Skip to content

Commit f788785

Browse files
committed
test: add unit tests for role definitions retrieval with namespace wildcards
1 parent 3590a75 commit f788785

1 file changed

Lines changed: 54 additions & 1 deletion

File tree

openedx_authz/tests/api/test_roles.py

Lines changed: 54 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@
1515

1616
from openedx_authz.api.data import (
1717
ActionData,
18-
ContentLibraryData,
1918
PermissionData,
2019
RoleAssignmentData,
2120
RoleData,
@@ -43,6 +42,7 @@
4342
)
4443
from openedx_authz.constants import permissions, roles
4544
from openedx_authz.constants.roles import (
45+
COURSE_AUDITOR_PERMISSIONS,
4646
LIBRARY_ADMIN_PERMISSIONS,
4747
LIBRARY_AUTHOR_PERMISSIONS,
4848
LIBRARY_CONTRIBUTOR_PERMISSIONS,
@@ -494,6 +494,59 @@ def test_get_permissions_for_active_role_in_specific_scope(self, role_name, scop
494494
expected_permissions,
495495
)
496496

497+
@ddt_data(
498+
(
499+
"lib^*",
500+
{
501+
roles.LIBRARY_ADMIN.external_key,
502+
roles.LIBRARY_AUTHOR.external_key,
503+
roles.LIBRARY_CONTRIBUTOR.external_key,
504+
roles.LIBRARY_USER.external_key,
505+
},
506+
roles.LIBRARY_ADMIN.external_key,
507+
LIBRARY_ADMIN_PERMISSIONS,
508+
),
509+
(
510+
"course-v1^*",
511+
{
512+
roles.COURSE_AUDITOR.external_key,
513+
roles.COURSE_EDITOR.external_key,
514+
roles.COURSE_STAFF.external_key,
515+
roles.COURSE_ADMIN.external_key,
516+
roles.COURSE_LIMITED_STAFF.external_key,
517+
roles.COURSE_DATA_RESEARCHER.external_key,
518+
roles.COURSE_BETA_TESTER.external_key,
519+
},
520+
roles.COURSE_AUDITOR.external_key,
521+
COURSE_AUDITOR_PERMISSIONS,
522+
),
523+
)
524+
@unpack
525+
def test_get_role_definitions_in_scope(
526+
self,
527+
namespaced_scope,
528+
expected_roles,
529+
sample_role,
530+
expected_permissions,
531+
):
532+
"""Test retrieving role definitions from policy for a namespace wildcard scope.
533+
534+
Expected result:
535+
- Role definitions defined in authz.policy for the scope are returned.
536+
- Each role includes the permissions declared in its policy rules.
537+
"""
538+
roles_in_scope = get_role_definitions_in_scope(ScopeData(namespaced_key=namespaced_scope))
539+
roles_by_key = {role.external_key: role for role in roles_in_scope}
540+
541+
self.assertEqual(set(roles_by_key.keys()), expected_roles)
542+
self.assertEqual(roles_by_key[sample_role].permissions, expected_permissions)
543+
544+
def test_get_role_definitions_in_scope_returns_empty_for_concrete_scope(self):
545+
"""Concrete scopes do not match namespace wildcard policy definitions."""
546+
roles_in_scope = get_role_definitions_in_scope(ScopeData(external_key="lib:Org1:math_101"))
547+
548+
self.assertEqual(roles_in_scope, [])
549+
497550
@ddt_data(
498551
("alice", "lib:Org1:math_101", {roles.LIBRARY_ADMIN.external_key}),
499552
("bob", "lib:Org1:history_201", {roles.LIBRARY_AUTHOR.external_key}),

0 commit comments

Comments
 (0)