Switch to a non-permissive security policy by default in the tests

While this requires setting up the right permissions for each test it
makes the test condition's more explicit as the alternatives will always
return True for any permissions check.

tests/unit/conftest.py

@@ -10,7 +10,7 @@
 from lms.models import ApplicationSettings, LTIParams
 from lms.models.lti_role import Role, RoleScope, RoleType
 from lms.product import Product
-from lms.security import Identity
+from lms.security import Identity, Permissions
 from tests import factories
 from tests.conftest import TEST_SETTINGS
 from tests.unit.services import *  # pylint: disable=wildcard-import,unused-wildcard-import
@@ -182,9 +182,7 @@ def user_has_no_roles(lti_user):
 def configure_jinja2_assets(config):
     jinja2_env = config.get_jinja2_environment()
     jinja2_env.globals["asset_url"] = "http://example.com"
-    jinja2_env.globals["asset_urls"] = (
-        lambda bundle: "http://example.com"  # noqa: ARG005
-    )  # pragma: no cover
+    jinja2_env.globals["asset_urls"] = lambda bundle: "http://example.com"  # noqa: ARG005  # pragma: no cover
     jinja2_env.globals["js_config"] = {}
 
 
@@ -202,7 +200,11 @@ def pyramid_config(pyramid_request, lti_v11_params):
         # Align request.identity with request.lti_user
         config.testing_securitypolicy(
             userid=lti_v11_params["user_id"],
-            identity=Identity(lti_v11_params["user_id"], permissions=[]),
+            identity=Identity(
+                lti_v11_params["user_id"],
+                permissions=[Permissions.LTI_LAUNCH_ASSIGNMENT],
+            ),
+            permissive=False,
         )
 
         config.include("pyramid_jinja2")

tests/unit/lms/resources/_js_config/__init___test.py

@@ -788,7 +788,6 @@ def pyramid_request(pyramid_request):
     )
     pyramid_request.lti_params = LTIParams.from_request(pyramid_request)
     pyramid_request.product.route = Routes(oauth2_authorize="welcome")
-
     return pyramid_request
 
 

tests/unit/lms/views/lti/basic_launch_test.py

@@ -129,8 +129,15 @@ def test_lti_launch_configured(
         pyramid_request.registry.notify.has_call_with(LTIEvent.return_value)
 
     def test_lti_launch_unconfigured(
-        self, svc, context, pyramid_request, assignment_service, course_service
+        self,
+        svc,
+        context,
+        pyramid_request,
+        assignment_service,
+        course_service,
+        has_permission,
     ):
+        has_permission.return_value = True
         assignment_service.get_assignment_for_launch.return_value = None
 
         pyramid_request.lti_params = mock.create_autospec(
@@ -185,8 +192,15 @@ def test_lti_launch_check_h_license_fails(
         assert not response
 
     def test_reconfigure_assignment_config(
-        self, svc, context, pyramid_request, assignment_service, course_service
+        self,
+        svc,
+        context,
+        pyramid_request,
+        assignment_service,
+        course_service,
+        has_permission,
     ):
+        has_permission.return_value = True
         pyramid_request.lti_params = mock.create_autospec(
             LTIParams, spec_set=True, instance=True
         )