PowerOn/gateway
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gateway/tests/unit/rbac/test_rbac_bootstrap.py
ValueOn AG 54246745a9 refactored uam to rbac
2025-12-07 13:48:39 +01:00

162 lines
6.2 KiB
Python
Raw Blame History

"""
Unit tests for RBAC bootstrap initialization.
Tests that bootstrap creates correct rules and initial data.
"""
import pytest
from unittest.mock import Mock, MagicMock, patch
from modules.interfaces.interfaceBootstrap import (
initBootstrap,
initRootMandate,
initAdminUser,
initEventUser,
initRbacRules,
createDefaultRoleRules,
createTableSpecificRules
)
from modules.datamodels.datamodelUam import UserInDB, Mandate, UserPrivilege, AuthAuthority
from modules.datamodels.datamodelRbac import AccessRule, AccessRuleContext
from modules.datamodels.datamodelUam import AccessLevel
class TestRbacBootstrap:
"""Test RBAC bootstrap initialization."""
def testInitRootMandateCreatesIfNotExists(self):
"""Test that initRootMandate creates mandate if it doesn't exist."""
db = Mock()
db.getRecordset = Mock(return_value=[]) # No existing mandates
db.recordCreate = Mock(return_value={"id": "mandate1", "name": "Root"})
mandateId = initRootMandate(db)
assert mandateId == "mandate1"
db.recordCreate.assert_called_once()
callArgs = db.recordCreate.call_args
assert isinstance(callArgs[0][1], Mandate)
assert callArgs[0][1].name == "Root"
def testInitRootMandateReturnsExisting(self):
"""Test that initRootMandate returns existing mandate ID."""
db = Mock()
db.getRecordset = Mock(return_value=[{"id": "existing_mandate"}])
mandateId = initRootMandate(db)
assert mandateId == "existing_mandate"
db.recordCreate.assert_not_called()
def testInitAdminUserCreatesWithSysadminRole(self):
"""Test that initAdminUser creates user with sysadmin role."""
db = Mock()
db.getRecordset = Mock(return_value=[]) # No existing users
db.recordCreate = Mock(return_value={"id": "admin1", "username": "admin"})
with patch('modules.interfaces.interfaceBootstrap._getPasswordHash', return_value="hashed"):
userId = initAdminUser(db, "mandate1")
assert userId == "admin1"
db.recordCreate.assert_called_once()
callArgs = db.recordCreate.call_args
user = callArgs[0][1]
assert isinstance(user, UserInDB)
assert user.username == "admin"
assert "sysadmin" in user.roleLabels
assert user.privilege == UserPrivilege.SYSADMIN
def testInitEventUserCreatesWithSysadminRole(self):
"""Test that initEventUser creates user with sysadmin role."""
db = Mock()
db.getRecordset = Mock(return_value=[]) # No existing users
db.recordCreate = Mock(return_value={"id": "event1", "username": "event"})
with patch('modules.interfaces.interfaceBootstrap._getPasswordHash', return_value="hashed"):
userId = initEventUser(db, "mandate1")
assert userId == "event1"
db.recordCreate.assert_called_once()
callArgs = db.recordCreate.call_args
user = callArgs[0][1]
assert isinstance(user, UserInDB)
assert user.username == "event"
assert "sysadmin" in user.roleLabels
def testCreateDefaultRoleRules(self):
"""Test that createDefaultRoleRules creates correct default rules."""
db = Mock()
db.recordCreate = Mock()
createDefaultRoleRules(db)
# Should create 4 default rules (sysadmin, admin, user, viewer)
assert db.recordCreate.call_count == 4
# Check sysadmin rule
sysadminCall = [call for call in db.recordCreate.call_args_list
if call[0][1].roleLabel == "sysadmin"][0]
sysadminRule = sysadminCall[0][1]
assert sysadminRule.context == AccessRuleContext.DATA
assert sysadminRule.item is None
assert sysadminRule.view == True
assert sysadminRule.read == AccessLevel.ALL
assert sysadminRule.create == AccessLevel.ALL
# Check user rule
userCall = [call for call in db.recordCreate.call_args_list
if call[0][1].roleLabel == "user"][0]
userRule = userCall[0][1]
assert userRule.read == AccessLevel.MY
assert userRule.create == AccessLevel.MY
def testCreateTableSpecificRules(self):
"""Test that createTableSpecificRules creates table-specific rules."""
db = Mock()
db.recordCreate = Mock()
createTableSpecificRules(db)
# Should create multiple rules for different tables
assert db.recordCreate.call_count > 0
# Check that Mandate table rules are created
mandateCalls = [call for call in db.recordCreate.call_args_list
if call[0][1].item == "Mandate"]
assert len(mandateCalls) > 0
# Check sysadmin rule for Mandate
sysadminMandateCall = [call for call in mandateCalls
if call[0][1].roleLabel == "sysadmin"][0]
sysadminRule = sysadminMandateCall[0][1]
assert sysadminRule.view == True
assert sysadminRule.read == AccessLevel.ALL
# Check that other roles have view=False for Mandate
otherMandateCalls = [call for call in mandateCalls
if call[0][1].roleLabel != "sysadmin"]
for call in otherMandateCalls:
rule = call[0][1]
assert rule.view == False
def testInitRbacRulesSkipsIfExists(self):
"""Test that initRbacRules skips creation if rules already exist."""
db = Mock()
db.getRecordset = Mock(return_value=[{"id": "rule1"}]) # Rules exist
initRbacRules(db)
# Should not create new rules
db.recordCreate.assert_not_called()
def testInitRbacRulesCreatesIfNotExists(self):
"""Test that initRbacRules creates rules if they don't exist."""
db = Mock()
db.getRecordset = Mock(side_effect=[
[], # No existing rules
[] # After creating default rules
])
db.recordCreate = Mock()
initRbacRules(db)
# Should create rules
assert db.recordCreate.call_count > 0
Reference in a new issue View git blame Copy permalink