ligbox/ligbox-ops-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ligbox-ops-platform/tests/test_permissions_027.py
Ligbox Spec Hub 3a2c64834b Initial import: ligbox-ops-platform + specs + LAPTOP + obsidian merge (CT130) 
Source: VM122 /opt + obsidian-infra + LAPTOP
Hub: CT130 spec-hub 10.10.10.130
2026-06-19 17:26:41 +00:00

102 lines
3.5 KiB
Python
Raw Blame History

"""Unit tests — Spec 027 RBAC matrix."""
from __future__ import annotations
import importlib.util
import sys
import unittest
from pathlib import Path
API_ROOT = Path(__file__).resolve().parents[1]
def _load(name: str, rel_path: str):
path = API_ROOT / rel_path
spec = importlib.util.spec_from_file_location(name, path)
if spec is None or spec.loader is None:
raise ImportError(path)
mod = importlib.util.module_from_spec(spec)
sys.modules[name] = mod
spec.loader.exec_module(mod)
return mod
permissions = _load("permissions_027", "app/permissions.py")
registry = _load("registry_027", "app/modules/registry.py")
ASSIGNABLE_ROLES = permissions.ASSIGNABLE_ROLES
HUMAN_ROLES = permissions.HUMAN_ROLES
can_create_foss_order = permissions.can_create_foss_order
can_manage_billing = permissions.can_manage_billing
can_read_billing = permissions.can_read_billing
can_read_crm_leads = permissions.can_read_crm_leads
can_validate_billing = permissions.can_validate_billing
is_assignable_role = permissions.is_assignable_role
ROLE_MODULE_DEFAULTS = registry.ROLE_MODULE_DEFAULTS
role_module_defaults = registry.role_module_defaults
class TestSpec027Permissions(unittest.TestCase):
def test_human_role_count(self):
self.assertGreaterEqual(len(HUMAN_ROLES), 13)
def test_assignable_excludes_super_admin(self):
self.assertNotIn("super_admin", ASSIGNABLE_ROLES)
self.assertIn("sales_admin", ASSIGNABLE_ROLES)
self.assertIn("sales_support", ASSIGNABLE_ROLES)
def test_sales_admin_billing_validate(self):
self.assertTrue(can_validate_billing("sales_admin"))
self.assertTrue(can_manage_billing("sales_admin"))
self.assertTrue(can_read_billing("sales_admin"))
def test_sales_support_no_billing_validate(self):
self.assertFalse(can_validate_billing("sales_support"))
self.assertFalse(can_manage_billing("sales_support"))
self.assertTrue(can_read_billing("sales_support"))
def test_finance_billing(self):
self.assertTrue(can_validate_billing("finance"))
self.assertTrue(can_create_foss_order("finance"))
def test_sales_roles_crm(self):
self.assertTrue(can_read_crm_leads("sales_admin"))
self.assertTrue(can_read_crm_leads("sales_support"))
self.assertTrue(can_read_crm_leads("marketing"))
def test_registration_roles(self):
for role in (
"ops_lead",
"technician",
"noc",
"sales_admin",
"sales_support",
"finance",
"marketing",
"seo",
"developer",
"devops",
"security_analyst",
"content_editor",
"agentic_operator",
):
self.assertTrue(is_assignable_role(role), role)
def test_role_module_defaults(self):
sales_admin_mods = role_module_defaults("sales_admin")
self.assertIsNotNone(sales_admin_mods)
assert sales_admin_mods is not None
self.assertIn("billing-recurrence", sales_admin_mods)
self.assertNotIn("billing-recurrence", role_module_defaults("sales_support") or set())
def test_ops_roles_no_module_filter(self):
self.assertIsNone(role_module_defaults("ops_lead"))
self.assertIsNone(role_module_defaults("technician"))
def test_all_defaults_registered(self):
for role, mods in ROLE_MODULE_DEFAULTS.items():
self.assertIn("core", mods, role)
if __name__ == "__main__":
unittest.main()
Reference in a new issue View git blame Copy permalink