(t *testing.T)
| 15 | ) |
| 16 | |
| 17 | func TestAclCache(t *testing.T) { |
| 18 | AclCachePtr = &AclCache{ |
| 19 | predPerms: make(map[string]map[string]int32), |
| 20 | } |
| 21 | |
| 22 | var emptyGroups []string |
| 23 | group := "dev" |
| 24 | predicate := x.AttrInRootNamespace("friend") |
| 25 | require.Error(t, AclCachePtr.AuthorizePredicate(emptyGroups, predicate, acl.Read), |
| 26 | "the anonymous user should not have access when the acl cache is empty") |
| 27 | |
| 28 | acls := []acl.Acl{ |
| 29 | { |
| 30 | // update operation on acl cache needs predicate without namespace. |
| 31 | Predicate: x.ParseAttr(predicate), |
| 32 | Perm: 4, |
| 33 | }, |
| 34 | } |
| 35 | groups := []acl.Group{ |
| 36 | { |
| 37 | GroupID: group, |
| 38 | Rules: acls, |
| 39 | }, |
| 40 | } |
| 41 | AclCachePtr.Update(x.RootNamespace, groups) |
| 42 | // after a rule is defined, the anonymous user should no longer have access |
| 43 | require.Error(t, AclCachePtr.AuthorizePredicate(emptyGroups, predicate, acl.Read), |
| 44 | "the anonymous user should not have access when the predicate has acl defined") |
| 45 | require.NoError(t, AclCachePtr.AuthorizePredicate([]string{group}, predicate, acl.Read), |
| 46 | "the user with group authorized should have access") |
| 47 | |
| 48 | // update the cache with empty acl list in order to clear the cache |
| 49 | AclCachePtr.Update(x.RootNamespace, []acl.Group{}) |
| 50 | // the anonymous user should have access again |
| 51 | require.Error(t, AclCachePtr.AuthorizePredicate(emptyGroups, predicate, acl.Read), |
| 52 | "the anonymous user should not have access when the acl cache is empty") |
| 53 | } |
nothing calls this directly
no test coverage detected