Last active
July 2, 2017 01:48
-
-
Save tasdikrahman/ef3b09a558a33ede1ffff85354670a03 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acl = AccessControlList() | |
| acl.resource_read_rule(everyone_role, 'GET', '/api/v1/employee/1/info') | |
| acl.resource_delete_rule(admin_role, 'DELETE', '/api/v1/employee/1/') | |
| # checking READ operation on resource for user `everyone_user` | |
| for user_role in [role.get_name() for role in everyone_user.get_roles()]: | |
| assert acl.is_read_allowed(user_role, 'GET', '/api/v1/employee/1/info') == True | |
| # checking WRITE operation on resource for user `everyone_user` | |
| # Since you have not defined the rule for the particular, it will disallow any such operation by default. | |
| for user_role in [role.get_name() for role in everyone_user.get_roles()]: | |
| assert acl.is_write_allowed(user_role, 'WRITE', '/api/v1/employee/1/info') == False | |
| # checking WRITE operation on resource for user `admin_user` | |
| for user_role in [role.get_name() for role in everyone_user.get_roles()]: | |
| if user_role == 'admin': # as a user can have more than one role assigned to them | |
| assert acl.is_delete_allowed(user_role, 'DELETE', '/api/v1/employee/1/') == True | |
| else: | |
| assert acl.is_delete_allowed(user_role, 'DELETE', '/api/v1/employee/1/') == False |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment