permissions_basic_test.gno
13.68 Kb · 536 lines
1package boards2
2
3import (
4 "testing"
5
6 "gno.land/p/gnoland/boards"
7 "gno.land/p/nt/uassert"
8 "gno.land/p/nt/urequire"
9)
10
11var _ boards.Permissions = (*BasicPermissions)(nil)
12
13func TestBasicPermissionsWithPermission(t *testing.T) {
14 cases := []struct {
15 name string
16 user address
17 permission boards.Permission
18 args boards.Args
19 setup func() *BasicPermissions
20 err string
21 called bool
22 }{
23 {
24 name: "ok",
25 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
26 permission: "bar",
27 setup: func() *BasicPermissions {
28 perms := NewBasicPermissions()
29 perms.AddRole("foo", "bar")
30 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
31 return perms
32 },
33 called: true,
34 },
35 {
36 name: "ok with arguments",
37 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
38 permission: "bar",
39 args: boards.Args{"a", "b"},
40 setup: func() *BasicPermissions {
41 perms := NewBasicPermissions()
42 perms.AddRole("foo", "bar")
43 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
44 return perms
45 },
46 called: true,
47 },
48 {
49 name: "no permission",
50 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
51 permission: "bar",
52 setup: func() *BasicPermissions {
53 perms := NewBasicPermissions()
54 perms.AddRole("foo", "bar")
55 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
56 return perms
57 },
58 err: "unauthorized",
59 },
60 {
61 name: "is not a DAO member",
62 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
63 permission: "bar",
64 setup: func() *BasicPermissions {
65 return NewBasicPermissions()
66 },
67 err: "unauthorized",
68 },
69 }
70
71 for _, tc := range cases {
72 t.Run(tc.name, func(t *testing.T) {
73 var called bool
74
75 perms := tc.setup()
76 callback := func(realm) { called = true }
77
78 testCaseFn := func() {
79 perms.WithPermission(cross, tc.user, tc.permission, tc.args, callback)
80 }
81
82 if tc.err != "" {
83 urequire.AbortsWithMessage(t, tc.err, testCaseFn, "expect panic with message")
84 return
85 } else {
86 urequire.NotAborts(t, testCaseFn, "expect no panic")
87 }
88
89 urequire.Equal(t, tc.called, called, "expect callback to be called")
90 })
91 }
92}
93
94func TestBasicPermissionsSetPublicPermissions(t *testing.T) {
95 user := address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
96 perms := NewBasicPermissions()
97
98 // Add a new role with permissions
99 perms.AddRole("adminRole", "fooPerm", "barPerm", "bazPerm")
100 urequire.False(t, perms.HasPermission(user, "fooPerm"))
101 urequire.False(t, perms.HasPermission(user, "barPerm"))
102 urequire.False(t, perms.HasPermission(user, "bazPerm"))
103
104 // Assign a couple of public permissions
105 perms.SetPublicPermissions("fooPerm", "bazPerm")
106 urequire.True(t, perms.HasPermission(user, "fooPerm"))
107 urequire.False(t, perms.HasPermission(user, "barPerm"))
108 urequire.True(t, perms.HasPermission(user, "bazPerm"))
109
110 // Clear all public permissions
111 perms.SetPublicPermissions()
112 urequire.False(t, perms.HasPermission(user, "fooPerm"))
113 urequire.False(t, perms.HasPermission(user, "barPerm"))
114 urequire.False(t, perms.HasPermission(user, "bazPerm"))
115}
116
117func TestBasicPermissionsGetUserRoles(t *testing.T) {
118 cases := []struct {
119 name string
120 user address
121 roles []string
122 setup func() *BasicPermissions
123 }{
124 {
125 name: "single role",
126 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
127 roles: []string{"admin"},
128 setup: func() *BasicPermissions {
129 perms := NewBasicPermissions()
130 perms.AddRole("admin", "x")
131 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin")
132 return perms
133 },
134 },
135 {
136 name: "multiple roles",
137 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
138 roles: []string{"admin", "bar", "foo"},
139 setup: func() *BasicPermissions {
140 perms := NewBasicPermissions()
141 perms.AddRole("admin", "x")
142 perms.AddRole("foo", "x")
143 perms.AddRole("bar", "x")
144 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin", "foo", "bar")
145 return perms
146 },
147 },
148 {
149 name: "without roles",
150 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
151 setup: func() *BasicPermissions {
152 perms := NewBasicPermissions()
153 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
154 return perms
155 },
156 },
157 {
158 name: "not a user",
159 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
160 setup: func() *BasicPermissions {
161 return NewBasicPermissions()
162 },
163 },
164 {
165 name: "multiple users",
166 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
167 roles: []string{"admin"},
168 setup: func() *BasicPermissions {
169 perms := NewBasicPermissions()
170 perms.AddRole("admin", "x")
171 perms.AddRole("bar", "x")
172 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin")
173 perms.SetUserRoles(cross, "g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn", "admin")
174 perms.SetUserRoles(cross, "g1w4ek2u3jta047h6lta047h6lta047h6l9huexc", "admin", "bar")
175 return perms
176 },
177 },
178 }
179
180 for _, tc := range cases {
181 t.Run(tc.name, func(t *testing.T) {
182 perms := tc.setup()
183 roles := perms.GetUserRoles(tc.user)
184
185 urequire.Equal(t, len(tc.roles), len(roles), "user role count")
186 for i, r := range roles {
187 uassert.Equal(t, tc.roles[i], string(r))
188 }
189 })
190 }
191}
192
193func TestBasicPermissionsHasRole(t *testing.T) {
194 cases := []struct {
195 name string
196 user address
197 role boards.Role
198 setup func() *BasicPermissions
199 want bool
200 }{
201 {
202 name: "ok",
203 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
