github.com/bingoohuang/gg@v0.0.0-20240325092523-45da7dee9335/pkg/rbac/rbac_test.go (about) 1 package rbac_test 2 3 import ( 4 "os" 5 "testing" 6 7 "github.com/bingoohuang/gg/pkg/rbac" 8 "gorm.io/driver/mysql" 9 "gorm.io/gorm" 10 "gorm.io/gorm/logger" 11 ) 12 13 var db *gorm.DB 14 15 func TestMain(m *testing.M) { 16 dsn := "root:root@tcp(127.0.0.1:3306)/db_test?charset=utf8mb4&parseTime=True&loc=Local" 17 18 db, _ = gorm.Open(mysql.Open(dsn), &gorm.Config{ 19 Logger: logger.Default.LogMode(logger.Silent), 20 }) 21 22 // call flag.Parse() here if TestMain uses flags 23 os.Exit(m.Run()) 24 } 25 26 func TestNewRole(t *testing.T) { 27 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 28 29 // test create role 30 err := auth.NewRole("role-a") 31 if err != nil { 32 t.Error("an error was not expected while creating role ", err) 33 } 34 35 var c int64 36 res := db.Model(rbac.Role{}).Where("name=?", "role-a").Count(&c) 37 if res.Error != nil { 38 t.Error("unexpected error while storing role: ", err) 39 } 40 if c == 0 { 41 t.Error("role has not been stored") 42 } 43 44 // test duplicated entries 45 auth.NewRole("role-a") 46 auth.NewRole("role-a") 47 auth.NewRole("role-a") 48 db.Model(rbac.Role{}).Where("name=?", "role-a").Count(&c) 49 if c > 1 { 50 t.Error("unexpected duplicated entries for role") 51 } 52 53 // clean up 54 db.Where("name=?", "role-a").Delete(rbac.Role{}) 55 } 56 57 func TestNewPerm(t *testing.T) { 58 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 59 60 // test create perm 61 err := auth.NewPerm("perm-a") 62 if err != nil { 63 t.Error("an error was not expected while creating permision ", err) 64 } 65 66 var c int64 67 res := db.Model(rbac.Perm{}).Where("name=?", "perm-a").Count(&c) 68 if res.Error != nil { 69 t.Error("unexpected error while storing perm: ", err) 70 } 71 if c == 0 { 72 t.Error("perm has not been stored") 73 } 74 75 // test duplicated entries 76 auth.NewPerm("perm-a") 77 auth.NewPerm("perm-a") 78 auth.NewPerm("perm-a") 79 db.Model(rbac.Role{}).Where("name=?", "perm-a").Count(&c) 80 if c > 1 { 81 t.Error("unexpected duplicated entries for perm") 82 } 83 84 // clean up 85 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 86 } 87 88 func TestAssignPerm(t *testing.T) { 89 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 90 // first create a role 91 err := auth.NewRole("role-a") 92 if err != nil { 93 t.Error("unexpected error while creating role.", err) 94 } 95 96 // second test create perms 97 err = auth.NewPerm("perm-a") 98 if err != nil { 99 t.Error("unexpected error while creating perm to be assigned.", err) 100 } 101 err = auth.NewPerm("perm-b") 102 if err != nil { 103 t.Error("unexpected error while creating perm to be assigned.", err) 104 } 105 106 // assign the perms 107 err = auth.AssignPerms("role-a", "perm-a", "perm-b") 108 if err != nil { 109 t.Error("unexpected error while assigning perms.", err) 110 } 111 112 // assign to missing role 113 err = auth.AssignPerms("role-aa", "perm-a", "perm-b") 114 if err == nil { 115 t.Error("expecting error when assigning to missing role") 116 } 117 118 // assign to missing perm 119 err = auth.AssignPerms("role-a", "perm-aa") 120 if err == nil { 121 t.Error("expecting error when assigning missing perm") 122 } 123 124 var r rbac.Role 125 db.Where("name=?", "role-a").First(&r) 126 var rolePermsCount int64 127 db.Model(rbac.RolePerm{}).Where("role_id=?", r.ID).Count(&rolePermsCount) 128 if rolePermsCount != 2 { 129 t.Error("failed assigning roles to perm") 130 } 131 132 // clean up 133 db.Where("role_id=?", r.ID).Delete(rbac.RolePerm{}) 134 db.Where("name=?", "role-a").Delete(rbac.Role{}) 135 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 136 db.Where("name=?", "perm-b").Delete(rbac.Perm{}) 137 } 138 139 func TestAssignRole(t *testing.T) { 140 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 