Updation MCP

test_rbac.py•7.21 KiB

""" Test script to verify RBAC works correctly with Updation roles. Run this to verify the role system is working as expected: python test_rbac.py """ from src.core import Role, UserContext, RBAC def test_role_levels(): """Test that role level detection works correctly.""" print("=" * 60) print("Testing Role Level Detection") print("=" * 60) test_cases = [ # (role, should_be_global, should_be_org, should_be_platform, should_be_dealership) (Role.GLOBAL_ADMIN, True, False, False, False), (Role.ORG_ADMIN, False, True, False, False), (Role.ORG_MANAGER, False, True, False, False), (Role.ORG_USER, False, True, False, False), (Role.ORG_VIEWER, False, True, False, False), (Role.PLATFORM_ADMIN, False, False, True, False), (Role.PLATFORM_MANAGER, False, False, True, False), (Role.PLATFORM_USER, False, False, True, False), (Role.DEALERSHIP_ADMIN, False, False, False, True), (Role.DEALERSHIP_MANAGER, False, False, False, True), (Role.DEALERSHIP_USERS, False, False, False, True), (Role.DEALERSHIP_VIEWER, False, False, False, True), ] for role, expected_global, expected_org, expected_platform, expected_dealership in test_cases: user = UserContext( user_id=1, role=role, organization_id=1, platform_id=5, dealership_id=10 ) is_global = user.is_global_admin is_org = user.is_organization_level is_platform = user.is_platform_level is_dealership = user.is_dealership_level status = "✓" if ( (expected_global and is_global or not expected_global and not is_global) and (expected_org and is_org or not expected_org and not is_org) and (expected_platform and is_platform or not expected_platform and not is_platform) and (expected_dealership and is_dealership or not expected_dealership and not is_dealership) ) else "✗" print(f"{status} {role.name:25} → Global:{is_global} Org:{is_org} Platform:{is_platform} Dealership:{is_dealership}") print() def test_write_permissions(): """Test write permission detection.""" print("=" * 60) print("Testing Write Permissions") print("=" * 60) viewer_roles = [Role.ORG_VIEWER, Role.PLATFORM_VIEWER, Role.DEALERSHIP_VIEWER] non_viewer_roles = [ Role.GLOBAL_ADMIN, Role.ORG_ADMIN, Role.ORG_MANAGER, Role.PLATFORM_ADMIN, Role.DEALERSHIP_ADMIN ] for role in viewer_roles: user = UserContext(user_id=1, role=role, organization_id=1) can_write = user.can_write status = "✓" if not can_write else "✗" print(f"{status} {role.name:25} → can_write={can_write} (should be False)") for role in non_viewer_roles: user = UserContext(user_id=1, role=role, organization_id=1) can_write = user.can_write status = "✓" if can_write else "✗" print(f"{status} {role.name:25} → can_write={can_write} (should be True)") print() def test_management_permissions(): """Test management permission detection.""" print("=" * 60) print("Testing Management Permissions") print("=" * 60) manager_roles = [ Role.GLOBAL_ADMIN, Role.ORG_ADMIN, Role.ORG_MANAGER, Role.PLATFORM_ADMIN, Role.PLATFORM_MANAGER, Role.DEALERSHIP_ADMIN, Role.DEALERSHIP_MANAGER ] non_manager_roles = [ Role.ORG_USER, Role.ORG_VIEWER, Role.PLATFORM_USER, Role.PLATFORM_VIEWER, Role.DEALERSHIP_USERS, Role.DEALERSHIP_VIEWER ] for role in manager_roles: user = UserContext(user_id=1, role=role, organization_id=1) can_manage = user.can_manage status = "✓" if can_manage else "✗" print(f"{status} {role.name:25} → can_manage={can_manage} (should be True)") for role in non_manager_roles: user = UserContext(user_id=1, role=role, organization_id=1) can_manage = user.can_manage status = "✓" if not can_manage else "✗" print(f"{status} {role.name:25} → can_manage={can_manage} (should be False)") print() def test_tool_access(): """Test tool access permissions.""" print("=" * 60) print("Testing Tool Access Permissions") print("=" * 60) test_cases = [ # (role, tool_name, should_allow) (Role.GLOBAL_ADMIN, "manage_organizations", True), (Role.ORG_ADMIN, "manage_organizations", False), (Role.ORG_ADMIN, "get_organization_contracts", True), (Role.PLATFORM_ADMIN, "get_organization_contracts", False), (Role.PLATFORM_ADMIN, "get_platform_contracts", True), (Role.DEALERSHIP_ADMIN, "get_platform_contracts", False), (Role.DEALERSHIP_ADMIN, "get_dealership_contracts", True), (Role.DEALERSHIP_VIEWER, "get_dealership_contracts", True), (Role.ORG_VIEWER, "get_dealership_contracts", True), ] for role, tool_name, should_allow in test_cases: allowed = RBAC.is_tool_allowed(role, tool_name) status = "✓" if allowed == should_allow else "✗" result = "ALLOWED" if allowed else "DENIED" expected = "ALLOWED" if should_allow else "DENIED" print(f"{status} {role.name:25} + {tool_name:30} → {result:7} (expected {expected})") print() def test_data_filtering(): """Test data filtering by hierarchy.""" print("=" * 60) print("Testing Data Filtering by Hierarchy") print("=" * 60) # Sample data contracts = [ {"id": 1, "organization_id": 1, "platform_id": 5, "dealership_id": 10}, {"id": 2, "organization_id": 1, "platform_id": 5, "dealership_id": 11}, {"id": 3, "organization_id": 1, "platform_id": 6, "dealership_id": 12}, {"id": 4, "organization_id": 2, "platform_id": 7, "dealership_id": 13}, ] test_cases = [ (Role.GLOBAL_ADMIN, 1, None, None, 4, "all contracts"), (Role.ORG_ADMIN, 1, None, None, 3, "org 1 contracts"), (Role.PLATFORM_ADMIN, 1, 5, None, 2, "platform 5 contracts"), (Role.DEALERSHIP_ADMIN, 1, 5, 10, 1, "dealership 10 contracts"), ] for role, org_id, platform_id, dealership_id, expected_count, description in test_cases: user = UserContext( user_id=1, role=role, organization_id=org_id, platform_id=platform_id, dealership_id=dealership_id ) filtered = RBAC.filter_data_by_hierarchy(contracts, user) status = "✓" if len(filtered) == expected_count else "✗" print(f"{status} {role.name:25} → {len(filtered)} contracts (expected {expected_count} - {description})") print() def main(): """Run all tests.""" print("\n🧪 RBAC System Test Suite\n") test_role_levels() test_write_permissions() test_management_permissions() test_tool_access() test_data_filtering() print("=" * 60) print("✅ All tests completed!") print("=" * 60) print("\nIf you see any ✗ marks above, there's an issue with the RBAC logic.") print("All ✓ marks means the role system is working correctly!\n") if __name__ == "__main__": main()

Loading blob content...

Latest Blog Posts

Expose Your Local MCP Server to the Internet
By punkpeye on January 19, 2026.
mcp
MCP Inspector
tutorial
pipenet: A Modern Tunnel for Local Development
By punkpeye on January 19, 2026.
open source
Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sai-Manvith/Updation_MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

test_rbac.py•7.21 KiB