author | Kim Alvefur <zash@zash.se> |
Wed, 28 Feb 2024 22:31:06 +0100 | |
changeset 13452 | 93b4ce0115f0 |
parent 12758 | a92ca737d05f |
permissions | -rw-r--r-- |
12751 | 1 |
describe("util.roles", function () |
2 |
randomize(false); |
|
3 |
local roles; |
|
4 |
it("can be loaded", function () |
|
5 |
roles = require "util.roles"; |
|
6 |
end); |
|
7 |
local test_role; |
|
8 |
it("can create a new role", function () |
|
9 |
test_role = roles.new(); |
|
10 |
assert.is_not_nil(test_role); |
|
11 |
assert.is_truthy(roles.is_role(test_role)); |
|
12 |
end); |
|
13 |
describe("role object", function () |
|
12757
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
14 |
it("can be initialized with permissions", function () |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
15 |
local test_role_2 = roles.new({ |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
16 |
permissions = { |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
17 |
perm1 = true; |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
18 |
perm2 = false; |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
19 |
}; |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
20 |
}); |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
21 |
assert.truthy(test_role_2:may("perm1")); |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
22 |
assert.falsy(test_role_2:may("perm2")); |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
23 |
end); |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
24 |
it("has a sensible tostring", function () |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
25 |
local test_role_2 = roles.new({ |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
26 |
id = "test-role-2"; |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
27 |
name = "Test Role 2"; |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
28 |
}); |
12758
a92ca737d05f
util.roles: Fix tests to use autogenerated role id
Matthew Wild <mwild1@gmail.com>
parents:
12757
diff
changeset
|
29 |
assert.truthy(tostring(test_role_2):find(test_role_2.id, 1, true)); |
12757
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
30 |
assert.truthy(tostring(test_role_2):find("Test Role 2", 1, true)); |
2eb02b32bb4c
util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents:
12751
diff
changeset
|
31 |
end); |
12751 | 32 |
it("is restrictive by default", function () |
33 |
assert.falsy(test_role:may("my-permission")); |
|
34 |
end); |
|
35 |
it("allows you to set permissions", function () |
|
36 |
test_role:set_permission("my-permission", true); |
|
37 |
assert.truthy(test_role:may("my-permission")); |
|
38 |
end); |
|
39 |
it("allows you to set negative permissions", function () |
|
40 |
test_role:set_permission("my-other-permission", false); |
|
41 |
assert.falsy(test_role:may("my-other-permission")); |
|
42 |
end); |
|
43 |
it("does not allows you to override previously set permissions by default", function () |
|
44 |
local ok, err = test_role:set_permission("my-permission", false); |
|
45 |
assert.falsy(ok); |
|
46 |
assert.is_equal("policy-already-exists", err); |
|
47 |
-- Confirm old permission still in place |
|
48 |
assert.truthy(test_role:may("my-permission")); |
|
49 |
end); |
|
50 |
it("allows you to explicitly override previously set permissions", function () |
|
51 |
assert.truthy(test_role:set_permission("my-permission", false, true)); |
|
52 |
assert.falsy(test_role:may("my-permission")); |
|
53 |
end); |
|
54 |
describe("inheritance", function () |
|
55 |
local child_role; |
|
56 |
it("works", function () |
|
57 |
test_role:set_permission("inherited-permission", true); |
|
58 |
child_role = roles.new({ |
|
59 |
inherits = { test_role }; |
|
60 |
}); |
|
61 |
assert.truthy(child_role:may("inherited-permission")); |
|
62 |
assert.falsy(child_role:may("my-permission")); |
|
63 |
end); |
|
64 |
it("allows listing policies", function () |
|
65 |
local expected = { |
|
66 |
["my-permission"] = false; |
|
67 |
["my-other-permission"] = false; |
|
68 |
["inherited-permission"] = true; |
|
69 |
}; |
|
70 |
local received = {}; |
|
71 |
for permission_name, permission_policy in child_role:policies() do |
|
72 |
received[permission_name] = permission_policy; |
|
73 |
end |
|
74 |
assert.same(expected, received); |
|
75 |
end); |
|
76 |
it("supports multiple depths of inheritance", function () |
|
77 |
local grandchild_role = roles.new({ |
|
78 |
inherits = { child_role }; |
|
79 |
}); |
|
80 |
assert.truthy(grandchild_role:may("inherited-permission")); |
|
81 |
end); |
|
82 |
describe("supports ordered inheritance from multiple roles", function () |
|
83 |
local parent_role = roles.new(); |
|
84 |
local final_role = roles.new({ |
|
85 |
-- Yes, the names are getting confusing. |
|
86 |
-- btw, test_role is inherited through child_role. |
|
87 |
inherits = { parent_role, child_role }; |
|
88 |
}); |
|
89 |
||
90 |
local test_cases = { |
|
91 |
-- { <final_role policy>, <parent_role policy>, <test_role policy> } |
|
92 |
{ true, nil, false, result = true }; |
|
93 |
{ nil, false, true, result = false }; |
|
94 |
{ nil, true, false, result = true }; |
|
95 |
{ nil, nil, false, result = false }; |
|
96 |
{ nil, nil, true, result = true }; |
|
97 |
}; |
|
98 |
||
99 |
for n, test_case in ipairs(test_cases) do |
|
100 |
it("(case "..n..")", function () |
|
101 |
local perm_name = ("multi-inheritance-perm-%d"):format(n); |
|
102 |
assert.truthy(final_role:set_permission(perm_name, test_case[1])); |
|
103 |
assert.truthy(parent_role:set_permission(perm_name, test_case[2])); |
|
104 |
assert.truthy(test_role:set_permission(perm_name, test_case[3])); |
|
105 |
assert.equal(test_case.result, final_role:may(perm_name)); |
|
106 |
end); |
|
107 |
end |
|
108 |
end); |
|
109 |
it("updates child roles when parent roles change", function () |
|
110 |
assert.truthy(child_role:may("inherited-permission")); |
|
111 |
assert.truthy(test_role:set_permission("inherited-permission", false, true)); |
|
112 |
assert.falsy(child_role:may("inherited-permission")); |
|
113 |
end); |
|
114 |
end); |
|
115 |
describe("cloning", function () |
|
116 |
local cloned_role; |
|
117 |
it("works", function () |
|
118 |
assert.truthy(test_role:set_permission("perm-1", true)); |
|
119 |
cloned_role = test_role:clone(); |
|
120 |
assert.truthy(cloned_role:may("perm-1")); |
|
121 |
end); |
|
122 |
it("isolates changes", function () |
|
123 |
-- After cloning, changes in either the original or the clone |
|
124 |
-- should not appear in the other. |
|
125 |
assert.truthy(test_role:set_permission("perm-1", false, true)); |
|
126 |
assert.truthy(test_role:set_permission("perm-2", true)); |
|
127 |
assert.truthy(cloned_role:set_permission("perm-3", true)); |
|
128 |
assert.truthy(cloned_role:may("perm-1")); |
|
129 |
assert.falsy(cloned_role:may("perm-2")); |
|
130 |
assert.falsy(test_role:may("perm-3")); |
|
131 |
end); |
|
132 |
end); |
|
133 |
end); |
|
134 |
end); |