MCPcopy
hub / github.com/kopia/kopia / verifyLegacyAuthorizer

Function verifyLegacyAuthorizer

internal/auth/authz_test.go:119–189  ·  view source on GitHub ↗

nolint:thelper

(ctx context.Context, t *testing.T, rep repo.Repository, authorizer auth.Authorizer)

Source from the content-addressed store, hash-verified

117
118//nolint:thelper
119func verifyLegacyAuthorizer(ctx context.Context, t *testing.T, rep repo.Repository, authorizer auth.Authorizer) {
120 cases := []struct {
121 usernameAtHost string
122 globalPolicyAccess auth.AccessLevel
123 fooAtBarPathPolicyAccess auth.AccessLevel
124 fooAtBazPathPolicyAccess auth.AccessLevel
125 fooAtBarPolicyAccess auth.AccessLevel
126 fooAtBazPolicyAccess auth.AccessLevel
127 barPolicyAccess auth.AccessLevel
128 bazPolicyAccess auth.AccessLevel
129 fooAtBarSnapshotAccess auth.AccessLevel
130 fooAtBazSnapshotAccess auth.AccessLevel
131 }{
132 {
133 usernameAtHost: "foo@bar",
134 globalPolicyAccess: auth.AccessLevelRead,
135 fooAtBarPathPolicyAccess: auth.AccessLevelFull, // full access to own path policies
136 fooAtBazPathPolicyAccess: auth.AccessLevelNone,
137 fooAtBarPolicyAccess: auth.AccessLevelFull, // full access to own user policy
138 fooAtBazPolicyAccess: auth.AccessLevelNone,
139 barPolicyAccess: auth.AccessLevelRead, // read access to own host policy
140 bazPolicyAccess: auth.AccessLevelNone,
141 fooAtBarSnapshotAccess: auth.AccessLevelFull, // full access to own snapshot
142 fooAtBazSnapshotAccess: auth.AccessLevelNone,
143 },
144 {
145 usernameAtHost: "evil@bar",
146 globalPolicyAccess: auth.AccessLevelRead,
147 fooAtBarPathPolicyAccess: auth.AccessLevelNone,
148 fooAtBazPathPolicyAccess: auth.AccessLevelNone,
149 fooAtBarPolicyAccess: auth.AccessLevelNone,
150 fooAtBazPolicyAccess: auth.AccessLevelNone,
151 barPolicyAccess: auth.AccessLevelRead,
152 bazPolicyAccess: auth.AccessLevelNone,
153 fooAtBarSnapshotAccess: auth.AccessLevelNone,
154 fooAtBazSnapshotAccess: auth.AccessLevelNone,
155 },
156 {
157 usernameAtHost: "evil@elsewhere",
158 globalPolicyAccess: auth.AccessLevelRead,
159 fooAtBarPathPolicyAccess: auth.AccessLevelNone,
160 fooAtBazPathPolicyAccess: auth.AccessLevelNone,
161 fooAtBarPolicyAccess: auth.AccessLevelNone,
162 fooAtBazPolicyAccess: auth.AccessLevelNone,
163 barPolicyAccess: auth.AccessLevelNone,
164 bazPolicyAccess: auth.AccessLevelNone,
165 fooAtBarSnapshotAccess: auth.AccessLevelNone,
166 fooAtBazSnapshotAccess: auth.AccessLevelNone,
167 },
168 }
169
170 for _, tc := range cases {
171 t.Run(tc.usernameAtHost, func(t *testing.T) {
172 a := authorizer.Authorize(ctx, rep, tc.usernameAtHost)
173
174 if got, want := a.ContentAccessLevel(), auth.AccessLevelFull; got != want {
175 t.Errorf("invalid content access level: %v, want %v", got, want)
176 }

Callers 3

TestLegacyAuthorizerFunction · 0.85

Calls 5

ErrorfMethod · 0.80
RunMethod · 0.65
AuthorizeMethod · 0.65
ContentAccessLevelMethod · 0.65

Tested by

no test coverage detected