12747
|
1 describe("util.roles", function ()
|
|
2 randomize(false);
|
|
3 local roles;
|
|
4 it("can be loaded", function ()
|
|
5 roles = require "util.roles";
|
|
6 end);
|
|
7 local test_role;
|
|
8 it("can create a new role", function ()
|
|
9 test_role = roles.new();
|
|
10 assert.is_not_nil(test_role);
|
|
11 assert.is_truthy(roles.is_role(test_role));
|
|
12 end);
|
|
13 describe("role object", function ()
|
|
14 it("is restrictive by default", function ()
|
|
15 assert.falsy(test_role:may("my-permission"));
|
|
16 end);
|
|
17 it("allows you to set permissions", function ()
|
|
18 test_role:set_permission("my-permission", true);
|
|
19 assert.truthy(test_role:may("my-permission"));
|
|
20 end);
|
|
21 it("allows you to set negative permissions", function ()
|
|
22 test_role:set_permission("my-other-permission", false);
|
|
23 assert.falsy(test_role:may("my-other-permission"));
|
|
24 end);
|
|
25 it("does not allows you to override previously set permissions by default", function ()
|
|
26 local ok, err = test_role:set_permission("my-permission", false);
|
|
27 assert.falsy(ok);
|
|
28 assert.is_equal("policy-already-exists", err);
|
|
29 -- Confirm old permission still in place
|
|
30 assert.truthy(test_role:may("my-permission"));
|
|
31 end);
|
|
32 it("allows you to explicitly override previously set permissions", function ()
|
|
33 assert.truthy(test_role:set_permission("my-permission", false, true));
|
|
34 assert.falsy(test_role:may("my-permission"));
|
|
35 end);
|
|
36 describe("inheritance", function ()
|
|
37 local child_role;
|
|
38 it("works", function ()
|
|
39 test_role:set_permission("inherited-permission", true);
|
|
40 child_role = roles.new({
|
|
41 inherits = { test_role };
|
|
42 });
|
|
43 assert.truthy(child_role:may("inherited-permission"));
|
|
44 assert.falsy(child_role:may("my-permission"));
|
|
45 end);
|
|
46 it("allows listing policies", function ()
|
|
47 local expected = {
|
|
48 ["my-permission"] = false;
|
|
49 ["my-other-permission"] = false;
|
|
50 ["inherited-permission"] = true;
|
|
51 };
|
|
52 local received = {};
|
|
53 for permission_name, permission_policy in child_role:policies() do
|
|
54 received[permission_name] = permission_policy;
|
|
55 end
|
|
56 assert.same(expected, received);
|
|
57 end);
|
|
58 it("supports multiple depths of inheritance", function ()
|
|
59 local grandchild_role = roles.new({
|
|
60 inherits = { child_role };
|
|
61 });
|
|
62 assert.truthy(grandchild_role:may("inherited-permission"));
|
|
63 end);
|
|
64 describe("supports ordered inheritance from multiple roles", function ()
|
|
65 local parent_role = roles.new();
|
|
66 local final_role = roles.new({
|
|
67 -- Yes, the names are getting confusing.
|
|
68 -- btw, test_role is inherited through child_role.
|
|
69 inherits = { parent_role, child_role };
|
|
70 });
|
|
71
|
|
72 local test_cases = {
|
|
73 -- { <final_role policy>, <parent_role policy>, <test_role policy> }
|
|
74 { true, nil, false, result = true };
|
|
75 { nil, false, true, result = false };
|
|
76 { nil, true, false, result = true };
|
|
77 { nil, nil, false, result = false };
|
|
78 { nil, nil, true, result = true };
|
|
79 };
|
|
80
|
|
81 for n, test_case in ipairs(test_cases) do
|
|
82 it("(case "..n..")", function ()
|
|
83 local perm_name = ("multi-inheritance-perm-%d"):format(n);
|
|
84 assert.truthy(final_role:set_permission(perm_name, test_case[1]));
|
|
85 assert.truthy(parent_role:set_permission(perm_name, test_case[2]));
|
|
86 assert.truthy(test_role:set_permission(perm_name, test_case[3]));
|
|
87 assert.equal(test_case.result, final_role:may(perm_name));
|
|
88 end);
|
|
89 end
|
|
90 end);
|
|
91 it("updates child roles when parent roles change", function ()
|
|
92 assert.truthy(child_role:may("inherited-permission"));
|
|
93 assert.truthy(test_role:set_permission("inherited-permission", false, true));
|
|
94 assert.falsy(child_role:may("inherited-permission"));
|
|
95 end);
|
|
96 end);
|
|
97 describe("cloning", function ()
|
|
98 local cloned_role;
|
|
99 it("works", function ()
|
|
100 assert.truthy(test_role:set_permission("perm-1", true));
|
|
101 cloned_role = test_role:clone();
|
|
102 assert.truthy(cloned_role:may("perm-1"));
|
|
103 end);
|
|
104 it("isolates changes", function ()
|
|
105 -- After cloning, changes in either the original or the clone
|
|
106 -- should not appear in the other.
|
|
107 assert.truthy(test_role:set_permission("perm-1", false, true));
|
|
108 assert.truthy(test_role:set_permission("perm-2", true));
|
|
109 assert.truthy(cloned_role:set_permission("perm-3", true));
|
|
110 assert.truthy(cloned_role:may("perm-1"));
|
|
111 assert.falsy(cloned_role:may("perm-2"));
|
|
112 assert.falsy(test_role:may("perm-3"));
|
|
113 end);
|
|
114 end);
|
|
115 end);
|
|
116 end);
|