141 142 // first create a role 143 err := auth.NewRole("role-a") 144 if err != nil { 145 t.Error("unexpected error while creating role to be assigned.", err) 146 } 147 148 // assign the role 149 err = auth.AssignRole(1, "role-a") 150 if err != nil { 151 t.Error("unexpected error while assigning role.", err) 152 } 153 154 // double assign the role 155 err = auth.AssignRole(1, "role-a") 156 if err != nil { 157 t.Error("unexpected error when assign a role to user more than one time", err) 158 } 159 160 // assign a second role 161 auth.NewRole("role-b") 162 err = auth.AssignRole(1, "role-b") 163 if err != nil { 164 t.Error("un expected error when assigning a second role. ", err) 165 } 166 167 // assign missing role 168 err = auth.AssignRole(1, "role-aa") 169 if err == nil { 170 t.Error("expecting an error when assigning role to a user") 171 } 172 173 var r rbac.Role 174 db.Where("name=?", "role-a").First(&r) 175 var userRoles int64 176 db.Model(rbac.UserRole{}).Where("role_id=?", r.ID).Count(&userRoles) 177 if userRoles != 1 { 178 t.Error("failed assigning roles to perm") 179 } 180 181 // clean up 182 db.Where("user_id=?", 1).Delete(rbac.UserRole{}) 183 db.Where("name=?", "role-a").Delete(rbac.Role{}) 184 db.Where("name=?", "role-b").Delete(rbac.Role{}) 185 } 186 187 func TestCheckRole(t *testing.T) { 188 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 189 190 // first create a role and assign it to a user 191 err := auth.NewRole("role-a") 192 if err != nil { 193 t.Error("unexpected error while creating role to be assigned.", err) 194 } 195 // assign the role 196 err = auth.AssignRole(1, "role-a") 197 if err != nil { 198 t.Error("unexpected error while assigning role.", err) 199 } 200 201 // assert 202 ok, err := auth.CheckRole(1, "role-a") 203 if err != nil { 204 t.Error("unexpected error while checking user for assigned role.", err) 205 } 206 if !ok { 207 t.Error("failed to check assinged role") 208 } 209 210 // check aa missing role 211 _, err = auth.CheckRole(1, "role-aa") 212 if err == nil { 213 t.Error("expecting an error when checking a missing role") 214 } 215 216 // check a missing user 217 ok, _ = auth.CheckRole(11, "role-a") 218 if ok { 219 t.Error("expecting false when checking missing role") 220 } 221 222 // clean up 223 var r rbac.Role 224 db.Where("name=?", "role-a").First(&r) 225 db.Where("role_id=?", r.ID).Delete(rbac.UserRole{}) 226 db.Where("name=?", "role-a").Delete(rbac.Role{}) 227 } 228 229 func TestCheckPerm(t *testing.T) { 230 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 231 // first create a role 232 err := auth.NewRole("role-a") 233 if err != nil { 234 t.Error("unexpected error while creating role.", err) 235 } 236 237 // create perms 238 err = auth.NewPerm("perm-a") 239 if err != nil { 240 t.Error("unexpected error while creating perm to be assigned.", err) 241 } 242 err = auth.NewPerm("perm-b") 243 if err != nil { 244 t.Error("unexpected error while creating perm to be assigned.", err) 245 } 246 247 // assign the perms 248 err = auth.AssignPerms("role-a", "perm-a", "perm-b") 249 if err != nil { 250 t.Error("unexpected error while assigning perms.", err) 251 } 252 253 // test when no role is assigned 254 ok, err := auth.CheckPerm(1, "perm-a") 255 if err != nil { 256 t.Error("expecting error to be nil when no role is assigned") 257 } 258 if ok { 259 t.Error("expecting false to be returned when no role is assigned") 260 } 261 262 // assign the role 263 err = auth.AssignRole(1, "role-a") 264 if err != nil { 265 t.Error("unexpected error while assigning role.", err) 266 } 267 268 // test a perm of an assigned role 269 ok, err = auth.CheckPerm(1, "perm-a") 270 if err != nil { 271 t.Error("unexpected error while checking perm of a user.", err) 272 } 273 if !ok { 274 t.Error("expecting true to be returned") 275 } 276 277 // check when user does not have roles 278 ok, _ = auth.CheckPerm(111, "perm-a") 279 if ok { 280 t.Error("expecting an false when checking perm of not assigned user") 281 } 282 283 // test assigning missing perm 284 _, err = auth.CheckPerm(1, "perm-aa") 285 if err == nil { 286 t.Error("expecting an error when checking a missing perm") 287 } 288 289 // check for an exist but not assigned perm 290 auth.NewPerm("perm-c") 291 ok, _ = auth.CheckPerm(1, "perm-c") 292 if ok { 293 t.Error("expecting false when checking for not assigned perms") 294 } 295 296 // clean up 297 var r rbac.Role 298 db.Where("name=?", "role-a").First(&r) 299 db.Where("role_id=?", r.ID).Delete(rbac.UserRole{}) 300 db.Where("role_id=?", r.ID).Delete(rbac.RolePerm{}) 301 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 302 db.Where("name=?", "perm-b").Delete(rbac.Perm{}) 303 db.Where("name=?", "perm-c").Delete(rbac.Perm{}) 304 db.Where("name=?", "role-a").Delete(rbac.Role{}) 305 } 306 307 func TestCheckRolePerm(t *testing.T) { 308 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 309 310 // first create a role 311 err := auth.NewRole("role-a") 312 if err != nil { 313 t.Error("unexpected error while creating role.", err) 314 } 315 316 // second test create perms 317 err = auth.NewPerm("perm-a") 318 if err != nil { 319 t.Error("unexpected error while creating perm to be assigned.", err) 320 } 321 err = auth.NewPerm("perm-b") 322 if err != nil { 323 t.Error("unexpected error while creating perm to be assigned.", err) 324 } 325 326 // third assign the perms 327 err = auth.AssignPerms("role-a", "perm-a", "perm-b") 328 if err != nil { 329 t.Error("unexpected error while assigning perms.", err) 330 } 331 332 // check the role perm 333 ok, err := auth.CheckRolePerm("role-a", "perm-a") 334 if err != nil { 335 t.Error("unexpected error while checking role perm.", err) 336 } 337 if !ok { 338 t.Error("failed assigning roles to perm check") 339 } 340 341 // check a missing role 342 _, err = auth.CheckRolePerm("role-aa", "perm-a") 343 if err == nil { 344 t.Error("expecting an error when checking permisson of missing role") 345 } 346 347 // check with missing perm 348 _, err = auth.CheckRolePerm("role-a", "perm-aa") 349 if err == nil { 350 t.Error("expecting an error when checking missing perm") 351 } 352 353 // check with not assigned perm 354 auth.NewPerm("perm-c") 355 ok, _ = auth.CheckRolePerm("role-a", "perm-c") 356 if ok { 357 t.Error("expecting false when checking a missing perm") 358 } 359 360 // clean up 361 var r rbac.Role 362 db.Where("name=?", "role-a").First(&r) 363 db.Where("role_id=?", r.ID).Delete(rbac.RolePerm{}) 364 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 365 db.Where("name=?", "perm-b").Delete(rbac.Perm{}) 366 db.Where("name=?", "perm-c").Delete(rbac.Perm{}) 367 db.Where("name=?", "role-a").Delete(rbac.Role{}) 368 } 369 370 func TestRevokeRole(t *testing.T) { 371 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 372 373 // first create a role 374 err := auth.NewRole("role-a") 375 if err != nil { 376 t.Error("unexpected error while creating role.", err) 377 } 378 379 // assign the role 380 err = auth.AssignRole(1, "role-a") 381 if err != nil { 382 t.Error("unexpected error while assigning role.", err) 383 } 384 385 // test 386 err = auth.RevokeRole(1, "role-a") 387 if err != nil { 388 t.Error("unexpected error revoking user role.", err) 389 } 390 // revoke missing role 391 err = auth.RevokeRole(1, "role-aa") 392 if err == nil { 393 t.Error("expecting error when revoking a missing role") 394 } 395 396 var c int64 397 db.Model(rbac.UserRole{}).Where("user_id=?", 1).Count(&c) 398 if c != 0 { 399 t.Error("failed assert revoking user role") 400 } 401 402 var r rbac.Role 403 db.Where("name=?", "role-a").First(&r) 404 db.Where("role_id=?", r.ID).Delete(rbac.UserRole{}) 405 