package data import ( "database/sql" "os" "testing" _ "github.com/mattn/go-sqlite3" ) func setupTestDB(t *testing.T) (*sql.DB, func()) { // Create a temporary database for testing db, err := sql.Open("sqlite3", ":memory:") if err != nil { t.Fatalf("Failed to open in-memory database: %v", err) } // Read the schema file schemaBytes, err := os.ReadFile("../database/schema.sql") if err != nil { t.Fatalf("Failed to read schema file: %v", err) } schema := string(schemaBytes) // Execute the schema _, err = db.Exec(schema) if err != nil { t.Fatalf("Failed to execute schema: %v", err) } // Create test data setupTestData(t, db) // Return the database and a cleanup function return db, func() { db.Close() } } func setupTestData(t *testing.T, db *sql.DB) { // Create test users _, err := db.Exec(`INSERT INTO users (id, created, user, password, salt) VALUES ('user1', 1622505600, 'testadmin', 'dummy', 'dummy'), ('user2', 1622505600, 'testoperator', 'dummy', 'dummy'), ('user3', 1622505600, 'testuser', 'dummy', 'dummy')`) if err != nil { t.Fatalf("Failed to insert test users: %v", err) } // Create test roles (these should already exist from schema.sql) // But we'll check and insert if needed var count int err = db.QueryRow("SELECT COUNT(*) FROM roles WHERE role = 'admin'").Scan(&count) if err != nil { t.Fatalf("Failed to check roles: %v", err) } if count == 0 { _, err = db.Exec(`INSERT INTO roles (id, role) VALUES ('role_admin', 'admin'), ('role_db_operator', 'db_operator'), ('role_user', 'user')`) if err != nil { t.Fatalf("Failed to insert test roles: %v", err) } } // Assign roles to users _, err = db.Exec(`INSERT INTO user_roles (id, uid, rid) VALUES ('ur1', 'user1', 'role_admin'), ('ur2', 'user2', 'role_db_operator'), ('ur3', 'user3', 'role_user')`) if err != nil { t.Fatalf("Failed to assign roles to users: %v", err) } } func TestUserHasPermission(t *testing.T) { db, cleanup := setupTestDB(t) defer cleanup() authService := NewAuthorizationService(db) tests := []struct { name string userID string resource string action string want bool }{ { name: "Admin has database read permission", userID: "user1", resource: "database_credentials", action: "read", want: true, }, { name: "Admin has database write permission", userID: "user1", resource: "database_credentials", action: "write", want: true, }, { name: "DB Operator has database read permission", userID: "user2", resource: "database_credentials", action: "read", want: true, }, { name: "DB Operator does not have database write permission", userID: "user2", resource: "database_credentials", action: "write", want: false, }, { name: "Regular user does not have database read permission", userID: "user3", resource: "database_credentials", action: "read", want: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got, err := authService.UserHasPermission(tt.userID, tt.resource, tt.action) if err != nil { t.Errorf("AuthorizationService.UserHasPermission() error = %v", err) return } if got != tt.want { t.Errorf("AuthorizationService.UserHasPermission() = %v, want %v", got, tt.want) } }) } } func TestGetUserPermissions(t *testing.T) { db, cleanup := setupTestDB(t) defer cleanup() authService := NewAuthorizationService(db) t.Run("Admin has all permissions", func(t *testing.T) { permissions, err := authService.GetUserPermissions("user1") if err != nil { t.Errorf("AuthorizationService.GetUserPermissions() error = %v", err) return } // Admin should have 4 permissions if len(permissions) != 4 { t.Errorf("Admin should have 4 permissions, got %d", len(permissions)) } // Check for specific permissions hasDBRead := false hasDBWrite := false for _, p := range permissions { if p.Resource == "database_credentials" && p.Action == "read" { hasDBRead = true } if p.Resource == "database_credentials" && p.Action == "write" { hasDBWrite = true } } if !hasDBRead { t.Errorf("Admin should have database_credentials:read permission") } if !hasDBWrite { t.Errorf("Admin should have database_credentials:write permission") } }) t.Run("DB Operator has limited permissions", func(t *testing.T) { permissions, err := authService.GetUserPermissions("user2") if err != nil { t.Errorf("AuthorizationService.GetUserPermissions() error = %v", err) return } // DB Operator should have 1 permission if len(permissions) != 1 { t.Errorf("DB Operator should have 1 permission, got %d", len(permissions)) } // Check for specific permissions hasDBRead := false hasDBWrite := false for _, p := range permissions { if p.Resource == "database_credentials" && p.Action == "read" { hasDBRead = true } if p.Resource == "database_credentials" && p.Action == "write" { hasDBWrite = true } } if !hasDBRead { t.Errorf("DB Operator should have database_credentials:read permission") } if hasDBWrite { t.Errorf("DB Operator should not have database_credentials:write permission") } }) t.Run("Regular user has no permissions", func(t *testing.T) { permissions, err := authService.GetUserPermissions("user3") if err != nil { t.Errorf("AuthorizationService.GetUserPermissions() error = %v", err) return } // Regular user should have 0 permissions if len(permissions) != 0 { t.Errorf("Regular user should have 0 permissions, got %d", len(permissions)) } }) }