policies: test for the new GraphQL/MAS scopes

2023-08-11 14:46:37 +02:00
parent 37c5d2ee18
commit 49e82d491b
1 changed files with 16 additions and 0 deletions
--- a/policies/authorization_grant_test.rego
+++ b/policies/authorization_grant_test.rego
@@ -3,6 +3,9 @@ package authorization_grant
 user := {"username": "john"}

 test_standard_scopes {
+	allow with input.user as user
+		with input.authorization_grant as {"scope": ""}
+
 	allow with input.user as user
 		with input.authorization_grant as {"scope": "openid"}

@@ -61,3 +64,16 @@ test_synapse_admin_scopes {
 		with data.admin_users as []
 		with input.authorization_grant as {"scope": "urn:synapse:admin:*"}
 }
+
+test_mas_scopes {
+	allow with input.user as user
+		with input.authorization_grant as {"scope": "urn:mas:graphql:*"}
+
+	allow with input.user as user
+		with data.admin_users as ["john"]
+		with input.authorization_grant as {"scope": "urn:mas:admin"}
+
+	not allow with input.user as user
+		with data.admin_users as []
+		with input.authorization_grant as {"scope": "urn:mas:admin"}
+}