Software / code / prosody
Annotate
spec/util_events_spec.lua @ 12642:9061f9621330
Switch to a new role-based authorization framework, removing is_admin()
We began moving away from simple "is this user an admin?" permission checks
before 0.12, with the introduction of mod_authz_internal and the ability to
dynamically change the roles of individual users.
The approach in 0.12 still had various limitations however, and apart from
the introduction of roles other than "admin" and the ability to pull that info
from storage, not much actually changed.
This new framework shakes things up a lot, though aims to maintain the same
functionality and behaviour on the surface for a default Prosody
configuration. That is, if you don't take advantage of any of the new
features, you shouldn't notice any change.
The biggest change visible to developers is that usermanager.is_admin() (and
the auth provider is_admin() method) have been removed. Gone. Completely.
Permission checks should now be performed using a new module API method:
module:may(action_name, context)
This method accepts an action name, followed by either a JID (string) or
(preferably) a table containing 'origin'/'session' and 'stanza' fields (e.g.
the standard object passed to most events). It will return true if the action
should be permitted, or false/nil otherwise.
Modules should no longer perform permission checks based on the role name.
E.g. a lot of code previously checked if the user's role was prosody:admin
before permitting some action. Since many roles might now exist with similar
permissions, and the permissions of prosody:admin may be redefined
dynamically, it is no longer suitable to use this method for permission
checks. Use module:may().
If you start an action name with ':' (recommended) then the current module's
name will automatically be used as a prefix.
To define a new permission, use the new module API:
module:default_permission(role_name, action_name)
module:default_permissions(role_name, { action_name[, action_name...] })
This grants the specified role permission to execute the named action(s) by
default. This may be overridden via other mechanisms external to your module.
The built-in roles that developers should use are:
- prosody:user (normal user)
- prosody:admin (host admin)
- prosody:operator (global admin)
The new prosody:operator role is intended for server-wide actions (such as
shutting down Prosody).
Finally, all usage of is_admin() in modules has been fixed by this commit.
Some of these changes were trickier than others, but no change is expected to
break existing deployments.
EXCEPT: mod_auth_ldap no longer supports the ldap_admin_filter option. It's
very possible nobody is using this, but if someone is then we can later update
it to pull roles from LDAP somehow.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 15 Jun 2022 12:15:01 +0100 |
| parent | 11060:19dd9522f107 |
| rev | line source |
|---|---|
| 8760 | 1 local events = require "util.events"; |
| 2 | |
| 3 describe("util.events", function () | |
| 4 it("should export a new() function", function () | |
| 5 assert.is_function(events.new); | |
| 6 end); | |
| 7 describe("new()", function () | |
| 8 it("should return return a new events object", function () | |
| 9 local e = events.new(); | |
| 10 assert.is_function(e.add_handler); | |
| 11 assert.is_function(e.remove_handler); | |
| 12 end); | |
| 13 end); | |
| 14 | |
| 15 local e, h; | |
| 16 | |
| 17 | |
| 18 describe("API", function () | |
| 19 before_each(function () | |
| 20 e = events.new(); | |
| 21 h = spy.new(function () end); | |
| 22 end); | |
| 23 | |
| 24 it("should call handlers when an event is fired", function () | |
| 25 e.add_handler("myevent", h); | |
| 26 e.fire_event("myevent"); | |
| 27 assert.spy(h).was_called(); | |
| 28 end); | |
| 29 | |
| 30 it("should not call handlers when a different event is fired", function () | |
| 31 e.add_handler("myevent", h); | |
| 32 e.fire_event("notmyevent"); | |
| 33 assert.spy(h).was_not_called(); | |
| 34 end); | |
| 35 | |
| 36 it("should pass the data argument to handlers", function () | |
| 37 e.add_handler("myevent", h); | |
| 38 e.fire_event("myevent", "mydata"); | |
| 39 assert.spy(h).was_called_with("mydata"); | |
| 40 end); | |
| 41 | |
| 42 it("should support non-string events", function () | |
| 43 local myevent = {}; | |
| 44 e.add_handler(myevent, h); | |
| 45 e.fire_event(myevent, "mydata"); | |
| 46 assert.spy(h).was_called_with("mydata"); | |
| 47 end); | |
| 48 | |
| 49 it("should call handlers in priority order", function () | |
| 50 local data = {}; | |
| 51 e.add_handler("myevent", function () table.insert(data, "h1"); end, 5); | |
| 52 e.add_handler("myevent", function () table.insert(data, "h2"); end, 3); | |
| 53 e.add_handler("myevent", function () table.insert(data, "h3"); end); | |
| 54 e.fire_event("myevent", "mydata"); | |
| 55 assert.same(data, { "h1", "h2", "h3" }); | |
| 56 end); | |
| 57 | |
| 58 it("should support non-integer priority values", function () | |
| 59 local data = {}; | |
| 60 e.add_handler("myevent", function () table.insert(data, "h1"); end, 1); | |
