`configure_legacy_acl`¶

Scope: function | Returns: callable

The configure_legacy_acl fixture returns a callable that seeds the test database with access policies, so that LegacyAcl — the ACL implementation used in production — behaves as configured. Use it together with the legacy ACL overrides described in lime_app_acl, lime_app_non_admin_acl, and lime_app_other_non_admin_acl.

Signature¶

configure_legacy_acl(*configs: PolicyConfig) -> None

Each PolicyConfig defines a named policy for a set of resources (limetypes or limetype properties) and the access each group gets:

PolicyConfig(
    name: str,
    resources: Iterable[LimeType | LimeProperty],
    access_config_by_group: Mapping[Group, AccessConfig],
)

AccessConfig(
    read: bool = True,
    create: bool = True,
    update: bool = True,
    delete: bool = True,
)

Warning

A resource can only be covered by one policy — configuring multiple policies for the same resource raises a RuntimeError.

Basic usage¶

Override the application's ACL with the legacy implementation, then seed the policies the test needs:

from lime_test.common.helpers import AccessConfig, PolicyConfig


@pytest.fixture
def lime_app_non_admin_acl(lime_app_non_admin_legacy_acl):
    return lime_app_non_admin_legacy_acl


def test_user_cannot_delete_company(
    lime_app_non_admin, users_group, configure_legacy_acl
):
    configure_legacy_acl(
        PolicyConfig(
            name="company_policy",
            resources=[lime_app_non_admin.limetypes.company],
            access_config_by_group={users_group: AccessConfig(delete=False)},
        )
    )

    acl = lime_app_non_admin.acl
    assert acl.is_allowed(lime_app_non_admin.limetypes.company, "read")
    assert not acl.is_allowed(lime_app_non_admin.limetypes.company, "delete")

users_group provides the prepopulated Users group that the non-admin users are members of — see database.

configure_legacy_acl¶

Signature¶

Basic usage¶

`configure_legacy_acl`¶