kyle
/
mcias
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mcias/data/auth_test.go

223 lines
5.6 KiB
Go
Raw Blame History

package data
import (
"database/sql"
"os"
"testing"
_ "github.com/mattn/go-sqlite3"
)
func setupTestDB(t *testing.T) (*sql.DB, func()) {
// Create a temporary database for testing
db, err := sql.Open("sqlite3", ":memory:")
if err != nil {
t.Fatalf("Failed to open in-memory database: %v", err)
}
// Read the schema file
schemaBytes, err := os.ReadFile("../database/schema.sql")
if err != nil {
t.Fatalf("Failed to read schema file: %v", err)
}
schema := string(schemaBytes)
// Execute the schema
_, err = db.Exec(schema)
if err != nil {
t.Fatalf("Failed to execute schema: %v", err)
}
// Create test data
setupTestData(t, db)
// Return the database and a cleanup function
return db, func() {
db.Close()
}
}
func setupTestData(t *testing.T, db *sql.DB) {
// Create test users
_, err := db.Exec(`INSERT INTO users (id, created, user, password, salt) VALUES
('user1', 1622505600, 'testadmin', 'dummy', 'dummy'),
('user2', 1622505600, 'testoperator', 'dummy', 'dummy'),
('user3', 1622505600, 'testuser', 'dummy', 'dummy')`)
if err != nil {
t.Fatalf("Failed to insert test users: %v", err)
}
// Create test roles (these should already exist from schema.sql)
// But we'll check and insert if needed
var count int
err = db.QueryRow("SELECT COUNT(*) FROM roles WHERE role = 'admin'").Scan(&count)
if err != nil {
t.Fatalf("Failed to check roles: %v", err)
}
if count == 0 {
_, err = db.Exec(`INSERT INTO roles (id, role) VALUES
('role_admin', 'admin'),
('role_db_operator', 'db_operator'),
('role_user', 'user')`)
if err != nil {
t.Fatalf("Failed to insert test roles: %v", err)
}
}
// Assign roles to users
_, err = db.Exec(`INSERT INTO user_roles (id, uid, rid) VALUES
('ur1', 'user1', 'role_admin'),
('ur2', 'user2', 'role_db_operator'),
('ur3', 'user3', 'role_user')`)
if err != nil {
t.Fatalf("Failed to assign roles to users: %v", err)
}
}
func TestUserHasPermission(t *testing.T) {
db, cleanup := setupTestDB(t)
defer cleanup()
authService := NewAuthorizationService(db)
tests := []struct {
name string
userID string
resource string
action string
want bool
}{
{
name: "Admin has database read permission",
userID: "user1",
resource: "database_credentials",
action: "read",
want: true,
},
{
name: "Admin has database write permission",
userID: "user1",
resource: "database_credentials",
action: "write",
want: true,
},
{
name: "DB Operator has database read permission",
userID: "user2",
resource: "database_credentials",
action: "read",
want: true,
},
{
name: "DB Operator does not have database write permission",
userID: "user2",
resource: "database_credentials",
action: "write",
want: false,
},
{
name: "Regular user does not have database read permission",
userID: "user3",
resource: "database_credentials",
action: "read",
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := authService.UserHasPermission(tt.userID, tt.resource, tt.action)
if err != nil {
t.Errorf("AuthorizationService.UserHasPermission() error = %v", err)
return
}
if got != tt.want {
t.Errorf("AuthorizationService.UserHasPermission() = %v, want %v", got, tt.want)
}
})
}
}
func TestGetUserPermissions(t *testing.T) {
db, cleanup := setupTestDB(t)
defer cleanup()
authService := NewAuthorizationService(db)
t.Run("Admin has all permissions", func(t *testing.T) {
permissions, err := authService.GetUserPermissions("user1")
if err != nil {
t.Errorf("AuthorizationService.GetUserPermissions() error = %v", err)
return
}
// Admin should have 4 permissions
if len(permissions) != 4 {
t.Errorf("Admin should have 4 permissions, got %d", len(permissions))
}
// Check for specific permissions
hasDBRead := false
hasDBWrite := false
for _, p := range permissions {
if p.Resource == "database_credentials" && p.Action == "read" {
hasDBRead = true
}
if p.Resource == "database_credentials" && p.Action == "write" {
hasDBWrite = true
}
}
if !hasDBRead {
t.Errorf("Admin should have database_credentials:read permission")
}
if !hasDBWrite {
t.Errorf("Admin should have database_credentials:write permission")
}
})
t.Run("DB Operator has limited permissions", func(t *testing.T) {
permissions, err := authService.GetUserPermissions("user2")
if err != nil {
t.Errorf("AuthorizationService.GetUserPermissions() error = %v", err)
return
}
// DB Operator should have 1 permission
if len(permissions) != 1 {
t.Errorf("DB Operator should have 1 permission, got %d", len(permissions))
}
// Check for specific permissions
hasDBRead := false
hasDBWrite := false
for _, p := range permissions {
if p.Resource == "database_credentials" && p.Action == "read" {
hasDBRead = true
}
if p.Resource == "database_credentials" && p.Action == "write" {
hasDBWrite = true
}
}
if !hasDBRead {
t.Errorf("DB Operator should have database_credentials:read permission")
}
if hasDBWrite {
t.Errorf("DB Operator should not have database_credentials:write permission")
}
})
t.Run("Regular user has no permissions", func(t *testing.T) {
permissions, err := authService.GetUserPermissions("user3")
if err != nil {
t.Errorf("AuthorizationService.GetUserPermissions() error = %v", err)
return
}
// Regular user should have 0 permissions
if len(permissions) != 0 {
t.Errorf("Regular user should have 0 permissions, got %d", len(permissions))
}
})
}
Reference in New Issue View Git Blame Copy Permalink