forked from TrueCloudLab/frostfs-node
[#32] Add tests for basic ACL helper
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin
parent
91fef72bb6
commit
c5a44e0a05
1 changed files with 70 additions and 0 deletions
70
pkg/services/object/acl/basic_helper_test.go
Normal file
70
pkg/services/object/acl/basic_helper_test.go
Normal file
|
|
@ -0,0 +1,70 @@
|
|||
package acl
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// from neofs-api basic ACL specification
|
||||
const (
|
||||
privateContainer uint32 = 0x1C8C8CCC
|
||||
publicContainerWithSticky uint32 = 0x3FFFFFFF
|
||||
readonlyContainer uint32 = 0x1FFFCCFF
|
||||
)
|
||||
|
||||
var (
|
||||
allOperations = []eacl.Operation{
|
||||
eacl.OperationGet, eacl.OperationPut, eacl.OperationDelete,
|
||||
eacl.OperationHead, eacl.OperationSearch, eacl.OperationRange,
|
||||
eacl.OperationRangeHash,
|
||||
}
|
||||
)
|
||||
|
||||
func TestDefaultBasicACLs(t *testing.T) {
|
||||
t.Run("private", func(t *testing.T) {
|
||||
r := basicACLHelper(privateContainer)
|
||||
|
||||
require.False(t, r.Sticky())
|
||||
|
||||
for _, op := range allOperations {
|
||||
require.True(t, r.UserAllowed(op))
|
||||
require.False(t, r.OthersAllowed(op))
|
||||
if op == eacl.OperationDelete || op == eacl.OperationRange {
|
||||
require.False(t, r.SystemAllowed(op))
|
||||
} else {
|
||||
require.True(t, r.SystemAllowed(op))
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("public with sticky", func(t *testing.T) {
|
||||
r := basicACLHelper(publicContainerWithSticky)
|
||||
|
||||
require.True(t, r.Sticky())
|
||||
|
||||
for _, op := range allOperations {
|
||||
require.True(t, r.UserAllowed(op))
|
||||
require.True(t, r.OthersAllowed(op))
|
||||
require.True(t, r.SystemAllowed(op))
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("read only", func(t *testing.T) {
|
||||
r := basicACLHelper(readonlyContainer)
|
||||
|
||||
require.False(t, r.Sticky())
|
||||
|
||||
for _, op := range allOperations {
|
||||
require.True(t, r.UserAllowed(op))
|
||||
require.True(t, r.SystemAllowed(op))
|
||||
|
||||
if op == eacl.OperationDelete || op == eacl.OperationPut {
|
||||
require.False(t, r.OthersAllowed(op))
|
||||
} else {
|
||||
require.True(t, r.OthersAllowed(op))
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
Loading…
Reference in a new issue