Comparison

spec/util_roles_spec.lua @ 12747:9d6d64fb7641

util.roles: Add tests
author Matthew Wild <mwild1@gmail.com>
date Fri, 07 Oct 2022 16:58:52 +0100
child 12753:2eb02b32bb4c
comparison
equal deleted inserted replaced
12746:7eabf8d78978 12747:9d6d64fb7641
1 describe("util.roles", function ()
2 randomize(false);
3 local roles;
4 it("can be loaded", function ()
5 roles = require "util.roles";
6 end);
7 local test_role;
8 it("can create a new role", function ()
9 test_role = roles.new();
10 assert.is_not_nil(test_role);
11 assert.is_truthy(roles.is_role(test_role));
12 end);
13 describe("role object", function ()
14 it("is restrictive by default", function ()
15 assert.falsy(test_role:may("my-permission"));
16 end);
17 it("allows you to set permissions", function ()
18 test_role:set_permission("my-permission", true);
19 assert.truthy(test_role:may("my-permission"));
20 end);
21 it("allows you to set negative permissions", function ()
22 test_role:set_permission("my-other-permission", false);
23 assert.falsy(test_role:may("my-other-permission"));
24 end);
25 it("does not allows you to override previously set permissions by default", function ()
26 local ok, err = test_role:set_permission("my-permission", false);
27 assert.falsy(ok);
28 assert.is_equal("policy-already-exists", err);
29 -- Confirm old permission still in place
30 assert.truthy(test_role:may("my-permission"));
31 end);
32 it("allows you to explicitly override previously set permissions", function ()
33 assert.truthy(test_role:set_permission("my-permission", false, true));
34 assert.falsy(test_role:may("my-permission"));
35 end);
36 describe("inheritance", function ()
37 local child_role;
38 it("works", function ()
39 test_role:set_permission("inherited-permission", true);
40 child_role = roles.new({
41 inherits = { test_role };
42 });
43 assert.truthy(child_role:may("inherited-permission"));
44 assert.falsy(child_role:may("my-permission"));
45 end);
46 it("allows listing policies", function ()
47 local expected = {
48 ["my-permission"] = false;
49 ["my-other-permission"] = false;
50 ["inherited-permission"] = true;
51 };
52 local received = {};
53 for permission_name, permission_policy in child_role:policies() do
54 received[permission_name] = permission_policy;
55 end
56 assert.same(expected, received);
57 end);
58 it("supports multiple depths of inheritance", function ()
59 local grandchild_role = roles.new({
60 inherits = { child_role };
61 });
62 assert.truthy(grandchild_role:may("inherited-permission"));
63 end);
64 describe("supports ordered inheritance from multiple roles", function ()
65 local parent_role = roles.new();
66 local final_role = roles.new({
67 -- Yes, the names are getting confusing.
68 -- btw, test_role is inherited through child_role.
69 inherits = { parent_role, child_role };
70 });
71
72 local test_cases = {
73 -- { <final_role policy>, <parent_role policy>, <test_role policy> }
74 { true, nil, false, result = true };
75 { nil, false, true, result = false };
76 { nil, true, false, result = true };
77 { nil, nil, false, result = false };
78 { nil, nil, true, result = true };
79 };
80
81 for n, test_case in ipairs(test_cases) do
82 it("(case "..n..")", function ()
83 local perm_name = ("multi-inheritance-perm-%d"):format(n);
84 assert.truthy(final_role:set_permission(perm_name, test_case[1]));
85 assert.truthy(parent_role:set_permission(perm_name, test_case[2]));
86 assert.truthy(test_role:set_permission(perm_name, test_case[3]));
87 assert.equal(test_case.result, final_role:may(perm_name));
88 end);
89 end
90 end);
91 it("updates child roles when parent roles change", function ()
92 assert.truthy(child_role:may("inherited-permission"));
93 assert.truthy(test_role:set_permission("inherited-permission", false, true));
94 assert.falsy(child_role:may("inherited-permission"));
95 end);
96 end);
97 describe("cloning", function ()
98 local cloned_role;
99 it("works", function ()
100 assert.truthy(test_role:set_permission("perm-1", true));
101 cloned_role = test_role:clone();
102 assert.truthy(cloned_role:may("perm-1"));
103 end);
104 it("isolates changes", function ()
105 -- After cloning, changes in either the original or the clone
106 -- should not appear in the other.
107 assert.truthy(test_role:set_permission("perm-1", false, true));
108 assert.truthy(test_role:set_permission("perm-2", true));
109 assert.truthy(cloned_role:set_permission("perm-3", true));
110 assert.truthy(cloned_role:may("perm-1"));
111 assert.falsy(cloned_role:may("perm-2"));
112 assert.falsy(test_role:may("perm-3"));
113 end);
114 end);
115 end);
116 end);