forked from TrueCloudLab/frostfs-node
71 lines
1.6 KiB
Go
71 lines
1.6 KiB
Go
|
package acl
|
||
|
|
||
|
import (
|
||
|
"testing"
|
||
|
|
||
|
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||
|
"github.com/stretchr/testify/require"
|
||
|
)
|
||
|
|
||
|
// from neofs-api basic ACL specification
|
||
|
const (
|
||
|
privateContainer uint32 = 0x1C8C8CCC
|
||
|
publicContainerWithSticky uint32 = 0x3FFFFFFF
|
||
|
readonlyContainer uint32 = 0x1FFFCCFF
|
||
|
)
|
||
|
|
||
|
var (
|
||
|
allOperations = []eacl.Operation{
|
||
|
eacl.OperationGet, eacl.OperationPut, eacl.OperationDelete,
|
||
|
eacl.OperationHead, eacl.OperationSearch, eacl.OperationRange,
|
||
|
eacl.OperationRangeHash,
|
||
|
}
|
||
|
)
|
||
|
|
||
|
func TestDefaultBasicACLs(t *testing.T) {
|
||
|
t.Run("private", func(t *testing.T) {
|
||
|
r := basicACLHelper(privateContainer)
|
||
|
|
||
|
require.False(t, r.Sticky())
|
||
|
|
||
|
for _, op := range allOperations {
|
||
|
require.True(t, r.UserAllowed(op))
|
||
|
require.False(t, r.OthersAllowed(op))
|
||
|
if op == eacl.OperationDelete || op == eacl.OperationRange {
|
||
|
require.False(t, r.SystemAllowed(op))
|
||
|
} else {
|
||
|
require.True(t, r.SystemAllowed(op))
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
|
||
|
t.Run("public with sticky", func(t *testing.T) {
|
||
|
r := basicACLHelper(publicContainerWithSticky)
|
||
|
|
||
|
require.True(t, r.Sticky())
|
||
|
|
||
|
for _, op := range allOperations {
|
||
|
require.True(t, r.UserAllowed(op))
|
||
|
require.True(t, r.OthersAllowed(op))
|
||
|
require.True(t, r.SystemAllowed(op))
|
||
|
}
|
||
|
})
|
||
|
|
||
|
t.Run("read only", func(t *testing.T) {
|
||
|
r := basicACLHelper(readonlyContainer)
|
||
|
|
||
|
require.False(t, r.Sticky())
|
||
|
|
||
|
for _, op := range allOperations {
|
||
|
require.True(t, r.UserAllowed(op))
|
||
|
require.True(t, r.SystemAllowed(op))
|
||
|
|
||
|
if op == eacl.OperationDelete || op == eacl.OperationPut {
|
||
|
require.False(t, r.OthersAllowed(op))
|
||
|
} else {
|
||
|
require.True(t, r.OthersAllowed(op))
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
}
|