Rework of grants() function

Author: Mathias Bigaignon

entitled/client.py

@@ -3,7 +3,7 @@
 import importlib.util
 import pathlib
 import types
-import typing
+from typing import Any, Type
 
 from entitled import policies
 
@@ -12,7 +12,7 @@ class Client:
     "The Client class for decision-making centralization."
 
     def __init__(self, base_path: str | None = None):
-        self._policy_registrar: dict[typing.Type, policies.Policy] = {}
+        self._policy_registrar: dict[Type, policies.Policy] = {}
         self._load_path = None
         if base_path:
             self._load_path = pathlib.Path(base_path)
@@ -26,7 +26,7 @@ def allows(self, action, actor, resource, context: dict | None = None) -> bool:
         policy = self._policy_lookup(resource)
         return policy.allows(action, actor, resource, context)
 
-    def grants(self, actor, resource, context: dict | None = None):
+    def grants(self, actor, resource, context: dict | None = None) -> dict[Any, bool]:
         policy = self._policy_lookup(resource)
         return policy.grants(actor, resource, context)
 

entitled/policies.py

@@ -1,6 +1,6 @@
 """Grouping of authorization rules around a particular resource type"""
 
-from typing import Callable, Generic, TypeVar
+from typing import Any, Callable, Generic, TypeVar
 
 from entitled import exceptions
 from entitled.rules import Rule, RuleProtocol
@@ -45,12 +45,13 @@ def __register(self, action, *rules: Rule[T]):
         else:
             self._registry[action] = [*rules]
 
-    def grants(self, actor, resource: T, context: dict | None = None):
-
-        return filter(
-            lambda action: self.allows(action, actor, resource, context),
-            self._registry.keys(),
-        )
+    def grants(
+        self, actor, resource: T, context: dict | None = None
+    ) -> dict[Any, bool]:
+        return {
+            action: self.allows(action, actor, resource, context)
+            for action in self._registry
+        }
 
     def allows(
         self,

tests/test_client.py

@@ -39,10 +39,12 @@ def test_grants(self):
         user2 = User("user2", tenant2, set(["user"]))
         resource1 = Resource("R1", user1, tenant1)
 
-        u1_grants = [g for g in client.grants(user1, resource1)]
-        u2_grants = [g for g in client.grants(user2, resource1)]
+        u1_grants = client.grants(user1, resource1)
+        u2_grants = client.grants(user2, resource1)
         assert "view" in u1_grants and "edit" in u1_grants
-        assert "view" not in u2_grants and "edit" not in u2_grants
+        assert u1_grants["view"] and u1_grants["edit"]
+        assert "view" in u2_grants and "edit" in u2_grants
+        assert not u2_grants["view"] and not u2_grants["edit"]
 
     def test_allows(self):
         client = Client(base_path="tests/fixtures")

tests/test_policies.py

@@ -1,3 +1,4 @@
+from entitled import policies
 from entitled.policies import Policy
 from entitled.rules import Rule
 from tests.fixtures.models import Tenant, User
@@ -76,7 +77,7 @@ def is_tenant_admin(
         user1 = User(name="user1", tenant=tenant1, roles=set([admin_role]))
         user2 = User(name="user2", tenant=tenant1, roles=set([guest_role]))
 
-        assert ["is_member", "has_admin_role", "is_tenant_admin"] == [
-            item for item in policy.grants(user1, tenant1)
-        ]
-        assert ["is_member"] == [item for item in policy.grants(user2, tenant1)]
+        assert policy.grants(user1, tenant1)["is_member"]
+        assert policy.grants(user2, tenant1)["is_member"]
+        assert policy.grants(user1, tenant1)["is_tenant_admin"]
+        assert not policy.grants(user2, tenant1)["is_tenant_admin"]