Spaces:
Sleeping
Sleeping
File size: 1,525 Bytes
b65ef75 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
import sys
from pathlib import Path
import pytest
# Ensure backend package is importable
backend_dir = Path(__file__).parent.parent
sys.path.insert(0, str(backend_dir))
from mcp_server.common import access_control
from mcp_server.common.utils import execute_tool
@pytest.mark.asyncio
async def test_execute_tool_denies_without_permission():
async def handler(context, payload):
return {"ok": True}
payload = {
"tenant_id": "tenant123",
"session_id": "s1",
"role": "viewer",
}
result = await execute_tool("rag.ingest", payload, handler)
assert result["status"] == "error"
assert result["error_type"] == "validation_error"
assert "not permitted" in result["message"]
@pytest.mark.asyncio
async def test_execute_tool_allows_authorized_role():
async def handler(context, payload):
return {"ok": True}
payload = {
"tenant_id": "tenant123",
"session_id": "s1",
"role": "admin",
}
result = await execute_tool("rag.ingest", payload, handler)
assert result["status"] == "ok"
assert result["data"]["ok"] is True
def test_normalize_role_defaults_to_viewer():
assert access_control.normalize_role(None) == "viewer"
assert access_control.normalize_role("ADMIN") == "admin"
assert access_control.normalize_role("unknown") == "viewer"
def test_role_allows_matrix():
assert access_control.role_allows("owner", "manage_rules")
assert not access_control.role_allows("viewer", "manage_rules")
|