pub use echo_core::tools::permission::*;
#[cfg(test)]
mod tests {
use super::*;
#[tokio::test]
async fn test_empty_permissions_allowed() {
let policy = DefaultPermissionPolicy::new();
let decision = policy.check("tool", &[]).await;
assert!(matches!(decision, PermissionDecision::Allow));
}
#[tokio::test]
async fn test_granted_permission() {
let policy = DefaultPermissionPolicy::new().grant(ToolPermission::Read);
let decision = policy.check("tool", &[ToolPermission::Read]).await;
assert!(matches!(decision, PermissionDecision::Allow));
}
#[tokio::test]
async fn test_execute_requires_approval() {
let policy = DefaultPermissionPolicy::new();
let decision = policy.check("tool", &[ToolPermission::Execute]).await;
assert!(matches!(decision, PermissionDecision::RequireApproval));
}
#[tokio::test]
async fn test_ungranted_denied() {
let policy = DefaultPermissionPolicy::new();
let decision = policy.check("tool", &[ToolPermission::Write]).await;
assert!(matches!(decision, PermissionDecision::Deny { .. }));
}
#[tokio::test]
async fn test_grant_all() {
let policy = DefaultPermissionPolicy::new().grant_all();
let decision = policy
.check(
"tool",
&[
ToolPermission::Read,
ToolPermission::Write,
ToolPermission::Execute,
ToolPermission::Sensitive,
],
)
.await;
assert!(matches!(decision, PermissionDecision::Allow));
}
}