from __future__ import annotations import unittest from govoplan_access.backend.permissions import catalog as access_catalog from govoplan_core.security import permissions as core_permissions from govoplan_core.security.scope_aliases import LEGACY_SCOPE_ALIASES class PermissionCatalogContractTests(unittest.TestCase): def test_access_reuses_core_legacy_scope_aliases(self) -> None: self.assertIs(access_catalog.LEGACY_SCOPE_ALIASES, LEGACY_SCOPE_ALIASES) self.assertIs(core_permissions.LEGACY_SCOPE_ALIASES, LEGACY_SCOPE_ALIASES) def test_legacy_alias_grants_match_in_core_and_access(self) -> None: for legacy_scope, aliases in LEGACY_SCOPE_ALIASES.items(): for alias in aliases: self.assertTrue(core_permissions.scope_grants(legacy_scope, alias)) self.assertTrue(access_catalog.scope_grants(legacy_scope, alias)) def test_access_legacy_catalog_includes_non_access_platform_scopes(self) -> None: scopes = {permission.scope for permission in access_catalog.permission_catalog(include_legacy=True)} self.assertIn("campaign:queue", scopes) self.assertIn("files:upload", scopes) self.assertIn("mail_servers:test", scopes) if __name__ == "__main__": unittest.main()