def test_record_patron_access(db, users, access, action, is_allowed):
"""Test patron access."""
login_user(users["patron1"])
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def test_record_patron_create(db, users, access, action, is_allowed):
"""Test patron create."""
# create role to be able to create records
role = Role(name="records-creators")
db.session.add(role)
db.session.commit()
# assign role to the action "create-records"
ar = ActionRoles.allow(create_records_action, role_id=role.id)
db.session.add(ar)
db.session.commit()
@identity_loaded.connect
def mock_identity_provides(sender, identity):
"""Provide additional role to the user."""
roles = [RoleNeed(role.name)]
# Gives the user additional roles, f.e. based on his groups
identity.provides |= set(roles)
login_user(users["patron1"])
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def test_record_patron_create(client, db, users, with_role_creator):
"""Test patron create."""
tests = [
({
"foo": "bar"
}, "create", True),
({
"foo": "bar"
}, "update", False),
({
"foo": "bar"
}, "delete", False),
]
@identity_loaded.connect
def add_roles_to_identity(sender, identity):
"""Provide additional role to the user."""
roles = [RoleNeed("records-creators")]
identity.provides |= set(roles)
for access, action, is_allowed in tests:
# create role to be able to create records
user_login(client, "patron1", users)
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def test_record_librarian_access(db, users, access, action, is_allowed):
"""Test Librarian access."""
login_user(User.query.get(3))
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def login_and_test(username):
user = user_login(client, username, users)
# Create record
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
if user.has_role("admin"):
# super user can do EVERYTHING
assert factory.can()
elif user.has_role("librarian") and action != "delete":
# librarian should be able to update, create, and read everything
assert factory.can()
else:
assert factory.can() if is_allowed else not factory.can()
def login_and_test(user_id):
login_user(User.query.get(user_id))
# Create record
user = User.query.get(user_id)
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
if user.has_role('admin'):
# super user can do EVERYTHING
assert factory.can()
elif user.has_role('librarian') and action != 'delete':
# librarian should be able to update, create, and read everything
assert factory.can()
else:
assert factory.can() if is_allowed else not factory.can()
def test_record_patron_create(db, users, access, action, is_allowed):
"""Test patron create."""
@identity_loaded.connect
def mock_identity_provides(sender, identity):
"""Provide additional role to the user."""
roles = [ActionNeed('create-records')]
# Gives the user additional roles, f.e. based on his groups
identity.provides |= set(roles)
login_user(users["patron1"])
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()