github.com/nhannv/mattermost-server@v5.11.1+incompatible/app/permissions_migrations_test.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "sort" 8 "testing" 9 10 "github.com/stretchr/testify/assert" 11 ) 12 13 func TestApplyPermissionsMap(t *testing.T) { 14 tt := []struct { 15 Name string 16 RoleMap map[string]map[string]bool 17 TranslationMap permissionsMap 18 ExpectedResult []string 19 }{ 20 { 21 "Split existing", 22 map[string]map[string]bool{ 23 "system_admin": { 24 "test1": true, 25 "test2": true, 26 "test3": true, 27 }, 28 }, 29 permissionsMap{permissionTransformation{On: permissionExists("test2"), Add: []string{"test4", "test5"}}}, 30 []string{"test1", "test2", "test3", "test4", "test5"}, 31 }, 32 { 33 "Remove existing", 34 map[string]map[string]bool{ 35 "system_admin": { 36 "test1": true, 37 "test2": true, 38 "test3": true, 39 }, 40 }, 41 permissionsMap{permissionTransformation{On: permissionExists("test2"), Remove: []string{"test2"}}}, 42 []string{"test1", "test3"}, 43 }, 44 { 45 "Rename existing", 46 map[string]map[string]bool{ 47 "system_admin": { 48 "test1": true, 49 "test2": true, 50 "test3": true, 51 }, 52 }, 53 permissionsMap{permissionTransformation{On: permissionExists("test2"), Add: []string{"test5"}, Remove: []string{"test2"}}}, 54 []string{"test1", "test3", "test5"}, 55 }, 56 { 57 "Remove when other not exists", 58 map[string]map[string]bool{ 59 "system_admin": { 60 "test1": true, 61 "test2": true, 62 "test3": true, 63 }, 64 }, 65 permissionsMap{permissionTransformation{On: permissionNotExists("test5"), Remove: []string{"test2"}}}, 66 []string{"test1", "test3"}, 67 }, 68 { 69 "Add when at least one exists", 70 map[string]map[string]bool{ 71 "system_admin": { 72 "test1": true, 73 "test2": true, 74 "test3": true, 75 }, 76 }, 77 permissionsMap{permissionTransformation{ 78 On: permissionOr(permissionExists("test5"), permissionExists("test3")), 79 Add: []string{"test4"}, 80 }}, 81 []string{"test1", "test2", "test3", "test4"}, 82 }, 83 { 84 "Add when all exists", 85 map[string]map[string]bool{ 86 "system_admin": { 87 "test1": true, 88 "test2": true, 89 "test3": true, 90 }, 91 }, 92 permissionsMap{permissionTransformation{ 93 On: permissionAnd(permissionExists("test1"), permissionExists("test2")), 94 Add: []string{"test4"}, 95 }}, 96 []string{"test1", "test2", "test3", "test4"}, 97 }, 98 { 99 "Not add when one in the and not exists", 100 map[string]map[string]bool{ 101 "system_admin": { 102 "test1": true, 103 "test2": true, 104 "test3": true, 105 }, 106 }, 107 permissionsMap{permissionTransformation{ 108 On: permissionAnd(permissionExists("test1"), permissionExists("test5")), 109 Add: []string{"test4"}, 110 }}, 111 []string{"test1", "test2", "test3"}, 112 }, 113 { 114 "Not Add when none on the or exists", 115 map[string]map[string]bool{ 116 "system_admin": { 117 "test1": true, 118 "test2": true, 119 "test3": true, 120 }, 121 }, 122 permissionsMap{permissionTransformation{ 123 On: permissionOr(permissionExists("test7"), permissionExists("test9")), 124 Add: []string{"test4"}, 125 }}, 126 []string{"test1", "test2", "test3"}, 127 }, 128 { 129 "When the role matches", 130 map[string]map[string]bool{ 131 "system_admin": { 132 "test1": true, 133 "test2": true, 134 "test3": true, 135 }, 136 }, 137 permissionsMap{permissionTransformation{ 138 On: isRole("system_admin"), 139 Add: []string{"test4"}, 140 }}, 141 []string{"test1", "test2", "test3", "test4"}, 142 }, 143 { 144 "When the role doesn't match", 145 map[string]map[string]bool{ 146 "system_admin": { 147 "test1": true, 148 "test2": true, 149 "test3": true, 150 }, 151 }, 152 permissionsMap{permissionTransformation{ 153 On: isRole("system_user"), 154 Add: []string{"test4"}, 155 }}, 156 []string{"test1", "test2", "test3"}, 157 }, 158 { 159 "Remove a permission conditional on another role having it, success case", 160 map[string]map[string]bool{ 161 "system_admin": { 162 "test1": true, 163 "test2": true, 164 "test3": true, 165 }, 166 "other_role": { 167 "test4": true, 168 }, 169 }, 170 permissionsMap{permissionTransformation{ 171 On: onOtherRole("other_role", permissionExists("test4")), 172 Remove: []string{"test1"}, 173 }}, 174 []string{"test2", "test3"}, 175 }, 176 { 177 "Remove a permission conditional on another role having it, failure case", 178 map[string]map[string]bool{ 179 "system_admin": { 180 "test1": true, 181 "test2": true, 182 "test4": true, 183 }, 184 "other_role": { 185 "test1": true, 186 }, 187 }, 188 permissionsMap{permissionTransformation{ 189 On: onOtherRole("other_role", permissionExists("test4")), 190 Remove: []string{"test1"}, 191 }}, 192 []string{"test1", "test2", "test4"}, 193 }, 194 } 195 196 for _, tc := range tt { 197 t.Run(tc.Name, func(t *testing.T) { 198 result := applyPermissionsMap("system_admin", tc.RoleMap, tc.TranslationMap) 199 sort.Strings(result) 200 assert.Equal(t, tc.ExpectedResult, result) 201 }) 202 } 203 }