From c5a44e0a05fde47cce5e4783066578ac96d06faf Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 25 Sep 2020 12:34:47 +0300 Subject: [PATCH] [#32] Add tests for basic ACL helper Signed-off-by: Alex Vanin --- pkg/services/object/acl/basic_helper_test.go | 70 ++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 pkg/services/object/acl/basic_helper_test.go diff --git a/pkg/services/object/acl/basic_helper_test.go b/pkg/services/object/acl/basic_helper_test.go new file mode 100644 index 000000000..08a16c04e --- /dev/null +++ b/pkg/services/object/acl/basic_helper_test.go @@ -0,0 +1,70 @@ +package acl + +import ( + "testing" + + "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" + "github.com/stretchr/testify/require" +) + +// from neofs-api basic ACL specification +const ( + privateContainer uint32 = 0x1C8C8CCC + publicContainerWithSticky uint32 = 0x3FFFFFFF + readonlyContainer uint32 = 0x1FFFCCFF +) + +var ( + allOperations = []eacl.Operation{ + eacl.OperationGet, eacl.OperationPut, eacl.OperationDelete, + eacl.OperationHead, eacl.OperationSearch, eacl.OperationRange, + eacl.OperationRangeHash, + } +) + +func TestDefaultBasicACLs(t *testing.T) { + t.Run("private", func(t *testing.T) { + r := basicACLHelper(privateContainer) + + require.False(t, r.Sticky()) + + for _, op := range allOperations { + require.True(t, r.UserAllowed(op)) + require.False(t, r.OthersAllowed(op)) + if op == eacl.OperationDelete || op == eacl.OperationRange { + require.False(t, r.SystemAllowed(op)) + } else { + require.True(t, r.SystemAllowed(op)) + } + } + }) + + t.Run("public with sticky", func(t *testing.T) { + r := basicACLHelper(publicContainerWithSticky) + + require.True(t, r.Sticky()) + + for _, op := range allOperations { + require.True(t, r.UserAllowed(op)) + require.True(t, r.OthersAllowed(op)) + require.True(t, r.SystemAllowed(op)) + } + }) + + t.Run("read only", func(t *testing.T) { + r := basicACLHelper(readonlyContainer) + + require.False(t, r.Sticky()) + + for _, op := range allOperations { + require.True(t, r.UserAllowed(op)) + require.True(t, r.SystemAllowed(op)) + + if op == eacl.OperationDelete || op == eacl.OperationPut { + require.False(t, r.OthersAllowed(op)) + } else { + require.True(t, r.OthersAllowed(op)) + } + } + }) +}