| 61 e.add_handler("myevent", function () table.insert(data, "h2"); end, 0.5); | |
| 62 e.add_handler("myevent", function () table.insert(data, "h3"); end, 0.25); | |
| 63 e.fire_event("myevent", "mydata"); | |
| 64 assert.same(data, { "h1", "h2", "h3" }); | |
| 65 end); | |
| 66 | |
| 67 it("should support negative priority values", function () | |
| 68 local data = {}; | |
| 69 e.add_handler("myevent", function () table.insert(data, "h1"); end, 1); | |
| 70 e.add_handler("myevent", function () table.insert(data, "h2"); end, 0); | |
| 71 e.add_handler("myevent", function () table.insert(data, "h3"); end, -1); | |
| 72 e.fire_event("myevent", "mydata"); | |
| 73 assert.same(data, { "h1", "h2", "h3" }); | |
| 74 end); | |
| 75 | |
| 76 it("should support removing handlers", function () | |
| 77 e.add_handler("myevent", h); | |
| 78 e.fire_event("myevent"); | |
| 79 e.remove_handler("myevent", h); | |
| 80 e.fire_event("myevent"); | |
| 81 assert.spy(h).was_called(1); | |
| 82 end); | |
| 83 | |
| 84 it("should support adding multiple handlers at the same time", function () | |
| 85 local ht = { | |
| 86 myevent1 = spy.new(function () end); | |
| 87 myevent2 = spy.new(function () end); | |
| 88 myevent3 = spy.new(function () end); | |
| 89 }; | |
| 90 e.add_handlers(ht); | |
| 91 e.fire_event("myevent1"); | |
| 92 e.fire_event("myevent2"); | |
| 93 assert.spy(ht.myevent1).was_called(); | |
| 94 assert.spy(ht.myevent2).was_called(); | |
| 95 assert.spy(ht.myevent3).was_not_called(); | |
| 96 end); | |
| 97 | |
| 98 it("should support removing multiple handlers at the same time", function () | |
| 99 local ht = { | |
| 100 myevent1 = spy.new(function () end); | |
| 101 myevent2 = spy.new(function () end); | |
| 102 myevent3 = spy.new(function () end); | |
| 103 }; | |
| 104 e.add_handlers(ht); | |
| 105 e.remove_handlers(ht); | |
| 106 e.fire_event("myevent1"); | |
| 107 e.fire_event("myevent2"); | |
| 108 assert.spy(ht.myevent1).was_not_called(); | |
| 109 assert.spy(ht.myevent2).was_not_called(); | |
| 110 assert.spy(ht.myevent3).was_not_called(); | |
| 111 end); | |
| 112 | |
| 113 pending("should support adding handlers within an event handler") | |
| 114 pending("should support removing handlers within an event handler") | |
| 115 | |
|
8761
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
116 it("should support getting the current handlers for an event", function () |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
117 e.add_handler("myevent", h); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
118 local handlers = e.get_handlers("myevent"); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
119 assert.equal(h, handlers[1]); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
120 end); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
121 |
| 8760 | 122 describe("wrappers", function () |
| 123 local w | |
| 124 before_each(function () | |
| 125 w = spy.new(function (handlers, event_name, event_data) | |
| 126 assert.is_function(handlers); | |
| 127 assert.equal("myevent", event_name) | |
| 128 assert.equal("abc", event_data); | |
| 129 return handlers(event_name, event_data); | |
| 130 end); | |
| 131 end); | |
| 132 | |
| 133 it("should get called", function () | |
| 134 e.add_wrapper("myevent", w); | |
| 135 e.add_handler("myevent", h); | |
| 136 e.fire_event("myevent", "abc"); | |
| 137 assert.spy(w).was_called(1); | |
| 138 assert.spy(h).was_called(1); | |
| 139 end); | |
| 140 | |
| 141 it("should be removable", function () | |
| 142 e.add_wrapper("myevent", w); | |
| 143 e.add_handler("myevent", h); | |
| 144 e.fire_event("myevent", "abc"); | |
| 145 e.remove_wrapper("myevent", w); | |
| 146 e.fire_event("myevent", "abc"); | |
| 147 assert.spy(w).was_called(1); | |
| 148 assert.spy(h).was_called(2); | |
| 149 end); | |
| 150 | |
| 151 it("should allow multiple wrappers", function () | |
| 152 local w2 = spy.new(function (handlers, event_name, event_data) | |
| 153 return handlers(event_name, event_data); | |
| 154 end); | |
| 155 e.add_wrapper("myevent", w); | |
| 156 e.add_handler("myevent", h); | |
| 157 e.add_wrapper("myevent", w2); | |
| 158 e.fire_event("myevent", "abc"); | |
| 159 e.remove_wrapper("myevent", w); | |
| 160 e.fire_event("myevent", "abc"); | |
| 161 assert.spy(w).was_called(1); | |
| 162 assert.spy(w2).was_called(2); | |
| 163 assert.spy(h).was_called(2); | |
| 164 end); | |
|
8761
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
165 |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
166 it("should support a mix of global and event wrappers", function () |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
167 local w2 = spy.new(function (handlers, event_name, event_data) |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
168 return handlers(event_name, event_data); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
169 end); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
170 e.add_wrapper(false, w); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
171 e.add_handler("myevent", h); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
