def test_get_all_permission_grants_for_user(self):
user_db = self.users['1_custom_role']
role_db = self.roles['custom_role_1']
permission_grants = rbac_service.get_all_permission_grants_for_user(user_db=user_db)
self.assertItemsEqual(permission_grants, [])
# Grant some permissions
resource_db = self.resources['rule_1']
permission_types = [PermissionType.RULE_CREATE, PermissionType.RULE_MODIFY]
permission_grant = rbac_service.create_permission_grant_for_resource_db(
role_db=role_db,
resource_db=resource_db,
permission_types=permission_types)
# Retrieve all grants
permission_grants = rbac_service.get_all_permission_grants_for_user(user_db=user_db)
self.assertItemsEqual(permission_grants, [permission_grant])
# Retrieve all grants, filter on resource with no grants
permission_grants = rbac_service.get_all_permission_grants_for_user(user_db=user_db,
resource_types=[ResourceType.PACK])
self.assertItemsEqual(permission_grants, [])
# Retrieve all grants, filter on resource with grants
permission_grants = rbac_service.get_all_permission_grants_for_user(user_db=user_db,
resource_types=[ResourceType.RULE])
self.assertItemsEqual(permission_grants, [permission_grant])
def test_create_and_remove_permission_grant(self):
role_db = self.roles['custom_role_2']
resource_db = self.resources['rule_1']
# Grant "ALL" permission to the resource
permission_types = [PermissionType.RULE_ALL]
rbac_service.create_permission_grant_for_resource_db(role_db=role_db,
resource_db=resource_db,
permission_types=permission_types)
role_db.reload()
self.assertItemsEqual(role_db.permission_grants, role_db.permission_grants)
# Remove the previously granted permission
rbac_service.remove_permission_grant_for_resource_db(role_db=role_db,
resource_db=resource_db,
permission_types=permission_types)
role_db.reload()
self.assertItemsEqual(role_db.permission_grants, [])
