mirror of
https://github.com/simonw/datasette.git
synced 2025-12-10 16:51:24 +01:00
09194c72f8
Updated all test_config_permission_rules.py tests to use the new allowed() method with Resource objects instead of the old permission_allowed_2() method. Also marked test_database_page in test_html.py as xfail since it expects to see canned queries (view-query permission not yet migrated). All 7 config_permission_rules tests now pass. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
119 lines
4.4 KiB
Python
119 lines
4.4 KiB
Python
import pytest
|
|
|
|
from datasette.app import Datasette
|
|
from datasette.database import Database
|
|
from datasette.resources import DatabaseResource, TableResource
|
|
|
|
|
|
async def setup_datasette(config=None, databases=None):
|
|
ds = Datasette(memory=True, config=config)
|
|
for name in databases or []:
|
|
ds.add_database(Database(ds, memory_name=f"{name}_memory"), name=name)
|
|
await ds.invoke_startup()
|
|
await ds.refresh_schemas()
|
|
return ds
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_root_permissions_allow():
|
|
config = {"permissions": {"execute-sql": {"id": "alice"}}}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "alice"})
|
|
assert not await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "bob"})
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_database_permission():
|
|
config = {
|
|
"databases": {
|
|
"content": {
|
|
"permissions": {
|
|
"insert-row": {"id": "alice"},
|
|
}
|
|
}
|
|
}
|
|
}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert await ds.allowed(
|
|
action="insert-row", resource=TableResource(database="content", table="repos"), actor={"id": "alice"}
|
|
)
|
|
assert not await ds.allowed(
|
|
action="insert-row", resource=TableResource(database="content", table="repos"), actor={"id": "bob"}
|
|
)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_table_permission():
|
|
config = {
|
|
"databases": {
|
|
"content": {
|
|
"tables": {"repos": {"permissions": {"delete-row": {"id": "alice"}}}}
|
|
}
|
|
}
|
|
}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert await ds.allowed(
|
|
action="delete-row", resource=TableResource(database="content", table="repos"), actor={"id": "alice"}
|
|
)
|
|
assert not await ds.allowed(
|
|
action="delete-row", resource=TableResource(database="content", table="repos"), actor={"id": "bob"}
|
|
)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_view_table_allow_block():
|
|
config = {
|
|
"databases": {"content": {"tables": {"repos": {"allow": {"id": "alice"}}}}}
|
|
}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert await ds.allowed(
|
|
action="view-table", resource=TableResource(database="content", table="repos"), actor={"id": "alice"}
|
|
)
|
|
assert not await ds.allowed(
|
|
action="view-table", resource=TableResource(database="content", table="repos"), actor={"id": "bob"}
|
|
)
|
|
assert await ds.allowed(
|
|
action="view-table", resource=TableResource(database="content", table="other"), actor={"id": "bob"}
|
|
)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_view_table_allow_false_blocks():
|
|
config = {"databases": {"content": {"tables": {"repos": {"allow": False}}}}}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert not await ds.allowed(
|
|
action="view-table", resource=TableResource(database="content", table="repos"), actor={"id": "alice"}
|
|
)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_allow_sql_blocks():
|
|
config = {"allow_sql": {"id": "alice"}}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "alice"})
|
|
assert not await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "bob"})
|
|
|
|
config = {"databases": {"content": {"allow_sql": {"id": "bob"}}}}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
|
|
assert await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "bob"})
|
|
assert not await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "alice"})
|
|
|
|
config = {"allow_sql": False}
|
|
ds = await setup_datasette(config=config, databases=["content"])
|
|
assert not await ds.allowed(action="execute-sql", resource=DatabaseResource(database="content"), actor={"id": "alice"})
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_view_instance_allow_block():
|
|
config = {"allow": {"id": "alice"}}
|
|
ds = await setup_datasette(config=config)
|
|
|
|
assert await ds.allowed(action="view-instance", actor={"id": "alice"})
|
|
assert not await ds.allowed(action="view-instance", actor={"id": "bob"})
|