github.com/haalcala/mattermost-server-change-repo/v5@v5.33.2/app/permissions_migrations_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package app 5 6 import ( 7 "sort" 8 "testing" 9 10 "github.com/stretchr/testify/assert" 11 12 "github.com/mattermost/mattermost-server/v5/model" 13 ) 14 15 func TestApplyPermissionsMap(t *testing.T) { 16 tt := []struct { 17 Name string 18 RoleMap map[string]map[string]bool 19 TranslationMap permissionsMap 20 ExpectedResult []string 21 }{ 22 { 23 "Split existing", 24 map[string]map[string]bool{ 25 "system_admin": { 26 "test1": true, 27 "test2": true, 28 "test3": true, 29 }, 30 }, 31 permissionsMap{permissionTransformation{On: permissionExists("test2"), Add: []string{"test4", "test5"}}}, 32 []string{"test1", "test2", "test3", "test4", "test5"}, 33 }, 34 { 35 "Remove existing", 36 map[string]map[string]bool{ 37 "system_admin": { 38 "test1": true, 39 "test2": true, 40 "test3": true, 41 }, 42 }, 43 permissionsMap{permissionTransformation{On: permissionExists("test2"), Remove: []string{"test2"}}}, 44 []string{"test1", "test3"}, 45 }, 46 { 47 "Rename existing", 48 map[string]map[string]bool{ 49 "system_admin": { 50 "test1": true, 51 "test2": true, 52 "test3": true, 53 }, 54 }, 55 permissionsMap{permissionTransformation{On: permissionExists("test2"), Add: []string{"test5"}, Remove: []string{"test2"}}}, 56 []string{"test1", "test3", "test5"}, 57 }, 58 { 59 "Remove when other not exists", 60 map[string]map[string]bool{ 61 "system_admin": { 62 "test1": true, 63 "test2": true, 64 "test3": true, 65 }, 66 }, 67 permissionsMap{permissionTransformation{On: permissionNotExists("test5"), Remove: []string{"test2"}}}, 68 []string{"test1", "test3"}, 69 }, 70 { 71 "Add when at least one exists", 72 map[string]map[string]bool{ 73 "system_admin": { 74 "test1": true, 75 "test2": true, 76 "test3": true, 77 }, 78 }, 79 permissionsMap{permissionTransformation{ 80 On: permissionOr(permissionExists("test5"), permissionExists("test3")), 81 Add: []string{"test4"}, 82 }}, 83 []string{"test1", "test2", "test3", "test4"}, 84 }, 85 { 86 "Add when all exists", 87 map[string]map[string]bool{ 88 "system_admin": { 89 "test1": true, 90 "test2": true, 91 "test3": true, 92 }, 93 }, 94 permissionsMap{permissionTransformation{ 95 On: permissionAnd(permissionExists("test1"), permissionExists("test2")), 96 Add: []string{"test4"}, 97 }}, 98 []string{"test1", "test2", "test3", "test4"}, 99 }, 100 { 101 "Not add when one in the and not exists", 102 map[string]map[string]bool{ 103 "system_admin": { 104 "test1": true, 105 "test2": true, 106 "test3": true, 107 }, 108 }, 109 permissionsMap{permissionTransformation{ 110 On: permissionAnd(permissionExists("test1"), permissionExists("test5")), 111 Add: []string{"test4"}, 112 }}, 113 []string{"test1", "test2", "test3"}, 114 }, 115 { 116 "Not Add when none on the or exists", 117 map[string]map[string]bool{ 118 "system_admin": { 119 "test1": true, 120 "test2": true, 121 "test3": true, 122 }, 123 }, 124 permissionsMap{permissionTransformation{ 125 On: permissionOr(permissionExists("test7"), permissionExists("test9")), 126 Add: []string{"test4"}, 127 }}, 128 []string{"test1", "test2", "test3"}, 129 }, 130 { 131 "When the role matches", 132 map[string]map[string]bool{ 133 "system_admin": { 134 "test1": true, 135 "test2": true, 136 "test3": true, 137 }, 138 }, 139 permissionsMap{permissionTransformation{ 140 On: isRole("system_admin"), 141 Add: []string{"test4"}, 142 }}, 143 []string{"test1", "test2", "test3", "test4"}, 144 }, 145 { 146 "When the role doesn't match", 147 map[string]map[string]bool{ 148 "system_admin": { 149 "test1": true, 150 "test2": true, 151 "test3": true, 152 }, 153 }, 154 permissionsMap{permissionTransformation{ 155 On: isRole("system_user"), 156 Add: []string{"test4"}, 157 }}, 158 []string{"test1", "test2", "test3"}, 159 }, 160 { 161 "Remove a permission conditional on another role having it, success case", 162 map[string]map[string]bool{ 163 "system_admin": { 164 "test1": true, 165 "test2": true, 166 "test3": true, 167 }, 168 "other_role": { 169 "test4": true, 170 }, 171 }, 172 permissionsMap{permissionTransformation{ 173 On: onOtherRole("other_role", permissionExists("test4")), 174 Remove: []string{"test1"}, 175 }}, 176 []string{"test2", "test3"}, 177 }, 178 { 179 "Remove a permission conditional on another role having it, failure case", 180 map[string]map[string]bool{ 181 "system_admin": { 182 "test1": true, 183 "test2": true, 184 "test4": true, 185 }, 186 "other_role": { 187 "test1": true, 188 }, 189 }, 190 permissionsMap{permissionTransformation{ 191 On: onOtherRole("other_role", permissionExists("test4")), 192 Remove: []string{"test1"}, 193 }}, 194 []string{"test1", "test2", "test4"}, 195 }, 196 } 197 198 for _, tc := range tt { 199 t.Run(tc.Name, func(t *testing.T) { 200 result := applyPermissionsMap(&model.Role{Name: "system_admin"}, tc.RoleMap, tc.TranslationMap) 201 sort.Strings(result) 202 assert.Equal(t, tc.ExpectedResult, result) 203 }) 204 } 205 }