Search Apps Documentation Source Content File Folder Download Copy Actions Download

accesscontrol_test.gno

6.35 Kb · 243 lines
Download 
  1package accesscontrol
  2
  3import (
  4	"testing"
  5
  6	"gno.land/p/nt/ownable"
  7	"gno.land/p/nt/testutils"
  8	"gno.land/p/nt/uassert"
  9)
 10
 11var (
 12	admin    = testutils.TestAddress("admin1")
 13	newAdmin = testutils.TestAddress("admin2")
 14	user1    = testutils.TestAddress("user1")
 15	user2    = testutils.TestAddress("user2")
 16
 17	roleName = "TestRole"
 18)
 19
 20func initSetup(admin address) *Roles {
 21	return &Roles{
 22		Roles:   []*Role{},
 23		Ownable: ownable.NewWithAddress(admin),
 24	}
 25}
 26
 27func TestCreateRole(t *testing.T) {
 28	roles := initSetup(admin)
 29
 30	testing.SetOriginCaller(admin)
 31
 32	role, err := roles.CreateRole(roleName)
 33	uassert.NoError(t, err)
 34	uassert.True(t, role != nil, "role should not be nil")
 35	uassert.Equal(t, role.Name, roleName)
 36
 37	_, err = roles.CreateRole(roleName)
 38	uassert.Error(t, err, "should fail on duplicate role creation")
 39}
 40
 41func TestGrantRole(t *testing.T) {
 42	roles := initSetup(admin)
 43
 44	testing.SetOriginCaller(admin)
 45
 46	_, err := roles.CreateRole(roleName)
 47	uassert.NoError(t, err)
 48
 49	err = roles.GrantRole(roleName, user1)
 50	uassert.NoError(t, err)
 51
 52	role, err := roles.FindRole(roleName)
 53	uassert.NoError(t, err)
 54	uassert.True(t, role.HasAccount(user1), "user1 should have the TestRole")
 55
 56	rolesList, found := roles.UserToRoles.Get(user1.String())
 57	uassert.True(t, found, "user1 should be in UserToRoles")
 58	uassert.True(t, containsRole(rolesList.([]*Role), role), "UserToRoles should contain TestRole for user1")
 59}
 60
 61func TestGrantRoleByNonOwner(t *testing.T) {
 62	roles := initSetup(admin)
 63
 64	testing.SetOriginCaller(admin)
 65	_, err := roles.CreateRole(roleName)
 66	uassert.NoError(t, err)
 67
 68	testing.SetOriginCaller(user2)
 69	roles.Ownable.TransferOwnership(user2)
 70	err = roles.GrantRole(roleName, user1)
 71	uassert.Error(t, err, "non-owner should not be able to grant roles")
 72
 73	roles.Ownable.TransferOwnership(admin)
 74}
 75
 76func TestRevokeRole(t *testing.T) {
 77	roles := initSetup(admin)
 78
 79	testing.SetOriginCaller(admin)
 80
 81	_, err := roles.CreateRole(roleName)
 82	uassert.NoError(t, err)
 83	err = roles.GrantRole(roleName, user1)
 84	uassert.NoError(t, err)
 85
 86	err = roles.RevokeRole(roleName, user1)
 87	uassert.NoError(t, err)
 88
 89	role, err := roles.FindRole(roleName)
 90	uassert.NoError(t, err)
 91	uassert.False(t, role.HasAccount(user1), "user1 should no longer have the TestRole")
 92
 93	rolesList, found := roles.UserToRoles.Get(user1.String())
 94	if found {
 95		uassert.False(t, containsRole(rolesList.([]*Role), role), "UserToRoles should not contain TestRole for user1 after revocation")
 96	}
 97}
 98
 99func TestRenounceRole(t *testing.T) {
100	roles := initSetup(admin)
101
102	testing.SetOriginCaller(admin)
103
104	role, err := roles.CreateRole(roleName)
105	uassert.NoError(t, err)
106	err = roles.GrantRole(roleName, user1)
107	uassert.NoError(t, err)
108
109	// Pas besoin de transférer la propriété pour renoncer à un rôle
110	testing.SetOriginCaller(user1)
111	err = roles.RenounceRole(roleName)
112	uassert.NoError(t, err)
113
114	role, err = roles.FindRole(roleName)
115	uassert.NoError(t, err)
116	uassert.False(t, role.HasAccount(user1), "user1 should have renounced the TestRole")
117}
118
119func TestSetRoleAdmin(t *testing.T) {
120	roles := initSetup(admin)
121
122	testing.SetOriginCaller(admin)
123
124	role, err := roles.CreateRole(roleName)
125	uassert.NoError(t, err)
