blob: d0294faef062517edba8154af7e6e8d9fd896aca [file] [log] [blame]
// Copyright 2016 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package common_test
import (
"fmt"
"testing"
"v.io/v23/security/access"
"v.io/v23/verror"
"v.io/x/ref/services/syncbase/common"
)
func TestValidatePerms(t *testing.T) {
for _, test := range []struct {
perms access.Permissions
allowTags []access.Tag
wantErr error
}{
{
nil,
access.AllTypicalTags(),
common.NewErrPermsEmpty(nil),
},
{
access.Permissions{},
access.AllTypicalTags(),
common.NewErrPermsEmpty(nil),
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read, access.Write, access.Admin, access.Resolve)...),
access.AllTypicalTags(),
nil,
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read, access.Write, access.Admin, access.Resolve)...),
[]access.Tag{access.Read, access.Admin},
common.NewErrPermsDisallowedTags(nil, access.TagStrings(access.Resolve, access.Write), access.TagStrings(access.Read, access.Admin)),
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read, access.Write, access.Resolve)...),
access.AllTypicalTags(),
common.NewErrPermsNoAdmin(nil),
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read)...).Blacklist("alice:phone", access.TagStrings(access.Admin)...),
access.AllTypicalTags(),
common.NewErrPermsNoAdmin(nil),
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read, access.Write)...).Add("bob", access.TagStrings(access.Read, access.Admin)...),
access.AllTypicalTags(),
nil,
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read, access.Admin)...).Blacklist("alice:phone", access.TagStrings(access.Write, access.Admin)...),
access.AllTypicalTags(),
nil,
},
{
access.Permissions{}.Add("alice", access.TagStrings(access.Read, access.Admin)...).Blacklist("alice:phone", access.TagStrings(access.Write, access.Admin)...),
[]access.Tag{access.Read, access.Admin},
common.NewErrPermsDisallowedTags(nil, access.TagStrings(access.Write), access.TagStrings(access.Read, access.Admin)),
},
} {
err := common.ValidatePerms(nil, test.perms, test.allowTags)
if verror.ErrorID(err) != verror.ErrorID(test.wantErr) || fmt.Sprint(err) != fmt.Sprint(test.wantErr) {
t.Errorf("ValidatePerms(%v, %v): got error %v, want %v", test.perms, test.allowTags, err, test.wantErr)
}
}
}