1f422511d5
--- type: change message: |- completely refactor accessctl (again) This time it's using an actual access control list system, rather than whatever it was doing before. The new system uses a Filter type, rather than Condition, to decide which acl element should have its action (allow or deny) applied. This makes testing way easier, since all the different matching conditions are now individual filters, and so are tested individually. change_hash: AFgN0hormIlO0VWkLKnAdSDZeVRbh0Wj8LLXOMVQEK+L credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5yoi8ACgkQlcRvpqQRSKwo/g//QkSA80APnPtwcibNeaoUwduH1Xim8pmi5JScKGsOypYkE0Iy+fO3fRNz4r7Tm6qNn7O04fDsiXlxPojxn7+NDFCQArVgoJk3jVTRDBW7LpahWJsYPP1SBjGtaR9o0bOpclXblTMIcteTkLM94AeASqLaEY8StO+5PX/82AkFRQ8E6m9R2HCmgwbBhqwWp8936x8ekMFbSSi0TMIyV4rpd0wj4mjvjjBwa3ArGmH/ynwabPCFuuqMT6996N1zoDn5EqZA5jGrf+Q7rxsI6t1bOnLmg9NGMQYRaZLAVZrp5P6G5XR3et4Gz/2AphAEgYJM3yLbEjZW6Daa77CgTNHXde7gCaWqyfcKlVGPi29/O+2IXhpjwxHwGpsBgEdX9227zapL+jwSAOdUVj8n6C8I8BGqpT7rTwA53yxlbSwXlkttvAn/lGT5X4lK74YfkzMXMEBZKzsb/dQEPyP2Y+AG6z2D4Bs/4szsCiUXF9aG2Yx1o45lVXTTdPUNLIsnhBjM7usbQRg8i5kC+OC9AVCi8E+lf0/Qgp0cUb6QLH47bHvDTH7UluY1bgSLZy+Zjaisvl3a0aK/UspywWN/fFgOrz2cDw232n8IC+Zi4LSKm7dXDRFbC1JNzrwAPP1ifboOrltwKroOsDNaVGhX8ABahNjmrUO4JgE7gvX+zxXb+/I= account: mediocregopher
89 lines
1.8 KiB
Go
89 lines
1.8 KiB
Go
package accessctl
|
|
|
|
import (
|
|
"errors"
|
|
"reflect"
|
|
"testing"
|
|
)
|
|
|
|
type filterCommitMatchTest struct {
|
|
descr string
|
|
filter FilterInterface
|
|
req CommitRequest
|
|
match bool
|
|
|
|
// assumes match == true, and will ensure that the returned wrapped error is
|
|
// this one.
|
|
matchErr error
|
|
}
|
|
|
|
func runCommitMatchTests(t *testing.T, tests []filterCommitMatchTest) {
|
|
for _, test := range tests {
|
|
t.Run(test.descr, func(t *testing.T) {
|
|
err := test.filter.MatchCommit(test.req)
|
|
shouldMatch := test.match && test.matchErr == nil
|
|
if shouldMatch && err != nil {
|
|
t.Fatalf("expected to match, got %v", err)
|
|
|
|
} else if shouldMatch {
|
|
return
|
|
|
|
} else if fErr := new(ErrFilterNoMatch); !errors.As(err, fErr) {
|
|
t.Fatalf("expected ErrFilterNoMatch, got %#v", err)
|
|
|
|
} else if test.matchErr != nil && !reflect.DeepEqual(fErr.Err, test.matchErr) {
|
|
t.Fatalf("expected err %#v, not %#v", test.matchErr, fErr.Err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestFilterCommitType(t *testing.T) {
|
|
mkReq := func(commitType string) CommitRequest {
|
|
return CommitRequest{Type: commitType}
|
|
}
|
|
|
|
runCommitMatchTests(t, []filterCommitMatchTest{
|
|
{
|
|
descr: "single match",
|
|
filter: FilterCommitType{
|
|
Type: "foo",
|
|
},
|
|
req: mkReq("foo"),
|
|
match: true,
|
|
},
|
|
{
|
|
descr: "single no match",
|
|
filter: FilterCommitType{
|
|
Type: "foo",
|
|
},
|
|
req: mkReq("bar"),
|
|
match: false,
|
|
},
|
|
{
|
|
descr: "multi match first",
|
|
filter: FilterCommitType{
|
|
Types: []string{"foo", "bar"},
|
|
},
|
|
req: mkReq("foo"),
|
|
match: true,
|
|
},
|
|
{
|
|
descr: "multi match second",
|
|
filter: FilterCommitType{
|
|
Types: []string{"foo", "bar"},
|
|
},
|
|
req: mkReq("bar"),
|
|
match: true,
|
|
},
|
|
{
|
|
descr: "multi no match",
|
|
filter: FilterCommitType{
|
|
Types: []string{"foo", "bar"},
|
|
},
|
|
req: mkReq("baz"),
|
|
match: false,
|
|
},
|
|
})
|
|
}
|