def test_parse_config_error(): # resource name must be lowcase resource = {"HELLO": {"other": ["get"]}} permission = {"role": {"hello": "owner"}} with pytest.raises(AssertionError): parse_config(resource, permission) # invalid action resource = {"hello": {"other": ["unknown"]}} permission = {"role": {"hello": "owner"}} with pytest.raises(AssertionError): parse_config(resource, permission) # root can't be modified resource = {"hello": {"other": ["get"]}} permission = {"root": {"hello": "owner"}} with pytest.raises(AssertionError): parse_config(resource, permission) # resource not exists resource = {"hello": {"other": ["get"]}} permission = {"role": {"unknown": "get"}} with pytest.raises(AssertionError): parse_config(resource, permission) # res_role not exists resource = {"hello": {"other": ["get"]}} permission = {"role": {"hello": "unknown"}} with pytest.raises(AssertionError): parse_config(resource, permission)
def test_permit(): resource = { "photo": { "other": ["get"] }, "article": { "other": ["get"], "writer": ["post", "put"] }, "apiinfo": {} } permission = { "roleA": { "photo": "other", "article": "writer" }, "roleB": { "photo": "other", "article": "owner" }, "roleC": { "photo": "owner", "article": "other" } } config = parse_config(resource, permission) assert permit(config, "roleA", "photo", "get")[0] assert permit(config, "roleB", "photo", "get")[0] assert permit(config, "roleC", "photo", "get")[0] assert not permit(config, "roleA", "photo", "post")[0] assert not permit(config, "roleB", "photo", "post")[0] assert permit(config, "roleC", "photo", "post")[0] assert permit(config, "roleA", "article", "get")[0] assert permit(config, "roleB", "article", "get")[0] assert permit(config, "roleC", "article", "get")[0] assert permit(config, "roleA", "article", "post")[0] assert permit(config, "roleB", "article", "post")[0] assert not permit(config, "roleC", "article", "post")[0] assert not permit(config, "roleA", "article", "delete")[0] assert permit(config, "roleB", "article", "delete")[0] assert not permit(config, "roleC", "article", "delete")[0] assert permit(config, "root", "photo", "get")[0] assert permit(config, "root", "photo", "post")[0] assert permit(config, "root", "photo", "delete")[0] assert permit(config, "root", "article", "get")[0] assert permit(config, "root", "article", "post")[0] assert permit(config, "root", "article", "delete")[0] assert permit(config, "root", "unknown", "get")[0] assert permit(config, "root", "unknown", "post")[0] assert permit(config, "root", "unknown", "delete")[0]