github.com/fretkak/mattermost-mattermost-server@v5.11.1+incompatible/utils/authorization_test.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package utils 5 6 import ( 7 "encoding/json" 8 "fmt" 9 "io/ioutil" 10 "reflect" 11 "strconv" 12 "strings" 13 "testing" 14 15 "github.com/stretchr/testify/require" 16 17 "github.com/mattermost/mattermost-server/model" 18 ) 19 20 type RoleState struct { 21 RoleName string `json:"roleName"` 22 Permission string `json:"permission"` 23 ShouldHave bool `json:"shouldHave"` 24 } 25 26 func mockConfig() *model.Config { 27 config := model.Config{} 28 config.SetDefaults() 29 return &config 30 } 31 32 func mapping() (map[string]map[string][]RoleState, error) { 33 34 policiesRolesMapping := make(map[string]map[string][]RoleState) 35 36 raw, err := ioutil.ReadFile("./policies-roles-mapping.json") 37 if err != nil { 38 return policiesRolesMapping, err 39 } 40 41 var f map[string]interface{} 42 err = json.Unmarshal(raw, &f) 43 if err != nil { 44 return policiesRolesMapping, err 45 } 46 47 for policyName, value := range f { 48 49 capitalizedName := fmt.Sprintf("%v%v", strings.ToUpper(policyName[:1]), policyName[1:]) 50 policiesRolesMapping[capitalizedName] = make(map[string][]RoleState) 51 52 for policyValue, roleStatesMappings := range value.(map[string]interface{}) { 53 54 var roleStates []RoleState 55 for _, roleStateMapping := range roleStatesMappings.([]interface{}) { 56 57 roleStateMappingJSON, _ := json.Marshal(roleStateMapping) 58 var roleState RoleState 59 _ = json.Unmarshal(roleStateMappingJSON, &roleState) 60 61 roleStates = append(roleStates, roleState) 62 63 } 64 65 policiesRolesMapping[capitalizedName][policyValue] = roleStates 66 67 } 68 69 } 70 71 return policiesRolesMapping, nil 72 } 73 74 func TestSetRolePermissionsFromConfig(t *testing.T) { 75 76 mapping, err := mapping() 77 if err != nil { 78 require.NoError(t, err) 79 } 80 81 for policyName, v := range mapping { 82 for policyValue, rolesMappings := range v { 83 84 config := mockConfig() 85 updateConfig(config, "DEPRECATED_DO_NOT_USE_"+policyName, policyValue) 86 roles := model.MakeDefaultRoles() 87 SetRolePermissionsFromConfig(roles, config, true) 88 89 for _, roleMappingItem := range rolesMappings { 90 role := roles[roleMappingItem.RoleName] 91 92 permission := roleMappingItem.Permission 93 hasPermission := roleHasPermission(role, permission) 94 95 if (roleMappingItem.ShouldHave && !hasPermission) || (!roleMappingItem.ShouldHave && hasPermission) { 96 wording := "not to" 97 if roleMappingItem.ShouldHave { 98 wording = "to" 99 } 100 t.Errorf("Expected '%v' %v have '%v' permission when '%v' is set to '%v'.", role.Name, wording, permission, policyName, policyValue) 101 } 102 103 } 104 105 } 106 } 107 } 108 109 func updateConfig(config *model.Config, key string, value string) { 110 v := reflect.ValueOf(config.ServiceSettings) 111 field := v.FieldByName(key) 112 if !field.IsValid() { 113 v = reflect.ValueOf(config.TeamSettings) 114 field = v.FieldByName(key) 115 } 116 117 switch value { 118 case "true", "false": 119 b, _ := strconv.ParseBool(value) 120 field.Elem().SetBool(b) 121 default: 122 field.Elem().SetString(value) 123 } 124 } 125 126 func roleHasPermission(role *model.Role, permission string) bool { 127 for _, p := range role.Permissions { 128 if p == permission { 129 return true 130 } 131 } 132 return false 133 }