`lime_app_acl`¶

Scope: function | Returns: Acl

The lime_app_acl fixture provides the access control layer for the application. It determines whether operations on resources are permitted for the application user.

Default implementation¶

By default, lime_app_acl returns AlwaysAllowAcl, which grants every operation without any checks:

@pytest.fixture
def lime_app_acl() -> Acl:
    return AlwaysAllowAcl()

This is appropriate for most tests that are not concerned with permissions.

Customization¶

Using the database-backed ACL¶

lime_app_legacy_acl is a ready-made fixture that returns a LegacyAcl — the same ACL implementation used in production, backed by policy data in the test database. Override lime_app_acl to use it:

@pytest.fixture
def lime_app_acl(lime_app_legacy_acl):
    return lime_app_legacy_acl

Use this together with configure_legacy_acl to seed the database with specific policies before your test runs.

Providing a custom implementation¶

You can return any object that implements the Acl interface (is_allowed(resource, action) -> bool):

from lime_acl import Acl

class DenyDeleteAcl(Acl):
    def is_allowed(self, resource, action):
        return action != "delete"

@pytest.fixture
def lime_app_acl():
    return DenyDeleteAcl()

lime_app_acl¶

Default implementation¶

Customization¶

Using the database-backed ACL¶

Providing a custom implementation¶

`lime_app_acl`¶