def test_is_allowed(polar, load_policy, query):
actor = Actor(name="guest")
resource = Widget(id="1")
action = "get"
assert query(Predicate(name="allow", args=[actor, action, resource]))
actor = Actor(name="president")
assert query(Predicate(name="actorInRole", args=[actor, "admin", resource]))
assert query(Predicate(name="allowRole", args=["admin", "create", resource]))
def test_querystring_resource_map(polar, load_policy, query):
assert query(
Predicate(
name="allow",
args=[
Actor(name="sam"),
"what",
Http(path="/widget/12", query={"param": "foo"}),
],
))
assert not query(
Predicate(name="allow",
args=[Actor(name="sam"), "what",
Http(path="/widget/12")]))
def test_clear(polar, load_policy, query):
old = Path(__file__).parent / "policies" / "load.pol"
fails = Path(__file__).parent / "policies" / "reload_fail.pol"
new = Path(__file__).parent / "policies" / "reload.pol"
polar.clear()
polar.load_file(old)
actor = Actor(name="milton", id=1)
resource = Widget(id=1, name="thingy")
assert query(Predicate(name="allow", args=[actor, "make", resource]))
assert query(Predicate(name="allow", args=[actor, "get", resource]))
assert query(Predicate(name="allow", args=[actor, "edit", resource]))
assert query(Predicate(name="allow", args=[actor, "delete", resource]))
# raises exception because new policy file specifies on a class defined in the old file,
# but not in the new file
polar.clear()
with pytest.raises(PolarRuntimeException):
polar.load_file(fails)
polar.clear()
polar.load_file(new)
assert query(Predicate(name="allow", args=[actor, "make", resource]))
assert not query(Predicate(name="allow", args=[actor, "get", resource]))
assert not query(Predicate(name="allow", args=[actor, "edit", resource]))
assert not query(Predicate(name="allow", args=[actor, "delete", resource]))
def test_instance_from_external_call(polar, load_policy, query):
user = Actor(name="guest")
resource = Widget(id="1", name="name")
assert query(Predicate(name="allow", args=[user, "frob", resource]))
resource = Widget(id="2", name="name")
assert not query(Predicate(name="allow", args=[user, "frob", resource]))
def test_instance_initialization(polar, query, qvar):
# test round trip through kb query
user = Actor("sam")
env = query('new Actor{name:"sam"} = returned_user')[0]
assert polar.host.to_python(env["returned_user"]) == user
env = query('new Actor(name:"sam") = returned_user')[0]
assert polar.host.to_python(env["returned_user"]) == user
def test_cut(polar, load_policy, query):
set_frobbed([])
actor = Actor(name="guest")
resource = Widget(id="1")
action = "get"
assert query(Predicate(name="allow_with_cut", args=[actor, action, resource]))
assert get_frobbed() == ["Widget"]
set_frobbed([])
resource = DooDad(id="2")
assert query(Predicate(name="allow_with_cut", args=[actor, action, resource]))
assert get_frobbed() == ["DooDad"]
def test_method_resolution_order(polar, load_policy, query):
set_frobbed([])
actor = Actor(name="guest")
resource = Widget(id="1")
action = "get"
assert query(Predicate(name="allow", args=[actor, action, resource]))
assert get_frobbed() == ["Widget"]
# DooDad is a Widget
set_frobbed([])
resource = DooDad(id="2")
assert query(Predicate(name="allow", args=[actor, action, resource]))
assert get_frobbed() == ["DooDad", "Widget"]
def test_patching(polar, widget_in_company, actor_in_role, load_policy, query):
user = Actor("test")
assert not query(
Predicate(name="actorInRole", args=[user, "admin",
Widget(id="1")]))
with widget_in_company:
with actor_in_role("admin"):
assert query(
Predicate(name="actorInRole",
args=[user, "admin", Widget(id="1")]))
assert not query(
Predicate(name="actorInRole", args=[user, "admin",
Widget(id="1")]))
def test_register_class(polar, load_policy, query):
actor = Actor(name="guest")
resource = Widget(id="1")
action = "get"
assert query(Predicate(name="allow", args=(actor, action, resource)))
def test_iter_fields(polar, load_policy, query):
resource = Widget(id=1, name="stapler")
actor = Actor(name="milton", id=1)
assert query(Predicate(name="allow", args=[actor, "can_have", resource]))
def test_type_fields(polar, load_policy, query):
resource = Widget(id=1, name="goldfish")
actor = Actor(name="elmo", id=1, widget=resource)
assert query(Predicate(name="allow", args=[actor, "keep", resource]))
def test_return_list(polar, load_policy, query):
actor = Actor(name="guest")
resource = Widget(id="1")
action = "invite"
assert query(Predicate(name="allow", args=[actor, action, resource]))
def test_instance_round_trip(polar, query, qvar):
# direct round trip
user = Actor("sam")
assert polar.host.to_python(polar.host.to_polar(user)) is user
def set_user():
g.user = Actor(name=request.headers["username"])
def test_iter_fields(polar, load_policy, query):
resource = Widget(id=1, name="stapler")
actor = Actor(name="milton", id=1)
assert query(Predicate(name="allow", args=[actor, "can_have", resource]))
with pytest.raises(InvalidIteratorError):
query(Predicate(name="allow", args=[actor, "tries_to_get", resource]))