prosody
34ac05f6bd10
spec/util_roles_spec.lua
Software / code / prosody
File
spec/util_roles_spec.lua @ 13744:34ac05f6bd10 13.0
core.configmanager: Fix reporting delayed warnings from global section
A Credential in the global section would be stored at
delayed_warnings["*/secret"], but get("example.com","secret") would look
for delayed_warnings["example.com/secret"]
Storing the warnings in the config itself has the unfortunate
side-effect that the config now contains util.error objects, which may
be awkward if something bypasses get(). Should rawget() also do this
filtering? getconfig() too?
Currently this only affects prosodyctl, so maybe it won't be much of a
problem.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 22 Feb 2025 00:08:18 +0100 |
| parent | 12754:a92ca737d05f |
line wrap: on
line source
describe("util.roles", function () randomize(false); local roles; it("can be loaded", function () roles = require "util.roles"; end); local test_role; it("can create a new role", function () test_role = roles.new(); assert.is_not_nil(test_role); assert.is_truthy(roles.is_role(test_role)); end); describe("role object", function () it("can be initialized with permissions", function () local test_role_2 = roles.new({ permissions = { perm1 = true; perm2 = false; }; }); assert.truthy(test_role_2:may("perm1")); assert.falsy(test_role_2:may("perm2")); end); it("has a sensible tostring", function () local test_role_2 = roles.new({ id = "test-role-2"; name = "Test Role 2"; }); assert.truthy(tostring(test_role_2):find(test_role_2.id, 1, true)); assert.truthy(tostring(test_role_2):find("Test Role 2", 1, true)); end); it("is restrictive by default", function () assert.falsy(test_role:may("my-permission")); end); it("allows you to set permissions", function () test_role:set_permission("my-permission", true); assert.truthy(test_role:may("my-permission")); end); it("allows you to set negative permissions", function () test_role:set_permission("my-other-permission", false); assert.falsy(test_role:may("my-other-permission")); end); it("does not allows you to override previously set permissions by default", function () local ok, err = test_role:set_permission("my-permission", false); assert.falsy(ok); assert.is_equal("policy-already-exists", err); -- Confirm old permission still in place assert.truthy(test_role:may("my-permission")); end); it("allows you to explicitly override previously set permissions", function () assert.truthy(test_role:set_permission("my-permission", false, true)); assert.falsy(test_role:may("my-permission")); end); describe("inheritance", function () local child_role; it("works", function () test_role:set_permission("inherited-permission", true); child_role = roles.new({ inherits = { test_role }; }); assert.truthy(child_role:may("inherited-permission")); assert.falsy(child_role:may("my-permission")); end); it("allows listing policies", function () local expected = { ["my-permission"] = false; ["my-other-permission"] = false; ["inherited-permission"] = true; }; local received = {}; for permission_name, permission_policy in child_role:policies() do received[permission_name] = permission_policy; end assert.same(expected, received); end); it("supports multiple depths of inheritance", function () local grandchild_role = roles.new({ inherits = { child_role }; }); assert.truthy(grandchild_role:may("inherited-permission")); end); describe("supports ordered inheritance from multiple roles", function () local parent_role = roles.new(); local final_role = roles.new({ -- Yes, the names are getting confusing. -- btw, test_role is inherited through child_role. inherits = { parent_role, child_role }; }); local test_cases = { -- { <final_role policy>, <parent_role policy>, <test_role policy> } { true, nil, false, result = true }; { nil, false, true, result = false }; { nil, true, false, result = true }; { nil, nil, false, result = false }; { nil, nil, true, result = true }; }; for n, test_case in ipairs(test_cases) do it("(case "..n..")", function () local perm_name = ("multi-inheritance-perm-%d"):format(n); assert.truthy(final_role:set_permission(perm_name, test_case[1])); assert.truthy(parent_role:set_permission(perm_name, test_case[2])); assert.truthy(test_role:set_permission(perm_name, test_case[3])); assert.equal(test_case.result, final_role:may(perm_name)); end); end end); it("updates child roles when parent roles change", function () assert.truthy(child_role:may("inherited-permission")); assert.truthy(test_role:set_permission("inherited-permission", false, true)); assert.falsy(child_role:may("inherited-permission")); end); end); describe("cloning", function () local cloned_role; it("works", function () assert.truthy(test_role:set_permission("perm-1", true)); cloned_role = test_role:clone(); assert.truthy(cloned_role:may("perm-1")); end); it("isolates changes", function () -- After cloning, changes in either the original or the clone -- should not appear in the other. assert.truthy(test_role:set_permission("perm-1", false, true)); assert.truthy(test_role:set_permission("perm-2", true)); assert.truthy(cloned_role:set_permission("perm-3", true)); assert.truthy(cloned_role:may("perm-1")); assert.falsy(cloned_role:may("perm-2")); assert.falsy(test_role:may("perm-3")); end); end); end); end);
