permissions_test.gno
14.41 Kb ยท 571 lines
1package permissions
2
3import (
4 "testing"
5
6 "gno.land/p/gnoland/boards"
7 "gno.land/p/nt/uassert"
8 "gno.land/p/nt/urequire"
9)
10
11var _ boards.Permissions = (*Permissions)(nil)
12
13func TestBasicPermissionsWithPermission(t *testing.T) {
14 cases := []struct {
15 name string
16 user address
17 permission boards.Permission
18 args boards.Args
19 setup func() *Permissions
20 err string
21 called bool
22 }{
23 {
24 name: "ok",
25 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
26 permission: "bar",
27 setup: func() *Permissions {
28 perms := New()
29 perms.AddRole("foo", "bar")
30 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
31 return perms
32 },
33 called: true,
34 },
35 {
36 name: "ok with arguments",
37 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
38 permission: "bar",
39 args: boards.Args{"a", "b"},
40 setup: func() *Permissions {
41 perms := New()
42 perms.AddRole("foo", "bar")
43 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
44 return perms
45 },
46 called: true,
47 },
48 {
49 name: "no permission",
50 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
51 permission: "bar",
52 setup: func() *Permissions {
53 perms := New()
54 perms.AddRole("foo", "bar")
55 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
56 return perms
57 },
58 err: "unauthorized",
59 },
60 {
61 name: "is not a DAO member",
62 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
63 permission: "bar",
64 setup: func() *Permissions {
65 return New()
66 },
67 err: "unauthorized",
68 },
69 }
70
71 for _, tc := range cases {
72 t.Run(tc.name, func(t *testing.T) {
73 var called bool
74
75 perms := tc.setup()
76 callback := func(realm) { called = true }
77
78 testCaseFn := func() {
79 perms.WithPermission(cross, tc.user, tc.permission, tc.args, callback)
80 }
81
82 if tc.err != "" {
83 urequire.AbortsWithMessage(t, tc.err, testCaseFn, "expect panic with message")
84 return
85 } else {
86 urequire.NotAborts(t, testCaseFn, "expect no panic")
87 }
88
89 urequire.Equal(t, tc.called, called, "expect callback to be called")
90 })
91 }
92}
93
94func TestBasicPermissionsSetPublicPermissions(t *testing.T) {
95 user := address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
96 perms := New()
97
98 // Add a new role with permissions
99 perms.AddRole("adminRole", "fooPerm", "barPerm", "bazPerm")
100 urequire.False(t, perms.HasPermission(user, "fooPerm"))
101 urequire.False(t, perms.HasPermission(user, "barPerm"))
102 urequire.False(t, perms.HasPermission(user, "bazPerm"))
103
104 // Assign a couple of public permissions
105 perms.SetPublicPermissions("fooPerm", "bazPerm")
106 urequire.True(t, perms.HasPermission(user, "fooPerm"))
107 urequire.False(t, perms.HasPermission(user, "barPerm"))
108 urequire.True(t, perms.HasPermission(user, "bazPerm"))
109
110 // Clear all public permissions
111 perms.SetPublicPermissions()
112 urequire.False(t, perms.HasPermission(user, "fooPerm"))
113 urequire.False(t, perms.HasPermission(user, "barPerm"))
114 urequire.False(t, perms.HasPermission(user, "bazPerm"))
115}
116
117func TestBasicPermissionsGetUserRoles(t *testing.T) {
118 cases := []struct {
119 name string
120 user address
121 roles []string
122 setup func() *Permissions
123 }{
124 {
125 name: "single role",
126 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
127 roles: []string{"admin"},
128 setup: func() *Permissions {
129 perms := New()
130 perms.AddRole("admin", "x")
131 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin")
132 return perms
133 },
134 },
135 {
136 name: "multiple roles",
137 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
138 roles: []string{"admin", "bar", "foo"},
139 setup: func() *Permissions {
140 perms := New()
141 perms.AddRole("admin", "x")
142 perms.AddRole("foo", "x")
143 perms.AddRole("bar", "x")
144 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin", "foo", "bar")
145 return perms
146 },
147 },
148 {
149 name: "without roles",
150 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
151 setup: func() *Permissions {
152 perms := New()
153 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
154 return perms
155 },
156 },
157 {
158 name: "not a user",
159 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
160 setup: func() *Permissions {
161 return New()
162 },
163 },
164 {
165 name: "multiple users",
166 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
167 roles: []string{"admin"},
168 setup: func() *Permissions {
169 perms := New()
170 perms.AddRole("admin", "x")
171 perms.AddRole("bar", "x")
172 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin")
173 perms.SetUserRoles(cross, "g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn", "admin")
174 perms.SetUserRoles(cross, "g1w4ek2u3jta047h6lta047h6lta047h6l9huexc", "admin", "bar")
175 return perms
176 },
177 },
178 }
179
180 for _, tc := range cases {
181 t.Run(tc.name, func(t *testing.T) {