204 role: "admin",
205 setup: func() *BasicPermissions {
206 perms := NewBasicPermissions()
207 perms.AddRole("admin", "x")
208 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin")
209 return perms
210 },
211 want: true,
212 },
213 {
214 name: "ok with multiple roles",
215 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
216 role: "foo",
217 setup: func() *BasicPermissions {
218 perms := NewBasicPermissions()
219 perms.AddRole("admin", "x")
220 perms.AddRole("foo", "x")
221 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "admin", "foo")
222 return perms
223 },
224 want: true,
225 },
226 {
227 name: "user without roles",
228 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
229 setup: func() *BasicPermissions {
230 perms := NewBasicPermissions()
231 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
232 return perms
233 },
234 },
235 {
236 name: "has no role",
237 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
238 role: "bar",
239 setup: func() *BasicPermissions {
240 perms := NewBasicPermissions()
241 perms.AddRole("foo", "x")
242 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
243 return perms
244 },
245 },
246 }
247
248 for _, tc := range cases {
249 t.Run(tc.name, func(t *testing.T) {
250 perms := tc.setup()
251 got := perms.HasRole(tc.user, tc.role)
252 uassert.Equal(t, got, tc.want)
253 })
254 }
255}
256
257func TestBasicPermissionsHasPermission(t *testing.T) {
258 cases := []struct {
259 name string
260 user address
261 permission boards.Permission
262 setup func() *BasicPermissions
263 want bool
264 }{
265 {
266 name: "ok",
267 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
268 permission: "bar",
269 setup: func() *BasicPermissions {
270 perms := NewBasicPermissions()
271 perms.AddRole("foo", "bar")
272 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
273 return perms
274 },
275 want: true,
276 },
277 {
278 name: "ok with multiple users",
279 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
280 permission: "bar",
281 setup: func() *BasicPermissions {
282 perms := NewBasicPermissions()
283 perms.AddRole("foo", "bar")
284 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
285 perms.SetUserRoles(cross, "g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn", "foo")
286 return perms
287 },
288 want: true,
289 },
290 {
291 name: "ok with multiple roles",
292 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
293 permission: "other",
294 setup: func() *BasicPermissions {
295 perms := NewBasicPermissions()
296 perms.AddRole("foo", "bar")
297 perms.AddRole("baz", "other")
298 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo", "baz")
299 return perms
300 },
301 want: true,
302 },
303 {
304 name: "no permission",
305 user: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
306 permission: "other",
307 setup: func() *BasicPermissions {
308 perms := NewBasicPermissions()
309 perms.AddRole("foo", "bar")
310 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "foo")
311 return perms
312 },
313 },
314 }
315
316 for _, tc := range cases {
317 t.Run(tc.name, func(t *testing.T) {
318 perms := tc.setup()
319 got := perms.HasPermission(tc.user, tc.permission)
320 uassert.Equal(t, tc.want, got)
321 })
322 }
323}
324
325func TestBasicPermissionsSetUserRoles(t *testing.T) {
326 cases := []struct {
327 name string
328 user address
329 roles []boards.Role
330 setup func() *BasicPermissions
331 err string
332 }{
333 {
334 name: "add user",
335 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
336 roles: []boards.Role{"a"},
337 setup: func() *BasicPermissions {
338 perms := NewBasicPermissions()
339 perms.AddRole("a", "permission1")
340 return perms
341 },
342 },
343 {
344 name: "add user with multiple roles",
345 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
346 roles: []boards.Role{"a", "b"},
347 setup: func() *BasicPermissions {
348 perms := NewBasicPermissions()
349 perms.AddRole("a", "permission1")
350 perms.AddRole("b", "permission2")
351 return perms
352 },
353 },
354 {
355 name: "add when other users exists",
356 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
357 roles: []boards.Role{"a"},
358 setup: func() *BasicPermissions {
359 perms := NewBasicPermissions()
360 perms.AddRole("a", "permission1")
361 perms.SetUserRoles(cross, "g1w4ek2u33ta047h6lta047h6lta047h6ldvdwpn", "a")
362 perms.SetUserRoles(cross, "g1w4ek2u3jta047h6lta047h6lta047h6l9huexc")
363 return perms
364 },
365 },
366 {
367 name: "update user roles",
368 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
369 roles: []boards.Role{"a", "b"},
370 setup: func() *BasicPermissions {
371 perms := NewBasicPermissions()
372 perms.AddRole("a", "permission1")
373 perms.AddRole("b", "permission2")
374 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "a")
375 return perms
376 },
377 },
378 {
379 name: "clear user roles",
380 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
381 roles: []boards.Role{},
382 setup: func() *BasicPermissions {
383 perms := NewBasicPermissions()
384 perms.AddRole("a", "permission1")
385 perms.AddRole("b", "permission2")
386 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5", "a", "b")
387 return perms
388 },
389 },
390 {
391 name: "set invalid role",
392 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
393 roles: []boards.Role{"a", "foo"},
394 setup: func() *BasicPermissions {
395 perms := NewBasicPermissions()
396 perms.AddRole("a", "permission1")
397 return perms
398 },
399 err: "invalid role: foo",
400 },
401 }
402
403 for _, tc := range cases {
404 t.Run(tc.name, func(t *testing.T) {
405 perms := tc.setup()
406
407 setUserRoles := func() {
408 perms.SetUserRoles(cross, tc.user, tc.roles...)
