profile-scoped ACL policy and redaction

tests/cmis/test_cmis_runtime_browser_binding.py

@@ -65,6 +65,16 @@ def cmis_runtime() -> tuple[ServiceRuntime, object]:
         },
         context,
     )
+    runtime.create_relationship(
+        {
+            "source_asset_id": "asset-runtime-source",
+            "target_id": "asset-runtime-confidential",
+            "predicate": "mentions_sensitive",
+            "target_kind": "asset",
+            "confidence": 0.5,
+        },
+        context,
+    )
     return runtime, context
 
 
@@ -105,6 +115,7 @@ def test_runtime_cmis_browser_content_query_relationships_and_changes(cmis_runti
     assert relationships["count"] == 1
     assert relationships["items"][0]["properties"]["cmis:targetId"] == "cmis:asset:asset-runtime-public"
     assert changes["total_num_items"] >= 3
+    assert all(change["object_id"] != "cmis:asset:asset-runtime-confidential" for change in changes["changes"])
 
 
 def test_runtime_cmis_browser_rejects_unsupported_query_subset(cmis_runtime) -> None:
@@ -173,3 +184,21 @@ def test_runtime_cmis_readonly_profile_rejects_mutations(cmis_runtime) -> None:
         )
 
     assert "CMIS operation denied" in str(exc_info.value)
+
+
+def test_runtime_cmis_acl_projection_and_redaction(cmis_runtime) -> None:
+    runtime, context = cmis_runtime
+
+    public_acl = runtime.cmis_acl("readonly-browser", "cmis:asset:asset-runtime-public", context)
+    internal_acl = runtime.cmis_acl("governed-authoring", "cmis:asset:asset-runtime-source", context)
+
+    assert public_acl["is_exact"] is True
+    assert {entry["principal_id"] for entry in public_acl["aces"]} == {"cmis-runtime", "anyone"}
+    assert ["cmis:read", "cmis:write", "cmis:delete"] in [
+        entry["permissions"] for entry in internal_acl["aces"]
+    ]
+
+    with pytest.raises(Exception) as exc_info:
+        runtime.cmis_acl("readonly-browser", "cmis:asset:asset-runtime-confidential", context)
+
+    assert "CMIS object not found" in str(exc_info.value)