1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
describe("util.roles", function ()
randomize(false);
local roles;
it("can be loaded", function ()
roles = require "util.roles";
end);
local test_role;
it("can create a new role", function ()
test_role = roles.new();
assert.is_not_nil(test_role);
assert.is_truthy(roles.is_role(test_role));
end);
describe("role object", function ()
it("can be initialized with permissions", function ()
local test_role_2 = roles.new({
permissions = {
perm1 = true;
perm2 = false;
};
});
assert.truthy(test_role_2:may("perm1"));
assert.falsy(test_role_2:may("perm2"));
end);
it("has a sensible tostring", function ()
local test_role_2 = roles.new({
id = "test-role-2";
name = "Test Role 2";
});
assert.truthy(tostring(test_role_2):find(test_role_2.id, 1, true));
assert.truthy(tostring(test_role_2):find("Test Role 2", 1, true));
end);
it("is restrictive by default", function ()
assert.falsy(test_role:may("my-permission"));
end);
it("allows you to set permissions", function ()
test_role:set_permission("my-permission", true);
assert.truthy(test_role:may("my-permission"));
end);
it("allows you to set negative permissions", function ()
test_role:set_permission("my-other-permission", false);
assert.falsy(test_role:may("my-other-permission"));
end);
it("does not allows you to override previously set permissions by default", function ()
local ok, err = test_role:set_permission("my-permission", false);
assert.falsy(ok);
assert.is_equal("policy-already-exists", err);
-- Confirm old permission still in place
assert.truthy(test_role:may("my-permission"));
end);
it("allows you to explicitly override previously set permissions", function ()
assert.truthy(test_role:set_permission("my-permission", false, true));
assert.falsy(test_role:may("my-permission"));
end);
describe("inheritance", function ()
local child_role;
it("works", function ()
test_role:set_permission("inherited-permission", true);
child_role = roles.new({
inherits = { test_role };
});
assert.truthy(child_role:may("inherited-permission"));
assert.falsy(child_role:may("my-permission"));
end);
it("allows listing policies", function ()
local expected = {
["my-permission"] = false;
["my-other-permission"] = false;
["inherited-permission"] = true;
};
local received = {};
for permission_name, permission_policy in child_role:policies() do
received[permission_name] = permission_policy;
end
assert.same(expected, received);
end);
it("supports multiple depths of inheritance", function ()
local grandchild_role = roles.new({
inherits = { child_role };
});
assert.truthy(grandchild_role:may("inherited-permission"));
end);
describe("supports ordered inheritance from multiple roles", function ()
local parent_role = roles.new();
local final_role = roles.new({
-- Yes, the names are getting confusing.
-- btw, test_role is inherited through child_role.
inherits = { parent_role, child_role };
});
local test_cases = {
-- { <final_role policy>, <parent_role policy>, <test_role policy> }
{ true, nil, false, result = true };
{ nil, false, true, result = false };
{ nil, true, false, result = true };
{ nil, nil, false, result = false };
{ nil, nil, true, result = true };
};
for n, test_case in ipairs(test_cases) do
it("(case "..n..")", function ()
local perm_name = ("multi-inheritance-perm-%d"):format(n);
assert.truthy(final_role:set_permission(perm_name, test_case[1]));
assert.truthy(parent_role:set_permission(perm_name, test_case[2]));
assert.truthy(test_role:set_permission(perm_name, test_case[3]));
assert.equal(test_case.result, final_role:may(perm_name));
end);
end
end);
it("updates child roles when parent roles change", function ()
assert.truthy(child_role:may("inherited-permission"));
assert.truthy(test_role:set_permission("inherited-permission", false, true));
assert.falsy(child_role:may("inherited-permission"));
end);
end);
describe("cloning", function ()
local cloned_role;
it("works", function ()
assert.truthy(test_role:set_permission("perm-1", true));
cloned_role = test_role:clone();
assert.truthy(cloned_role:may("perm-1"));
end);
it("isolates changes", function ()
-- After cloning, changes in either the original or the clone
-- should not appear in the other.
assert.truthy(test_role:set_permission("perm-1", false, true));
assert.truthy(test_role:set_permission("perm-2", true));
assert.truthy(cloned_role:set_permission("perm-3", true));
assert.truthy(cloned_role:may("perm-1"));
assert.falsy(cloned_role:may("perm-2"));
assert.falsy(test_role:may("perm-3"));
end);
end);
end);
end);
|
