Skip to content

Commit

Permalink
Test that private roles are not assignable
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdavcs
jdavcs committed Sep 10, 2024
1 parent b3a95a9 commit 4c7ac82
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions test/unit/data/model/db/test_security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,20 @@ def test_private_user_role_assoc_not_affected_by_setting_role_users(session, mak
verify_role_associations(private_role, [user], [])


def test_cannot_assign_private_roles(session, make_user_and_role, make_role):
user, private_role1 = make_user_and_role()
_, private_role2 = make_user_and_role()
new_role = make_role()
verify_user_associations(user, [], [private_role1]) # the only existing association is with the private role

# Try to assign 2 more roles: regular role + another private role
GalaxyRBACAgent(session).set_user_group_and_role_associations(
user, group_ids=[], role_ids=[new_role.id, private_role2.id]
)
# Only regular role has been added: other private role ignored; original private role still assigned
verify_user_associations(user, [], [private_role1, new_role])


class TestSetGroupUserAndRoleAssociations:

def test_add_associations_to_existing_group(self, session, make_user_and_role, make_role, make_group):
Expand Down

0 comments on commit 4c7ac82

Please sign in to comment.