21 lines
646 B
Python
21 lines
646 B
Python
from atst.domain.authz import Authorization
|
|
from atst.domain.roles import Roles
|
|
|
|
from tests.factories import RequestFactory, UserFactory
|
|
|
|
|
|
def test_creator_can_view_own_request():
|
|
user = UserFactory.create()
|
|
request = RequestFactory.create(creator=user)
|
|
assert Authorization.can_view_request(user, request)
|
|
|
|
other_user = UserFactory.create()
|
|
assert not Authorization.can_view_request(other_user, request)
|
|
|
|
|
|
def test_ccpo_user_can_view_request():
|
|
role = Roles.get("ccpo")
|
|
ccpo_user = UserFactory.create(atat_role=role)
|
|
request = RequestFactory.create()
|
|
assert Authorization.can_view_request(ccpo_user, request)
|