409 }
410
411 if tc.err != "" {
412 urequire.AbortsWithMessage(t, tc.err, setUserRoles, "expected an error")
413 return
414 } else {
415 urequire.NotAborts(t, setUserRoles, "expected no error")
416 }
417
418 roles := perms.GetUserRoles(tc.user)
419 uassert.Equal(t, len(tc.roles), len(roles))
420 for i, r := range roles {
421 urequire.Equal(t, string(tc.roles[i]), string(r))
422 }
423 })
424 }
425}
426
427func TestBasicPermissionsRemoveUser(t *testing.T) {
428 cases := []struct {
429 name string
430 user address
431 setup func() *BasicPermissions
432 want bool
433 }{
434 {
435 name: "ok",
436 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
437 setup: func() *BasicPermissions {
438 perms := NewBasicPermissions()
439 perms.SetUserRoles(cross, "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5")
440 return perms
441 },
442 want: true,
443 },
444 {
445 name: "user not found",
446 user: address("g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5"),
447 setup: func() *BasicPermissions {
448 return NewBasicPermissions()
449 },
450 },
451 }
452
453 for _, tc := range cases {
454 t.Run(tc.name, func(t *testing.T) {
455 perms := tc.setup()
456 got := perms.RemoveUser(cross, tc.user)
457 uassert.Equal(t, tc.want, got)
458 })
459 }
460}
461
462func TestBasicPermissionsIterateUsers(t *testing.T) {
463 users := []boards.User{
464 {
465 Address: "g1jg8mtutu9khhfwc4nxmuhcpftf0pajdhfvsqf5",
466 Roles: []boards.Role{"foo"},
467 },
468 {
469 Address: "g1us8428u2a5satrlxzagqqa5m6vmuze025anjlj",
470 Roles: []boards.Role{"bar", "foo"},
471 },
472 {
473 Address: "g1vh7krmmzfua5xjmkatvmx09z37w34lsvd2mxa5",
474 Roles: []boards.Role{"bar"},
475 },
476 }
477
478 perms := NewBasicPermissions()
479 perms.AddRole("foo", "perm1")
480 perms.AddRole("bar", "perm2")
481 for _, u := range users {
482 perms.SetUserRoles(cross, u.Address, u.Roles...)
483 }
484
485 cases := []struct {
486 name string
487 start, count, want int
488 }{
489 {
490 name: "exceed users count",
491 count: 50,
492 want: 3,
493 },
494 {
495 name: "exact users count",
496 count: 3,
497 want: 3,
498 },
499 {
500 name: "two users",
501 start: 1,
502 count: 2,
503 want: 2,
504 },
505 {
506 name: "one user",
507 start: 1,
508 count: 1,
509 want: 1,
510 },
511 {
512 name: "no iteration",
513 start: 50,
514 },
515 }
516
517 for _, tc := range cases {
518 t.Run(tc.name, func(t *testing.T) {
519 var i int
520 perms.IterateUsers(0, len(users), func(u boards.User) bool {
521 urequire.True(t, i < len(users), "expect iterator to respect number of users")
522 uassert.Equal(t, users[i].Address, u.Address)
523
524 urequire.Equal(t, len(users[i].Roles), len(u.Roles), "expect number of roles to match")
525 for j := range u.Roles {
526 uassert.Equal(t, string(users[i].Roles[j]), string(u.Roles[j]))
527 }
528
529 i++
530 return false
531 })
532
533 uassert.Equal(t, i, len(users), "expect iterator to iterate all users")
534 })
535 }
536}
