You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.5 KiB
Go
44 lines
1.5 KiB
Go
package rbac
|
|
|
|
// Tests for RBAC role permissions and role validation.
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// TestRolePermissions verifies role permission checks for individual and aggregate queries.
|
|
func TestRolePermissions(t *testing.T) {
|
|
require.True(t, HasPermission(RolePlayer, PermissionPlayGame))
|
|
require.False(t, HasPermission(RolePlayer, PermissionManageSystem))
|
|
|
|
require.True(t, HasAnyPermission(RoleModerator, PermissionViewUsers, PermissionManageSystem))
|
|
require.False(t, HasAnyPermission(RolePlayer, PermissionManageSystem))
|
|
|
|
require.True(t, HasAllPermissions(RoleAdmin, PermissionManageSystem, PermissionViewDashboard))
|
|
require.False(t, HasAllPermissions(RolePlayer, PermissionViewDashboard, PermissionPlayGame))
|
|
}
|
|
|
|
// TestUserHasPermission verifies role strings grant expected permissions.
|
|
func TestUserHasPermission(t *testing.T) {
|
|
require.True(t, UserHasPermission([]string{"player"}, PermissionPlayGame))
|
|
require.False(t, UserHasPermission([]string{"player"}, PermissionManageSystem))
|
|
}
|
|
|
|
// TestGetPermissionsReturnsCopy ensures returned permission slices are not shared.
|
|
func TestGetPermissionsReturnsCopy(t *testing.T) {
|
|
perms := GetPermissions(RolePlayer)
|
|
require.NotEmpty(t, perms)
|
|
perms[0] = PermissionManageSystem
|
|
|
|
fresh := GetPermissions(RolePlayer)
|
|
require.Equal(t, PermissionPlayGame, fresh[0])
|
|
}
|
|
|
|
// TestIsValidRole verifies known roles are accepted and unknown roles rejected.
|
|
func TestIsValidRole(t *testing.T) {
|
|
require.True(t, IsValidRole("player"))
|
|
require.False(t, IsValidRole("ghost"))
|
|
}
|