Software /
code /
prosody
Comparison
spec/util_roles_spec.lua @ 12747:9d6d64fb7641
util.roles: Add tests
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 07 Oct 2022 16:58:52 +0100 |
child | 12753:2eb02b32bb4c |
comparison
equal
deleted
inserted
replaced
12746:7eabf8d78978 | 12747:9d6d64fb7641 |
---|---|
1 describe("util.roles", function () | |
2 randomize(false); | |
3 local roles; | |
4 it("can be loaded", function () | |
5 roles = require "util.roles"; | |
6 end); | |
7 local test_role; | |
8 it("can create a new role", function () | |
9 test_role = roles.new(); | |
10 assert.is_not_nil(test_role); | |
11 assert.is_truthy(roles.is_role(test_role)); | |
12 end); | |
13 describe("role object", function () | |
14 it("is restrictive by default", function () | |
15 assert.falsy(test_role:may("my-permission")); | |
16 end); | |
17 it("allows you to set permissions", function () | |
18 test_role:set_permission("my-permission", true); | |
19 assert.truthy(test_role:may("my-permission")); | |
20 end); | |
21 it("allows you to set negative permissions", function () | |
22 test_role:set_permission("my-other-permission", false); | |
23 assert.falsy(test_role:may("my-other-permission")); | |
24 end); | |
25 it("does not allows you to override previously set permissions by default", function () | |
26 local ok, err = test_role:set_permission("my-permission", false); | |
27 assert.falsy(ok); | |
28 assert.is_equal("policy-already-exists", err); | |
29 -- Confirm old permission still in place | |
30 assert.truthy(test_role:may("my-permission")); | |
31 end); | |
32 it("allows you to explicitly override previously set permissions", function () | |
33 assert.truthy(test_role:set_permission("my-permission", false, true)); | |
34 assert.falsy(test_role:may("my-permission")); | |
35 end); | |
36 describe("inheritance", function () | |
37 local child_role; | |
38 it("works", function () | |
39 test_role:set_permission("inherited-permission", true); | |
40 child_role = roles.new({ | |
41 inherits = { test_role }; | |
42 }); | |
43 assert.truthy(child_role:may("inherited-permission")); | |
44 assert.falsy(child_role:may("my-permission")); | |
45 end); | |
46 it("allows listing policies", function () | |
47 local expected = { | |
48 ["my-permission"] = false; | |
49 ["my-other-permission"] = false; | |
50 ["inherited-permission"] = true; | |
51 }; | |
52 local received = {}; | |
53 for permission_name, permission_policy in child_role:policies() do | |
54 received[permission_name] = permission_policy; | |
55 end | |
56 assert.same(expected, received); | |
57 end); | |
58 it("supports multiple depths of inheritance", function () | |
59 local grandchild_role = roles.new({ | |
60 inherits = { child_role }; | |
61 }); | |
62 assert.truthy(grandchild_role:may("inherited-permission")); | |
63 end); | |
64 describe("supports ordered inheritance from multiple roles", function () | |
65 local parent_role = roles.new(); | |
66 local final_role = roles.new({ | |
67 -- Yes, the names are getting confusing. | |
68 -- btw, test_role is inherited through child_role. | |
69 inherits = { parent_role, child_role }; | |
70 }); | |
71 | |
72 local test_cases = { | |
73 -- { <final_role policy>, <parent_role policy>, <test_role policy> } | |
74 { true, nil, false, result = true }; | |
75 { nil, false, true, result = false }; | |
76 { nil, true, false, result = true }; | |
77 { nil, nil, false, result = false }; | |
78 { nil, nil, true, result = true }; | |
79 }; | |
80 | |
81 for n, test_case in ipairs(test_cases) do | |
82 it("(case "..n..")", function () | |
83 local perm_name = ("multi-inheritance-perm-%d"):format(n); | |
84 assert.truthy(final_role:set_permission(perm_name, test_case[1])); | |
85 assert.truthy(parent_role:set_permission(perm_name, test_case[2])); | |
86 assert.truthy(test_role:set_permission(perm_name, test_case[3])); | |
87 assert.equal(test_case.result, final_role:may(perm_name)); | |
88 end); | |
89 end | |
90 end); | |
91 it("updates child roles when parent roles change", function () | |
92 assert.truthy(child_role:may("inherited-permission")); | |
93 assert.truthy(test_role:set_permission("inherited-permission", false, true)); | |
94 assert.falsy(child_role:may("inherited-permission")); | |
95 end); | |
96 end); | |
97 describe("cloning", function () | |
98 local cloned_role; | |
99 it("works", function () | |
100 assert.truthy(test_role:set_permission("perm-1", true)); | |
101 cloned_role = test_role:clone(); | |
102 assert.truthy(cloned_role:may("perm-1")); | |
103 end); | |
104 it("isolates changes", function () | |
105 -- After cloning, changes in either the original or the clone | |
106 -- should not appear in the other. | |
107 assert.truthy(test_role:set_permission("perm-1", false, true)); | |
108 assert.truthy(test_role:set_permission("perm-2", true)); | |
109 assert.truthy(cloned_role:set_permission("perm-3", true)); | |
110 assert.truthy(cloned_role:may("perm-1")); | |
111 assert.falsy(cloned_role:may("perm-2")); | |
112 assert.falsy(test_role:may("perm-3")); | |
113 end); | |
114 end); | |
115 end); | |
116 end); |