tangled.org / core
this repo has no description
fork atom
core / rbac2 / rbac2_test.go
at e6f933a935fb6e659d4705fa63d709afedd2c1dd 4.2 kB view raw
1package rbac2_test 2 3import ( 4 "database/sql" 5 "testing" 6 7 "github.com/bluesky-social/indigo/atproto/syntax" 8 _ "github.com/mattn/go-sqlite3" 9 "github.com/stretchr/testify/assert" 10 "tangled.org/core/rbac2" 11) 12 13func setup(t *testing.T) *rbac2.Enforcer { 14 enforcer, err := rbac2.NewEnforcer(":memory:") 15 assert.NoError(t, err) 16 17 return enforcer 18} 19 20func TestNewEnforcer(t *testing.T) { 21 db, err := sql.Open("sqlite3", "/tmp/test/test.db?_foreign_keys=1") 22 assert.NoError(t, err) 23 24 enforcer1, err := rbac2.NewEnforcerWithDB(db) 25 assert.NoError(t, err) 26 enforcer1.AddRepo(syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey")) 27 model1 := enforcer1.CaptureModel() 28 29 enforcer2, err := rbac2.NewEnforcerWithDB(db) 30 assert.NoError(t, err) 31 model2 := enforcer2.CaptureModel() 32 33 // model1.GetLogger().EnableLog(true) 34 // model1.PrintModel() 35 // model1.PrintPolicy() 36 // model1.GetLogger().EnableLog(false) 37 38 model2.GetLogger().EnableLog(true) 39 model2.PrintModel() 40 model2.PrintPolicy() 41 model2.GetLogger().EnableLog(false) 42 43 assert.Equal(t, model1, model2) 44} 45 46func TestRepoOwnerPermissions(t *testing.T) { 47 var ( 48 e = setup(t) 49 ok bool 50 err error 51 fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey") 52 fooUser = syntax.DID("did:plc:foo") 53 ) 54 55 assert.NoError(t, e.AddRepo(fooRepo)) 56 57 ok, err = e.IsRepoOwner(fooUser, fooRepo) 58 assert.NoError(t, err) 59 assert.True(t, ok, "repo author should be repo owner") 60 61 ok, err = e.IsRepoWriteAllowed(fooUser, fooRepo) 62 assert.NoError(t, err) 63 assert.True(t, ok, "repo owner should be able to modify the repo itself") 64 65 ok, err = e.IsRepoCollaborator(fooUser, fooRepo) 66 assert.NoError(t, err) 67 assert.True(t, ok, "repo owner should inherit role role:collaborator") 68 69 ok, err = e.IsRepoSettingsWriteAllowed(fooUser, fooRepo) 70 assert.NoError(t, err) 71 assert.True(t, ok, "repo owner should inherit collaborator permissions") 72} 73 74func TestRepoCollaboratorPermissions(t *testing.T) { 75 var ( 76 e = setup(t) 77 ok bool 78 err error 79 fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey") 80 barUser = syntax.DID("did:plc:bar") 81 ) 82 83 assert.NoError(t, e.AddRepo(fooRepo)) 84 assert.NoError(t, e.AddRepoCollaborator(barUser, fooRepo)) 85 86 ok, err = e.IsRepoCollaborator(barUser, fooRepo) 87 assert.NoError(t, err) 88 assert.True(t, ok, "should set repo collaborator") 89 90 ok, err = e.IsRepoSettingsWriteAllowed(barUser, fooRepo) 91 assert.NoError(t, err) 92 assert.True(t, ok, "repo collaborator should be able to edit repo settings") 93 94 ok, err = e.IsRepoWriteAllowed(barUser, fooRepo) 95 assert.NoError(t, err) 96 assert.False(t, ok, "repo collaborator shouldn't be able to modify the repo itself") 97} 98 99func TestGetByRole(t *testing.T) { 100 var ( 101 e = setup(t) 102 err error 103 fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey") 104 owner = syntax.DID("did:plc:foo") 105 collaborator1 = syntax.DID("did:plc:bar") 106 collaborator2 = syntax.DID("did:plc:baz") 107 ) 108 109 assert.NoError(t, e.AddRepo(fooRepo)) 110 assert.NoError(t, e.AddRepoCollaborator(collaborator1, fooRepo)) 111 assert.NoError(t, e.AddRepoCollaborator(collaborator2, fooRepo)) 112 113 collaborators, err := e.GetRepoCollaborators(fooRepo) 114 assert.NoError(t, err) 115 assert.ElementsMatch(t, []syntax.DID{ 116 owner, 117 collaborator1, 118 collaborator2, 119 }, collaborators) 120} 121 122func TestSpindleOwnerPermissions(t *testing.T) { 123 var ( 124 e = setup(t) 125 ok bool 126 err error 127 spindle = syntax.DID("did:web:spindle.example.com") 128 owner = syntax.DID("did:plc:foo") 129 member = syntax.DID("did:plc:bar") 130 ) 131 132 assert.NoError(t, e.SetSpindleOwner(owner, spindle)) 133 assert.NoError(t, e.AddSpindleMember(member, spindle)) 134 135 ok, err = e.IsSpindleMember(owner, spindle) 136 assert.NoError(t, err) 137 assert.True(t, ok, "spindle owner is spindle member") 138 139 ok, err = e.IsSpindleMember(member, spindle) 140 assert.NoError(t, err) 141 assert.True(t, ok, "spindle member is spindle member") 142 143 ok, err = e.IsSpindleMemberInviteAllowed(owner, spindle) 144 assert.NoError(t, err) 145 assert.True(t, ok, "spindle owner can invite members") 146 147 ok, err = e.IsSpindleMemberInviteAllowed(member, spindle) 148 assert.NoError(t, err) 149 assert.False(t, ok, "spindle member cannot invite members") 150}