MCPcopy Index your code
hub / github.com/authorizerdev/authorizer / TestFGA

Function TestFGA

internal/integration_tests/fga_test.go:181–655  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

179}
180
181func TestFGA(t *testing.T) {
182 cfg := getTestConfig()
183 ts, eng := initFGATestSetup(t, cfg)
184 req, ctx := createContext(ts)
185
186 // Create + log in a regular user; their token sub is the principal.
187 email := "fga_test_" + uuid.New().String() + "@authorizer.dev"
188 password := "Password@123"
189 _, err := ts.GraphQLProvider.SignUp(ctx, &model.SignUpRequest{
190 Email: &email, Password: password, ConfirmPassword: password,
191 })
192 require.NoError(t, err)
193 loginRes, err := ts.GraphQLProvider.Login(ctx, &model.LoginRequest{Email: &email, Password: password})
194 require.NoError(t, err)
195 require.NotNil(t, loginRes)
196 userID := loginRes.User.ID
197 sessionToken := latestAppSessionCookie(ts)
198 require.NotEmpty(t, sessionToken)
199
200 // ---- Admin: write the authorization model. ----
201 t.Run("_fga_write_model requires super admin", func(t *testing.T) {
202 clearCookies(ts)
203 res, err := ts.GraphQLProvider.FgaWriteModel(ctx, &model.FgaWriteModelInput{Dsl: fgaTestModel})
204 assert.Error(t, err)
205 assert.Nil(t, res)
206 })
207
208 setAdminCookie(t, ts)
209
210 // ---- Admin: a fresh store (no model yet) is an empty state, NOT an error. ----
211 t.Run("_fga_get_model returns empty model on a fresh store", func(t *testing.T) {
212 res, err := ts.GraphQLProvider.FgaGetModel(ctx)
213 require.NoError(t, err, "no model yet must be an empty state, not an error")
214 require.NotNil(t, res)
215 assert.Empty(t, res.ID)
216 assert.Empty(t, res.Dsl)
217 })
218
219 modelRes, err := ts.GraphQLProvider.FgaWriteModel(ctx, &model.FgaWriteModelInput{Dsl: fgaTestModel})
220 require.NoError(t, err)
221 require.NotNil(t, modelRes)
222 require.NotEmpty(t, modelRes.ID)
223
224 // ---- Admin: write tuples granting THIS user viewer on document:1 only. ----
225 _, err = ts.GraphQLProvider.FgaWriteTuples(ctx, &model.FgaWriteTuplesInput{
226 Tuples: []*model.FgaTupleInput{
227 {User: "user:" + userID, Relation: "viewer", Object: "document:1"},
228 },
229 })
230 require.NoError(t, err)
231
232 // ---- Admin: a tuple that doesn't match the model gets a friendly error. ----
233 t.Run("_fga_write_tuples maps model-validation errors to an actionable message", func(t *testing.T) {
234 _, err := ts.GraphQLProvider.FgaWriteTuples(ctx, &model.FgaWriteTuplesInput{
235 Tuples: []*model.FgaTupleInput{
236 {User: "user:" + userID, Relation: "owner", Object: "document:1"},
237 },
238 })

Callers

nothing calls this directly

Calls 15

NewStringRefFunction · 0.92
getTestConfigFunction · 0.85
initFGATestSetupFunction · 0.85
createContextFunction · 0.85
latestAppSessionCookieFunction · 0.85
clearCookiesFunction · 0.85
setAdminCookieFunction · 0.85
ErrorMethod · 0.80
SignUpMethod · 0.65
LoginMethod · 0.65
FgaWriteModelMethod · 0.65
FgaGetModelMethod · 0.65

Tested by

no test coverage detected