aboutsummaryrefslogtreecommitdiffstats
path: root/spec/util_roles_spec.lua
diff options
context:
space:
mode:
Diffstat (limited to 'spec/util_roles_spec.lua')
-rw-r--r--spec/util_roles_spec.lua134
1 files changed, 134 insertions, 0 deletions
diff --git a/spec/util_roles_spec.lua b/spec/util_roles_spec.lua
new file mode 100644
index 00000000..44d2a977
--- /dev/null
+++ b/spec/util_roles_spec.lua
@@ -0,0 +1,134 @@
+describe("util.roles", function ()
+ randomize(false);
+ local roles;
+ it("can be loaded", function ()
+ roles = require "util.roles";
+ end);
+ local test_role;
+ it("can create a new role", function ()
+ test_role = roles.new();
+ assert.is_not_nil(test_role);
+ assert.is_truthy(roles.is_role(test_role));
+ end);
+ describe("role object", function ()
+ it("can be initialized with permissions", function ()
+ local test_role_2 = roles.new({
+ permissions = {
+ perm1 = true;
+ perm2 = false;
+ };
+ });
+ assert.truthy(test_role_2:may("perm1"));
+ assert.falsy(test_role_2:may("perm2"));
+ end);
+ it("has a sensible tostring", function ()
+ local test_role_2 = roles.new({
+ id = "test-role-2";
+ name = "Test Role 2";
+ });
+ assert.truthy(tostring(test_role_2):find(test_role_2.id, 1, true));
+ assert.truthy(tostring(test_role_2):find("Test Role 2", 1, true));
+ end);
+ it("is restrictive by default", function ()
+ assert.falsy(test_role:may("my-permission"));
+ end);
+ it("allows you to set permissions", function ()
+ test_role:set_permission("my-permission", true);
+ assert.truthy(test_role:may("my-permission"));
+ end);
+ it("allows you to set negative permissions", function ()
+ test_role:set_permission("my-other-permission", false);
+ assert.falsy(test_role:may("my-other-permission"));
+ end);
+ it("does not allows you to override previously set permissions by default", function ()
+ local ok, err = test_role:set_permission("my-permission", false);
+ assert.falsy(ok);
+ assert.is_equal("policy-already-exists", err);
+ -- Confirm old permission still in place
+ assert.truthy(test_role:may("my-permission"));
+ end);
+ it("allows you to explicitly override previously set permissions", function ()
+ assert.truthy(test_role:set_permission("my-permission", false, true));
+ assert.falsy(test_role:may("my-permission"));
+ end);
+ describe("inheritance", function ()
+ local child_role;
+ it("works", function ()
+ test_role:set_permission("inherited-permission", true);
+ child_role = roles.new({
+ inherits = { test_role };
+ });
+ assert.truthy(child_role:may("inherited-permission"));
+ assert.falsy(child_role:may("my-permission"));
+ end);
+ it("allows listing policies", function ()
+ local expected = {
+ ["my-permission"] = false;
+ ["my-other-permission"] = false;
+ ["inherited-permission"] = true;
+ };
+ local received = {};
+ for permission_name, permission_policy in child_role:policies() do
+ received[permission_name] = permission_policy;
+ end
+ assert.same(expected, received);
+ end);
+ it("supports multiple depths of inheritance", function ()
+ local grandchild_role = roles.new({
+ inherits = { child_role };
+ });
+ assert.truthy(grandchild_role:may("inherited-permission"));
+ end);
+ describe("supports ordered inheritance from multiple roles", function ()
+ local parent_role = roles.new();
+ local final_role = roles.new({
+ -- Yes, the names are getting confusing.
+ -- btw, test_role is inherited through child_role.
+ inherits = { parent_role, child_role };
+ });
+
+ local test_cases = {
+ -- { <final_role policy>, <parent_role policy>, <test_role policy> }
+ { true, nil, false, result = true };
+ { nil, false, true, result = false };
+ { nil, true, false, result = true };
+ { nil, nil, false, result = false };
+ { nil, nil, true, result = true };
+ };
+
+ for n, test_case in ipairs(test_cases) do
+ it("(case "..n..")", function ()
+ local perm_name = ("multi-inheritance-perm-%d"):format(n);
+ assert.truthy(final_role:set_permission(perm_name, test_case[1]));
+ assert.truthy(parent_role:set_permission(perm_name, test_case[2]));
+ assert.truthy(test_role:set_permission(perm_name, test_case[3]));
+ assert.equal(test_case.result, final_role:may(perm_name));
+ end);
+ end
+ end);
+ it("updates child roles when parent roles change", function ()
+ assert.truthy(child_role:may("inherited-permission"));
+ assert.truthy(test_role:set_permission("inherited-permission", false, true));
+ assert.falsy(child_role:may("inherited-permission"));
+ end);
+ end);
+ describe("cloning", function ()
+ local cloned_role;
+ it("works", function ()
+ assert.truthy(test_role:set_permission("perm-1", true));
+ cloned_role = test_role:clone();
+ assert.truthy(cloned_role:may("perm-1"));
+ end);
+ it("isolates changes", function ()
+ -- After cloning, changes in either the original or the clone
+ -- should not appear in the other.
+ assert.truthy(test_role:set_permission("perm-1", false, true));
+ assert.truthy(test_role:set_permission("perm-2", true));
+ assert.truthy(cloned_role:set_permission("perm-3", true));
+ assert.truthy(cloned_role:may("perm-1"));
+ assert.falsy(cloned_role:may("perm-2"));
+ assert.falsy(test_role:may("perm-3"));
+ end);
+ end);
+ end);
+end);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 13:10:55 +0000