
record_class = Mock(__name__='Record')
record = Mock(__class__=record_class)
eq_(self.pundit._get_model_class(record), record_class)
def test_get_model_class_with_class(self):
eq_(self.pundit._get_model_class(PostPolicy), PostPolicy)
def test_get_model_class_with_child_class(self):
class ChildPostPolicy(PostPolicy):
pass
eq_(self.pundit._get_model_class(ChildPostPolicy), ChildPostPolicy)
def test_get_policy_clazz_from_model(self):
self.pundit._get_model_class = Mock(return_value=Mock(
__policy_class__=PostPolicy))
eq_(self.pundit._get_policy_clazz_from_model(Mock()), PostPolicy)
def setUp(self):
self.pundit = FlaskPundit()
class TestFlaskPundit(TestCase):
def setUp(self):
self.pundit = FlaskPundit()
def get_flask_defaults(self):
return {'g': {'user': '******'}, 'request.method': 'GET'}
@patch('flask_pundit.flask')
def test_authorize_with_record(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(get=lambda: True)
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
ok_(self.pundit.authorize(Mock()))
@patch('flask_pundit.flask')
def test_authorize_with_record_and_action(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(index=lambda: False)
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
ok_(not self.pundit.authorize(Mock(), 'index'))
@patch('flask_pundit.flask')
def test_authorize_with_record_and_action_and_user(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
user = {'id': 1, 'role': 'admin'}
policy_class_instance = Mock(get=lambda: True)
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
record = Mock()
ok_(self.pundit.authorize(record, user=user))
ok_(policy_class_instance.called_once_with(record, user))
@patch('flask_pundit.flask')
def test_authorize_raises_exception_missing_action(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
policy_class_instance = Mock(spec=['index'])
policy_class = Mock(return_value=policy_class_instance)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
record = Mock()
assert_raises(AttributeError, self.pundit.authorize, record, 'update')
@patch('flask_pundit.flask')
def test_policy_scope_triggers_resolve_action(self, flask):
flask.configure_mock(**(self.get_flask_defaults()))
scope_class_instance = Mock(resolve=lambda: [1, 2, 3])
scope_class = Mock(return_value=scope_class_instance)
policy_class = Mock(Scope=scope_class)
self.pundit._get_policy_clazz = Mock(return_value=policy_class)
eq_(self.pundit.policy_scope(Mock()), [1, 2, 3])
def test_get_policy_clazz_raises_exception_record_none(self):
assert_raises(RuntimeError, self.pundit._get_policy_clazz, None)
def test_get_model_class_with_object(self):
record_class = Mock(__name__='Record')
record = Mock(__class__=record_class)
eq_(self.pundit._get_model_class(record), record_class)
def test_get_model_class_with_class(self):
eq_(self.pundit._get_model_class(PostPolicy), PostPolicy)
def test_get_model_class_with_child_class(self):
class ChildPostPolicy(PostPolicy):
pass
eq_(self.pundit._get_model_class(ChildPostPolicy), ChildPostPolicy)
def test_get_policy_clazz_from_model(self):
self.pundit._get_model_class = Mock(
return_value=Mock(__policy_class__=PostPolicy))
eq_(self.pundit._get_policy_clazz_from_model(Mock()), PostPolicy)
def setUp(self):
self.app = Flask('test')
self.app.debug = True
self.pundit = FlaskPundit(policies_path='tests.policies')
self.pundit.init_app(self.app)
self.client = self.app.test_client()
class TestUsage(TestCase):
def setUp(self):
self.app = Flask('test')
self.app.debug = True
self.pundit = FlaskPundit(policies_path='tests.policies')
self.pundit.init_app(self.app)
self.client = self.app.test_client()
def test_authorize_with_record_for_admin(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 200)
def test_authorize_with_record_for_admin_with_params(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post, thing_id=1)
@self.app.route('/test_authorize_admin_get')
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 403)
def test_authorize_with_record_for_staff(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_staff_get')
def admin_get_post():
g.user = {'id': 2, 'role': 'staff'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_staff_get')
eq_(resp.status_code, 403)
def test_authorize_with_model_for_admin(self):
def do_authorize_stuff():
return self.pundit.authorize(Post, action='create')
@self.app.route('/test_authorize_admin_create')
def admin_create_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_create')
eq_(resp.status_code, 200)
def test_authorize_with_policy_class_specified_for_admin(self):
def do_authorize_stuff():
return self.pundit.authorize(Comment)
@self.app.route('/test_authorize_admin_get_comment')
def admin_get_comment():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
ok_(self.pundit._verify_authorized())
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get_comment')
eq_(resp.status_code, 200)
def test_verify_authorized_decorator_success(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
@verify_authorized
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
is_authorized = do_authorize_stuff()
if is_authorized:
return 'Success', 200
else:
return 'Forbidden', 403
resp = self.client.get('/test_authorize_admin_get')
eq_(resp.status_code, 200)
def test_verify_authorized_decorator_raises_exception(self):
def do_authorize_stuff():
post = Post(1)
return self.pundit.authorize(post)
@self.app.route('/test_authorize_admin_get')
@verify_authorized
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
return 'Success', 200
assert_raises(RuntimeError, self.client.get,
'/test_authorize_admin_get')
def test_policy_scoped_admin(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_admin')
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
scoped_posts = do_policy_scope_stuff()
ok_(self.pundit._verify_policy_scoped())
return json.dumps({'posts': scoped_posts})
resp = self.client.get('/test_policy_scope_admin')
eq_(resp.data, '{"posts": [1, 2]}')
def test_policy_scoped_staff(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_staff')
def admin_get_post():
g.user = {'id': 2, 'role': 'staff'}
scoped_posts = do_policy_scope_stuff()
ok_(self.pundit._verify_policy_scoped())
return json.dumps({'posts': scoped_posts})
resp = self.client.get('/test_policy_scope_staff')
eq_(resp.data, '{"posts": [3, 4]}')
def test_policy_scope_with_policy_class_specified_for_admin(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Comment)
@self.app.route('/test_policy_scope_admin_get_comments')
def admin_get_comments():
g.user = {'id': 1, 'role': 'admin'}
scoped_comments = do_policy_scope_stuff()
ok_(self.pundit._verify_policy_scoped())
return json.dumps({'comments': scoped_comments})
resp = self.client.get('/test_policy_scope_admin_get_comments')
eq_(resp.data, '{"comments": ["Hello"]}')
def test_verify_policy_scoped_decorator_success(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_admin')
@verify_policy_scoped
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
scoped_posts = do_policy_scope_stuff()
return json.dumps({'posts': scoped_posts})
resp = self.client.get('/test_policy_scope_admin')
eq_(resp.data, '{"posts": [1, 2]}')
def test_verify_policy_scoped_decorator_raises_exception(self):
def do_policy_scope_stuff():
return self.pundit.policy_scope(Post)
@self.app.route('/test_policy_scope_admin')
@verify_policy_scoped
def admin_get_post():
g.user = {'id': 1, 'role': 'admin'}
return json.dumps({'posts': []})
assert_raises(RuntimeError, self.client.get,
'/test_policy_scope_admin')
