m/sfera
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial SFERA platform baseline

Browse Source
This commit is contained in:
Mikhail
2026-05-16 19:03:49 +03:00
commit 3b845c8fce
282 changed files with 55045 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/security-core/tests/test_security_core.py
+43
View File
@@ -0,0 +1,43 @@
from security_core import (
InMemoryPrivacyStore,
Permission,
PrivacyClassification,
PrivacyMarker,
default_rbac_policy,
)
def test_rbac_allows_permissions_from_granted_role():
policy = default_rbac_policy()
policy.grant_role("user.1", "developer")
assert policy.is_allowed("user.1", Permission.INDEX_PROJECT)
assert not policy.is_allowed("user.1", Permission.MANAGE_USERS)
assert policy.effective_permissions("user.1") == {
Permission.INDEX_PROJECT,
Permission.READ_GRAPH,
Permission.WRITE_KNOWLEDGE,
Permission.MANAGE_TASKS,
}
def test_admin_effective_permissions_expand_to_all_permissions():
policy = default_rbac_policy()
policy.grant_role("user.1", "admin")
assert policy.effective_permissions("user.1") == set(Permission)
def test_privacy_store_is_project_and_target_scoped():
store = InMemoryPrivacyStore()
marker = store.upsert_marker(
PrivacyMarker(
project_id="demo",
target_id="lineage.attribute.phone",
classification=PrivacyClassification.PERSONAL_DATA,
reason="Phone number",
)
)
assert store.markers_for_project("demo") == [marker]
assert store.marker_for_target("demo", "lineage.attribute.phone") == marker