2 files changed, 25 insertions, 1 deletions

diff --git a/tests/unit/auth/test_privileges.py b/tests/unit/auth/test_privileges.py
index 619ccc1..41dae7f 100644
--- a/tests/unit/auth/test_privileges.py
+++ b/tests/unit/auth/test_privileges.py
@@ -24,7 +24,18 @@ PRIVILEGES = sorted(
      Privilege("group:resource:view-resource",
                "view a resource and use it in computations"),
      Privilege("group:resource:edit-resource", "edit/update a resource"),
-     Privilege("group:resource:delete-resource", "Delete a resource")),
+     Privilege("group:resource:delete-resource", "Delete a resource"),
+
+     Privilege("group:data:link-to-group",
+               "Allow linking data to only one specific group."),
+
+     # Role-management privileges
+     Privilege("resource:role:create-role",
+               "Create a new role on a specific resource"),
+     Privilege("resource:role:delete-role",
+               "Delete an existing role from a specific resource"),
+     Privilege("resource:role:edit-role",
+               "Edit an existing role on a specific resource")),
     key=sort_key_privileges)
 
 @pytest.mark.unit_test
diff --git a/tests/unit/auth/test_roles.py b/tests/unit/auth/test_roles.py
index c364549..b7512ef 100644
--- a/tests/unit/auth/test_roles.py
+++ b/tests/unit/auth/test_roles.py
@@ -115,6 +115,10 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
                 user_editable=False,
                 privileges=(
                     Privilege(
+                        "group:data:link-to-group",
+                        "Allow linking data to only one specific group."),
+
+                    Privilege(
                         privilege_id="group:resource:create-resource",
                         privilege_description="Create a resource object"),
                     Privilege(
@@ -133,6 +137,15 @@ def test_create_role_raises_exception_for_unauthorised_users(# pylint: disable=[
                         privilege_id="group:user:remove-group-member",
                         privilege_description="Remove a user from a group"),
                     Privilege(
+                        privilege_id="resource:role:create-role",
+                        privilege_description="Create a new role on a specific resource"),
+                    Privilege(
+                        privilege_id="resource:role:delete-role",
+                        privilege_description="Delete an existing role from a specific resource"),
+                    Privilege(
+                        privilege_id="resource:role:edit-role",
+                        privilege_description="Edit an existing role on a specific resource"),
+                    Privilege(
                         privilege_id="system:group:delete-group",
                         privilege_description="Delete a group"),
                     Privilege(