gitlab.com/picnic-app/backend/role-api@v0.0.0-20230614140944-06a76ff3696d/internal/controller/auhtorize_test.go (about) 1 package controller_test 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/google/uuid" 8 "github.com/stretchr/testify/require" 9 "google.golang.org/grpc/codes" 10 "google.golang.org/grpc/status" 11 12 "gitlab.com/picnic-app/backend/libs/golang/core/auth" 13 v1 "gitlab.com/picnic-app/backend/libs/golang/protobuf-registry/gen/role-api/role/v1" 14 "gitlab.com/picnic-app/backend/role-api/internal/model" 15 ) 16 17 func TestController_Authorize_Authentication(t *testing.T) { 18 t.Parallel() 19 20 container := initContainer(t) 21 22 appID := uuid.NewString() 23 circleID := uuid.NewString() 24 25 role, err := setUpAssignedRole(container, appID, circleID, "") 26 require.NoError(t, err) 27 permission := role.Permissions[0] 28 29 request := &v1.AuthorizeRequest{ 30 Service: permission.Service, 31 Operation: permission.Operation, 32 CircleIds: []string{circleID}, 33 } 34 35 for _, test := range []struct { 36 name string 37 ctx context.Context 38 request *v1.AuthorizeRequest 39 want codes.Code 40 }{ 41 { 42 name: "returns Unauthenticated error if appID and userID are empty", 43 ctx: context.Background(), 44 request: request, 45 want: codes.Unauthenticated, 46 }, 47 { 48 name: "returns Unimplemented error if userID is not empty", 49 ctx: auth.AddUserIDToCtx(context.Background(), uuid.NewString()), 50 request: request, 51 want: codes.Unimplemented, 52 }, 53 { 54 name: "succeeds with app context", 55 ctx: auth.AddAppIDToCtx(context.Background(), appID), 56 request: request, 57 }, 58 } { 59 test := test 60 t.Run(test.name, func(t *testing.T) { 61 _, err := container.controller.Authorize(test.ctx, test.request) 62 if test.want != 0 { 63 got := status.Code(err) 64 require.Equal(t, test.want, got, err) 65 return 66 } 67 68 require.NoError(t, err) 69 }) 70 } 71 } 72 73 func TestController_Authorize_Validation(t *testing.T) { 74 t.Parallel() 75 76 container := initContainer(t) 77 78 appID := uuid.NewString() 79 circleID := uuid.NewString() 80 81 role, err := setUpAssignedRole(container, appID, circleID, "") 82 require.NoError(t, err) 83 permission := role.Permissions[0] 84 85 ctx := auth.AddAppIDToCtx(context.Background(), appID) 86 87 for _, test := range []struct { 88 name string 89 req *v1.AuthorizeRequest 90 want codes.Code 91 }{ 92 { 93 name: "returns InvalidArgument if request is nil", 94 req: nil, 95 want: codes.InvalidArgument, 96 }, 97 { 98 name: "returns InvalidArgument if service is empty", 99 req: &v1.AuthorizeRequest{ 100 Operation: permission.Operation, 101 CircleIds: []string{circleID}, 102 }, 103 want: codes.InvalidArgument, 104 }, 105 { 106 name: "returns InvalidArgument if operation is empty", 107 req: &v1.AuthorizeRequest{ 108 Service: permission.Service, 109 CircleIds: []string{circleID}, 110 }, 111 want: codes.InvalidArgument, 112 }, 113 { 114 name: "returns InvalidArgument if circleIDs is empty", 115 req: &v1.AuthorizeRequest{ 116 Service: permission.Service, 117 Operation: permission.Operation, 118 }, 119 want: codes.InvalidArgument, 120 }, 121 { 122 name: "returns Unimplemented if userIDs is not empty", 123 req: &v1.AuthorizeRequest{ 124 Service: permission.Service, 125 Operation: permission.Operation, 126 UserIds: []string{uuid.NewString()}, 127 }, 128 want: codes.Unimplemented, 129 }, 130 } { 131 test := test 132 t.Run(test.name, func(t *testing.T) { 133 _, err := container.controller.Authorize(ctx, test.req) 134 got := status.Code(err) 135 require.Equal(t, test.want, got, err) 136 }) 137 } 138 } 139 140 func TestController_Authorize(t *testing.T) { 141 t.Parallel() 142 143 container := initContainer(t) 144 145 appID := uuid.NewString() 146 circle1ID := uuid.NewString() 147 circle2ID := uuid.NewString() 148 149 sharedPermission := model.Permission{ 150 Service: "Content", 151 Operation: "CreatePost", 152 Scope: "Kind = Image", 153 } 154 155 _, err := setUpAssignedRole( 156 container, 157 appID, 158 circle1ID, 159 "", 160 sharedPermission, 161 model.Permission{ 162 Service: "Content", 163 Operation: "CreateComment", 164 Scope: "*", 165 }) 166 require.NoError(t, err) 167 168 _, err = setUpAssignedRole( 169 container, 170 appID, 171 circle2ID, 172 "", 173 sharedPermission, 174 model.Permission{ 175 Service: "Chat", 176 Operation: "SendMessage", 177 Scope: "*", 178 }) 179 require.NoError(t, err) 180 181 ctx := auth.AddAppIDToCtx(context.Background(), appID) 182 183 t.Run("single circle ID", func(t *testing.T) { 184 circleIDs := []string{circle1ID} 185 got, err := container.controller.Authorize(ctx, &v1.AuthorizeRequest{ 186 Service: sharedPermission.Service, 187 Operation: sharedPermission.Operation, 188 CircleIds: circleIDs, 189 }) 190 require.NoError(t, err) 191 require.NotNil(t, got) 192 require.Len(t, got.Scopes, len(circleIDs)) 193 194 for _, scope := range got.Scopes { 195 require.Equal(t, scope, sharedPermission.Scope) 196 } 197 }) 198 199 t.Run("multiple circle ID", func(t *testing.T) { 200 circleIDs := []string{circle1ID, circle2ID} 201 got, err := container.controller.Authorize(ctx, &v1.AuthorizeRequest{ 202 Service: sharedPermission.Service, 203 Operation: sharedPermission.Operation, 204 CircleIds: circleIDs, 205 }) 206 require.NoError(t, err) 207 require.NotNil(t, got) 208 require.Len(t, got.Scopes, len(circleIDs)) 209 210 for _, scope := range got.Scopes { 211 require.Equal(t, scope, sharedPermission.Scope) 212 } 213 }) 214 }