github.com/mattermosttest/mattermost-server/v5@v5.0.0-20200917143240-9dfa12e121f9/app/permissions_migrations_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package app 5 6 import ( 7 "sort" 8 "testing" 9 10 "github.com/mattermost/mattermost-server/v5/model" 11 "github.com/stretchr/testify/assert" 12 ) 13 14 func TestApplyPermissionsMap(t *testing.T) { 15 tt := []struct { 16 Name string 17 RoleMap map[string]map[string]bool 18 TranslationMap permissionsMap 19 ExpectedResult []string 20 }{ 21 { 22 "Split existing", 23 map[string]map[string]bool{ 24 "system_admin": { 25 "test1": true, 26 "test2": true, 27 "test3": true, 28 }, 29 }, 30 permissionsMap{permissionTransformation{On: permissionExists("test2"), Add: []string{"test4", "test5"}}}, 31 []string{"test1", "test2", "test3", "test4", "test5"}, 32 }, 33 { 34 "Remove existing", 35 map[string]map[string]bool{ 36 "system_admin": { 37 "test1": true, 38 "test2": true, 39 "test3": true, 40 }, 41 }, 42 permissionsMap{permissionTransformation{On: permissionExists("test2"), Remove: []string{"test2"}}}, 43 []string{"test1", "test3"}, 44 }, 45 { 46 "Rename existing", 47 map[string]map[string]bool{ 48 "system_admin": { 49 "test1": true, 50 "test2": true, 51 "test3": true, 52 }, 53 }, 54 permissionsMap{permissionTransformation{On: permissionExists("test2"), Add: []string{"test5"}, Remove: []string{"test2"}}}, 55 []string{"test1", "test3", "test5"}, 56 }, 57 { 58 "Remove when other not exists", 59 map[string]map[string]bool{ 60 "system_admin": { 61 "test1": true, 62 "test2": true, 63 "test3": true, 64 }, 65 }, 66 permissionsMap{permissionTransformation{On: permissionNotExists("test5"), Remove: []string{"test2"}}}, 67 []string{"test1", "test3"}, 68 }, 69 { 70 "Add when at least one exists", 71 map[string]map[string]bool{ 72 "system_admin": { 73 "test1": true, 74 "test2": true, 75 "test3": true, 76 }, 77 }, 78 permissionsMap{permissionTransformation{ 79 On: permissionOr(permissionExists("test5"), permissionExists("test3")), 80 Add: []string{"test4"}, 81 }}, 82 []string{"test1", "test2", "test3", "test4"}, 83 }, 84 { 85 "Add when all exists", 86 map[string]map[string]bool{ 87 "system_admin": { 88 "test1": true, 89 "test2": true, 90 "test3": true, 91 }, 92 }, 93 permissionsMap{permissionTransformation{ 94 On: permissionAnd(permissionExists("test1"), permissionExists("test2")), 95 Add: []string{"test4"}, 96 }}, 97 []string{"test1", "test2", "test3", "test4"}, 98 }, 99 { 100 "Not add when one in the and not exists", 101 map[string]map[string]bool{ 102 "system_admin": { 103 "test1": true, 104 "test2": true, 105 "test3": true, 106 }, 107 }, 108 permissionsMap{permissionTransformation{ 109 On: permissionAnd(permissionExists("test1"), permissionExists("test5")), 110 Add: []string{"test4"}, 111 }}, 112 []string{"test1", "test2", "test3"}, 113 }, 114 { 115 "Not Add when none on the or exists", 116 map[string]map[string]bool{ 117 "system_admin": { 118 "test1": true, 119 "test2": true, 120 "test3": true, 121 }, 122 }, 123 permissionsMap{permissionTransformation{ 124 On: permissionOr(permissionExists("test7"), permissionExists("test9")), 125 Add: []string{"test4"}, 126 }}, 127 []string{"test1", "test2", "test3"}, 128 }, 129 { 130 "When the role matches", 131 map[string]map[string]bool{ 132 "system_admin": { 133 "test1": true, 134 "test2": true, 135 "test3": true, 136 }, 137 }, 138 permissionsMap{permissionTransformation{ 139 On: isRole("system_admin"), 140 Add: []string{"test4"}, 141 }}, 142 []string{"test1", "test2", "test3", "test4"}, 143 }, 144 { 145 "When the role doesn't match", 146 map[string]map[string]bool{ 147 "system_admin": { 148 "test1": true, 149 "test2": true, 150 "test3": true, 151 }, 152 }, 153 permissionsMap{permissionTransformation{ 154 On: isRole("system_user"), 155 Add: []string{"test4"}, 156 }}, 157 []string{"test1", "test2", "test3"}, 158 }, 159 { 160 "Remove a permission conditional on another role having it, success case", 161 map[string]map[string]bool{ 162 "system_admin": { 163 "test1": true, 164 "test2": true, 165 "test3": true, 166 }, 167 "other_role": { 168 "test4": true, 169 }, 170 }, 171 permissionsMap{permissionTransformation{ 172 On: onOtherRole("other_role", permissionExists("test4")), 173 Remove: []string{"test1"}, 174 }}, 175 []string{"test2", "test3"}, 176 }, 177 { 178 "Remove a permission conditional on another role having it, failure case", 179 map[string]map[string]bool{ 180 "system_admin": { 181 "test1": true, 182 "test2": true, 183 "test4": true, 184 }, 185 "other_role": { 186 "test1": true, 187 }, 188 }, 189 permissionsMap{permissionTransformation{ 190 On: onOtherRole("other_role", permissionExists("test4")), 191 Remove: []string{"test1"}, 192 }}, 193 []string{"test1", "test2", "test4"}, 194 }, 195 } 196 197 for _, tc := range tt { 198 t.Run(tc.Name, func(t *testing.T) { 199 result := applyPermissionsMap(&model.Role{Name: "system_admin"}, tc.RoleMap, tc.TranslationMap) 200 sort.Strings(result) 201 assert.Equal(t, tc.ExpectedResult, result) 202 }) 203 } 204 }