Skip to content

Commit

Permalink
Rename permission handlers to check_permissions and update tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
b-rowan committed Aug 28, 2024
1 parent 73607d6 commit 9f80896
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 34 deletions.
10 changes: 5 additions & 5 deletions goosebit/auth/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ def validate_user_permissions(
security: SecurityScopes,
user: User = Depends(get_current_user),
) -> HTTPConnection:
if not compare_permissions(security.scopes, user.permissions):
if not check_permissions(security.scopes, user.permissions):
logger.warning(f"{user.username} does not have sufficient permissions")
raise HTTPException(
status_code=403,
Expand All @@ -116,20 +116,20 @@ def validate_user_permissions(
return connection


def compare_permissions(scopes: Iterable[str] | None, permissions: Iterable[str]) -> bool:
def check_permissions(scopes: Iterable[str] | None, permissions: Iterable[str]) -> bool:
deny_permissions = [p.lstrip("!") for p in permissions if p.startswith("!")]
allow_permissions = [p for p in permissions if not p.startswith("!")]
if scopes is None:
return True
for scope in scopes:
if any([compare_permission(scope, permission) for permission in deny_permissions]):
if any([_check_permission(scope, permission) for permission in deny_permissions]):
return False
if not any([compare_permission(scope, permission) for permission in allow_permissions]):
if not any([_check_permission(scope, permission) for permission in allow_permissions]):
return False
return True


def compare_permission(scope: str, permission: str) -> bool:
def _check_permission(scope: str, permission: str) -> bool:
split_scope = scope.split(".")
for idx, permission in enumerate(permission.split(".")):
if permission == "*":
Expand Down
4 changes: 2 additions & 2 deletions goosebit/ui/templates/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
from fastapi.requests import Request
from fastapi.templating import Jinja2Templates

from goosebit.auth import compare_permissions
from goosebit.auth import check_permissions


def attach_permissions_comparison(_: Request):
return {"compare_permissions": compare_permissions}
return {"compare_permissions": check_permissions}


templates = Jinja2Templates(str(Path(__file__).resolve().parent), context_processors=[attach_permissions_comparison])
52 changes: 25 additions & 27 deletions tests/auth/test_permissions.py
Original file line number Diff line number Diff line change
@@ -1,51 +1,49 @@
from goosebit.auth import compare_permission, compare_permissions
from goosebit.auth import check_permissions


def test_compare_single_permission():
assert compare_permission("home.read", "home.read")
def test_single_permission():
assert check_permissions(["home.read"], ["home.read"])


def test_compare_inverted_single_permission():
assert not compare_permission("home.read", "!home.read")
def test_inverted_single_permission():
assert not check_permissions(["home.read"], ["!home.read"])


def test_compare_wildcard_sub_permission():
assert compare_permission("home.read", "home.*")
def test_wildcard_sub_permission():
assert check_permissions(["home.read"], ["home.*"])


def test_compare_inverted_wildcard_sub_permission():
assert not compare_permission("home.read", "!home.*")
def test_inverted_wildcard_sub_permission():
assert not check_permissions(["home.read"], ["!home.*"])


def test_compare_root_permission():
assert compare_permission("home.read", "home")
def test_root_permission():
assert check_permissions(["home.read"], ["home"])


def test_compare_inverted_root_permission():
assert not compare_permission("home.read", "!home")
def test_inverted_root_permission():
assert not check_permissions(["home.read"], ["!home"])


def test_compare_root_wildcard_permission():
assert compare_permission("home.read", "*")
def test_root_wildcard_permission():
assert check_permissions(["home.read"], ["*"])


def test_compare_inverted_root_wildcard_permission():
assert not compare_permission("home.read", "!*")
def test_inverted_root_wildcard_permission():
assert not check_permissions(["home.read"], ["!*"])


def test_compare_multiple_single_permissions():
assert compare_permissions(["home.read", "device.write"], ["home.read", "device.write"])
def test_multiple_single_permissions():
assert check_permissions(["home.read", "device.write"], ["home.read", "device.write"])


def test_compare_invalid_multiple_single_permissions():
assert not compare_permissions(["home.read", "device.write"], ["home.read", "device.read"])
def test_invalid_multiple_single_permissions():
assert not check_permissions(["home.read", "device.write"], ["home.read", "device.read"])


def test_compare_inverted_multiple_permissions():
assert not compare_permissions(["home.read", "device.write"], ["home.read", "device", "!device.write"])
def test_inverted_multiple_permissions():
assert not check_permissions(["home.read", "device.write"], ["home.read", "device", "!device.write"])


def test_compare_multiple_root_wildcard_permissions():
assert compare_permissions(
["home.read", "device.write", "device.read", "software.read"], ["*.read", "device.write"]
)
def test_multiple_root_wildcard_permissions():
assert check_permissions(["home.read", "device.write", "device.read", "software.read"], ["*.read", "device.write"])

0 comments on commit 9f80896

Please sign in to comment.