126
127	err = role.SetRoleAdmin(newAdmin)
128	uassert.NoError(t, err, "admin change should succeed")
129
130	testing.SetOriginCaller(newAdmin)
131	uassert.Equal(t, role.Ownable.Owner(), newAdmin, "the new admin should be newAdmin")
132
133	testing.SetOriginCaller(admin)
134	uassert.NotEqual(t, role.Ownable.Owner(), admin, "the old admin should no longer be the owner")
135}
136
137func TestCreateRoleInvalidName(t *testing.T) {
138	roles := initSetup(admin)
139
140	testing.SetOriginCaller(admin)
141
142	_, err := roles.CreateRole("")
143	uassert.Error(t, err, "should fail on empty role name")
144
145	longRoleName := "thisisaverylongrolenamethatexceedsthenormallimitfortestingpurposes"
146	_, err = roles.CreateRole(longRoleName)
147	uassert.Error(t, err, "should fail on very long role name")
148}
149
150func TestRevokeRoleByNonOwner(t *testing.T) {
151	roles := initSetup(admin)
152
153	testing.SetOriginCaller(admin)
154
155	_, err := roles.CreateRole(roleName)
156	uassert.NoError(t, err)
157	err = roles.GrantRole(roleName, user1)
158	uassert.NoError(t, err)
159
160	testing.SetOriginCaller(user2)
161	err = roles.RevokeRole(roleName, user1)
162	uassert.Error(t, err, "non-owner should not be able to revoke roles")
163}
164
165func TestGrantRoleToNonExistentRole(t *testing.T) {
166	roles := initSetup(admin)
167
168	testing.SetOriginCaller(admin)
169
170	err := roles.GrantRole("NonExistentRole", user1)
171	uassert.Error(t, err, "should fail when granting non-existent role")
172}
173
174func TestRevokeRoleFromNonExistentRole(t *testing.T) {
175	roles := initSetup(admin)
176
177	testing.SetOriginCaller(admin)
178
179	err := roles.RevokeRole("NonExistentRole", user1)
180	uassert.Error(t, err, "should fail when revoking non-existent role")
181}
182
183func TestRenounceNonExistentRole(t *testing.T) {
184	roles := initSetup(admin)
185
186	testing.SetOriginCaller(user1)
187
188	err := roles.RenounceRole("NonExistentRole")
189	uassert.Error(t, err, "should fail when renouncing non-existent role")
190}
191
192func TestDeleteRole(t *testing.T) {
193	roles := initSetup(admin)
194
195	testing.SetOriginCaller(admin)
196
197	role, err := roles.CreateRole(roleName)
198	uassert.NoError(t, err)
199	uassert.True(t, role != nil, "role should not be nil")
200
201	roles.Roles = []*Role{} // Clear roles for testing purpose
202	_, err = roles.FindRole(roleName)
203	uassert.Error(t, err, "should fail when trying to find deleted role")
204}
205
206func TestUserToRolesWithMultipleRoles(t *testing.T) {
207	roles := initSetup(admin)
208
209	testing.SetOriginCaller(admin)
210
211	roleName1 := "Role1"
212	roleName2 := "Role2"
213
214	// Create two roles
215	_, err := roles.CreateRole(roleName1)
216	uassert.NoError(t, err)
217	_, err = roles.CreateRole(roleName2)
218	uassert.NoError(t, err)
219
220	// Grant both roles to user1
221	err = roles.GrantRole(roleName1, user1)
222	uassert.NoError(t, err)
223	err = roles.GrantRole(roleName2, user1)
224	uassert.NoError(t, err)
225
226	// Check if user1 has both roles
227	rolesList, found := roles.UserToRoles.Get(user1.String())
228	uassert.True(t, found, "user1 should be in UserToRoles")
229	role1, _ := roles.FindRole(roleName1)
230	role2, _ := roles.FindRole(roleName2)
231	uassert.True(t, containsRole(rolesList.([]*Role), role1), "UserToRoles should contain Role1 for user1")
232	uassert.True(t, containsRole(rolesList.([]*Role), role2), "UserToRoles should contain Role2 for user1")
233}
234
235// func test for check if a role is in a list of roles
236func containsRole(roles []*Role, target *Role) bool {
237	for _, role := range roles {
238		if role == target {
239			return true
240		}
241	}
242	return false
243}