db.Where("name=?", "role-a").Delete(rbac.Role{}) 406 } 407 408 func TestRevokePerm(t *testing.T) { 409 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 410 411 // first create a role 412 err := auth.NewRole("role-a") 413 if err != nil { 414 t.Error("unexpected error while creating role.", err) 415 } 416 // second test create perms 417 err = auth.NewPerm("perm-a") 418 if err != nil { 419 t.Error("unexpected error while creating perm to be assigned.", err) 420 } 421 err = auth.NewPerm("perm-b") 422 if err != nil { 423 t.Error("unexpected error while creating perm to be assigned.", err) 424 } 425 426 // third assign the perms 427 err = auth.AssignPerms("role-a", "perm-a", "perm-b") 428 if err != nil { 429 t.Error("unexpected error while assigning perms.", err) 430 } 431 432 // assign the role 433 err = auth.AssignRole(1, "role-a") 434 if err != nil { 435 t.Error("unexpected error while assigning role.", err) 436 } 437 438 // case: user not assigned role 439 err = auth.RevokePerm(11, "perm-a") 440 if err != nil { 441 t.Error("expecting error to be nil", err) 442 } 443 444 // test 445 err = auth.RevokePerm(1, "perm-a") 446 if err != nil { 447 t.Error("unexpected error while revoking role perms.", err) 448 } 449 450 // revoke missing permissin 451 err = auth.RevokePerm(1, "perm-aa") 452 if err == nil { 453 t.Error("expecting error when revoking a missing perm") 454 } 455 456 // assert, count assigned perm, should be one 457 var r rbac.Role 458 db.Where("name=?", "role-a").First(&r) 459 var c int64 460 db.Model(rbac.RolePerm{}).Where("role_id=?", r.ID).Count(&c) 461 if c != 1 { 462 t.Error("failed assert revoking perm role") 463 } 464 465 // clean up 466 db.Where("role_id=?", r.ID).Delete(rbac.UserRole{}) 467 db.Where("role_id=?", r.ID).Delete(rbac.RolePerm{}) 468 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 469 db.Where("name=?", "perm-b").Delete(rbac.Perm{}) 470 db.Where("name=?", "role-a").Delete(rbac.Role{}) 471 } 472 473 func TestRevokeRolePerm(t *testing.T) { 474 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 475 476 // first create a role 477 err := auth.NewRole("role-a") 478 if err != nil { 479 t.Error("unexpected error while creating role.", err) 480 } 481 // second test create perms 482 err = auth.NewPerm("perm-a") 483 if err != nil { 484 t.Error("unexpected error while creating perm to be assigned.", err) 485 } 486 err = auth.NewPerm("perm-b") 487 if err != nil { 488 t.Error("unexpected error while creating perm to be assigned.", err) 489 } 490 491 // third assign the perms 492 err = auth.AssignPerms("role-a", "perm-a", "perm-b") 493 if err != nil { 494 t.Error("unexpected error while assigning perms.", err) 495 } 496 497 // test revoke missing role 498 err = auth.RevokeRolePerm("role-aa", "perm-a") 499 if err == nil { 500 t.Error("expecting an error when revoking a missing role") 501 } 502 503 // test revoke missing perm 504 err = auth.RevokeRolePerm("role-a", "perm-aa") 505 if err == nil { 506 t.Error("expecting an error when revoking a missing perm") 507 } 508 509 err = auth.RevokeRolePerm("role-a", "perm-a") 510 if err != nil { 511 t.Error("unexpected error while revoking role perms.", err) 512 } 513 // assert, count assigned perm, should be one 514 var r rbac.Role 515 db.Where("name=?", "role-a").First(&r) 516 var c int64 517 db.Model(rbac.RolePerm{}).Where("role_id=?", r.ID).Count(&c) 518 if c != 1 { 519 t.Error("failed assert revoking perm role") 520 } 521 522 // clean up 523 db.Where("role_id=?", r.ID).Delete(rbac.RolePerm{}) 524 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 525 db.Where("name=?", "perm-b").Delete(rbac.Perm{}) 526 db.Where("name=?", "role-a").Delete(rbac.Role{}) 527 } 528 529 func TestGetRoles(t *testing.T) { 530 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 531 532 // first create roles 533 err := auth.NewRole("role-a") 