Skip to content

Commit

Permalink
Added lazy evaluation to composed permissions. (#6463)
Browse files Browse the repository at this point in the history 
Refs #6402.
  • Loading branch information
@FMCorz @carltongibson
FMCorz authored and carltongibson committed Feb 25, 2019
1 parent 8a29c53 commit 94fbfcb
Show file tree
Hide file tree
Showing 3 changed files with 101 additions and 5 deletions.
11 changes: 11 additions & 0 deletions rest_framework/compat.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

from __future__ import unicode_literals

import sys

from django.conf import settings
from django.core import validators
from django.utils import six
Expand Down Expand Up @@ -34,6 +36,11 @@
except ImportError:
ProhibitNullCharactersValidator = None

try:
from unittest import mock
except ImportError:
mock = None


def get_original_route(urlpattern):
"""
Expand Down Expand Up @@ -314,3 +321,7 @@ class MinLengthValidator(CustomValidatorMessage, validators.MinLengthValidator):

class MaxLengthValidator(CustomValidatorMessage, validators.MaxLengthValidator):
pass


# Version Constants.
PY36 = sys.version_info >= (3, 6)
8 changes: 4 additions & 4 deletions rest_framework/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ def __init__(self, op1, op2):

def has_permission(self, request, view):
return (
self.op1.has_permission(request, view) &
self.op1.has_permission(request, view) and
self.op2.has_permission(request, view)
)

def has_object_permission(self, request, view, obj):
return (
self.op1.has_object_permission(request, view, obj) &
self.op1.has_object_permission(request, view, obj) and
self.op2.has_object_permission(request, view, obj)
)

Expand All @@ -62,13 +62,13 @@ def __init__(self, op1, op2):

def has_permission(self, request, view):
return (
self.op1.has_permission(request, view) |
self.op1.has_permission(request, view) or
self.op2.has_permission(request, view)
)

def has_object_permission(self, request, view, obj):
return (
self.op1.has_object_permission(request, view, obj) |
self.op1.has_object_permission(request, view, obj) or
self.op2.has_object_permission(request, view, obj)
)

Expand Down
87 changes: 86 additions & 1 deletion tests/test_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import warnings

import django
import pytest
from django.contrib.auth.models import AnonymousUser, Group, Permission, User
from django.db import models
from django.test import TestCase
Expand All @@ -14,7 +15,7 @@
HTTP_HEADER_ENCODING, authentication, generics, permissions, serializers,
status, views
)
from rest_framework.compat import is_guardian_installed
from rest_framework.compat import PY36, is_guardian_installed, mock
from rest_framework.filters import DjangoObjectPermissionsFilter
from rest_framework.routers import DefaultRouter
from rest_framework.test import APIRequestFactory
Expand Down Expand Up @@ -600,3 +601,87 @@ def test_several_levels_and_precedence(self):
permissions.IsAuthenticated
)
assert composed_perm().has_permission(request, None) is True

@pytest.mark.skipif(not PY36, reason="assert_called_once() not available")
def test_or_lazyness(self):
request = factory.get('/1', format='json')
request.user = AnonymousUser()

with mock.patch.object(permissions.AllowAny, 'has_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_permission', return_value=False) as mock_deny:
composed_perm = (permissions.AllowAny | permissions.IsAuthenticated)
hasperm = composed_perm().has_permission(request, None)
self.assertIs(hasperm, True)
mock_allow.assert_called_once()
mock_deny.assert_not_called()

with mock.patch.object(permissions.AllowAny, 'has_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_permission', return_value=False) as mock_deny:
composed_perm = (permissions.IsAuthenticated | permissions.AllowAny)
hasperm = composed_perm().has_permission(request, None)
self.assertIs(hasperm, True)
mock_deny.assert_called_once()
mock_allow.assert_called_once()

@pytest.mark.skipif(not PY36, reason="assert_called_once() not available")
def test_object_or_lazyness(self):
request = factory.get('/1', format='json')
request.user = AnonymousUser()

with mock.patch.object(permissions.AllowAny, 'has_object_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_object_permission', return_value=False) as mock_deny:
composed_perm = (permissions.AllowAny | permissions.IsAuthenticated)
hasperm = composed_perm().has_object_permission(request, None, None)
self.assertIs(hasperm, True)
mock_allow.assert_called_once()
mock_deny.assert_not_called()

with mock.patch.object(permissions.AllowAny, 'has_object_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_object_permission', return_value=False) as mock_deny:
composed_perm = (permissions.IsAuthenticated | permissions.AllowAny)
hasperm = composed_perm().has_object_permission(request, None, None)
self.assertIs(hasperm, True)
mock_deny.assert_called_once()
mock_allow.assert_called_once()

@pytest.mark.skipif(not PY36, reason="assert_called_once() not available")
def test_and_lazyness(self):
request = factory.get('/1', format='json')
request.user = AnonymousUser()

with mock.patch.object(permissions.AllowAny, 'has_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_permission', return_value=False) as mock_deny:
composed_perm = (permissions.AllowAny & permissions.IsAuthenticated)
hasperm = composed_perm().has_permission(request, None)
self.assertIs(hasperm, False)
mock_allow.assert_called_once()
mock_deny.assert_called_once()

with mock.patch.object(permissions.AllowAny, 'has_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_permission', return_value=False) as mock_deny:
composed_perm = (permissions.IsAuthenticated & permissions.AllowAny)
hasperm = composed_perm().has_permission(request, None)
self.assertIs(hasperm, False)
mock_allow.assert_not_called()
mock_deny.assert_called_once()

@pytest.mark.skipif(not PY36, reason="assert_called_once() not available")
def test_object_and_lazyness(self):
request = factory.get('/1', format='json')
request.user = AnonymousUser()

with mock.patch.object(permissions.AllowAny, 'has_object_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_object_permission', return_value=False) as mock_deny:
composed_perm = (permissions.AllowAny & permissions.IsAuthenticated)
hasperm = composed_perm().has_object_permission(request, None, None)
self.assertIs(hasperm, False)
mock_allow.assert_called_once()
mock_deny.assert_called_once()

with mock.patch.object(permissions.AllowAny, 'has_object_permission', return_value=True) as mock_allow:
with mock.patch.object(permissions.IsAuthenticated, 'has_object_permission', return_value=False) as mock_deny:
composed_perm = (permissions.IsAuthenticated & permissions.AllowAny)
hasperm = composed_perm().has_object_permission(request, None, None)
self.assertIs(hasperm, False)
mock_allow.assert_not_called()
mock_deny.assert_called_once()

0 comments on commit 94fbfcb

Please sign in to comment.