From f520fb15a13350c27ffa99658d40d3414f0847d9 Mon Sep 17 00:00:00 2001 From: Edd Salkield Date: Fri, 29 Jan 2021 02:11:51 +0000 Subject: [PATCH] Fix show_items endpoint in example app --- fastapi_permissions/example.py | 2 +- tests/test_example_app.py | 37 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/fastapi_permissions/example.py b/fastapi_permissions/example.py index 625292a..cce76ea 100644 --- a/fastapi_permissions/example.py +++ b/fastapi_permissions/example.py @@ -264,7 +264,7 @@ async def show_items( user=Depends(get_current_user), ): available_permissions = { - index: list_permissions(user.principals, get_item(index)) + index: list_permissions(get_active_principals(user), get_item(index)) for index in fake_items_db } return [ diff --git a/tests/test_example_app.py b/tests/test_example_app.py index 2c141ac..e9caa02 100644 --- a/tests/test_example_app.py +++ b/tests/test_example_app.py @@ -53,6 +53,43 @@ def test_app_get_me(username, client): [ ("/items/", "bob", True), ("/items/", "alice", True), + ], +) +def test_app_items_permissions(url, username, granted, client): + """ test urls protected by principals, permissions and acls """ + response = get_with_user(url, username, client) + data = response.json() + assert data == [ + { + "items": { + "1": { + "name": "Stilton", + "owner": "bob" + }, + "2": { + "name": "Danish Blue", + "owner": "alice" + } + }, + "available_permissions": { + "1": { + "use": username == "bob", + "view": True + }, + "2": { + "use": True, + "view": True + } + } + } + ] + + assert response.status_code == 200 if granted else 403 + + +@pytest.mark.parametrize( + "url, username, granted", + [ ("/item/add", "bob", False), ("/item/add", "alice", True), ("/item/1", "bob", True),