534 if err != nil { 535 t.Error("unexpected error while creating role.", err) 536 } 537 err = auth.NewRole("role-b") 538 if err != nil { 539 t.Error("unexpected error while creating role.", err) 540 } 541 542 // test 543 roles, err := auth.GetRoles() 544 // check 545 if len(roles) != 2 { 546 t.Error("failed assert getting roles") 547 } 548 db.Where("name=?", "role-a").Delete(rbac.Role{}) 549 db.Where("name=?", "role-b").Delete(rbac.Role{}) 550 } 551 552 func TestGetPerms(t *testing.T) { 553 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 554 555 // first create perm 556 err := auth.NewPerm("perm-a") 557 if err != nil { 558 t.Error("unexpected error while creating perm.", err) 559 } 560 err = auth.NewPerm("perm-b") 561 if err != nil { 562 t.Error("unexpected error while creating perm.", err) 563 } 564 565 // test 566 perms, err := auth.GetPerms() 567 // check 568 if len(perms) != 2 { 569 t.Error("failed assert getting perm") 570 } 571 db.Where("name=?", "perm-a").Delete(rbac.Perm{}) 572 db.Where("name=?", "perm-b").Delete(rbac.Perm{}) 573 } 574 575 func TestDeleteRole(t *testing.T) { 576 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 577 578 err := auth.NewRole("role-a") 579 if err != nil { 580 t.Error("unexpected error while creating role.", err) 581 } 582 583 // test delete a missing role 584 err = auth.DeleteRole("role-aa") 585 if err == nil { 586 t.Error("expecting an error when deleting a missing role") 587 } 588 589 // test delete an assigned role 590 auth.AssignRole(1, "role-a") 591 err = auth.DeleteRole("role-a") 592 if err == nil { 593 t.Error("expecting an error when deleting an assigned role") 594 } 595 auth.RevokeRole(1, "role-a") 596 597 err = auth.DeleteRole("role-a") 598 if err != nil { 599 t.Error("unexpected error while deleting role.", err) 600 } 601 602 var c int64 603 db.Model(rbac.Role{}).Count(&c) 604 if c != 0 { 605 t.Error("failed assert deleting role") 606 } 607 } 608 609 func TestDeletePerm(t *testing.T) { 610 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 611 612 err := auth.NewPerm("perm-a") 613 if err != nil { 614 t.Error("unexpected error while creating perm.", err) 615 } 616 617 // delete missing perm 618 err = auth.DeletePerm("perm-aa") 619 if err == nil { 620 t.Error("expecting an error when deleting a missing perm") 621 } 622 623 // delete an assigned perm 624 auth.NewRole("role-a") 625 auth.AssignPerms("role-a", "perm-a") 626 627 // delete assinged perm 628 err = auth.DeletePerm("perm-a") 629 if err == nil { 630 t.Error("expecting an error when deleting assigned perm") 631 } 632 633 auth.RevokeRolePerm("role-a", "perm-a") 634 635 err = auth.DeletePerm("perm-a") 636 if err != nil { 637 t.Error("unexpected error while deleting perm.", err) 638 } 639 640 var c int64 641 db.Model(rbac.Perm{}).Count(&c) 642 if c != 0 { 643 t.Error("failed assert deleting perm") 644 } 645 646 // clean up 647 auth.DeleteRole("role-a") 648 } 649 650 func TestGetUserRoles(t *testing.T) { 651 auth := rbac.New(rbac.Options{TablesPrefix: "rbac_", DB: db}) 652 653 // first create a role 654 auth.NewRole("role-a") 655 auth.NewRole("role-b") 656 auth.AssignRole(1, "role-a") 657 auth.AssignRole(1, "role-b") 658 659 roles, _ := auth.GetUserRoles(1) 660 if len(roles) != 2 { 661 t.Error("expeting two roles to be returned") 662 } 663 664 if !sliceHasString(roles, "role-a") { 665 t.Error("missing role in returned roles") 666 } 667 668 if !sliceHasString(roles, "role-b") { 669 t.Error("missing role in returned roles") 670 } 671 672 db.Where("user_id=?", 1).Delete(rbac.UserRole{}) 673 db.Where("name=?", "role-a").Delete(rbac.Role{}) 674 db.Where("name=?", "role-b").Delete(rbac.Role{}) 675 } 676 677 func sliceHasString(s []string, val string) bool { 678 for _, v := range s { 679 if v == val { 680 return true 681 } 682 } 683 684 return false 685 }