MCPcopy
hub / github.com/dgraph-io/dgraph / TestAclCache

Function TestAclCache

worker/acl_cache_test.go:17–53  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

15)
16
17func TestAclCache(t *testing.T) {
18 AclCachePtr = &AclCache{
19 predPerms: make(map[string]map[string]int32),
20 }
21
22 var emptyGroups []string
23 group := "dev"
24 predicate := x.AttrInRootNamespace("friend")
25 require.Error(t, AclCachePtr.AuthorizePredicate(emptyGroups, predicate, acl.Read),
26 "the anonymous user should not have access when the acl cache is empty")
27
28 acls := []acl.Acl{
29 {
30 // update operation on acl cache needs predicate without namespace.
31 Predicate: x.ParseAttr(predicate),
32 Perm: 4,
33 },
34 }
35 groups := []acl.Group{
36 {
37 GroupID: group,
38 Rules: acls,
39 },
40 }
41 AclCachePtr.Update(x.RootNamespace, groups)
42 // after a rule is defined, the anonymous user should no longer have access
43 require.Error(t, AclCachePtr.AuthorizePredicate(emptyGroups, predicate, acl.Read),
44 "the anonymous user should not have access when the predicate has acl defined")
45 require.NoError(t, AclCachePtr.AuthorizePredicate([]string{group}, predicate, acl.Read),
46 "the user with group authorized should have access")
47
48 // update the cache with empty acl list in order to clear the cache
49 AclCachePtr.Update(x.RootNamespace, []acl.Group{})
50 // the anonymous user should have access again
51 require.Error(t, AclCachePtr.AuthorizePredicate(emptyGroups, predicate, acl.Read),
52 "the anonymous user should not have access when the acl cache is empty")
53}

Callers

nothing calls this directly

Calls 5

AttrInRootNamespaceFunction · 0.92
ParseAttrFunction · 0.92
AuthorizePredicateMethod · 0.80
ErrorMethod · 0.45
UpdateMethod · 0.45

Tested by

no test coverage detected