eintopf.info@v0.13.16/service/action/authorizer_test.go (about) 1 // Copyright (C) 2024 The Eintopf authors 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU Affero General Public License as 5 // published by the Free Software Foundation, either version 3 of the 6 // License, or (at your option) any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU Affero General Public License for more details. 12 // 13 // You should have received a copy of the GNU Affero General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 16 package action_test 17 18 import ( 19 "context" 20 "testing" 21 22 "eintopf.info/service/action" 23 "eintopf.info/service/auth" 24 ) 25 26 var ( 27 normalCtx = auth.ContextWithRole(context.Background(), auth.RoleNormal) 28 moderatorCtx = auth.ContextWithRole(context.Background(), auth.RoleModerator) 29 adminCtx = auth.ContextWithRole(context.Background(), auth.RoleAdmin) 30 internalCtx = auth.ContextWithRole(context.Background(), auth.RoleInternal) 31 ) 32 33 func TestAuthorizerCreate(t *testing.T) { 34 store := action.NewMemoryStore() 35 authorizer := action.NewAuthorizer(store) 36 37 t.Run("Background context -> Unauthorized", func(t *testing.T) { 38 _, err := authorizer.Create(context.Background(), &action.Action{}) 39 if err == nil { 40 t.Error("should return unauthorized error") 41 } 42 }) 43 44 t.Run("Normal -> Unauthorized", func(t *testing.T) { 45 _, err := authorizer.Create(normalCtx, &action.Action{}) 46 if err == nil { 47 t.Error("should return unauthorized error") 48 } 49 }) 50 51 t.Run("Moderator -> Unauthorized", func(t *testing.T) { 52 _, err := authorizer.Create(moderatorCtx, &action.Action{}) 53 if err == nil { 54 t.Error("should return unauthorized error") 55 } 56 }) 57 58 t.Run("Admin -> Unauthorized", func(t *testing.T) { 59 _, err := authorizer.Create(adminCtx, &action.Action{}) 60 if err == nil { 61 t.Error("should return unauthorized error") 62 } 63 }) 64 65 t.Run("Internal -> Authorized", func(t *testing.T) { 66 _, err := authorizer.Create(internalCtx, &action.Action{}) 67 if err != nil { 68 t.Error("should not return unauthorized error") 69 } 70 }) 71 } 72 73 func TestAuthorizerUpdate(t *testing.T) { 74 store := action.NewMemoryStore() 75 _, err := store.Create(context.Background(), &action.Action{ 76 Name: "foo", 77 }) 78 if err != nil { 79 t.Fatal(err) 80 } 81 authorizer := action.NewAuthorizer(store) 82 83 t.Run("Background -> Unauthorized", func(t *testing.T) { 84 _, err := authorizer.Update(context.Background(), &action.Action{Name: "foo"}) 85 if err == nil { 86 t.Error("should return unauthorized error") 87 } 88 }) 89 90 t.Run("Normal user -> Unauthorized", func(t *testing.T) { 91 _, err := authorizer.Update(normalCtx, &action.Action{Name: "foo"}) 92 if err == nil { 93 t.Error("should return unauthorized error") 94 } 95 }) 96 97 t.Run("Moderator -> Unauthorized", func(t *testing.T) { 98 _, err := authorizer.Update(auth.ContextWithID(moderatorCtx, "1312"), &action.Action{Name: "foo"}) 99 if err == nil { 100 t.Error("should return unauthorized error") 101 } 102 }) 103 104 t.Run("Admin -> Authorized", func(t *testing.T) { 105 _, err := authorizer.Update(adminCtx, &action.Action{Name: "foo"}) 106 if err != nil { 107 t.Error("should not return unauthorized error") 108 } 109 }) 110 111 t.Run("Internal -> Authorized", func(t *testing.T) { 112 _, err := authorizer.Update(internalCtx, &action.Action{Name: "foo"}) 113 if err != nil { 114 t.Error("should not return unauthorized error") 115 } 116 }) 117 } 118 119 func TestAuthorizerDelete(t *testing.T) { 120 store := action.NewMemoryStore() 121 _, err := store.Create(context.Background(), &action.Action{ 122 Name: "foo", 123 }) 124 if err != nil { 125 t.Fatal(err) 126 } 127 authorizer := action.NewAuthorizer(store) 128 129 t.Run("Background -> Unauthorized", func(t *testing.T) { 