Software / code / prosody
Annotate
spec/util_roles_spec.lua @ 13853:5611ce3bc54c
Merge 13.0->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 16 Apr 2025 18:27:46 +0200 |
| parent | 12754:a92ca737d05f |
| rev | line source |
|---|---|
| 12747 | 1 describe("util.roles", function () |
| 2 randomize(false); | |
| 3 local roles; | |
| 4 it("can be loaded", function () | |
| 5 roles = require "util.roles"; | |
| 6 end); | |
| 7 local test_role; | |
| 8 it("can create a new role", function () | |
| 9 test_role = roles.new(); | |
| 10 assert.is_not_nil(test_role); | |
| 11 assert.is_truthy(roles.is_role(test_role)); | |
| 12 end); | |
| 13 describe("role object", function () | |
|
12753
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
14 it("can be initialized with permissions", function () |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
15 local test_role_2 = roles.new({ |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
16 permissions = { |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
17 perm1 = true; |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
18 perm2 = false; |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
19 }; |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
20 }); |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
21 assert.truthy(test_role_2:may("perm1")); |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
22 assert.falsy(test_role_2:may("perm2")); |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
23 end); |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
24 it("has a sensible tostring", function () |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
25 local test_role_2 = roles.new({ |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
26 id = "test-role-2"; |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
27 name = "Test Role 2"; |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
28 }); |
|
12754
a92ca737d05f
util.roles: Fix tests to use autogenerated role id
Matthew Wild <mwild1@gmail.com>
parents:
12753
diff
changeset
|
29 assert.truthy(tostring(test_role_2):find(test_role_2.id, 1, true)); |
|
12753
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
30 assert.truthy(tostring(test_role_2):find("Test Role 2", 1, true)); |
|
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12747
diff
changeset
|
31 end); |
| 12747 | 32 it("is restrictive by default", function () |
| 33 assert.falsy(test_role:may("my-permission")); | |
| 34 end); | |
| 35 it("allows you to set permissions", function () | |
| 36 test_role:set_permission("my-permission", true); | |
| 37 assert.truthy(test_role:may("my-permission")); | |
| 38 end); | |
| 39 it("allows you to set negative permissions", function () | |
| 40 test_role:set_permission("my-other-permission", false); | |
| 41 assert.falsy(test_role:may("my-other-permission")); | |
| 42 end); | |
| 43 it("does not allows you to override previously set permissions by default", function () | |
| 44 local ok, err = test_role:set_permission("my-permission", false); | |
| 45 assert.falsy(ok); | |
| 46 assert.is_equal("policy-already-exists", err); | |
| 47 -- Confirm old permission still in place | |
| 48 assert.truthy(test_role:may("my-permission")); | |
| 49 end); | |
| 50 it("allows you to explicitly override previously set permissions", function () | |
| 51 assert.truthy(test_role:set_permission("my-permission", false, true)); | |
| 52 assert.falsy(test_role:may("my-permission")); | |
| 53 end); | |
| 54 describe("inheritance", function () | |
| 55 local child_role; | |
| 56 it("works", function () | |
| 57 test_role:set_permission("inherited-permission", true); | |
| 58 child_role = roles.new({ | |
| 59 inherits = { test_role }; | |
| 60 }); | |
| 61 assert.truthy(child_role:may("inherited-permission")); | |
| 62 assert.falsy(child_role:may("my-permission")); | |
| 63 end); | |
| 64 it("allows listing policies", function () | |
| 65 local expected = { | |
| 66 ["my-permission"] = false; | |
| 67 ["my-other-permission"] = false; | |
| 68 ["inherited-permission"] = true; | |
| 69 }; | |
| 70 local received = {}; | |
| 71 for permission_name, permission_policy in child_role:policies() do | |
| 72 received[permission_name] = permission_policy; | |
| 73 end | |
| 74 assert.same(expected, received); | |
| 75 end); | |
| 76 it("supports multiple depths of inheritance", function () | |
| 77 local grandchild_role = roles.new({ | |
| 78 inherits = { child_role }; | |
| 79 }); | |
| 80 assert.truthy(grandchild_role:may("inherited-permission")); | |
| 81 end); | |
| 82 describe("supports ordered inheritance from multiple roles", function () | |
| 83 local parent_role = roles.new(); | |
| 84 local final_role = roles.new({ | |
| 85 -- Yes, the names are getting confusing. | |
| 86 -- btw, test_role is inherited through child_role. | |
| 87 inherits = { parent_role, child_role }; | |
| 88 }); | |
| 89 | |
| 90 local test_cases = { | |
| 91 -- { <final_role policy>, <parent_role policy>, <test_role policy> } | |
| 92 { true, nil, false, result = true }; | |
| 93 { nil, false, true, result = false }; | |
| 94 { nil, true, false, result = true }; | |
| 95 { nil, nil, false, result = false }; | |
| 96 { nil, nil, true, result = true }; | |
| 97 }; | |
| 98 | |
| 99 for n, test_case in ipairs(test_cases) do | |
| 100 it("(case "..n..")", function () | |
| 101 local perm_name = ("multi-inheritance-perm-%d"):format(n); | |
| 102 assert.truthy(final_role:set_permission(perm_name, test_case[1])); | |
| 103 assert.truthy(parent_role:set_permission(perm_name, test_case[2])); | |
| 104 assert.truthy(test_role:set_permission(perm_name, test_case[3])); | |
| 105 assert.equal(test_case.result, final_role:may(perm_name)); | |
| 106 end); | |
| 107 end | |
| 108 end); | |
| 109 it("updates child roles when parent roles change", function () | |
| 110 assert.truthy(child_role:may("inherited-permission")); | |
| 111 assert.truthy(test_role:set_permission("inherited-permission", false, true)); | |
| 112 assert.falsy(child_role:may("inherited-permission")); | |
| 113 end); | |
| 114 end); | |
| 115 describe("cloning", function () | |
| 116 local cloned_role; | |
| 117 it("works", function () | |
| 118 assert.truthy(test_role:set_permission("perm-1", true)); | |
| 119 cloned_role = test_role:clone(); | |
| 120 assert.truthy(cloned_role:may("perm-1")); | |
| 121 end); | |
| 122 it("isolates changes", function () | |
| 123 -- After cloning, changes in either the original or the clone | |
| 124 -- should not appear in the other. | |
| 125 assert.truthy(test_role:set_permission("perm-1", false, true)); | |
| 126 assert.truthy(test_role:set_permission("perm-2", true)); | |
| 127 assert.truthy(cloned_role:set_permission("perm-3", true)); | |
| 128 assert.truthy(cloned_role:may("perm-1")); | |
| 129 assert.falsy(cloned_role:may("perm-2")); | |
| 130 assert.falsy(test_role:may("perm-3")); | |
| 131 end); | |
| 132 end); | |
| 133 end); | |
| 134 end); |
