test: add authz.policy file for tests

BryanttV · BryanttV · commit 78cff82db633 · 2025-09-19T18:36:50.000-05:00
diff --git a/openedx_authz/tests/config/authz.policy b/openedx_authz/tests/config/authz.policy
@@ -0,0 +1,56 @@
+# ===== POLICIES (p) =====
+
+# Platform-level permissions
+p, role:platform_admin, act:manage, *, allow
+
+# Organization-level permissions
+p, role:org_admin, act:manage, lib:*, allow
+p, role:org_editor, act:edit, lib:*, allow
+
+# Library-specific permissions
+p, role:library_author, act:edit, lib:*, allow
+p, role:library_reviewer, act:read, lib:*, allow
+p, role:editor, act:edit, lib:*, allow
+
+# Report permissions
+p, role:report_viewer, act:read, report:*, allow
+
+# Access restrictions and exceptions
+p, role:org_editor, act:edit, lib:restricted-content, deny
+p, role:org_admin, act:manage, lib:another-restricted-content, deny
+
+
+# ===== ROLE ASSIGNMENTS (g) =====
+
+# Platform administrators
+g, user:admin, role:platform_admin, *
+
+# Organization administrators
+g, user:alice, role:org_admin, org:OpenedX
+
+# Organization editors
+g, user:bob, role:org_editor, org:MIT
+g, user:paul, role:editor, org:OpenedX
+
+# Library authors
+g, user:mary, role:library_author, lib:math-basics
+g, user:john, role:library_author, lib:science-101
+
+# Library reviewers
+g, user:sarah, role:library_reviewer, lib:math-basics
+
+# Report viewers
+g, user:maria, role:report_viewer, org:OpenedX
+
+
+# ===== ACTION GROUPING (g2) =====
+
+# manage implies edit, delete, read, write
+g2, act:manage, act:edit
+g2, act:manage, act:delete
+g2, act:edit, act:read
+g2, act:edit, act:write
+
+# edit implies read, write
+g2, act:edit, act:read
+g2, act:edit, act:write
