Commits

"danjac"  committed 76b6f3d

tests for denial passing

  • Participants
  • Parent commits 4503149

Comments (0)

Files changed (2)

File flaskext/principal.py

     """
     def __init__(self, *needs):
         self.needs = set(needs)
-        self.deny = set()
+        self.denies = set()
         """A set of needs, any of which must be present in an identity to have
         access.
         """
         Return Denial equivalent (needs -> deny, deny -> needs)
         """
 
-        d = Denial(*self.deny)
-        d.needs.update(self.needs)
-        return d
+        p = Permission()
+        p.needs.update(self.needs)
+        p.deny.update(self.denies)
+        return p
 
     def union(self, other):
         """Create a new permission with the requirements of the union of this
         :param other: The other permission
         """
         p = Permission(*self.needs.union(other.needs))
-        p.deny.update(self.deny)
-        p.deny.update(other.deny)
+        p.denies.update(self.denies)
+        p.denies.update(other.denies)
         return p
 
     def issubset(self, other):
         :param other: The other permission
         """
         return self.needs.issubset(other.needs) and \
-               self.deny.issubset(other.deny)
+               self.denies.issubset(other.denies)
 
     def allows(self, identity):
         """Whether the identity can access this permission.
 
         :param identity: The identity
         """
-        if not self.needs:
-            return True
-        else:
-            return self.needs.intersection(identity.provides) and not \
-                   self.deny.intersection(identity.provides)
+        if self.needs and not self.needs.intersection(identity.provides):
+            return False
 
+        if self.denies and self.denies.intersection(identity.provides):
+            return False
+
+        return True
+       
     def can(self):
         """Whether the required context for this permission has access
 
     """
 
     def __init__(self, *deny):
-        self.deny = set(deny)
+        self.denies = set(deny)
         self.needs = set()
 
 

File tests/test_principal.py

 
 editor_permission = Permission(RoleNeed('editor'))
 
-admin_denial = Denial(RoleNeed('admin'))
+admin_denied = Denial(RoleNeed('admin'))
 
 def mkapp():
     app = Flask(__name__)
                 pass
     
     @app.route('/j')
-    def h():
+    def j():
         i = Identity('james')
         identity_changed.send(app, identity=i)
         with admin_permission.require(403):
             s.append("now admin")  
         return Response('\n'.join(s))
 
+
+    @app.route("/m")
+    def m():
+        with admin_denied.require():
+           pass 
+            
+        return Response("OK")
+
+
+    @app.route("/n")
+    def n():
+        i = mkadmin()
+        identity_changed.send(app, identity=i)
+        with admin_denied.require():
+            pass
+
+        return Response("OK")
+
     return app
 
+
 def mkadmin():
     i = Identity('ali')
     return i
 
     client = mkapp().test_client()
     response = client.open('/l')
-    print response.data
     assert response.status_code == 200
     assert 'not admin' in response.data
     assert 'now admin' in response.data
 
 
+def test_denied_passes():
+
+    client = mkapp().test_client()
+    response = client.open("/m")
+    print response.status_code
+    assert response.status_code == 200