182 perms := tc.setup()
183 roles := perms.GetUserRoles(tc.user)
184
185 urequire.Equal(t, len(tc.roles), len(roles), "user role count")
186 for i, r := range roles {
187 uassert.Equal(t, tc.roles[i], string(r))
188 }
189 })
190 }
191}
192
193func TestBasicPermissionsHasRole(t *testing.T) {
194 cases := []struct {
195 name string
196 user address
197 role boards.Role
198 setup func() *Permissions
199 want bool
200 }{
201 {
202 name: "ok",
203 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
204 role: "admin",
205 setup: func() *Permissions {
206 perms := New()
207 perms.AddRole("admin", "x")
208 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin")
209 return perms
210 },
211 want: true,
212 },
213 {
214 name: "ok with multiple roles",
215 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
216 role: "foo",
217 setup: func() *Permissions {
218 perms := New()
219 perms.AddRole("admin", "x")
220 perms.AddRole("foo", "x")
221 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin", "foo")
222 return perms
223 },
224 want: true,
225 },
226 {
227 name: "user without roles",
228 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
229 setup: func() *Permissions {
230 perms := New()
231 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
232 return perms
233 },
234 },
235 {
236 name: "has no role",
237 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
238 role: "bar",
239 setup: func() *Permissions {
240 perms := New()
241 perms.AddRole("foo", "x")
242 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
243 return perms
244 },
245 },
246 }
247
248 for _, tc := range cases {
249 t.Run(tc.name, func(t *testing.T) {
250 perms := tc.setup()
251 got := perms.HasRole(tc.user, tc.role)
252 uassert.Equal(t, got, tc.want)
253 })
254 }
255}
256
257func TestBasicPermissionsHasPermission(t *testing.T) {
258 cases := []struct {
259 name string
260 user address
261 permission boards.Permission
262 setup func() *Permissions
263 want bool
264 }{
265 {
266 name: "ok",
267 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
268 permission: "bar",
269 setup: func() *Permissions {
270 perms := New()
271 perms.AddRole("foo", "bar")
272 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
273 return perms
274 },
275 want: true,
276 },
277 {
278 name: "ok with multiple users",
279 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
280 permission: "bar",
281 setup: func() *Permissions {
282 perms := New()
283 perms.AddRole("foo", "bar")
284 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
285 perms.SetUserRoles(cross, "g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn", "foo")
286 return perms
287 },
288 want: true,
289 },
290 {
291 name: "ok with multiple roles",
292 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
293 permission: "other",
294 setup: func() *Permissions {
295 perms := New()
296 perms.AddRole("foo", "bar")
297 perms.AddRole("baz", "other")
298 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo", "baz")
299 return perms
300 },
301 want: true,
302 },
303 {
304 name: "no permission",
305 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
306 permission: "other",
307 setup: func() *Permissions {
308 perms := New()
309 perms.AddRole("foo", "bar")
310 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
311 return perms
312 },
313 },
314 }
315
316 for _, tc := range cases {
317 t.Run(tc.name, func(t *testing.T) {
318 perms := tc.setup()
319 got := perms.HasPermission(tc.user, tc.permission)
320 uassert.Equal(t, tc.want, got)
321 })
322 }
323}
324
325func TestBasicPermissionsSetUserRoles(t *testing.T) {
326 cases := []struct {
327 name string
328 user address
329 expectedRoles []boards.Role
330 setup func() *Permissions
331 err string
332 }{
333 {
334 name: "add user",
335 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
336 expectedRoles: []boards.Role{"a"},
337 setup: func() *Permissions {
338 perms := New()
339 perms.AddRole("a", "permission1")
340 return perms
341 },
342 },
343 {
344 name: "add user with multiple roles",
345 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
346 expectedRoles: []boards.Role{"a", "b"},
347 setup: func() *Permissions {
348 perms := New()
349 perms.AddRole("a", "permission1")
350 perms.AddRole("b", "permission2")
351 return perms
352 },
353 },
354 {
355 name: "add when other users exists",
356 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
357 expectedRoles: []boards.Role{"a"},
358 setup: func() *Permissions {
359 perms := New()
360 perms.AddRole("a", "permission1")
361 perms.SetUserRoles(cross, "g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn", "a")
362 perms.SetUserRoles(cross, "g1w4ek2u3jta047h6lta047h6lta047h6l9huexc")
363 return perms
364 },
365 },
366 {
367 name: "add user using single role",
368 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
369 expectedRoles: []boards.Role{"a"},
370 setup: func() *Permissions {
