github.com/juju/juju@v0.0.0-20240327075706-a90865de2538/core/permission/access_test.go (about) 1 // Copyright 2016 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package permission_test 5 6 import ( 7 jc "github.com/juju/testing/checkers" 8 gc "gopkg.in/check.v1" 9 10 "github.com/juju/juju/core/permission" 11 ) 12 13 type accessSuite struct{} 14 15 var _ = gc.Suite(&accessSuite{}) 16 17 func (*accessSuite) TestEqualOrGreaterModelAccessThan(c *gc.C) { 18 // A very boring but necessary test to test explicit responses. 19 var ( 20 undefined = permission.NoAccess 21 read = permission.ReadAccess 22 write = permission.WriteAccess 23 admin = permission.AdminAccess 24 login = permission.LoginAccess 25 addmodel = permission.AddModelAccess 26 superuser = permission.SuperuserAccess 27 ) 28 // None of the controller permissions return true for any comparison. 29 for _, value := range []permission.Access{login, addmodel, superuser} { 30 c.Check(value.EqualOrGreaterModelAccessThan(undefined), jc.IsFalse) 31 c.Check(value.EqualOrGreaterModelAccessThan(read), jc.IsFalse) 32 c.Check(value.EqualOrGreaterModelAccessThan(write), jc.IsFalse) 33 c.Check(value.EqualOrGreaterModelAccessThan(admin), jc.IsFalse) 34 c.Check(value.EqualOrGreaterModelAccessThan(login), jc.IsFalse) 35 c.Check(value.EqualOrGreaterModelAccessThan(superuser), jc.IsFalse) 36 } 37 // No comparison against a controller permission will return true 38 for _, value := range []permission.Access{undefined, read, write, admin} { 39 c.Check(value.EqualOrGreaterModelAccessThan(login), jc.IsFalse) 40 c.Check(value.EqualOrGreaterModelAccessThan(superuser), jc.IsFalse) 41 } 42 // No comparison against a cloud permission will return true 43 for _, value := range []permission.Access{undefined, read, write, admin} { 44 c.Check(value.EqualOrGreaterModelAccessThan(addmodel), jc.IsFalse) 45 } 46 47 c.Check(undefined.EqualOrGreaterModelAccessThan(undefined), jc.IsTrue) 48 c.Check(undefined.EqualOrGreaterModelAccessThan(read), jc.IsFalse) 49 c.Check(undefined.EqualOrGreaterModelAccessThan(write), jc.IsFalse) 50 c.Check(undefined.EqualOrGreaterModelAccessThan(admin), jc.IsFalse) 51 52 c.Check(read.EqualOrGreaterModelAccessThan(undefined), jc.IsTrue) 53 c.Check(read.EqualOrGreaterModelAccessThan(read), jc.IsTrue) 54 c.Check(read.EqualOrGreaterModelAccessThan(write), jc.IsFalse) 55 c.Check(read.EqualOrGreaterModelAccessThan(admin), jc.IsFalse) 56 57 c.Check(write.EqualOrGreaterModelAccessThan(undefined), jc.IsTrue) 58 c.Check(write.EqualOrGreaterModelAccessThan(read), jc.IsTrue) 59 c.Check(write.EqualOrGreaterModelAccessThan(write), jc.IsTrue) 60 c.Check(write.EqualOrGreaterModelAccessThan(admin), jc.IsFalse) 61 62 c.Check(admin.EqualOrGreaterModelAccessThan(undefined), jc.IsTrue) 63 c.Check(admin.EqualOrGreaterModelAccessThan(read), jc.IsTrue) 64 c.Check(admin.EqualOrGreaterModelAccessThan(write), jc.IsTrue) 65 c.Check(admin.EqualOrGreaterModelAccessThan(admin), jc.IsTrue) 66 } 67 68 func (*accessSuite) TestGreaterModelAccessThan(c *gc.C) { 69 // A very boring but necessary test to test explicit responses. 70 var ( 71 undefined = permission.NoAccess 72 read = permission.ReadAccess 73 write = permission.WriteAccess 74 admin = permission.AdminAccess 75 login = permission.LoginAccess 76 addmodel = permission.AddModelAccess 77 superuser = permission.SuperuserAccess 78 ) 79 // None of undefined or the controller permissions return true for any comparison. 80 for _, value := range []permission.Access{undefined, login, addmodel, superuser} { 81 c.Check(value.GreaterModelAccessThan(undefined), jc.IsFalse) 82 c.Check(value.GreaterModelAccessThan(read), jc.IsFalse) 83 c.Check(value.GreaterModelAccessThan(write), jc.IsFalse) 84 c.Check(value.GreaterModelAccessThan(admin), jc.IsFalse) 85 c.Check(value.GreaterModelAccessThan(login), jc.IsFalse) 86 c.Check(value.GreaterModelAccessThan(superuser), jc.IsFalse) 87 } 88 // No comparison against a controller permission will return true 89 for _, value := range []permission.Access{undefined, read, write, admin} { 90 c.Check(value.GreaterModelAccessThan(login), jc.IsFalse) 91 c.Check(value.GreaterModelAccessThan(superuser), jc.IsFalse) 92 } 93 // No comparison against a cloud permission will return true 94 for _, value := range []permission.Access{undefined, read, write, admin} { 95 c.Check(value.GreaterModelAccessThan(addmodel), jc.IsFalse) 96 } 97 98 c.Check(read.GreaterModelAccessThan(undefined), jc.IsTrue) 99 c.Check(read.GreaterModelAccessThan(read), jc.IsFalse) 100 c.Check(read.GreaterModelAccessThan(write), jc.IsFalse) 101 c.Check(read.GreaterModelAccessThan(admin), jc.IsFalse) 102 103 c.Check(write.GreaterModelAccessThan(undefined), jc.IsTrue) 104 c.Check(write.GreaterModelAccessThan(read), jc.IsTrue) 105 c.Check(write.GreaterModelAccessThan(write), jc.IsFalse) 106 c.Check(write.GreaterModelAccessThan(admin), jc.IsFalse) 107 108 c.Check(admin.GreaterModelAccessThan(undefined), jc.IsTrue) 109 c.Check(admin.GreaterModelAccessThan(read), jc.IsTrue) 110 c.Check(admin.GreaterModelAccessThan(write), jc.IsTrue) 111 c.Check(admin.GreaterModelAccessThan(admin), jc.IsFalse) 112 } 113 114 func (*accessSuite) TestEqualOrGreaterControllerAccessThan(c *gc.C) { 115 // A very boring but necessary test to test explicit responses. 116 var ( 117 undefined = permission.NoAccess 118 read = permission.ReadAccess 119 write = permission.WriteAccess 120 admin = permission.AdminAccess 121 login = permission.LoginAccess 122 addmodel = permission.AddModelAccess 123 superuser = permission.SuperuserAccess 124 ) 125 // None of the model permissions return true for any comparison. 126 for _, value := range []permission.Access{read, write, admin} { 127 c.Check(value.EqualOrGreaterControllerAccessThan(undefined), jc.IsFalse) 128 c.Check(value.EqualOrGreaterControllerAccessThan(read), jc.IsFalse) 129 c.Check(value.EqualOrGreaterControllerAccessThan(write), jc.IsFalse) 130 c.Check(value.EqualOrGreaterControllerAccessThan(admin), jc.IsFalse) 131 c.Check(value.EqualOrGreaterControllerAccessThan(login), jc.IsFalse) 132 c.Check(value.EqualOrGreaterControllerAccessThan(superuser), jc.IsFalse) 133 } 134 // No comparison against a model permission will return true 135 for _, value := range []permission.Access{undefined, login, superuser} { 136 c.Check(value.EqualOrGreaterControllerAccessThan(read), jc.IsFalse) 137 c.Check(value.EqualOrGreaterControllerAccessThan(write), jc.IsFalse) 138 c.Check(value.EqualOrGreaterControllerAccessThan(admin), jc.IsFalse) 139 } 140 // No comparison against a cloud permission will return true 141 for _, value := range []permission.Access{undefined, login, superuser} { 142 c.Check(value.EqualOrGreaterControllerAccessThan(addmodel), jc.IsFalse) 143 } 144 145 c.Check(undefined.EqualOrGreaterControllerAccessThan(undefined), jc.IsTrue) 146 c.Check(undefined.EqualOrGreaterControllerAccessThan(login), jc.IsFalse) 147 c.Check(undefined.EqualOrGreaterControllerAccessThan(superuser), jc.IsFalse) 148 149 c.Check(login.EqualOrGreaterControllerAccessThan(undefined), jc.IsTrue) 150 c.Check(login.EqualOrGreaterControllerAccessThan(login), jc.IsTrue) 151 c.Check(login.EqualOrGreaterControllerAccessThan(superuser), jc.IsFalse) 152 153 c.Check(superuser.EqualOrGreaterControllerAccessThan(undefined), jc.IsTrue) 154 c.Check(superuser.EqualOrGreaterControllerAccessThan(login), jc.IsTrue) 155 c.Check(superuser.EqualOrGreaterControllerAccessThan(superuser), jc.IsTrue) 156 } 157 158 func (*accessSuite) TestGreaterControllerAccessThan(c *gc.C) { 159 // A very boring but necessary test to test explicit responses. 