frostfs-node/pkg/services/object/acl/basic_helper_test.go

package acl

import (
	"testing"

	"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
	"github.com/stretchr/testify/require"
)

// from neofs-api basic ACL specification
const (
	privateContainer          uint32 = 0x1C8C8CCC
	publicContainerWithSticky uint32 = 0x3FFFFFFF
	readonlyContainer         uint32 = 0x1FFFCCFF
)

var (
	allOperations = []eacl.Operation{
		eacl.OperationGet, eacl.OperationPut, eacl.OperationDelete,
		eacl.OperationHead, eacl.OperationSearch, eacl.OperationRange,
		eacl.OperationRangeHash,
	}
)

func TestDefaultBasicACLs(t *testing.T) {
	t.Run("private", func(t *testing.T) {
		r := basicACLHelper(privateContainer)

		require.False(t, r.Sticky())

		for _, op := range allOperations {
			require.True(t, r.UserAllowed(op))
			require.False(t, r.OthersAllowed(op))
			if op == eacl.OperationDelete || op == eacl.OperationRange {
				require.False(t, r.SystemAllowed(op))
			} else {
				require.True(t, r.SystemAllowed(op))
			}
		}
	})

	t.Run("public with sticky", func(t *testing.T) {
		r := basicACLHelper(publicContainerWithSticky)

		require.True(t, r.Sticky())

		for _, op := range allOperations {
			require.True(t, r.UserAllowed(op))
			require.True(t, r.OthersAllowed(op))
			require.True(t, r.SystemAllowed(op))
		}
	})

	t.Run("read only", func(t *testing.T) {
		r := basicACLHelper(readonlyContainer)

		require.False(t, r.Sticky())

		for _, op := range allOperations {
			require.True(t, r.UserAllowed(op))
			require.True(t, r.SystemAllowed(op))

			if op == eacl.OperationDelete || op == eacl.OperationPut {
				require.False(t, r.OthersAllowed(op))
			} else {
				require.True(t, r.OthersAllowed(op))
			}
		}
	})
}
[#32] Add tests for basic ACL helper Signed-off-by: Alex Vanin <alexey@nspcc.ru> 2020-09-25 09:34:47 +00:00			`package acl`

			`import (`
			`"testing"`

			`"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"`
			`"github.com/stretchr/testify/require"`
			`)`

			`// from neofs-api basic ACL specification`
			`const (`
			`privateContainer uint32 = 0x1C8C8CCC`
			`publicContainerWithSticky uint32 = 0x3FFFFFFF`
			`readonlyContainer uint32 = 0x1FFFCCFF`
			`)`

			`var (`
			`allOperations = []eacl.Operation{`
			`eacl.OperationGet, eacl.OperationPut, eacl.OperationDelete,`
			`eacl.OperationHead, eacl.OperationSearch, eacl.OperationRange,`
			`eacl.OperationRangeHash,`
			`}`
			`)`

			`func TestDefaultBasicACLs(t *testing.T) {`
			`t.Run("private", func(t *testing.T) {`
			`r := basicACLHelper(privateContainer)`

			`require.False(t, r.Sticky())`

			`for _, op := range allOperations {`
			`require.True(t, r.UserAllowed(op))`
			`require.False(t, r.OthersAllowed(op))`
			`if op == eacl.OperationDelete \|\| op == eacl.OperationRange {`
			`require.False(t, r.SystemAllowed(op))`
			`} else {`
			`require.True(t, r.SystemAllowed(op))`
			`}`
			`}`
			`})`

			`t.Run("public with sticky", func(t *testing.T) {`
			`r := basicACLHelper(publicContainerWithSticky)`

			`require.True(t, r.Sticky())`

			`for _, op := range allOperations {`
			`require.True(t, r.UserAllowed(op))`
			`require.True(t, r.OthersAllowed(op))`
			`require.True(t, r.SystemAllowed(op))`
			`}`
			`})`

			`t.Run("read only", func(t *testing.T) {`
			`r := basicACLHelper(readonlyContainer)`

			`require.False(t, r.Sticky())`

			`for _, op := range allOperations {`
			`require.True(t, r.UserAllowed(op))`
			`require.True(t, r.SystemAllowed(op))`

			`if op == eacl.OperationDelete \|\| op == eacl.OperationPut {`
			`require.False(t, r.OthersAllowed(op))`
			`} else {`
			`require.True(t, r.OthersAllowed(op))`
			`}`
			`}`
			`})`
			`}`