mediocregopher/dehub
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
3d89fe5fd9
dehub/accessctl/access_control_test.go
mediocregopher 4d56716fe8 Give the project a proper root, dehub.dev/src/dehub.git 
---
type: change
message: |-
  Give the project a proper root, dehub.dev/src/dehub.git

  "dehub" was being used as a placeholder up till this point, but now that the
  project has matured enough to have a home, and people will want to be installing
  the binary, it's time to give it a proper import root.
change_hash: ADTjLNnPARatUjx6HDo7m3O+0KUcWvcMJq1kNrj9++PU
credentials:
- type: pgp_signature
  pub_key_id: 95C46FA6A41148AC
  body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl6BECkACgkQlcRvpqQRSKyeJBAAocdHTs8AB2u9kZmMcJNf136Cq8KWjglvhuH49Nj9ILkeGOBF7+fIHBRSYxBQm4IIDWsjaQaRRhESJxKrkHUd7BG/z5iVsCfjYTyY7LPgv0oYJKEGbPOF2LDK2fuLLpRlA5v1fwamTdFYxs5j7yxW7weWiiKEgjMGjOiWQCWuqhw8rwOG6vjvYttQ5pekI7GvkdqWe+qODKmIF9xFFuhz7BMsFUAAwLz97W1wZkHA+O1BXGTe9hGwH88RY9IGJZftA6wuGes/SqwWJk+hpb89KV1yR0woMrwz7ITZZeNBboXO7KyxUXrfiLtxeRD4t15tJkdRY0FbIZvNCktviTqjPXOtoVh7c3m3p/LR5vcbgYDxaZKk51DYruovfaRI96Q9CYCK2kVb2PIJ4BJhlsUPzw8AWNVxXFECYZNEZly10hqNh4Xophr/x7PWOmoPoKL2PvXLtOHzk0r4Tw6JqUaC+7/08U/+lhlSKFKLdCj7Xru57qB7gxgd+P3g4rfqjIHqiB4tlViqR5RV7V8Z/goBMJg2uOJXIJGvwEZF9nj+QDgaofImMiQmcLrE6IBCYEELYz274w/6ugSCcdwVIC/n3VHuNY4zJDKN7Q/FgI9/GBS7UoNhTaHF2JmSKR9ErMKpm3PYPZr/VnsaXjfCBO5bVquvWLzfJ9aQ4t+tsRkuAvQ=
  account: mediocregopher
2020-03-29 15:16:36 -06:00

145 lines
2.8 KiB
Go
Raw Blame History

package accessctl
import (
"dehub.dev/src/dehub.git/sigcred"
"errors"
"testing"
)
func TestAssertCanCommit(t *testing.T) {
tests := []struct {
descr string
acl []AccessControl
req CommitRequest
allowed bool
}{
{
descr: "first allows",
acl: []AccessControl{
{
Action: ActionAllow,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "foo"},
}},
},
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "foo"},
}},
},
},
req: CommitRequest{Type: "foo"},
allowed: true,
},
{
descr: "first denies",
acl: []AccessControl{
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "foo"},
}},
},
{
Action: ActionAllow,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "foo"},
}},
},
},
req: CommitRequest{Type: "foo"},
allowed: false,
},
{
descr: "second allows",
acl: []AccessControl{
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "bar"},
}},
},
{
Action: ActionAllow,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "foo"},
}},
},
},
req: CommitRequest{Type: "foo"},
allowed: true,
},
{
descr: "second denies",
acl: []AccessControl{
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "bar"},
}},
},
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "foo"},
}},
},
},
req: CommitRequest{Type: "foo"},
allowed: false,
},
{
descr: "default allows",
acl: []AccessControl{
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "bar"},
}},
},
},
req: CommitRequest{
Branch: "not_main",
Type: "foo",
Credentials: []sigcred.Credential{{
PGPSignature: new(sigcred.CredentialPGPSignature),
AccountID: "a",
}},
},
allowed: true,
},
{
descr: "default denies",
acl: []AccessControl{
{
Action: ActionDeny,
Filters: []Filter{{
CommitType: &FilterCommitType{Type: "bar"},
}},
},
},
req: CommitRequest{
Branch: "main",
Type: "foo",
Credentials: []sigcred.Credential{{
PGPSignature: new(sigcred.CredentialPGPSignature),
AccountID: "a",
}},
},
allowed: false,
},
}
for _, test := range tests {
t.Run(test.descr, func(t *testing.T) {
err := AssertCanCommit(test.acl, test.req)
if test.allowed && err != nil {
t.Fatalf("expected to be allowed but got: %v", err)
} else if !test.allowed && !errors.As(err, new(ErrCommitRequestDenied)) {
t.Fatalf("expected to be denied but got: %v", err)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink