github.com/matrixorigin/matrixone@v0.7.0/pkg/frontend/authenticate2_test.go (about) 1 // Copyright 2021 Matrix Origin 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package frontend 16 17 import ( 18 "github.com/golang/mock/gomock" 19 "github.com/stretchr/testify/assert" 20 "testing" 21 ) 22 23 func Test_verifyAccountCanOperateClusterTable(t *testing.T) { 24 type arg struct { 25 acc *TenantInfo 26 db string 27 op clusterTableOperationType 28 want bool 29 } 30 31 sys := &TenantInfo{ 32 Tenant: sysAccountName, 33 } 34 35 nonSys := &TenantInfo{ 36 Tenant: "abc", 37 } 38 39 var args []arg 40 41 for db := range bannedCatalogDatabases { 42 for i := clusterTableNone; i <= clusterTableDrop; i++ { 43 args = append(args, arg{ 44 acc: sys, 45 db: db, 46 op: i, 47 want: db == moCatalog, 48 }) 49 args = append(args, arg{ 50 acc: sys, 51 db: "abc", 52 op: i, 53 want: false, 54 }) 55 args = append(args, arg{ 56 acc: nonSys, 57 db: db, 58 op: i, 59 want: db == moCatalog && (i == clusterTableNone || i == clusterTableSelect), 60 }) 61 args = append(args, arg{ 62 acc: nonSys, 63 db: "abc", 64 op: i, 65 want: false, 66 }) 67 } 68 } 69 70 for _, a := range args { 71 ret := verifyAccountCanOperateClusterTable(a.acc, a.db, a.op) 72 assert.True(t, ret == a.want) 73 } 74 } 75 76 func Test_verifyLightPrivilege(t *testing.T) { 77 ctrl := gomock.NewController(t) 78 defer ctrl.Finish() 79 80 ses := newTestSession(t, ctrl) 81 defer ses.Dispose() 82 83 sys := &TenantInfo{ 84 Tenant: sysAccountName, 85 } 86 87 nonSys := &TenantInfo{ 88 Tenant: "abc", 89 } 90 91 ses.SetFromRealUser(true) 92 ses.SetTenantInfo(sys) 93 94 var ret bool 95 96 ret = verifyLightPrivilege(ses, moCatalog, true, 97 false, clusterTableNone) 98 assert.False(t, ret) 99 100 ret = verifyLightPrivilege(ses, moCatalog, true, 101 true, clusterTableCreate) 102 assert.True(t, ret) 103 104 ret = verifyLightPrivilege(ses, "abc", true, 105 true, clusterTableCreate) 106 assert.False(t, ret) 107 108 ret = verifyLightPrivilege(ses, "abc", true, 109 false, clusterTableCreate) 110 assert.True(t, ret) 111 112 ret = verifyLightPrivilege(ses, "abc", false, 113 false, clusterTableCreate) 114 assert.True(t, ret) 115 116 ses.SetTenantInfo(nonSys) 117 118 ret = verifyLightPrivilege(ses, moCatalog, true, 119 false, clusterTableNone) 120 assert.False(t, ret) 121 122 ret = verifyLightPrivilege(ses, moCatalog, true, 123 true, clusterTableCreate) 124 assert.False(t, ret) 125 126 ret = verifyLightPrivilege(ses, moCatalog, true, 127 true, clusterTableSelect) 128 assert.True(t, ret) 129 130 ret = verifyLightPrivilege(ses, moCatalog, true, 131 true, clusterTableNone) 132 assert.True(t, ret) 133 134 ret = verifyLightPrivilege(ses, "abc", true, 135 true, clusterTableCreate) 136 assert.False(t, ret) 137 138 ret = verifyLightPrivilege(ses, "abc", true, 139 false, clusterTableCreate) 140 assert.True(t, ret) 141 142 ret = verifyLightPrivilege(ses, "abc", false, 143 false, clusterTableCreate) 144 assert.True(t, ret) 145 }