Files
2026-07-13 13:12:33 +08:00

51 lines
1.4 KiB
Python

from __future__ import annotations
from opensquilla.gateway.auth import Principal
from opensquilla.sandbox.run_mode_policy import hello_auth_payload
def test_owner_hello_auth_payload_allows_full_by_default() -> None:
principal = Principal(
role="operator",
scopes=frozenset({"operator.read", "operator.write"}),
is_owner=True,
authenticated=True,
)
assert hello_auth_payload(principal) == {
"principal": {
"role": "operator",
"scopes": ["operator.read", "operator.write"],
"isOwner": True,
"authenticated": True,
},
"runModePolicy": {
"allowedRunModes": ["standard", "trusted", "full"],
"defaultRunMode": "full",
"fullHostAccessDisabledReason": None,
},
}
def test_unauthenticated_non_owner_hello_auth_payload_disables_full() -> None:
principal = Principal(
role="operator",
scopes=frozenset({"operator.read"}),
is_owner=False,
authenticated=False,
)
assert hello_auth_payload(principal) == {
"principal": {
"role": "operator",
"scopes": ["operator.read"],
"isOwner": False,
"authenticated": False,
},
"runModePolicy": {
"allowedRunModes": ["standard", "trusted"],
"defaultRunMode": "trusted",
"fullHostAccessDisabledReason": "owner_required",
},
}