130 err := authorizer.Delete(context.Background(), "foo") 131 if err == nil { 132 t.Error("should return unauthorized error") 133 } 134 }) 135 136 t.Run("Normal user -> Unauthorized", func(t *testing.T) { 137 err := authorizer.Delete(normalCtx, "foo") 138 if err == nil { 139 t.Error("should return unauthorized error") 140 } 141 }) 142 143 t.Run("Moderator -> Unauthorized", func(t *testing.T) { 144 err := authorizer.Delete(moderatorCtx, "foo") 145 if err == nil { 146 t.Error("should return unauthorized error") 147 } 148 }) 149 150 t.Run("Admin -> Authorized", func(t *testing.T) { 151 err := authorizer.Delete(adminCtx, "foo") 152 if err != nil { 153 t.Error("should not return unauthorized error") 154 } 155 _, err = store.Create(context.Background(), &action.Action{ 156 Name: "foo", 157 }) 158 if err != nil { 159 t.Fatal(err) 160 } 161 }) 162 163 t.Run("Internal -> Authorized", func(t *testing.T) { 164 err := authorizer.Delete(internalCtx, "foo") 165 if err != nil { 166 t.Error("should not return unauthorized error") 167 } 168 }) 169 } 170 171 func TestAuthorizerFindByID(t *testing.T) { 172 store := action.NewMemoryStore() 173 _, err := store.Create(context.Background(), &action.Action{ 174 Name: "foo", 175 }) 176 if err != nil { 177 t.Fatal(err) 178 } 179 authorizer := action.NewAuthorizer(store) 180 181 t.Run("Background -> Unauthorized", func(t *testing.T) { 182 _, err := authorizer.FindByID(context.Background(), "foo") 183 if err == nil { 184 t.Error("should return unauthorized error") 185 } 186 }) 187 188 t.Run("Normal user -> Unauthorized", func(t *testing.T) { 189 _, err := authorizer.FindByID(auth.ContextWithID(normalCtx, "foo"), "foo") 190 if err == nil { 191 t.Error("should return unauthorized error") 192 } 193 }) 194 195 t.Run("Moderator -> Unauthorized", func(t *testing.T) { 196 _, err := authorizer.FindByID(auth.ContextWithID(moderatorCtx, "foo"), "foo") 197 if err == nil { 198 t.Error("should return unauthorized error") 199 } 200 }) 201 202 t.Run("Admin -> Authorized", func(t *testing.T) { 203 _, err := authorizer.FindByID(adminCtx, "foo") 204 if err != nil { 205 t.Error("should not return unauthorized error") 206 } 207 }) 208 209 t.Run("Internal -> Authorized", func(t *testing.T) { 210 _, err := authorizer.FindByID(internalCtx, "foo") 211 if err != nil { 212 t.Error("should not return unauthorized error") 213 } 214 }) 215 } 216 217 func TestAuthorizerFind(t *testing.T) { 218 store := action.NewMemoryStore() 219 _, err := store.Create(context.Background(), &action.Action{ 220 Name: "foo", 221 }) 222 if err != nil { 223 t.Fatal(err) 224 } 225 authorizer := action.NewAuthorizer(store) 226 227 t.Run("Background -> Unauthorized", func(t *testing.T) { 228 _, _, err := authorizer.Find(context.Background(), nil) 229 if err == nil { 230 t.Error("should return unauthorized error") 231 } 232 }) 233 234 t.Run("Normal user -> Unauthorized", func(t *testing.T) { 235 _, _, err := authorizer.Find(auth.ContextWithID(normalCtx, "foo"), nil) 236 if err == nil { 237 t.Error("should return unauthorized error") 238 } 239 }) 240 241 t.Run("Moderator -> Unauthorized", func(t *testing.T) { 242 _, _, err := authorizer.Find(auth.ContextWithID(moderatorCtx, "foo"), nil) 243 if err == nil { 244 t.Error("should return unauthorized error") 245 } 246 }) 247 248 t.Run("Admin -> Authorized", func(t *testing.T) { 249 _, total, err := authorizer.Find(adminCtx, nil) 250 if err != nil { 251 t.Error("should not return unauthorized error") 252 } 253 if total != 1 { 254 t.Errorf("total should be 1, got %d", total) 255 } 256 }) 257 258 t.Run("Internal -> Authorized", func(t *testing.T) { 259 _, total, err := authorizer.Find(internalCtx, nil) 260 if err != nil { 261 t.Error("should not return unauthorized error") 262 } 263 if total != 1 { 264 t.Errorf("total should be 1, got %d", total) 265 } 266 }) 267 }