mirror of
https://github.com/simonw/datasette.git
synced 2025-12-10 16:51:24 +01:00
Added permission check to every view, closes #808
This commit is contained in:
Simon Willison
parent
bd4de0647d
commit
86dec9e8ff
13 changed files with 220 additions and 2 deletions
|
|
@ -1,5 +1,15 @@
|
|||
import os
|
||||
import pathlib
|
||||
import pytest
|
||||
import re
|
||||
|
||||
UNDOCUMENTED_PERMISSIONS = {
|
||||
"this_is_allowed",
|
||||
"this_is_denied",
|
||||
"this_is_allowed_async",
|
||||
"this_is_denied_async",
|
||||
"no_match",
|
||||
}
|
||||
|
||||
|
||||
def pytest_configure(config):
|
||||
|
|
@ -39,3 +49,31 @@ def restore_working_directory(tmpdir, request):
|
|||
os.chdir(previous_cwd)
|
||||
|
||||
request.addfinalizer(return_to_previous)
|
||||
|
||||
|
||||
@pytest.fixture(scope="session", autouse=True)
|
||||
def check_permission_actions_are_documented():
|
||||
from datasette.plugins import pm
|
||||
|
||||
content = (
|
||||
(pathlib.Path(__file__).parent.parent / "docs" / "authentication.rst")
|
||||
.open()
|
||||
.read()
|
||||
)
|
||||
permissions_re = re.compile(r"\.\. _permissions_([^\s:]+):")
|
||||
documented_permission_actions = set(permissions_re.findall(content)).union(
|
||||
UNDOCUMENTED_PERMISSIONS
|
||||
)
|
||||
|
||||
def before(hook_name, hook_impls, kwargs):
|
||||
if hook_name == "permission_allowed":
|
||||
action = kwargs.get("action").replace("-", "_")
|
||||
assert (
|
||||
action in documented_permission_actions
|
||||
), "Undocumented permission action: {}, resource_type: {}, resource_identifier: {}".format(
|
||||
action, kwargs["resource_type"], kwargs["resource_identifier"]
|
||||
)
|
||||
|
||||
pm.add_hookcall_monitoring(
|
||||
before=before, after=lambda outcome, hook_name, hook_impls, kwargs: None
|
||||
)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue