Search Apps Documentation Source Content File Folder Download Copy Actions Download

acl_test.gno

5.77 Kb ยท 133 lines
Download 
  1package acl
  2
  3import (
  4	"testing"
  5
  6	"gno.land/p/nt/testutils"
  7	"gno.land/p/nt/uassert"
  8	"gno.land/p/nt/ufmt"
  9)
 10
 11func Test(t *testing.T) {
 12	adm := testutils.TestAddress("admin")
 13	mod := testutils.TestAddress("mod")
 14	usr := testutils.TestAddress("user")
 15	cst := testutils.TestAddress("custom")
 16
 17	dir := New()
 18
 19	// by default, no one has perm.
 20	shouldNotHasRole(t, dir, adm, "foo")
 21	shouldNotHasRole(t, dir, mod, "foo")
 22	shouldNotHasRole(t, dir, usr, "foo")
 23	shouldNotHasRole(t, dir, cst, "foo")
 24	shouldNotHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 25	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 26	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 27	shouldNotHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 28	shouldNotHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 29	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 30	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 31	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 32
 33	// adding all the rights to admin.
 34	dir.AddUserPerm(adm, ".*", ".*")
 35	shouldHasRole(t, dir, adm, "foo")
 36	shouldNotHasRole(t, dir, mod, "foo")
 37	shouldNotHasRole(t, dir, usr, "foo")
 38	shouldNotHasRole(t, dir, cst, "foo")
 39	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1") // new
 40	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 41	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 42	shouldNotHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 43	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1") // new
 44	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 45	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 46	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 47
 48	// adding custom regexp rule for user "cst".
 49	dir.AddUserPerm(cst, "write", "r/demo/boards:gnolang/.*")
 50	shouldHasRole(t, dir, adm, "foo")
 51	shouldNotHasRole(t, dir, mod, "foo")
 52	shouldNotHasRole(t, dir, usr, "foo")
 53	shouldNotHasRole(t, dir, cst, "foo")
 54	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 55	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 56	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 57	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1") // new
 58	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 59	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 60	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 61	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 62
 63	// adding a group perm for a new group.
 64	// no changes expected.
 65	dir.AddGroupPerm("mods", "role", "moderator")
 66	dir.AddGroupPerm("mods", "write", ".*")
 67	shouldHasRole(t, dir, adm, "foo")
 68	shouldNotHasRole(t, dir, mod, "foo")
 69	shouldNotHasRole(t, dir, usr, "foo")
 70	shouldNotHasRole(t, dir, cst, "foo")
 71	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 72	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 73	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 74	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 75	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 76	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 77	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 78	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 79
 80	// assigning the user "mod" to the "mods" group.
 81	dir.AddUserToGroup(mod, "mods")
 82	shouldHasRole(t, dir, adm, "foo")
 83	shouldNotHasRole(t, dir, mod, "foo")
 84	shouldNotHasRole(t, dir, usr, "foo")
 85	shouldNotHasRole(t, dir, cst, "foo")
 86	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 87	shouldHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1") // new
 88	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 89	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 90	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 91	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 92	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 93	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 94
 95	// adding "read" permission for everyone.
 96	dir.AddGroupPerm(Everyone, "read", ".*")
 97	shouldHasRole(t, dir, adm, "foo")
 98	shouldNotHasRole(t, dir, mod, "foo")
 99	shouldNotHasRole(t, dir, usr, "foo")
100	shouldNotHasRole(t, dir, cst, "foo")
101	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
102	shouldHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
103	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
104	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
105	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
106	shouldHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1") // new
107	shouldHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1") // new
108	shouldHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1") // new
109}
110
111func shouldHasRole(t *testing.T, dir *Directory, addr address, role string) {
112	t.Helper()
113	check := dir.HasRole(addr, role)
114	uassert.Equal(t, true, check, ufmt.Sprintf("%s should has role %s", addr.String(), role))
115}
116
117func shouldNotHasRole(t *testing.T, dir *Directory, addr address, role string) {
118	t.Helper()
119	check := dir.HasRole(addr, role)
120	uassert.Equal(t, false, check, ufmt.Sprintf("%s should not has role %s", addr.String(), role))
121}
122
123func shouldHasPerm(t *testing.T, dir *Directory, addr address, verb string, resource string) {
124	t.Helper()
125	check := dir.HasPerm(addr, verb, resource)
126	uassert.Equal(t, true, check, ufmt.Sprintf("%s should has perm for %s - %s", addr.String(), verb, resource))
127}
128
129func shouldNotHasPerm(t *testing.T, dir *Directory, addr address, verb string, resource string) {
130	t.Helper()
131	check := dir.HasPerm(addr, verb, resource)
132	uassert.Equal(t, false, check, ufmt.Sprintf("%s should not has perm for %s - %s", addr.String(), verb, resource))
133}