75484c0f73
API and persisted records use PowerOnModel system fields: - sysCreatedAt, sysCreatedBy, sysModifiedAt, sysModifiedBy Removed legacy JSON/DB field names: - _createdAt, _createdBy, _modifiedAt, _modifiedBy Frontend (frontend_nyla) and gateway call sites were updated accordingly. Database: - Bootstrap runs idempotent backfill (_migrateSystemFieldColumns) from old underscore columns and selected business duplicates into sys* where sys* IS NULL. - Re-run app bootstrap against each PostgreSQL database after deploy. - Optional: DROP INDEX IF EXISTS "idx_invitation_createdby" if an old index remains; new index: idx_invitation_syscreatedby on Invitation(sysCreatedBy). Tests: - RBAC integration tests aligned with current GROUP mandate filter and UserMandate-based UserConnection GROUP clause; buildRbacWhereClause(..., mandateId=...) must be passed explicitly (same as production request context). |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| README.md | ||
| test_rbac_database.py | ||
RBAC Integration Tests
Integration tests for the Role-Based Access Control (RBAC) system.
Test Files
test_rbac_database.py
Tests RBAC database filtering:
- WHERE clause building for ALL access level
- WHERE clause building for MY access level
- WHERE clause building for GROUP access level
- WHERE clause building for NONE access level
- Special handling for UserInDB table
- Special handling for UserConnection table
test_rbac_migration.py
Tests UAM to RBAC migration:
- User privilege to roleLabels conversion
- Skipping users with existing roleLabels
- Dry run mode
- Migration validation
- Validation failure scenarios
Running Tests
# Run all RBAC integration tests
pytest tests/integration/rbac/
# Run specific test file
pytest tests/integration/rbac/test_rbac_database.py
# Run with verbose output
pytest tests/integration/rbac/ -v
Test Coverage
- Database query filtering with RBAC
- SQL WHERE clause generation
- Migration script functionality
- Data validation after migration