forked from TrueCloudLab/frostfs-node
c5a44e0a05
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
70 lines
1.6 KiB
Go
70 lines
1.6 KiB
Go
package acl
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// from neofs-api basic ACL specification
|
|
const (
|
|
privateContainer uint32 = 0x1C8C8CCC
|
|
publicContainerWithSticky uint32 = 0x3FFFFFFF
|
|
readonlyContainer uint32 = 0x1FFFCCFF
|
|
)
|
|
|
|
var (
|
|
allOperations = []eacl.Operation{
|
|
eacl.OperationGet, eacl.OperationPut, eacl.OperationDelete,
|
|
eacl.OperationHead, eacl.OperationSearch, eacl.OperationRange,
|
|
eacl.OperationRangeHash,
|
|
}
|
|
)
|
|
|
|
func TestDefaultBasicACLs(t *testing.T) {
|
|
t.Run("private", func(t *testing.T) {
|
|
r := basicACLHelper(privateContainer)
|
|
|
|
require.False(t, r.Sticky())
|
|
|
|
for _, op := range allOperations {
|
|
require.True(t, r.UserAllowed(op))
|
|
require.False(t, r.OthersAllowed(op))
|
|
if op == eacl.OperationDelete || op == eacl.OperationRange {
|
|
require.False(t, r.SystemAllowed(op))
|
|
} else {
|
|
require.True(t, r.SystemAllowed(op))
|
|
}
|
|
}
|
|
})
|
|
|
|
t.Run("public with sticky", func(t *testing.T) {
|
|
r := basicACLHelper(publicContainerWithSticky)
|
|
|
|
require.True(t, r.Sticky())
|
|
|
|
for _, op := range allOperations {
|
|
require.True(t, r.UserAllowed(op))
|
|
require.True(t, r.OthersAllowed(op))
|
|
require.True(t, r.SystemAllowed(op))
|
|
}
|
|
})
|
|
|
|
t.Run("read only", func(t *testing.T) {
|
|
r := basicACLHelper(readonlyContainer)
|
|
|
|
require.False(t, r.Sticky())
|
|
|
|
for _, op := range allOperations {
|
|
require.True(t, r.UserAllowed(op))
|
|
require.True(t, r.SystemAllowed(op))
|
|
|
|
if op == eacl.OperationDelete || op == eacl.OperationPut {
|
|
require.False(t, r.OthersAllowed(op))
|
|
} else {
|
|
require.True(t, r.OthersAllowed(op))
|
|
}
|
|
}
|
|
})
|
|
}
|