-
Notifications
You must be signed in to change notification settings - Fork 29
Expand file tree
/
Copy pathtest_authorization_check.py
More file actions
127 lines (107 loc) · 4.01 KB
/
test_authorization_check.py
File metadata and controls
127 lines (107 loc) · 4.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
from typing import Union
import pytest
from tests.utils.syncify import syncify
from workos.authorization import AsyncAuthorization, Authorization
from workos.types.authorization.resource_identifier import (
ResourceIdentifierByExternalId,
ResourceIdentifierById,
)
@pytest.mark.sync_and_async(Authorization, AsyncAuthorization)
class TestAuthorizationCheck:
@pytest.fixture(autouse=True)
def setup(self, module_instance: Union[Authorization, AsyncAuthorization]):
self.http_client = module_instance._http_client
self.authorization = module_instance
@pytest.fixture
def mock_check_authorized(self):
return {"authorized": True}
@pytest.fixture
def mock_check_unauthorized(self):
return {"authorized": False}
def test_check_authorized(
self, mock_check_authorized, capture_and_mock_http_client_request
):
request_kwargs = capture_and_mock_http_client_request(
self.http_client, mock_check_authorized, 200
)
result = syncify(
self.authorization.check(
"om_01ABC",
permission_slug="documents:read",
resource=ResourceIdentifierById(resource_id="res_01ABC"),
)
)
assert result.authorized is True
assert request_kwargs["method"] == "post"
assert request_kwargs["url"].endswith(
"/authorization/organization_memberships/om_01ABC/check"
)
def test_check_unauthorized(
self, mock_check_unauthorized, capture_and_mock_http_client_request
):
request_kwargs = capture_and_mock_http_client_request(
self.http_client, mock_check_unauthorized, 200
)
result = syncify(
self.authorization.check(
"om_01ABC",
permission_slug="documents:write",
resource=ResourceIdentifierById(resource_id="res_01ABC"),
)
)
assert result.authorized is False
assert request_kwargs["method"] == "post"
def test_check_with_resource_id(
self, mock_check_authorized, capture_and_mock_http_client_request
):
request_kwargs = capture_and_mock_http_client_request(
self.http_client, mock_check_authorized, 200
)
syncify(
self.authorization.check(
"om_01ABC",
permission_slug="documents:read",
resource=ResourceIdentifierById(resource_id="res_01XYZ"),
)
)
assert request_kwargs["json"] == {
"permission_slug": "documents:read",
"resource_id": "res_01XYZ",
}
def test_check_with_resource_external_id(
self, mock_check_authorized, capture_and_mock_http_client_request
):
request_kwargs = capture_and_mock_http_client_request(
self.http_client, mock_check_authorized, 200
)
syncify(
self.authorization.check(
"om_01ABC",
permission_slug="documents:read",
resource=ResourceIdentifierByExternalId(
resource_external_id="ext_doc_123",
resource_type_slug="document",
),
)
)
assert request_kwargs["json"] == {
"permission_slug": "documents:read",
"resource_external_id": "ext_doc_123",
"resource_type_slug": "document",
}
def test_check_url_construction(
self, mock_check_authorized, capture_and_mock_http_client_request
):
request_kwargs = capture_and_mock_http_client_request(
self.http_client, mock_check_authorized, 200
)
syncify(
self.authorization.check(
"om_01MEMBERSHIP",
permission_slug="admin:access",
resource=ResourceIdentifierById(resource_id="res_01ABC"),
)
)
assert request_kwargs["url"].endswith(
"/authorization/organization_memberships/om_01MEMBERSHIP/check"
)