|
15 | 15 |
|
16 | 16 | from openedx_authz.api.data import ( |
17 | 17 | ActionData, |
18 | | - ContentLibraryData, |
19 | 18 | PermissionData, |
20 | 19 | RoleAssignmentData, |
21 | 20 | RoleData, |
|
43 | 42 | ) |
44 | 43 | from openedx_authz.constants import permissions, roles |
45 | 44 | from openedx_authz.constants.roles import ( |
| 45 | + COURSE_AUDITOR_PERMISSIONS, |
46 | 46 | LIBRARY_ADMIN_PERMISSIONS, |
47 | 47 | LIBRARY_AUTHOR_PERMISSIONS, |
48 | 48 | LIBRARY_CONTRIBUTOR_PERMISSIONS, |
@@ -494,6 +494,59 @@ def test_get_permissions_for_active_role_in_specific_scope(self, role_name, scop |
494 | 494 | expected_permissions, |
495 | 495 | ) |
496 | 496 |
|
| 497 | + @ddt_data( |
| 498 | + ( |
| 499 | + "lib^*", |
| 500 | + { |
| 501 | + roles.LIBRARY_ADMIN.external_key, |
| 502 | + roles.LIBRARY_AUTHOR.external_key, |
| 503 | + roles.LIBRARY_CONTRIBUTOR.external_key, |
| 504 | + roles.LIBRARY_USER.external_key, |
| 505 | + }, |
| 506 | + roles.LIBRARY_ADMIN.external_key, |
| 507 | + LIBRARY_ADMIN_PERMISSIONS, |
| 508 | + ), |
| 509 | + ( |
| 510 | + "course-v1^*", |
| 511 | + { |
| 512 | + roles.COURSE_AUDITOR.external_key, |
| 513 | + roles.COURSE_EDITOR.external_key, |
| 514 | + roles.COURSE_STAFF.external_key, |
| 515 | + roles.COURSE_ADMIN.external_key, |
| 516 | + roles.COURSE_LIMITED_STAFF.external_key, |
| 517 | + roles.COURSE_DATA_RESEARCHER.external_key, |
| 518 | + roles.COURSE_BETA_TESTER.external_key, |
| 519 | + }, |
| 520 | + roles.COURSE_AUDITOR.external_key, |
| 521 | + COURSE_AUDITOR_PERMISSIONS, |
| 522 | + ), |
| 523 | + ) |
| 524 | + @unpack |
| 525 | + def test_get_role_definitions_in_scope( |
| 526 | + self, |
| 527 | + namespaced_scope, |
| 528 | + expected_roles, |
| 529 | + sample_role, |
| 530 | + expected_permissions, |
| 531 | + ): |
| 532 | + """Test retrieving role definitions from policy for a namespace wildcard scope. |
| 533 | +
|
| 534 | + Expected result: |
| 535 | + - Role definitions defined in authz.policy for the scope are returned. |
| 536 | + - Each role includes the permissions declared in its policy rules. |
| 537 | + """ |
| 538 | + roles_in_scope = get_role_definitions_in_scope(ScopeData(namespaced_key=namespaced_scope)) |
| 539 | + roles_by_key = {role.external_key: role for role in roles_in_scope} |
| 540 | + |
| 541 | + self.assertEqual(set(roles_by_key.keys()), expected_roles) |
| 542 | + self.assertEqual(roles_by_key[sample_role].permissions, expected_permissions) |
| 543 | + |
| 544 | + def test_get_role_definitions_in_scope_returns_empty_for_concrete_scope(self): |
| 545 | + """Concrete scopes do not match namespace wildcard policy definitions.""" |
| 546 | + roles_in_scope = get_role_definitions_in_scope(ScopeData(external_key="lib:Org1:math_101")) |
| 547 | + |
| 548 | + self.assertEqual(roles_in_scope, []) |
| 549 | + |
497 | 550 | @ddt_data( |
498 | 551 | ("alice", "lib:Org1:math_101", {roles.LIBRARY_ADMIN.external_key}), |
499 | 552 | ("bob", "lib:Org1:history_201", {roles.LIBRARY_AUTHOR.external_key}), |
|
0 commit comments