def test_get_all_permission_grants_for_user(self): user_db = self.users['1_custom_role'] role_db = self.roles['custom_role_1'] permission_grants = rbac_service.get_all_permission_grants_for_user( user_db=user_db) self.assertItemsEqual(permission_grants, []) # Grant some permissions resource_db = self.resources['rule_1'] permission_types = [ PermissionType.RULE_CREATE, PermissionType.RULE_MODIFY ] permission_grant = rbac_service.create_permission_grant_for_resource_db( role_db=role_db, resource_db=resource_db, permission_types=permission_types) # Retrieve all grants permission_grants = rbac_service.get_all_permission_grants_for_user( user_db=user_db) self.assertItemsEqual(permission_grants, [permission_grant]) # Retrieve all grants, filter on resource with no grants permission_grants = rbac_service.get_all_permission_grants_for_user( user_db=user_db, resource_types=[ResourceType.PACK]) self.assertItemsEqual(permission_grants, []) # Retrieve all grants, filter on resource with grants permission_grants = rbac_service.get_all_permission_grants_for_user( user_db=user_db, resource_types=[ResourceType.RULE]) self.assertItemsEqual(permission_grants, [permission_grant])
def test_create_and_remove_permission_grant(self): role_db = self.roles['custom_role_2'] resource_db = self.resources['rule_1'] # Grant "ALL" permission to the resource permission_types = [PermissionType.RULE_ALL] rbac_service.create_permission_grant_for_resource_db( role_db=role_db, resource_db=resource_db, permission_types=permission_types) role_db.reload() self.assertItemsEqual(role_db.permission_grants, role_db.permission_grants) # Remove the previously granted permission rbac_service.remove_permission_grant_for_resource_db( role_db=role_db, resource_db=resource_db, permission_types=permission_types) role_db.reload() self.assertItemsEqual(role_db.permission_grants, [])