CMIS authoring operations

2026-05-07 01:46:44 +02:00
parent 7e168e93d3
commit e02f78d7e3
6 changed files with 282 additions and 1 deletions
--- a/tests/cmis/test_cmis_browser_binding_api.py
+++ b/tests/cmis/test_cmis_browser_binding_api.py
@@ -162,3 +162,41 @@ def test_cmis_query_reports_unsupported_subset_diagnostics(cmis_client) -> None:
        "SELECT * FROM cmis:document",
        "SELECT * FROM kontextual:document",
    ]
+
+
+def test_cmis_governed_authoring_routes_allow_selected_mutations(cmis_client) -> None:
+    created = cmis_client.post(
+        "/cmis/governed-authoring/browser/document",
+        json={
+            "asset_id": "asset-api-authored",
+            "name": "API Authored",
+            "content": "# API Authored",
+            "media_type": "text/markdown",
+        },
+    )
+    updated = cmis_client.post(
+        "/cmis/governed-authoring/browser/object/cmis:asset:asset-api-authored/properties",
+        json={"properties": {"kontextual:metadata:status": "draft"}},
+    )
+    streamed = cmis_client.post(
+        "/cmis/governed-authoring/browser/object/cmis:asset:asset-api-authored/content",
+        json={"content": "# Updated", "media_type": "text/markdown"},
+    )
+    deleted = cmis_client.post(
+        "/cmis/governed-authoring/browser/object/cmis:asset:asset-api-authored/delete",
+        json={},
+    )
+
+    assert created.status_code == 200
+    assert updated.json()["properties"]["kontextual:metadata:status"] == "draft"
+    assert streamed.json()["content_stream"]["mime_type"] == "text/markdown"
+    assert deleted.json()["lifecycle"] == "delete_requested"
+
+
+def test_cmis_readonly_route_rejects_mutation(cmis_client) -> None:
+    response = cmis_client.post(
+        "/cmis/readonly-browser/browser/document",
+        json={"asset_id": "asset-api-readonly-denied", "name": "Denied"},
+    )
+
+    assert response.status_code == 403
--- a/tests/cmis/test_cmis_runtime_browser_binding.py
+++ b/tests/cmis/test_cmis_runtime_browser_binding.py
@@ -118,3 +118,58 @@ def test_runtime_cmis_browser_rejects_unsupported_query_subset(cmis_runtime) ->
        )

    assert "Unsupported CMIS query subset" in str(exc_info.value)
+
+
+def test_runtime_cmis_governed_authoring_allows_selected_mutations(cmis_runtime) -> None:
+    runtime, context = cmis_runtime
+
+    created = runtime.cmis_create_document(
+        "governed-authoring",
+        {
+            "asset_id": "asset-authored",
+            "name": "Authored Through CMIS",
+            "sensitivity": "internal",
+            "topics": ["cmis"],
+            "content": "# Authored\n\nCreated through CMIS.",
+            "media_type": "text/markdown",
+            "metadata_records": [{"key": "status", "value": "draft", "confirmed": True}],
+        },
+        context,
+    )
+    updated = runtime.cmis_update_properties(
+        "governed-authoring",
+        "cmis:asset:asset-authored",
+        {"properties": {"kontextual:metadata:reviewer": "codex"}},
+        context,
+    )
+    streamed = runtime.cmis_set_content_stream(
+        "governed-authoring",
+        "cmis:asset:asset-authored",
+        {"content": "# Authored\n\nUpdated stream.", "media_type": "text/markdown"},
+        context,
+    )
+    deleted = runtime.cmis_delete_object(
+        "governed-authoring",
+        "cmis:asset:asset-authored",
+        {},
+        context,
+    )
+
+    assert created["object_id"] == "cmis:asset:asset-authored"
+    assert updated["properties"]["kontextual:metadata:reviewer"] == "codex"
+    assert streamed["content_stream"]["mime_type"] == "text/markdown"
+    assert deleted["deleted"] is False
+    assert deleted["lifecycle"] == "delete_requested"
+
+
+def test_runtime_cmis_readonly_profile_rejects_mutations(cmis_runtime) -> None:
+    runtime, context = cmis_runtime
+
+    with pytest.raises(Exception) as exc_info:
+        runtime.cmis_create_document(
+            "readonly-browser",
+            {"asset_id": "asset-readonly-denied", "name": "Denied"},
+            context,
+        )
+
+    assert "CMIS operation denied" in str(exc_info.value)
--- a/tests/test_service_api.py
+++ b/tests/test_service_api.py
@@ -657,6 +657,8 @@ def test_service_health_readiness_version_and_openapi_contracts(client) -> None:
    assert "/cmis" in paths
    assert "/cmis/{access_point_id}/browser" in paths
    assert "/cmis/{access_point_id}/browser/children" in paths
+    assert "/cmis/{access_point_id}/browser/document" in paths
+    assert "/cmis/{access_point_id}/browser/object/{object_id}/properties" in paths
    assert "/api/v1/assets" in paths
    assert "/api/v1/relationships" in paths
    assert "/api/v1/audit/events" in paths