test(auth): cover scope-bound object authorization

lcian · lcian · commit c6ce514b9500 · 2026-04-13T13:12:58.000+02:00
diff --git a/objectstore-server/src/auth/context.rs b/objectstore-server/src/auth/context.rs
@@ -614,6 +614,18 @@ MC4CAQAwBQYDK2VwBCIEIKwVoE4TmTfWoqH3HgLVsEcHs9PHNe+ar/Hp6e4To8pK
         Ok(())
     }
 
+    #[test]
+    fn test_assert_object_authorized_scope_bound_allows_any_key_in_context() -> Result<(), AuthError>
+    {
+        let auth_context =
+            sample_auth_context("123", "456", HashSet::from([Permission::ObjectRead]));
+        let object_id = ObjectId::new(sample_object_context("123", "456"), "any-key".into());
+
+        auth_context.assert_object_authorized(Permission::ObjectRead, &object_id)?;
+
+        Ok(())
+    }
+
     #[test]
     fn test_assert_object_authorized_object_bound_mismatch_fails() -> Result<(), AuthError> {
         let object_id = ObjectId::new(sample_object_context("123", "456"), "my-key".into());
