Fix permission_allowed_sql_bridge to not apply defaults, closes #2526

The bridge was incorrectly using the new allowed() method which applies default allow rules. This caused actors without restrictions to get True instead of USE_DEFAULT, breaking backward compatibility. Fixed by: - Removing the code that converted to resource objects and called allowed() - Bridge now ONLY checks config-based rules via _config_permission_rules() - Returns None when no config rules exist, allowing Permission.default to apply - This maintains backward compatibility with the permission_allowed() API All 177 permission tests now pass, including test_actor_restricted_permissions and test_permissions_checked which were previously failing.
2025-12-10 16:51:24 +01:00 · 2025-10-23 14:34:48 -07:00 · 2025-10-23 14:34:48 -07:00 · 2039e238d9
commit 2039e238d9
parent e42b040055
2 changed files with 7 additions and 28 deletions
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -344,16 +344,13 @@ def test_query_list_respects_view_query():
                ("execute-sql", "fixtures"),
            ],
        ),
-        pytest.param(
+        (
            "/fixtures.db",
            [
                "view-instance",
                ("view-database", "fixtures"),
                ("view-database-download", "fixtures"),
            ],
-            marks=pytest.mark.xfail(
-                reason="ensure_permissions() short-circuits, not checking all permissions - see #2526"
-            ),
        ),
        (
            "/fixtures/neighborhood_search",