371 perms := New(UseSingleUserRole())
372 perms.AddRole("a", "permission1")
373 return perms
374 },
375 },
376 {
377 name: "update user roles",
378 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
379 expectedRoles: []boards.Role{"a", "b"},
380 setup: func() *Permissions {
381 perms := New()
382 perms.AddRole("a", "permission1")
383 perms.AddRole("b", "permission2")
384 perms.AddRole("c", "permission2")
385 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "c")
386 return perms
387 },
388 },
389 {
390 name: "update user roles using single role",
391 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
392 expectedRoles: []boards.Role{"b"},
393 setup: func() *Permissions {
394 perms := New(UseSingleUserRole())
395 perms.AddRole("a", "permission1")
396 perms.AddRole("b", "permission2")
397 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "a")
398 return perms
399 },
400 },
401 {
402 name: "clear user roles",
403 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
404 expectedRoles: []boards.Role{},
405 setup: func() *Permissions {
406 perms := New()
407 perms.AddRole("a", "permission1")
408 perms.AddRole("b", "permission2")
409 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "a", "b")
410 return perms
411 },
412 },
413 {
414 name: "set invalid role",
415 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
416 expectedRoles: []boards.Role{"a", "foo"},
417 setup: func() *Permissions {
418 perms := New()
419 perms.AddRole("a", "permission1")
420 return perms
421 },
422 err: "invalid role: foo",
423 },
424 {
425 name: "use single role error",
426 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
427 expectedRoles: []boards.Role{"a", "b"},
428 setup: func() *Permissions {
429 perms := New(UseSingleUserRole())
430 perms.AddRole("a", "permission1")
431 perms.AddRole("b", "permission2")
432 return perms
433 },
434 err: "user can only have one role",
435 },
436 }
437
438 for _, tc := range cases {
439 t.Run(tc.name, func(t *testing.T) {
440 perms := tc.setup()
441
442 setUserRoles := func() {
443 perms.SetUserRoles(cross, tc.user, tc.expectedRoles...)
444 }
445
446 if tc.err != "" {
447 urequire.AbortsWithMessage(t, tc.err, setUserRoles, "expected an error")
448 return
449 } else {
450 urequire.NotAborts(t, setUserRoles, "expected no error")
451 }
452
453 roles := perms.GetUserRoles(tc.user)
454 uassert.Equal(t, len(tc.expectedRoles), len(roles))
455 for i, r := range roles {
456 urequire.Equal(t, string(tc.expectedRoles[i]), string(r))
457 }
458 })
459 }
460}
461
462func TestBasicPermissionsRemoveUser(t *testing.T) {
463 cases := []struct {
464 name string
465 user address
466 setup func() *Permissions
467 want bool
468 }{
469 {
470 name: "ok",
471 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
472 setup: func() *Permissions {
473 perms := New()
474 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
475 return perms
476 },
477 want: true,
478 },
479 {
480 name: "user not found",
481 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
482 setup: func() *Permissions {
483 return New()
484 },
485 },
486 }
487
488 for _, tc := range cases {
489 t.Run(tc.name, func(t *testing.T) {
490 perms := tc.setup()
491 got := perms.RemoveUser(cross, tc.user)
492 uassert.Equal(t, tc.want, got)
493 })
494 }
495}
496
497func TestBasicPermissionsIterateUsers(t *testing.T) {
498 users := []boards.User{
499 {
500 Address: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
501 Roles: []boards.Role{"foo"},
502 },
503 {
504 Address: "g1us8428u2a5satrlxzagqqa5m6vmuze025anjlj",
505 Roles: []boards.Role{"bar", "foo"},
506 },
507 {
508 Address: "g1vh7krmmzfua5xjmkatvmx09z37w34lsvd2mxa5",
509 Roles: []boards.Role{"bar"},
510 },
511 }
512
513 perms := New()
514 perms.AddRole("foo", "perm1")
515 perms.AddRole("bar", "perm2")
516 for _, u := range users {
517 perms.SetUserRoles(cross, u.Address, u.Roles...)
518 }
519
520 cases := []struct {
521 name string
522 start, count, want int
523 }{
524 {
525 name: "exceed users count",
526 count: 50,
527 want: 3,
528 },
529 {
530 name: "exact users count",
531 count: 3,
532 want: 3,
533 },
534 {
535 name: "two users",
536 start: 1,
537 count: 2,
538 want: 2,
539 },
540 {
541 name: "one user",
542 start: 1,
543 count: 1,
544 want: 1,
545 },
546 {
547 name: "no iteration",
548 start: 50,
549 },
550 }
551
552 for _, tc := range cases {
553 t.Run(tc.name, func(t *testing.T) {
554 var i int
555 perms.IterateUsers(0, len(users), func(u boards.User) bool {
556 urequire.True(t, i < len(users), "expect iterator to respect number of users")
557 uassert.Equal(t, users[i].Address, u.Address)
558
559 urequire.Equal(t, len(users[i].Roles), len(u.Roles), "expect number of roles to match")
560 for j := range u.Roles {
561 uassert.Equal(t, string(users[i].Roles[j]), string(u.Roles[j]))
562 }
563
564 i++
565 return false
566 })
567
568 uassert.Equal(t, i, len(users), "expect iterator to iterate all users")
569 })
570 }
571}
