eintopf.info@v0.13.16/service/event/authorizer_test.go (about) 1 // Copyright (C) 2022 The Eintopf authors 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU Affero General Public License as 5 // published by the Free Software Foundation, either version 3 of the 6 // License, or (at your option) any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU Affero General Public License for more details. 12 // 13 // You should have received a copy of the GNU Affero General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 16 package event_test 17 18 import ( 19 "context" 20 "testing" 21 22 "eintopf.info/internal/crud" 23 "eintopf.info/service/auth" 24 "eintopf.info/service/event" 25 ) 26 27 func TestAuthorizer(t *testing.T) { 28 store := event.NewMemoryStore() 29 e1, _ := store.Create(context.Background(), &event.NewEvent{OwnedBy: []string{"self"}}) 30 e2, _ := store.Create(context.Background(), &event.NewEvent{OwnedBy: []string{"else"}}) 31 e3, _ := store.Create(context.Background(), &event.NewEvent{Organizers: []string{"foo", "id:1"}}) 32 e4, _ := store.Create(context.Background(), &event.NewEvent{Parent: "id:2"}) 33 roleManager := event.NewAuthorizer(store, groupFakeAuthorizer{}) 34 35 for _, test := range []struct { 36 description string 37 role string 38 fn func(context.Context) error 39 want error 40 }{ 41 // Create 42 { 43 "CreateUnauthorized", 44 "none", 45 func(ctx context.Context) error { 46 _, err := roleManager.Create(ctx, &event.NewEvent{}) 47 return err 48 }, 49 auth.ErrUnauthorized, 50 }, { 51 "CreateUserAuthorized", 52 "user", 53 func(ctx context.Context) error { 54 _, err := roleManager.Create(ctx, &event.NewEvent{}) 55 return err 56 }, 57 nil, 58 }, { 59 "CreateAdminAuthorized", 60 "admin", 61 func(ctx context.Context) error { 62 _, err := roleManager.Create(ctx, &event.NewEvent{}) 63 return err 64 }, 65 nil, 66 }, 67 // Update 68 { 69 "UpdateUnauthorized", 70 "none", 71 func(ctx context.Context) error { 72 _, err := roleManager.Update(ctx, e1) 73 return err 74 }, 75 auth.ErrUnauthorized, 76 }, { 77 "UpdateUserUnauthorized", 78 "user", 79 func(ctx context.Context) error { 80 _, err := roleManager.Update(ctx, e2) 81 return err 82 }, 83 auth.ErrUnauthorized, 84 }, { 85 "UpdateAdminAuthorized", 86 "user", 87 func(ctx context.Context) error { 88 _, err := roleManager.Update(ctx, e1) 89 return err 90 }, 91 nil, 92 }, { 93 "UpdateAdminAuthorized", 94 "admin", 95 func(ctx context.Context) error { 96 _, err := roleManager.Update(ctx, e2) 97 return err 98 }, 99 nil, 100 }, { 101 "UpdateOwnedGroupAuthorized", 102 "user1", 103 func(ctx context.Context) error { 104 _, err := roleManager.Update(ctx, e3) 105 return err 106 }, 107 nil, 108 }, { 109 "UpdateNotOwnedGroupUnauthorized", 110 "user2", 111 func(ctx context.Context) error { 112 _, err := roleManager.Update(ctx, e3) 113 return err 114 }, 115 auth.ErrUnauthorized, 116 }, { 117 "UpdateOwnedParent", 118 "user1", 119 func(ctx context.Context) error { 120 _, err := roleManager.Update(ctx, e4) 121 return err 122 }, 123 nil, 124 }, 125 // Delete 126 { 127 "DeleteUnauthorized", 128 "none", 129 func(ctx context.Context) error { 130 e3, _ := store.Create(context.Background(), &event.NewEvent{OwnedBy: []string{"self"}}) 131 return roleManager.Delete(ctx, e3.ID) 132 }, 133 auth.ErrUnauthorized, 134 }, { 135 "DeleteUserUnauthorized", 136 "user", 137 func(ctx context.Context) error { 138 e3, _ := store.Create(context.Background(), &event.NewEvent{OwnedBy: []string{"else"}}) 139 return roleManager.Delete(ctx, e3.ID) 140 }, 141 auth.ErrUnauthorized, 142 }, { 143 "DeleteAdminAuthorized", 144 "user", 145 func(ctx context.Context) error { 146 e3, _ := store.Create(context.Background(), &event.NewEvent{OwnedBy: []string{"self"}}) 147 return roleManager.Delete(ctx, e3.ID) 148 }, 149 nil, 150 }, { 151 "DeleteAdminAuthorized", 152 "admin", 153 func(ctx context.Context) error { 154 e3, _ := store.Create(context.Background(), &event.NewEvent{OwnedBy: []string{"self"}}) 155 return roleManager.Delete(ctx, e3.ID) 156 }, 157 nil, 158 }, 159 // FindByID 160 { 161 "FindByIDAuthorized", 162 "none", 163 func(ctx context.Context) error { 164 _, err := roleManager.FindByID(ctx, e1.ID) 165 return err 166 }, 167 nil, 168 }, 169 // Find 170 { 171 "FindAuthorized", 172 "none", 173 func(ctx context.Context) error { 174 _, _, err := roleManager.Find(ctx, &crud.FindParams[event.FindFilters]{}) 175 return err 176 }, 177 nil, 178 }, 179 } { 180 181 t.Run(test.description, func(tt *testing.T) { 182 ctx := context.Background() 183 switch test.role { 184 case "none": 185 case "admin": 186 ctx = auth.ContextWithID(ctx, "self") 187 ctx = auth.ContextWithRole(ctx, auth.RoleAdmin) 188 case "user": 189 ctx = auth.ContextWithID(ctx, "self") 190 ctx = auth.ContextWithRole(ctx, auth.RoleNormal) 191 case "user1": 192 ctx = auth.ContextWithID(ctx, "1") 193 ctx = auth.ContextWithRole(ctx, auth.RoleNormal) 194 case "user2": 195 ctx = auth.ContextWithID(ctx, "2") 196 ctx = auth.ContextWithRole(ctx, auth.RoleNormal) 197 } 198 err := test.fn(ctx) 199 if test.want != err { 200 tt.Fatalf("expected err to be %v, got %v", test.want, err) 201 } 202 }) 203 } 204 } 205 206 type groupFakeAuthorizer struct{} 207 208 func (g groupFakeAuthorizer) IsOwned(ctx context.Context, groupID string, userID string) bool { 209 if groupID == "1" && userID == "1" { 210 return true 211 } 212 return false 213 }