eintopf.info@v0.13.16/service/group/authorizer_test.go (about) 1 // Copyright (C) 2022 The Eintopf authors 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU Affero General Public License as 5 // published by the Free Software Foundation, either version 3 of the 6 // License, or (at your option) any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU Affero General Public License for more details. 12 // 13 // You should have received a copy of the GNU Affero General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 16 package group_test 17 18 import ( 19 "context" 20 "testing" 21 22 "github.com/petergtz/pegomock" 23 24 "eintopf.info/internal/mock" 25 "eintopf.info/service/auth" 26 "eintopf.info/service/group" 27 ) 28 29 var ( 30 roleAdmin = auth.RoleAdmin 31 roleModertor = auth.RoleModerator 32 roleNormal = auth.RoleNormal 33 ) 34 35 func TestAuthorizerCreate(t *testing.T) { 36 for _, test := range []struct { 37 name string 38 userID string 39 group *group.NewGroup 40 wantError error 41 }{ 42 { 43 name: "UnauthorizedWithNoUserID", 44 userID: "", 45 group: &group.NewGroup{}, 46 wantError: auth.ErrUnauthorized, 47 }, { 48 name: "AuthorizedWithUserID", 49 userID: "foo", 50 group: &group.NewGroup{}, 51 wantError: nil, 52 }, 53 } { 54 t.Run(test.name, func(tt *testing.T) { 55 pegomock.RegisterMockTestingT(tt) 56 ctx := auth.ContextWithID(context.Background(), test.userID) 57 58 mockedService := mock.NewGroupService() 59 authorizer := group.NewAuthorizer(mockedService) 60 61 _, err := authorizer.Create(ctx, test.group) 62 if err != test.wantError { 63 tt.Errorf("err != test.wantError: %s != %s", err, test.wantError) 64 } 65 66 if test.wantError == nil { 67 mockedService.VerifyWasCalledOnce().Create(ctx, test.group) 68 } 69 }) 70 } 71 } 72 73 func TestAuthorizerUpdate(t *testing.T) { 74 for _, test := range []struct { 75 name string 76 userID string 77 role *auth.Role 78 group *group.Group 79 wantError error 80 }{ 81 { 82 name: "UnauthorizedWithNoUserIDAndRole", 83 userID: "", 84 role: nil, 85 group: &group.Group{}, 86 wantError: auth.ErrUnauthorized, 87 }, { 88 name: "AuthorizedWithAdminRole", 89 userID: "foo", 90 role: &roleAdmin, 91 group: &group.Group{OwnedBy: []string{"bar"}}, 92 wantError: nil, 93 }, { 94 name: "AuthorizedWithModeratorRole", 95 userID: "foo", 96 role: &roleModertor, 97 group: &group.Group{OwnedBy: []string{"bar"}}, 98 wantError: nil, 99 }, { 100 name: "UnauthorizedWithNormalRoleNotOwned", 101 userID: "foo", 102 role: &roleNormal, 103 group: &group.Group{OwnedBy: []string{"bar"}}, 104 wantError: auth.ErrUnauthorized, 105 }, { 106 name: "AuthorizedWithNormalRoleOwned", 107 userID: "bar", 108 role: &roleNormal, 109 group: &group.Group{OwnedBy: []string{"bar"}}, 110 wantError: nil, 111 }, 112 } { 113 t.Run(test.name, func(tt *testing.T) { 114 pegomock.RegisterMockTestingT(tt) 115 ctx := auth.ContextWithID(context.Background(), test.userID) 116 if test.role != nil { 117 ctx = auth.ContextWithRole(ctx, *test.role) 118 } 119 120 mockedService := mock.NewGroupService() 121 pegomock.When(mockedService.FindByID(ctx, test.group.ID)). 