mirror of
https://github.com/simonw/datasette.git
synced 2025-12-10 16:51:24 +01:00
Fixed some more tests
This commit is contained in:
Simon Willison
parent
98493b7587
commit
7423c1a999
2 changed files with 120 additions and 77 deletions
|
|
@ -18,6 +18,7 @@ def ds_write(tmp_path_factory):
|
||||||
"create table docs (id integer primary key, title text, score float, age integer)"
|
"create table docs (id integer primary key, title text, score float, age integer)"
|
||||||
)
|
)
|
||||||
ds = Datasette([db_path], immutables=[db_path_immutable])
|
ds = Datasette([db_path], immutables=[db_path_immutable])
|
||||||
|
ds.root_enabled = True
|
||||||
yield ds
|
yield ds
|
||||||
db.close()
|
db.close()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -357,64 +357,92 @@ async def test_root_with_root_enabled_gets_all_permissions(ds_client):
|
||||||
root_actor = {"id": "root"}
|
root_actor = {"id": "root"}
|
||||||
|
|
||||||
# Test instance-level permissions (no resource)
|
# Test instance-level permissions (no resource)
|
||||||
assert await ds_client.ds.permission_allowed(root_actor, "permissions-debug", None) is True
|
assert (
|
||||||
|
await ds_client.ds.permission_allowed(root_actor, "permissions-debug", None)
|
||||||
|
is True
|
||||||
|
)
|
||||||
assert await ds_client.ds.permission_allowed(root_actor, "debug-menu", None) is True
|
assert await ds_client.ds.permission_allowed(root_actor, "debug-menu", None) is True
|
||||||
|
|
||||||
# Test view permissions using the new ds.allowed() method
|
# Test view permissions using the new ds.allowed() method
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="view-instance",
|
await ds_client.ds.allowed(
|
||||||
resource=InstanceResource(),
|
action="view-instance", resource=InstanceResource(), actor=root_actor
|
||||||
actor=root_actor
|
)
|
||||||
) is True
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="view-database",
|
await ds_client.ds.allowed(
|
||||||
resource=DatabaseResource("fixtures"),
|
action="view-database",
|
||||||
actor=root_actor
|
resource=DatabaseResource("fixtures"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="view-table",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="view-table",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
# Test write permissions using ds.allowed()
|
# Test write permissions using ds.allowed()
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="insert-row",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="insert-row",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="delete-row",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="delete-row",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="update-row",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="update-row",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="create-table",
|
await ds_client.ds.allowed(
|
||||||
resource=DatabaseResource("fixtures"),
|
action="create-table",
|
||||||
actor=root_actor
|
resource=DatabaseResource("fixtures"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="alter-table",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="alter-table",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="drop-table",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="drop-table",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is True
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
@pytest.mark.asyncio
|
||||||
|
|
@ -433,32 +461,46 @@ async def test_root_without_root_enabled_no_special_permissions(ds_client):
|
||||||
# Without root_enabled, root should follow normal permission rules
|
# Without root_enabled, root should follow normal permission rules
|
||||||
|
|
||||||
# View permissions should still work (default=True)
|
# View permissions should still work (default=True)
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="view-instance",
|
await ds_client.ds.allowed(
|
||||||
resource=InstanceResource(),
|
action="view-instance", resource=InstanceResource(), actor=root_actor
|
||||||
actor=root_actor
|
)
|
||||||
) is True # Default permission
|
is True
|
||||||
|
) # Default permission
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="view-database",
|
await ds_client.ds.allowed(
|
||||||
resource=DatabaseResource("fixtures"),
|
action="view-database",
|
||||||
actor=root_actor
|
resource=DatabaseResource("fixtures"),
|
||||||
) is True # Default permission
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is True
|
||||||
|
) # Default permission
|
||||||
|
|
||||||
# But restricted permissions should NOT automatically be granted
|
# But restricted permissions should NOT automatically be granted
|
||||||
# Test with instance-level permission (no resource class)
|
# Test with instance-level permission (no resource class)
|
||||||
result = await ds_client.ds.permission_allowed(root_actor, "permissions-debug", None)
|
result = await ds_client.ds.permission_allowed(
|
||||||
assert result is not True, "Root without root_enabled should not automatically get permissions-debug"
|
root_actor, "permissions-debug", None
|
||||||
|
)
|
||||||
|
assert (
|
||||||
|
result is not True
|
||||||
|
), "Root without root_enabled should not automatically get permissions-debug"
|
||||||
|
|
||||||
# Test with resource-based permissions using ds.allowed()
|
# Test with resource-based permissions using ds.allowed()
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="create-table",
|
await ds_client.ds.allowed(
|
||||||
resource=DatabaseResource("fixtures"),
|
action="create-table",
|
||||||
actor=root_actor
|
resource=DatabaseResource("fixtures"),
|
||||||
) is not True, "Root without root_enabled should not automatically get create-table"
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is not True
|
||||||
|
), "Root without root_enabled should not automatically get create-table"
|
||||||
|
|
||||||
assert await ds_client.ds.allowed(
|
assert (
|
||||||
action="drop-table",
|
await ds_client.ds.allowed(
|
||||||
resource=TableResource("fixtures", "facetable"),
|
action="drop-table",
|
||||||
actor=root_actor
|
resource=TableResource("fixtures", "facetable"),
|
||||||
) is not True, "Root without root_enabled should not automatically get drop-table"
|
actor=root_actor,
|
||||||
|
)
|
||||||
|
is not True
|
||||||
|
), "Root without root_enabled should not automatically get drop-table"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue