Allow checking entity permissions based on devices (#19007)

* Allow checking entity permissions based on devices * Fix tests
2018-12-05 11:41:00 +01:00 · 2018-12-05 11:41:00 +01:00 · 3928d034a3
commit 3928d034a3
parent 2680bf8a61
11 changed files with 143 additions and 27 deletions
--- a/tests/auth/permissions/test_entities.py
+++ b/tests/auth/permissions/test_entities.py
@ -4,12 +4,16 @@ import voluptuous as vol

 from homeassistant.auth.permissions.entities import (
  compile_entities, ENTITY_POLICY_SCHEMA)
+from homeassistant.auth.permissions.models import PermissionLookup
+from homeassistant.helpers.entity_registry import RegistryEntry
+
+from tests.common import mock_registry


 def test_entities_none():
    """Test entity ID policy."""
    policy = None
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is False


@ -17,7 +21,7 @@ def test_entities_empty():
    """Test entity ID policy."""
    policy = {}
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is False


@ -32,7 +36,7 @@ def test_entities_true():
    """Test entity ID policy."""
    policy = True
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True


@ -42,7 +46,7 @@ def test_entities_domains_true():
        'domains': True
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True


@ -54,7 +58,7 @@ def test_entities_domains_domain_true():
        }
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True
    assert compiled('switch.kitchen', 'read') is False

@ -76,7 +80,7 @@ def test_entities_entity_ids_true():
        'entity_ids': True
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True


@ -97,7 +101,7 @@ def test_entities_entity_ids_entity_id_true():
        }
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True
    assert compiled('switch.kitchen', 'read') is False

@ -123,7 +127,7 @@ def test_entities_control_only():
        }
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True
    assert compiled('light.kitchen', 'control') is False
    assert compiled('light.kitchen', 'edit') is False
@ -140,7 +144,7 @@ def test_entities_read_control():
        }
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True
    assert compiled('light.kitchen', 'control') is True
    assert compiled('light.kitchen', 'edit') is False
@ -152,7 +156,7 @@ def test_entities_all_allow():
        'all': True
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True
    assert compiled('light.kitchen', 'control') is True
    assert compiled('switch.kitchen', 'read') is True
@ -166,7 +170,7 @@ def test_entities_all_read():
        }
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is True
    assert compiled('light.kitchen', 'control') is False
    assert compiled('switch.kitchen', 'read') is True
@ -180,8 +184,40 @@ def test_entities_all_control():
        }
    }
    ENTITY_POLICY_SCHEMA(policy)
-    compiled = compile_entities(policy)
+    compiled = compile_entities(policy, None)
    assert compiled('light.kitchen', 'read') is False
    assert compiled('light.kitchen', 'control') is True
    assert compiled('switch.kitchen', 'read') is False
    assert compiled('switch.kitchen', 'control') is True
+
+
+def test_entities_device_id_boolean(hass):
+    """Test entity ID policy applying control on device id."""
+    registry = mock_registry(hass, {
+        'test_domain.allowed': RegistryEntry(
+            entity_id='test_domain.allowed',
+            unique_id='1234',
+            platform='test_platform',
+            device_id='mock-allowed-dev-id'
+        ),
+        'test_domain.not_allowed': RegistryEntry(
+            entity_id='test_domain.not_allowed',
+            unique_id='5678',
+            platform='test_platform',
+            device_id='mock-not-allowed-dev-id'
+        ),
+    })
+
+    policy = {
+        'device_ids': {
+            'mock-allowed-dev-id': {
+                'read': True,
+            }
+        }
+    }
+    ENTITY_POLICY_SCHEMA(policy)
+    compiled = compile_entities(policy, PermissionLookup(registry))
+    assert compiled('test_domain.allowed', 'read') is True
+    assert compiled('test_domain.allowed', 'control') is False
+    assert compiled('test_domain.not_allowed', 'read') is False
+    assert compiled('test_domain.not_allowed', 'control') is False