tests: replace dictionary-based role rights with structured Rights and Permission objects for improved RBAC clarity

2025-12-19 04:19:25 +00:00 · 2025-08-06 14:17:28 +02:00 · 2025-08-06 14:17:28 +02:00 · b425cd2984
commit b425cd2984
parent 9f13884c08
1 changed files with 59 additions and 47 deletions
--- a/apps/api/src/tests/security/test_rbac.py
+++ b/apps/api/src/tests/security/test_rbac.py
@ -57,57 +57,69 @@ class TestRBAC:
    @pytest.fixture
    def mock_role(self):
        """Create a mock role object"""
-        from src.db.roles import RoleTypeEnum
+        from src.db.roles import RoleTypeEnum, Rights, PermissionsWithOwn, Permission, DashboardPermission
        role = Mock(spec=Role)
        role.id = 1
        role.org_id = 1
        role.name = "Test Role"
        role.description = "A test role."
-        # Rights should be a dictionary for validation
+        # Rights should be a Rights object with proper Permission objects
-        role.rights = {
+        role.rights = Rights(
-            "courses": {
+            courses=PermissionsWithOwn(
-                "action_create": False,
+                action_create=False,
-                "action_read": True,
+                action_read=True,
-                "action_update": False,
+                action_read_own=False,
-                "action_delete": False,
+                action_update=False,
-            },
+                action_update_own=False,
-            "users": {
+                action_delete=False,
-                "action_create": False,
+                action_delete_own=False,
-                "action_read": True,
+            ),
-                "action_update": False,
+            users=Permission(
-                "action_delete": False,
+                action_create=False,
-            },
+                action_read=True,
-            "usergroups": {
+                action_update=False,
-                "action_create": False,
+                action_delete=False,
-                "action_read": True,
+            ),
-                "action_update": False,
+            usergroups=Permission(
-                "action_delete": False,
+                action_create=False,
-            },
+                action_read=True,
-            "collections": {
+                action_update=False,
-                "action_create": False,
+                action_delete=False,
-                "action_read": True,
+            ),
-                "action_update": False,
+            collections=Permission(
-                "action_delete": False,
+                action_create=False,
-            },
+                action_read=True,
-            "organizations": {
+                action_update=False,
-                "action_create": False,
+                action_delete=False,
-                "action_read": True,
+            ),
-                "action_update": False,
+            organizations=Permission(
-                "action_delete": False,
+                action_create=False,
-            },
+                action_read=True,
-            "coursechapters": {
+                action_update=False,
-                "action_create": False,
+                action_delete=False,
-                "action_read": True,
+            ),
-                "action_update": False,
+            coursechapters=Permission(
-                "action_delete": False,
+                action_create=False,
-            },
+                action_read=True,
-            "activities": {
+                action_update=False,
-                "action_create": False,
+                action_delete=False,
-                "action_read": True,
+            ),
-                "action_update": False,
+            activities=Permission(
-                "action_delete": False,
+                action_create=False,
-            }
+                action_read=True,
-        }
+                action_update=False,
                action_delete=False,
            ),
            roles=Permission(
                action_create=False,
                action_read=True,
                action_update=False,
                action_delete=False,
            ),
            dashboard=DashboardPermission(
                action_access=True,
            )
        )
        role.role_type = RoleTypeEnum.TYPE_GLOBAL
        role.role_uuid = "role_test"
        role.creation_date = "2024-01-01T00:00:00"
@ -277,7 +289,7 @@ class TestRBAC:
            mock_check_type.return_value = "courses"
            # Mock role without permission
-            mock_role.rights["courses"]["action_read"] = False
+            mock_role.rights.courses.action_read = False
            # Mock database query
            mock_db_session.exec.return_value.all.return_value = [mock_role]