Skip to content

Commit 5b19201

Browse files
fateleifatelei
committed
chore: update rbac pydantic model
1 parent 40defc2 commit 5b19201

2 files changed

Lines changed: 23 additions & 11 deletions

File tree

api/services/enterprise/rbac_service.py

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -108,14 +108,17 @@ class AccessMatrixItem(_RBACModel):
108108
account_ids: list[str] = Field(default_factory=list)
109109

110110

111-
class ResourceAccessMatrix(_RBACModel):
112-
resource_type: str
113-
resource_id: str = ""
111+
class AppAccessMatrix(_RBACModel):
112+
app_id: str = ""
113+
items: list[AccessMatrixItem] = Field(default_factory=list)
114+
115+
116+
class DatasetAccessMatrix(_RBACModel):
117+
dataset_id: str = ""
114118
items: list[AccessMatrixItem] = Field(default_factory=list)
115119

116120

117121
class WorkspaceAccessMatrix(_RBACModel):
118-
resource_type: str
119122
items: list[AccessMatrixItem] = Field(default_factory=list)
120123

121124

@@ -425,15 +428,15 @@ def delete(tenant_id: str, account_id: str | None, policy_id: str) -> None:
425428
# ------------------------------------------------------------------
426429
class AppAccess:
427430
@staticmethod
428-
def matrix(tenant_id: str, account_id: str | None, app_id: str) -> ResourceAccessMatrix:
431+
def matrix(tenant_id: str, account_id: str | None, app_id: str) -> AppAccessMatrix:
429432
data = _inner_call(
430433
"GET",
431434
f"{_INNER_PREFIX}/apps/access-policy",
432435
tenant_id=tenant_id,
433436
account_id=account_id,
434437
params={"app_id": app_id},
435438
)
436-
return ResourceAccessMatrix.model_validate(data or {})
439+
return AppAccessMatrix.model_validate(data or {})
437440

438441
@staticmethod
439442
def list_role_bindings(
@@ -508,15 +511,15 @@ def replace_member_bindings(
508511
# ------------------------------------------------------------------
509512
class DatasetAccess:
510513
@staticmethod
511-
def matrix(tenant_id: str, account_id: str | None, dataset_id: str) -> ResourceAccessMatrix:
514+
def matrix(tenant_id: str, account_id: str | None, dataset_id: str) -> DatasetAccessMatrix:
512515
data = _inner_call(
513516
"GET",
514517
f"{_INNER_PREFIX}/datasets/access-policy",
515518
tenant_id=tenant_id,
516519
account_id=account_id,
517520
params={"dataset_id": dataset_id},
518521
)
519-
return ResourceAccessMatrix.model_validate(data or {})
522+
return DatasetAccessMatrix.model_validate(data or {})
520523

521524
@staticmethod
522525
def list_role_bindings(

api/tests/unit_tests/services/enterprise/test_rbac_service.py

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -206,12 +206,13 @@ def test_create_serialises_resource_type_enum(self, mock_send: MagicMock):
206206

207207
class TestResourceAccess:
208208
def test_app_matrix(self, mock_send: MagicMock):
209-
mock_send.return_value = {"resource_type": "app", "resource_id": "app-1", "items": []}
210-
svc.RBACService.AppAccess.matrix("tenant-1", "acct-1", "app-1")
209+
mock_send.return_value = {"app_id": "app-1", "items": []}
210+
out = svc.RBACService.AppAccess.matrix("tenant-1", "acct-1", "app-1")
211211
call = _call_args(mock_send)
212212
assert call.method == "GET"
213213
assert call.endpoint == "/rbac/apps/access-policy"
214214
assert call.params == {"app_id": "app-1"}
215+
assert out.app_id == "app-1"
215216

216217
def test_app_replace_role_bindings(self, mock_send: MagicMock):
217218
mock_send.return_value = {"data": []}
@@ -238,13 +239,21 @@ def test_dataset_replace_member_bindings(self, mock_send: MagicMock):
238239

239240
class TestWorkspaceAccess:
240241
def test_app_matrix(self, mock_send: MagicMock):
241-
mock_send.return_value = {"resource_type": "app", "items": []}
242+
mock_send.return_value = {"items": []}
242243
svc.RBACService.WorkspaceAccess.app_matrix("tenant-1")
243244
call = _call_args(mock_send)
244245
assert call.method == "GET"
245246
assert call.endpoint == "/rbac/workspace/apps/access-policy"
246247
assert call.params is None
247248

249+
def test_dataset_matrix(self, mock_send: MagicMock):
250+
mock_send.return_value = {"items": []}
251+
svc.RBACService.WorkspaceAccess.dataset_matrix("tenant-1")
252+
call = _call_args(mock_send)
253+
assert call.method == "GET"
254+
assert call.endpoint == "/rbac/workspace/datasets/access-policy"
255+
assert call.params is None
256+
248257
def test_dataset_replace_role_bindings(self, mock_send: MagicMock):
249258
mock_send.return_value = {"data": []}
250259
payload = svc.ReplaceRoleBindings(role_keys=["workspace.editor"])

0 commit comments

Comments
 (0)