besaid.zone / core
forked from tangled.org/core
Monorepo for Tangled
fork atom
core / rbac2 / rbac2_test.go
at sl/spindle-rewrite 3.2 kB view raw
1package rbac2_test 2 3import ( 4 "testing" 5 6 "github.com/bluesky-social/indigo/atproto/syntax" 7 _ "github.com/mattn/go-sqlite3" 8 "github.com/stretchr/testify/assert" 9 "tangled.org/core/rbac2" 10) 11 12func setup(t *testing.T) *rbac2.Enforcer { 13 enforcer, err := rbac2.NewEnforcer(":memory:") 14 assert.NoError(t, err) 15 16 return enforcer 17} 18 19func TestRepoOwnerPermissions(t *testing.T) { 20 var ( 21 e = setup(t) 22 ok bool 23 err error 24 fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey") 25 fooUser = syntax.DID("did:plc:foo") 26 ) 27 28 assert.NoError(t, e.AddRepo(fooRepo)) 29 30 ok, err = e.IsRepoOwner(fooUser, fooRepo) 31 assert.NoError(t, err) 32 assert.True(t, ok, "repo author should be repo owner") 33 34 ok, err = e.IsRepoWriteAllowed(fooUser, fooRepo) 35 assert.NoError(t, err) 36 assert.True(t, ok, "repo owner should be able to modify the repo itself") 37 38 ok, err = e.IsRepoCollaborator(fooUser, fooRepo) 39 assert.NoError(t, err) 40 assert.True(t, ok, "repo owner should inherit role role:collaborator") 41 42 ok, err = e.IsRepoSettingsWriteAllowed(fooUser, fooRepo) 43 assert.NoError(t, err) 44 assert.True(t, ok, "repo owner should inherit collaborator permissions") 45} 46 47func TestRepoCollaboratorPermissions(t *testing.T) { 48 var ( 49 e = setup(t) 50 ok bool 51 err error 52 fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey") 53 barUser = syntax.DID("did:plc:bar") 54 ) 55 56 assert.NoError(t, e.AddRepo(fooRepo)) 57 assert.NoError(t, e.AddRepoCollaborator(barUser, fooRepo)) 58 59 ok, err = e.IsRepoCollaborator(barUser, fooRepo) 60 assert.NoError(t, err) 61 assert.True(t, ok, "should set repo collaborator") 62 63 ok, err = e.IsRepoSettingsWriteAllowed(barUser, fooRepo) 64 assert.NoError(t, err) 65 assert.True(t, ok, "repo collaborator should be able to edit repo settings") 66 67 ok, err = e.IsRepoWriteAllowed(barUser, fooRepo) 68 assert.NoError(t, err) 69 assert.False(t, ok, "repo collaborator shouldn't be able to modify the repo itself") 70} 71 72func TestGetByRole(t *testing.T) { 73 var ( 74 e = setup(t) 75 err error 76 fooRepo = syntax.ATURI("at://did:plc:foo/sh.tangled.repo/reporkey") 77 owner = syntax.DID("did:plc:foo") 78 collaborator1 = syntax.DID("did:plc:bar") 79 collaborator2 = syntax.DID("did:plc:baz") 80 ) 81 82 assert.NoError(t, e.AddRepo(fooRepo)) 83 assert.NoError(t, e.AddRepoCollaborator(collaborator1, fooRepo)) 84 assert.NoError(t, e.AddRepoCollaborator(collaborator2, fooRepo)) 85 86 collaborators, err := e.GetRepoCollaborators(fooRepo) 87 assert.NoError(t, err) 88 assert.ElementsMatch(t, []syntax.DID{ 89 owner, 90 collaborator1, 91 collaborator2, 92 }, collaborators) 93} 94 95func TestSpindleOwnerPermissions(t *testing.T) { 96 var ( 97 e = setup(t) 98 ok bool 99 err error 100 spindle = syntax.DID("did:web:spindle.example.com") 101 owner = syntax.DID("did:plc:foo") 102 member = syntax.DID("did:plc:bar") 103 ) 104 105 assert.NoError(t, e.SetSpindleOwner(owner, spindle)) 106 assert.NoError(t, e.AddSpindleMember(member, spindle)) 107 108 ok, err = e.IsSpindleMemberInviteAllowed(owner, spindle) 109 assert.NoError(t, err) 110 assert.True(t, ok, "spindle owner can invite members") 111 112 ok, err = e.IsSpindleMemberInviteAllowed(member, spindle) 113 assert.NoError(t, err) 114 assert.False(t, ok, "spindle member cannot invite members") 115}