160 var ( 161 undefined = permission.NoAccess 162 read = permission.ReadAccess 163 write = permission.WriteAccess 164 admin = permission.AdminAccess 165 login = permission.LoginAccess 166 addmodel = permission.AddModelAccess 167 superuser = permission.SuperuserAccess 168 ) 169 // None of undefined or the model permissions return true for any comparison. 170 for _, value := range []permission.Access{undefined, read, write, admin} { 171 c.Check(value.GreaterControllerAccessThan(undefined), jc.IsFalse) 172 c.Check(value.GreaterControllerAccessThan(read), jc.IsFalse) 173 c.Check(value.GreaterControllerAccessThan(write), jc.IsFalse) 174 c.Check(value.GreaterControllerAccessThan(admin), jc.IsFalse) 175 c.Check(value.GreaterControllerAccessThan(login), jc.IsFalse) 176 c.Check(value.GreaterControllerAccessThan(superuser), jc.IsFalse) 177 } 178 // No comparison against a model permission will return true 179 for _, value := range []permission.Access{undefined, login, superuser} { 180 c.Check(value.GreaterControllerAccessThan(read), jc.IsFalse) 181 c.Check(value.GreaterControllerAccessThan(write), jc.IsFalse) 182 c.Check(value.GreaterControllerAccessThan(admin), jc.IsFalse) 183 } 184 // No comparison against a cloud permission will return true 185 for _, value := range []permission.Access{undefined, login, superuser} { 186 c.Check(value.GreaterModelAccessThan(addmodel), jc.IsFalse) 187 } 188 189 c.Check(login.GreaterControllerAccessThan(undefined), jc.IsTrue) 190 c.Check(login.GreaterControllerAccessThan(login), jc.IsFalse) 191 c.Check(login.GreaterControllerAccessThan(superuser), jc.IsFalse) 192 193 c.Check(superuser.GreaterControllerAccessThan(undefined), jc.IsTrue) 194 c.Check(superuser.GreaterControllerAccessThan(login), jc.IsTrue) 195 c.Check(superuser.GreaterControllerAccessThan(superuser), jc.IsFalse) 196 } 197 198 func (*accessSuite) TestEqualOrGreaterCloudAccessThan(c *gc.C) { 199 // A very boring but necessary test to test explicit responses. 200 var ( 201 undefined = permission.NoAccess 202 read = permission.ReadAccess 203 write = permission.WriteAccess 204 admin = permission.AdminAccess 205 login = permission.LoginAccess 206 addmodel = permission.AddModelAccess 207 superuser = permission.SuperuserAccess 208 ) 209 // None of the model permissions return true for any comparison. 210 for _, value := range []permission.Access{read, write} { 211 c.Check(value.EqualOrGreaterControllerAccessThan(addmodel), jc.IsFalse) 212 } 213 // No comparison against a model permission will return true 214 for _, value := range []permission.Access{addmodel} { 215 c.Check(value.EqualOrGreaterControllerAccessThan(read), jc.IsFalse) 216 c.Check(value.EqualOrGreaterControllerAccessThan(write), jc.IsFalse) 217 } 218 // No comparison against a controller permission will return true 219 for _, value := range []permission.Access{undefined, login, superuser} { 220 c.Check(value.EqualOrGreaterControllerAccessThan(addmodel), jc.IsFalse) 221 } 222 223 c.Check(addmodel.EqualOrGreaterCloudAccessThan(addmodel), jc.IsTrue) 224 c.Check(addmodel.EqualOrGreaterCloudAccessThan(admin), jc.IsFalse) 225 c.Check(admin.EqualOrGreaterCloudAccessThan(addmodel), jc.IsTrue) 226 }