`lime_app_non_admin_acl`¶

Scope: function | Returns: Acl

The lime_app_non_admin_acl fixture provides the access control layer for the non-admin application. It determines whether operations on resources are permitted for the application user.

Default implementation¶

By default, lime_app_non_admin_acl returns AlwaysAllowAcl, which grants every operation without any checks:

@pytest.fixture
def lime_app_non_admin_acl() -> Acl:
    return AlwaysAllowAcl()

Customization¶

Using the database-backed ACL¶

lime_app_non_admin_legacy_acl is a ready-made fixture that returns a LegacyAcl backed by policy data in the test database. Override lime_app_non_admin_acl to use it:

@pytest.fixture
def lime_app_non_admin_acl(lime_app_non_admin_legacy_acl):
    return lime_app_non_admin_legacy_acl

Use this together with configure_legacy_acl to seed the database with specific policies before your test runs.

Providing a custom implementation¶

You can return any object that implements the Acl interface (is_allowed(resource, action) -> bool):

from lime_acl import Acl

class DenyDeleteAcl(Acl):
    def is_allowed(self, resource, action):
        return action != "delete"

@pytest.fixture
def lime_app_non_admin_acl():
    return DenyDeleteAcl()

lime_app_non_admin_acl¶

Default implementation¶

Customization¶

Using the database-backed ACL¶

Providing a custom implementation¶

`lime_app_non_admin_acl`¶