Skip to content
Snippets Groups Projects
Select Git revision
  • 7cc9d6f49a643b729fd39de9816f21543dd229a4
  • master default protected
  • refactor/PRXS-3053-Files
  • feature/PRXS-3143-3235-ReferenceOptions
  • feature/PRXS-3421-ImplementNewRefAPI
  • feature/PRXS-3143-LimitReferenceFields
  • feature/PRXS-3234-FeaturePruneIdents
  • feature/3149-LocaleCodeAsID-Feature
  • feature/PRXS-3383-CollectionsRankSortAPI
  • PRXS-3421-RecursiveReferences
  • feature/PRXS-3383-CollectionsSort
  • feature/3109-SerializeFeature
  • release/0.33
  • feature/3109-RecoverySchema
  • feature/3109-feature
  • fix/PRXS-3369-ValidateFields
  • refactor/PRXS-3306-MovePkgGroup1
  • refactor/6-pkg-refactor-expr
  • fix/PRXS-3360-TemplateBuilderPatch
  • feature/3293-MongoV2
  • feature/3272-GoVersionUp
  • v0.33.1
  • v0.32.0
  • v0.31.1
  • v0.31.0
  • v0.30.0
  • v0.29.0
  • v0.28.0
  • v0.27.0-alpha.1+16
  • v0.27.0-alpha.1+15
  • v0.27.0-alpha.1+14
  • v0.27.0-alpha.1+13
  • v0.27.0-alpha.1+12
  • v0.27.0-alpha.1+11
  • v0.27.0-alpha.1+10
  • v0.27.0-alpha.1+9
  • v0.27.0-alpha.1+8
  • v0.27.0-alpha.1+7
  • v0.27.0-alpha.1+6
  • v0.27.0-alpha.1+5
  • v0.27.0-alpha.1+4
41 results

ruleset_test.go

Blame
    • ruleset_test.go 3.54 KiB 
    package permission

import (
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestMerge(t *testing.T) {
	const (
		col1 = "colID"
		col2 = "colViewID"
	)

	tests := []struct {
		name                  string
		first, second, expect *Rule
	}{
		{
			name:   "simple",
			first:  &Rule{Actions: []Action{ActionUpdate, ActionCreate}, CollectionID: col1, HiddenFields: []string{"1", "2"}, DenyWriteFields: []string{"7"}, DenyReadFields: []string{"4"}, ReadFilter: "3 != 'test'", WriteFilter: "4 == '0_0'"},
			second: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col2, HiddenFields: []string{"3", "2"}, DenyWriteFields: []string{}, DenyReadFields: []string{"5"}, ReadFilter: "5 != 'dev'", WriteFilter: "4 == '0_0'"},
			expect: &Rule{Actions: []Action{ActionUpdate}, HiddenFields: []string{"1", "2", "3"}, DenyWriteFields: []string{"7"}, DenyReadFields: []string{"4", "5"}, ReadFilter: "3 != 'test' && 5 != 'dev'", WriteFilter: "4 == '0_0'"},
		},
		{
			name:   "first is privileged",
			first:  PrivilegedRuleset{}.GetRule(col1),
			second: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col2, WriteFilter: "test"},
			expect: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, WriteFilter: "test", ReadFilter: "", HiddenFields: []string{}, DenyWriteFields: []string{}, DenyReadFields: []string{}},
		},
		{
			name:   "second is privileged",
			first:  &Rule{Actions: []Action{ActionUpdate, ActionDelete}, CollectionID: col1, WriteFilter: "test"},
			second: PrivilegedRuleset{}.GetRule(col2),
			expect: &Rule{Actions: []Action{ActionUpdate, ActionDelete}, WriteFilter: "test", ReadFilter: "", HiddenFields: []string{}, DenyWriteFields: []string{}, DenyReadFields: []string{}},
		},
		{
			name:   "both is privileged",
			first:  PrivilegedRuleset{}.GetRule(col1),
			second: PrivilegedRuleset{}.GetRule(col2),
			expect: PrivilegedRuleset{}.GetRule(""),
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := MergeRule(tt.first, tt.second)
			assert.Equal(t, tt.expect, result)
		})
	}
}

func TestRule_GetPermission(t *testing.T) {
	tests := []struct {
		name            string
		action          Action
		rule            Rule
		unallowedFields []string
		want            *Permission
	}{
		{
			name:            "ActionRead",
			action:          ActionRead,
			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyWriteFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyReadFields: []string{"f3"}},
			unallowedFields: []string{"f2", "f3"},
		},
		{
			name:            "ActionRead readonly&writeonly",
			action:          ActionRead,
			rule:            Rule{Actions: []Action{ActionRead, ActionUpdate}, DenyWriteFields: []string{"f1"}, HiddenFields: []string{"f2"}, DenyReadFields: []string{"f1"}},