rbac2/rbac2_test.go at 062f8de4b5ddbd64f805cddbaca3576fd7dcd72d · tangled.org/core

tangled.org / core
this repo has no description
core / rbac2 / rbac2_test.go
at 062f8de4b5ddbd64f805cddbaca3576fd7dcd72d 4.2 kB view raw
  1package rbac2_test
  2
  3import (
  4	"database/sql"
  5	"testing"
  6
  7	"github.com/bluesky-social/indigo/atproto/syntax"
  8	_ "github.com/mattn/go-sqlite3"
  9	"github.com/stretchr/testify/assert"
 10	"tangled.org/core/rbac2"
 11)
 12
 13func setup(t *testing.T) *rbac2.Enforcer {
 14	enforcer, err := rbac2.NewEnforcer(":memory:")
 15	assert.NoError(t, err)
 16
 17	return enforcer
 18}
 19
 20func TestNewEnforcer(t *testing.T) {
 21	db, err := sql.Open("sqlite3", "/tmp/test/test.db?_foreign_keys=1")
 22	assert.NoError(t, err)
 23
 24	enforcer1, err := rbac2.NewEnforcerWithDB(db)
 25	assert.NoError(t, err)
 26	enforcer1.AddRepo(syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey"))
 27	model1 := enforcer1.CaptureModel()
 28
 29	enforcer2, err := rbac2.NewEnforcerWithDB(db)
 30	assert.NoError(t, err)
 31	model2 := enforcer2.CaptureModel()
 32
 33	// model1.GetLogger().EnableLog(true)
 34	// model1.PrintModel()
 35	// model1.PrintPolicy()
 36	// model1.GetLogger().EnableLog(false)
 37
 38	model2.GetLogger().EnableLog(true)
 39	model2.PrintModel()
 40	model2.PrintPolicy()
 41	model2.GetLogger().EnableLog(false)
 42
 43	assert.Equal(t, model1, model2)
 44}
 45
 46func TestRepoOwnerPermissions(t *testing.T) {
 47	var (
 48		e       = setup(t)
 49		ok      bool
 50		err     error
 51		fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey")
 52		fooUser = syntax.DID("did:plc:foo")
 53	)
 54
 55	assert.NoError(t, e.AddRepo(fooRepo))
 56
 57	ok, err = e.IsRepoOwner(fooUser, fooRepo)
 58	assert.NoError(t, err)
 59	assert.True(t, ok, "repo author should be repo owner")
 60
 61	ok, err = e.IsRepoWriteAllowed(fooUser, fooRepo)
 62	assert.NoError(t, err)
 63	assert.True(t, ok, "repo owner should be able to modify the repo itself")
 64
 65	ok, err = e.IsRepoCollaborator(fooUser, fooRepo)
 66	assert.NoError(t, err)
 67	assert.True(t, ok, "repo owner should inherit role role:collaborator")
 68
 69	ok, err = e.IsRepoSettingsWriteAllowed(fooUser, fooRepo)
 70	assert.NoError(t, err)
 71	assert.True(t, ok, "repo owner should inherit collaborator permissions")
 72}
 73
 74func TestRepoCollaboratorPermissions(t *testing.T) {
 75	var (
 76		e       = setup(t)
 77		ok      bool
 78		err     error
 79		fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey")
 80		barUser = syntax.DID("did:plc:bar")
 81	)
 82
 83	assert.NoError(t, e.AddRepo(fooRepo))
 84	assert.NoError(t, e.AddRepoCollaborator(barUser, fooRepo))
 85
 86	ok, err = e.IsRepoCollaborator(barUser, fooRepo)
 87	assert.NoError(t, err)
 88	assert.True(t, ok, "should set repo collaborator")
 89
 90	ok, err = e.IsRepoSettingsWriteAllowed(barUser, fooRepo)
 91	assert.NoError(t, err)
 92	assert.True(t, ok, "repo collaborator should be able to edit repo settings")
 93
 94	ok, err = e.IsRepoWriteAllowed(barUser, fooRepo)
 95	assert.NoError(t, err)
 96	assert.False(t, ok, "repo collaborator shouldn't be able to modify the repo itself")
 97}
 98
 99func TestGetByRole(t *testing.T) {
100	var (
101		e             = setup(t)
102		err           error
103		fooRepo       = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey")
104		owner         = syntax.DID("did:plc:foo")
105		collaborator1 = syntax.DID("did:plc:bar")
106		collaborator2 = syntax.DID("did:plc:baz")
107	)
108
109	assert.NoError(t, e.AddRepo(fooRepo))
110	assert.NoError(t, e.AddRepoCollaborator(collaborator1, fooRepo))
111	assert.NoError(t, e.AddRepoCollaborator(collaborator2, fooRepo))
112
113	collaborators, err := e.GetRepoCollaborators(fooRepo)
114	assert.NoError(t, err)
115	assert.ElementsMatch(t, []syntax.DID{
116		owner,
117		collaborator1,
118		collaborator2,
119	}, collaborators)
120}
121
122func TestSpindleOwnerPermissions(t *testing.T) {
123	var (
124		e       = setup(t)
125		ok      bool
126		err     error
127		spindle = syntax.DID("did:web:spindle.example.com")
128		owner   = syntax.DID("did:plc:foo")
129		member  = syntax.DID("did:plc:bar")
130	)
131
132	assert.NoError(t, e.SetSpindleOwner(owner, spindle))
133	assert.NoError(t, e.AddSpindleMember(member, spindle))
134
135	ok, err = e.IsSpindleMember(owner, spindle)
136	assert.NoError(t, err)
137	assert.True(t, ok, "spindle owner is spindle member")
138
139	ok, err = e.IsSpindleMember(member, spindle)
140	assert.NoError(t, err)
141	assert.True(t, ok, "spindle member is spindle member")
142
143	ok, err = e.IsSpindleMemberInviteAllowed(owner, spindle)
144	assert.NoError(t, err)
145	assert.True(t, ok, "spindle owner can invite members")
146
147	ok, err = e.IsSpindleMemberInviteAllowed(member, spindle)
148	assert.NoError(t, err)
149	assert.False(t, ok, "spindle member cannot invite members")
150}