122 ThenReturn(test.group, nil) 123 authorizer := group.NewAuthorizer(mockedService) 124 125 _, err := authorizer.Update(ctx, test.group) 126 if err != test.wantError { 127 tt.Errorf("err != test.wantError: %s != %s", err, test.wantError) 128 } 129 130 if test.wantError == nil { 131 mockedService.VerifyWasCalledOnce().Update(ctx, test.group) 132 } 133 }) 134 } 135 } 136 137 func TestAuthorizerDelete(t *testing.T) { 138 for _, test := range []struct { 139 name string 140 userID string 141 role *auth.Role 142 group *group.Group 143 wantError error 144 }{ 145 { 146 name: "UnauthorizedWithNoUserIDAndRole", 147 userID: "", 148 role: nil, 149 wantError: auth.ErrUnauthorized, 150 }, { 151 name: "AuthorizedWithAdminRole", 152 userID: "foo", 153 role: &roleAdmin, 154 wantError: nil, 155 }, { 156 name: "UnauthorizedWithModeratorRoleNotOwned", 157 userID: "foo", 158 role: &roleModertor, 159 wantError: auth.ErrUnauthorized, 160 }, { 161 name: "AuthorizedWithModeratorRoleOwned", 162 userID: "bar", 163 role: &roleModertor, 164 wantError: nil, 165 }, { 166 name: "UnauthorizedWithNormalRoleNotOwned", 167 userID: "foo", 168 role: &roleNormal, 169 wantError: auth.ErrUnauthorized, 170 }, { 171 name: "AuthorizedWithNormalRoleOwned", 172 userID: "bar", 173 role: &roleNormal, 174 wantError: nil, 175 }, 176 } { 177 t.Run(test.name, func(tt *testing.T) { 178 pegomock.RegisterMockTestingT(tt) 179 ctx := auth.ContextWithID(context.Background(), test.userID) 180 if test.role != nil { 181 ctx = auth.ContextWithRole(ctx, *test.role) 182 } 183 184 mockedService := mock.NewGroupService() 185 pegomock.When(mockedService.FindByID(ctx, "foobar")). 186 ThenReturn(&group.Group{OwnedBy: []string{"bar"}}, nil) 187 authorizer := group.NewAuthorizer(mockedService) 188 189 err := authorizer.Delete(ctx, "foobar") 190 if err != test.wantError { 191 tt.Errorf("err != test.wantError: %s != %s", err, test.wantError) 192 } 193 194 if test.wantError == nil { 195 mockedService.VerifyWasCalledOnce().Delete(ctx, "foobar") 196 } 197 }) 198 } 199 } 200 201 func TestAuthorizerFind(t *testing.T) { 202 for _, test := range []struct { 203 name string 204 userID string 205 role *auth.Role 206 group *group.Group 207 wantError error 208 }{ 209 { 210 name: "AuthorizedAll", 211 userID: "", 212 role: nil, 213 wantError: nil, 214 }, 215 } { 216 t.Run(test.name, func(tt *testing.T) { 217 pegomock.RegisterMockTestingT(tt) 218 ctx := auth.ContextWithID(context.Background(), test.userID) 219 if test.role != nil { 220 ctx = auth.ContextWithRole(ctx, *test.role) 221 } 222 223 mockedService := mock.NewGroupService() 224 authorizer := group.NewAuthorizer(mockedService) 225 226 _, _, err := authorizer.Find(ctx, nil) 227 if err != test.wantError { 228 tt.Errorf("err != test.wantError: %s != %s", err, test.wantError) 229 } 230 231 if test.wantError == nil { 232 mockedService.VerifyWasCalledOnce().Find(ctx, nil) 233 } 234 }) 235 } 236 } 237 238 func TestAuthorizerFindByID(t *testing.T) { 239 for _, test := range []struct { 240 name string 241 userID string 242 role *auth.Role 243 group *group.Group 244 wantError error 245 }{ 246 { 247 name: "AuthorizedAll", 248 userID: "", 249 role: nil, 250 wantError: nil, 251 }, 252 } { 253 t.Run(test.name, func(tt *testing.T) { 254 pegomock.RegisterMockTestingT(tt) 255 ctx := auth.ContextWithID(context.Background(), test.userID) 256 if test.role != nil { 257 ctx = auth.ContextWithRole(ctx, *test.role) 258 } 259 260 mockedService := mock.NewGroupService() 261 authorizer := group.NewAuthorizer(mockedService) 262 263 _, err := authorizer.FindByID(ctx, "") 264 if err != test.wantError { 265 tt.Errorf("err != test.wantError: %s != %s", err, test.wantError) 266 } 267 268 if test.wantError == nil { 269 mockedService.VerifyWasCalledOnce().FindByID(ctx, "") 270 } 271 }) 272 } 273 }