172 e.add_wrapper("myevent", w2); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
173 e.fire_event("myevent", "abc"); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
174 e.remove_wrapper(false, w); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
175 e.fire_event("myevent", "abc"); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
176 assert.spy(w).was_called(1); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
177 assert.spy(w2).was_called(2); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
178 assert.spy(h).was_called(2); |
|
b6e193e33145
util.events: Add more tests (100% line coverage)
Matthew Wild <mwild1@gmail.com>
parents:
8760
diff
changeset
|
179 end); |
| 8760 | 180 end); |
| 181 | |
| 182 describe("global wrappers", function () | |
| 183 local w | |
| 184 before_each(function () | |
| 185 w = spy.new(function (handlers, event_name, event_data) | |
| 186 assert.is_function(handlers); | |
| 187 assert.equal("myevent", event_name) | |
| 188 assert.equal("abc", event_data); | |
| 189 return handlers(event_name, event_data); | |
| 190 end); | |
| 191 end); | |
| 192 | |
| 193 it("should get called", function () | |
| 194 e.add_wrapper(false, w); | |
| 195 e.add_handler("myevent", h); | |
| 196 e.fire_event("myevent", "abc"); | |
| 197 assert.spy(w).was_called(1); | |
| 198 assert.spy(h).was_called(1); | |
| 199 end); | |
| 200 | |
| 201 it("should be removable", function () | |
| 202 e.add_wrapper(false, w); | |
| 203 e.add_handler("myevent", h); | |
| 204 e.fire_event("myevent", "abc"); | |
| 205 e.remove_wrapper(false, w); | |
| 206 e.fire_event("myevent", "abc"); | |
| 207 assert.spy(w).was_called(1); | |
| 208 assert.spy(h).was_called(2); | |
| 209 end); | |
| 210 end); | |
|
11058
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
211 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
212 describe("debug hooks", function () |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
213 it("should get called", function () |
|
11060
19dd9522f107
util.event: Add luacheck annotation to unused parameter in tests
Matthew Wild <mwild1@gmail.com>
parents:
11058
diff
changeset
|
214 local d = spy.new(function (handler, event_name, event_data) --luacheck: ignore 212/event_name |
|
11058
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
215 return handler(event_data); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
216 end); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
217 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
218 e.add_handler("myevent", h); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
219 e.fire_event("myevent"); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
220 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
221 assert.spy(h).was_called(1); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
222 assert.spy(d).was_called(0); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
223 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
224 assert.is_nil(e.set_debug_hook(d)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
225 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
226 e.fire_event("myevent", { mydata = true }); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
227 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
228 assert.spy(h).was_called(2); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
229 assert.spy(d).was_called(1); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
230 assert.spy(d).was_called_with(h, "myevent", { mydata = true }); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
231 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
232 assert.equal(d, e.set_debug_hook(nil)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
233 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
234 e.fire_event("myevent", { mydata = false }); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
235 |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
236 assert.spy(h).was_called(3); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
237 assert.spy(d).was_called(1); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
238 end); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
239 it("setting should return any existing debug hook", function () |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
240 local function f() end |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
241 local function g() end |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
242 assert.is_nil(e.set_debug_hook(f)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
243 assert.is_equal(f, e.set_debug_hook(g)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
244 assert.is_equal(g, e.set_debug_hook(f)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
245 assert.is_equal(f, e.set_debug_hook(nil)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
246 assert.is_nil(e.set_debug_hook(f)); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
247 end); |
|
c99afee1c548
util.events: Add set_debug_hook() method
Matthew Wild <mwild1@gmail.com>
parents:
8802
diff
changeset
|
248 end); |
| 8760 | 249 end); |
| 250 end); |
