acl_test.gno

  1package acl
  2
  3import (
  4	"std"
  5	"testing"
  6
  7	"gno.land/p/demo/testutils"
  8	"gno.land/p/demo/uassert"
  9	"gno.land/p/demo/ufmt"
 10)
 11
 12func Test(t *testing.T) {
 13	adm := testutils.TestAddress("admin")
 14	mod := testutils.TestAddress("mod")
 15	usr := testutils.TestAddress("user")
 16	cst := testutils.TestAddress("custom")
 17
 18	dir := New()
 19
 20	// by default, no one has perm.
 21	shouldNotHasRole(t, dir, adm, "foo")
 22	shouldNotHasRole(t, dir, mod, "foo")
 23	shouldNotHasRole(t, dir, usr, "foo")
 24	shouldNotHasRole(t, dir, cst, "foo")
 25	shouldNotHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 26	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 27	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 28	shouldNotHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 29	shouldNotHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 30	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 31	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 32	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 33
 34	// adding all the rights to admin.
 35	dir.AddUserPerm(adm, ".*", ".*")
 36	shouldHasRole(t, dir, adm, "foo")
 37	shouldNotHasRole(t, dir, mod, "foo")
 38	shouldNotHasRole(t, dir, usr, "foo")
 39	shouldNotHasRole(t, dir, cst, "foo")
 40	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1") // new
 41	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 42	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 43	shouldNotHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 44	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1") // new
 45	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 46	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 47	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 48
 49	// adding custom regexp rule for user "cst".
 50	dir.AddUserPerm(cst, "write", "r/demo/boards:gnolang/.*")
 51	shouldHasRole(t, dir, adm, "foo")
 52	shouldNotHasRole(t, dir, mod, "foo")
 53	shouldNotHasRole(t, dir, usr, "foo")
 54	shouldNotHasRole(t, dir, cst, "foo")
 55	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 56	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 57	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 58	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1") // new
 59	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 60	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 61	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 62	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 63
 64	// adding a group perm for a new group.
 65	// no changes expected.
 66	dir.AddGroupPerm("mods", "role", "moderator")
 67	dir.AddGroupPerm("mods", "write", ".*")
 68	shouldHasRole(t, dir, adm, "foo")
 69	shouldNotHasRole(t, dir, mod, "foo")
 70	shouldNotHasRole(t, dir, usr, "foo")
 71	shouldNotHasRole(t, dir, cst, "foo")
 72	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 73	shouldNotHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
 74	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 75	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 76	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 77	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 78	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 79	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 80
 81	// assigning the user "mod" to the "mods" group.
 82	dir.AddUserToGroup(mod, "mods")
 83	shouldHasRole(t, dir, adm, "foo")
 84	shouldNotHasRole(t, dir, mod, "foo")
 85	shouldNotHasRole(t, dir, usr, "foo")
 86	shouldNotHasRole(t, dir, cst, "foo")
 87	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
 88	shouldHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1") // new
 89	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
 90	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
 91	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
 92	shouldNotHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1")
 93	shouldNotHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1")
 94	shouldNotHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1")
 95
 96	// adding "read" permission for everyone.
 97	dir.AddGroupPerm(Everyone, "read", ".*")
 98	shouldHasRole(t, dir, adm, "foo")
 99	shouldNotHasRole(t, dir, mod, "foo")
100	shouldNotHasRole(t, dir, usr, "foo")
101	shouldNotHasRole(t, dir, cst, "foo")
102	shouldHasPerm(t, dir, adm, "write", "r/demo/boards:gnolang/1")
103	shouldHasPerm(t, dir, mod, "write", "r/demo/boards:gnolang/1")
104	shouldNotHasPerm(t, dir, usr, "write", "r/demo/boards:gnolang/1")
105	shouldHasPerm(t, dir, cst, "write", "r/demo/boards:gnolang/1")
106	shouldHasPerm(t, dir, adm, "read", "r/demo/boards:gnolang/1")
107	shouldHasPerm(t, dir, mod, "read", "r/demo/boards:gnolang/1") // new
108	shouldHasPerm(t, dir, usr, "read", "r/demo/boards:gnolang/1") // new
109	shouldHasPerm(t, dir, cst, "read", "r/demo/boards:gnolang/1") // new
110}
111
112func shouldHasRole(t *testing.T, dir *Directory, addr std.Address, role string) {
113	t.Helper()
114	check := dir.HasRole(addr, role)
115	uassert.Equal(t, true, check, ufmt.Sprintf("%s should has role %s", addr.String(), role))
116}
117
118func shouldNotHasRole(t *testing.T, dir *Directory, addr std.Address, role string) {
119	t.Helper()
120	check := dir.HasRole(addr, role)
121	uassert.Equal(t, false, check, ufmt.Sprintf("%s should not has role %s", addr.String(), role))
122}
123
124func shouldHasPerm(t *testing.T, dir *Directory, addr std.Address, verb string, resource string) {
125	t.Helper()
126	check := dir.HasPerm(addr, verb, resource)
127	uassert.Equal(t, true, check, ufmt.Sprintf("%s should has perm for %s - %s", addr.String(), verb, resource))
128}
129
130func shouldNotHasPerm(t *testing.T, dir *Directory, addr std.Address, verb string, resource string) {
131	t.Helper()
132	check := dir.HasPerm(addr, verb, resource)
133	uassert.Equal(t, false, check, ufmt.Sprintf("%s should not has perm for %s - %s", addr.String(), verb, resource))
134}