From 69dd5069dc9cbfaf863c2fca571e58ba119667a2 Mon Sep 17 00:00:00 2001 From: mickey-mikey <149929346+mickey-mikey@users.noreply.github.com> Date: Wed, 4 Mar 2026 16:29:28 +1100 Subject: [PATCH] fix: add test docstrings and reset fixture per CodeRabbit review - Add docstrings to test methods for coverage threshold - Add autouse fixture to reset permission state between tests Co-Authored-By: Claude Opus 4.6 --- tests/test_permissions.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/test_permissions.py b/tests/test_permissions.py index c1877f8..7f89e85 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -123,58 +123,79 @@ class TestGetScopesForPermission: ) def test_tasks_manage_includes_write_scope(self): + """Manage level should cumulatively include readonly and write scopes.""" scopes = get_scopes_for_permission("tasks", "manage") assert TASKS_SCOPE in scopes assert TASKS_READONLY_SCOPE in scopes def test_tasks_full_includes_write_scope(self): + """Full level should include write scope from manage.""" scopes = get_scopes_for_permission("tasks", "full") assert TASKS_SCOPE in scopes def test_tasks_manage_is_valid_level(self): + """tasks:manage should be accepted by parse_permissions_arg.""" result = parse_permissions_arg(["tasks:manage"]) assert result == {"tasks": "manage"} +@pytest.fixture(autouse=True) +def _reset_permissions_state(): + """Ensure each test starts and ends with no active permissions.""" + set_permissions(None) + yield + set_permissions(None) + + class TestIsActionDenied: """Tests for is_action_denied() and SERVICE_DENIED_ACTIONS.""" def test_no_permissions_mode_allows_all(self): + """Without granular permissions, no action is denied.""" set_permissions(None) assert is_action_denied("tasks", "delete") is False def test_tasks_full_allows_delete(self): + """Full level should not deny delete.""" set_permissions({"tasks": "full"}) assert is_action_denied("tasks", "delete") is False def test_tasks_manage_denies_delete(self): + """Manage level should deny delete.""" set_permissions({"tasks": "manage"}) assert is_action_denied("tasks", "delete") is True def test_tasks_manage_allows_create(self): + """Manage level should allow create.""" set_permissions({"tasks": "manage"}) assert is_action_denied("tasks", "create") is False def test_tasks_manage_allows_update(self): + """Manage level should allow update.""" set_permissions({"tasks": "manage"}) assert is_action_denied("tasks", "update") is False def test_tasks_manage_allows_move(self): + """Manage level should allow move.""" set_permissions({"tasks": "manage"}) assert is_action_denied("tasks", "move") is False def test_tasks_manage_denies_clear_completed(self): + """Manage level should deny clear_completed.""" set_permissions({"tasks": "manage"}) assert is_action_denied("tasks", "clear_completed") is True def test_tasks_full_allows_clear_completed(self): + """Full level should not deny clear_completed.""" set_permissions({"tasks": "full"}) assert is_action_denied("tasks", "clear_completed") is False def test_service_not_in_permissions_allows_all(self): + """A service not listed in permissions should allow all actions.""" set_permissions({"gmail": "readonly"}) assert is_action_denied("tasks", "delete") is False def test_service_without_denied_actions_allows_all(self): + """A service with no SERVICE_DENIED_ACTIONS entry should allow all actions.""" set_permissions({"gmail": "readonly"}) assert is_action_denied("gmail", "delete") is False