示例#1
0
def test_parse_config_error():

    # resource name must be lowcase
    resource = {"HELLO": {"other": ["get"]}}
    permission = {"role": {"hello": "owner"}}
    with pytest.raises(AssertionError):
        parse_config(resource, permission)

    # invalid action
    resource = {"hello": {"other": ["unknown"]}}
    permission = {"role": {"hello": "owner"}}
    with pytest.raises(AssertionError):
        parse_config(resource, permission)

    # root can't be modified
    resource = {"hello": {"other": ["get"]}}
    permission = {"root": {"hello": "owner"}}
    with pytest.raises(AssertionError):
        parse_config(resource, permission)

    # resource not exists
    resource = {"hello": {"other": ["get"]}}
    permission = {"role": {"unknown": "get"}}
    with pytest.raises(AssertionError):
        parse_config(resource, permission)

    # res_role not exists
    resource = {"hello": {"other": ["get"]}}
    permission = {"role": {"hello": "unknown"}}
    with pytest.raises(AssertionError):
        parse_config(resource, permission)
示例#2
0
def test_permit():
    resource = {
        "photo": {
            "other": ["get"]
        },
        "article": {
            "other": ["get"],
            "writer": ["post", "put"]
        },
        "apiinfo": {}
    }
    permission = {
        "roleA": {
            "photo": "other",
            "article": "writer"
        },
        "roleB": {
            "photo": "other",
            "article": "owner"
        },
        "roleC": {
            "photo": "owner",
            "article": "other"
        }
    }

    config = parse_config(resource, permission)

    assert permit(config, "roleA", "photo", "get")[0]
    assert permit(config, "roleB", "photo", "get")[0]
    assert permit(config, "roleC", "photo", "get")[0]

    assert not permit(config, "roleA", "photo", "post")[0]
    assert not permit(config, "roleB", "photo", "post")[0]
    assert permit(config, "roleC", "photo", "post")[0]

    assert permit(config, "roleA", "article", "get")[0]
    assert permit(config, "roleB", "article", "get")[0]
    assert permit(config, "roleC", "article", "get")[0]

    assert permit(config, "roleA", "article", "post")[0]
    assert permit(config, "roleB", "article", "post")[0]
    assert not permit(config, "roleC", "article", "post")[0]

    assert not permit(config, "roleA", "article", "delete")[0]
    assert permit(config, "roleB", "article", "delete")[0]
    assert not permit(config, "roleC", "article", "delete")[0]

    assert permit(config, "root", "photo", "get")[0]
    assert permit(config, "root", "photo", "post")[0]
    assert permit(config, "root", "photo", "delete")[0]
    assert permit(config, "root", "article", "get")[0]
    assert permit(config, "root", "article", "post")[0]
    assert permit(config, "root", "article", "delete")[0]
    assert permit(config, "root", "unknown", "get")[0]
    assert permit(config, "root", "unknown", "post")[0]
    assert permit(config, "root", "unknown", "delete")[0]