MCPcopy
hub / github.com/ory/keto / TestCheckCommand

Function TestCheckCommand

cmd/check/root_test.go:18–94  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

16)
17
18func TestCheckCommand(t *testing.T) {
19 nspace := &namespace.Namespace{Name: t.Name()}
20 nspaceUser := &namespace.Namespace{Name: "User"}
21
22 newCmd := func() *cobra.Command {
23 cmd := &cobra.Command{
24 Use: "keto",
25 }
26 RegisterCommandsRecursive(cmd)
27 relationtuple.RegisterCommandsRecursive(cmd)
28 return cmd
29 }
30
31 ts := client.NewTestServer(t, []*namespace.Namespace{nspace, nspaceUser}, newCmd)
32 defer ts.Shutdown(t)
33
34 tuple1 := helpers.RandomTupleWithSubjectID(nspace.Name)
35 tuple2 := helpers.RandomTupleWithSubjectSet(nspace.Name, nspaceUser.Name)
36 ts.Cmd.ExecNoErr(t, "relation-tuple", "create", tuple2.SubjectSet.String(), tuple2.Relation, tuple2.Namespace+":"+tuple2.Object)
37 ts.Cmd.ExecNoErr(t, "relation-tuple", "create", *tuple1.SubjectID, tuple1.Relation, tuple1.Namespace+":"+tuple1.Object)
38
39 t.Run("case=SubjectSet", func(t *testing.T) {
40 subject := tuple2.SubjectSet.String()
41 rel := tuple2.Relation
42 nsObj := tuple2.Namespace + ":" + tuple2.Object
43
44 noPermSubject := tuple2.SubjectSet.Namespace + ":no-perm-subject"
45
46 t.Run("case=allowed when tuple exists", func(t *testing.T) {
47 stdOut := ts.Cmd.ExecNoErr(t, "check", subject, rel, nsObj)
48 require.Equal(t, "Allowed\n", stdOut)
49 })
50
51 t.Run("case=denied for unrelated subject", func(t *testing.T) {
52 stdOut := ts.Cmd.ExecNoErr(t, "check", noPermSubject, rel, nsObj)
53 require.Equal(t, "Denied\n", stdOut)
54 })
55
56 t.Run("case=4-arg format still works with deprecation warning", func(t *testing.T) {
57 stdOut, stdErr, err := ts.Cmd.Exec(nil, "check", subject, rel, tuple2.Namespace, tuple2.Object)
58 require.NoError(t, err)
59 require.Equal(t, "Allowed\n", stdOut)
60 require.Contains(t, stdErr, "deprecated")
61 })
62
63 t.Run("case=errors on invalid namespace:object format", func(t *testing.T) {
64 _, stdErr, err := ts.Cmd.Exec(nil, "check", subject, rel, "no-colon-here")
65 require.Error(t, err)
66 require.Contains(t, stdErr, "expected <object_namespace>:<object_id> format")
67 })
68 })
69
70 t.Run("case=SubjectID", func(t *testing.T) {
71 subject := *tuple1.SubjectID
72 rel := tuple1.Relation
73 nsObj := tuple1.Namespace + ":" + tuple1.Object
74
75 noPermSubject := "no-perm-subject"

Callers

nothing calls this directly

Calls 11

ShutdownMethod · 0.95
NewTestServerFunction · 0.92
RandomTupleWithSubjectIDFunction · 0.92
ExecNoErrMethod · 0.80
StringMethod · 0.65
ExecMethod · 0.65
NameMethod · 0.45
ErrorMethod · 0.45

Tested by

no test coverage detected