From 3b83cc7dd3fc8c6281bbd74b5b85a6a06efcbb6d Mon Sep 17 00:00:00 2001 From: Martin Kraft Date: Fri, 9 Feb 2018 10:57:07 -0500 Subject: XYZ-51: Unit tests for and changes to SetRolePermissionsFromConfig. (#8160) * XYZ-10: Role store. * XYZ-37: Update unit tests to work with database roles. * XYZ-51: Tests 'SetRolePermissionsFromConfig' against JSON from policy page. * XYZ-51: Adds permissions in non-licensed cases also. * XYZ-51: Removes some permissions from team_user role. * XYZ-51: Merge fix for change to default permissions from PR 8208. * XYZ-51: Removes unused function. --- utils/authorization_test.go | 125 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 utils/authorization_test.go (limited to 'utils/authorization_test.go') diff --git a/utils/authorization_test.go b/utils/authorization_test.go new file mode 100644 index 000000000..9e5b570bb --- /dev/null +++ b/utils/authorization_test.go @@ -0,0 +1,125 @@ +// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package utils + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "reflect" + "strings" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/mattermost/mattermost-server/model" +) + +type RoleState struct { + RoleName string `json:"roleName"` + Permission string `json:"permission"` + ShouldHave bool `json:"shouldHave"` +} + +func mockConfig() *model.Config { + config := model.Config{} + config.SetDefaults() + return &config +} + +func mapping() (map[string]map[string][]RoleState, error) { + + policiesRolesMapping := make(map[string]map[string][]RoleState) + + raw, err := ioutil.ReadFile("./policies-roles-mapping.json") + if err != nil { + return policiesRolesMapping, err + } + + var f map[string]interface{} + err = json.Unmarshal(raw, &f) + if err != nil { + return policiesRolesMapping, err + } + + for policyName, value := range f { + + capitalizedName := fmt.Sprintf("%v%v", strings.ToUpper(policyName[:1]), policyName[1:]) + policiesRolesMapping[capitalizedName] = make(map[string][]RoleState) + + for policyValue, roleStatesMappings := range value.(map[string]interface{}) { + + var roleStates []RoleState + for _, roleStateMapping := range roleStatesMappings.([]interface{}) { + + roleStateMappingJSON, _ := json.Marshal(roleStateMapping) + var roleState RoleState + _ = json.Unmarshal(roleStateMappingJSON, &roleState) + + roleStates = append(roleStates, roleState) + + } + + policiesRolesMapping[capitalizedName][policyValue] = roleStates + + } + + } + + return policiesRolesMapping, nil +} + +func TestSetRolePermissionsFromConfig(t *testing.T) { + + mapping, err := mapping() + if err != nil { + require.NoError(t, err) + } + + for policyName, v := range mapping { + for policyValue, rolesMappings := range v { + + config := mockConfig() + updateConfig(config, policyName, policyValue) + roles := model.MakeDefaultRoles() + SetRolePermissionsFromConfig(roles, config, true) + + for _, roleMappingItem := range rolesMappings { + role := roles[roleMappingItem.RoleName] + + permission := roleMappingItem.Permission + hasPermission := roleHasPermission(role, permission) + + if (roleMappingItem.ShouldHave && !hasPermission) || (!roleMappingItem.ShouldHave && hasPermission) { + wording := "not to" + if roleMappingItem.ShouldHave { + wording = "to" + } + t.Errorf("Expected '%v' %v have '%v' permission when '%v' is set to '%v'.", role.Name, wording, permission, policyName, policyValue) + } + + } + + } + } +} + +func updateConfig(config *model.Config, key string, value string) { + v := reflect.ValueOf(config.ServiceSettings) + field := v.FieldByName(key) + if !field.IsValid() { + v = reflect.ValueOf(config.TeamSettings) + field = v.FieldByName(key) + } + field.Elem().SetString(value) +} + +func roleHasPermission(role *model.Role, permission string) bool { + for _, p := range role.Permissions { + if p == permission { + return true + } + } + return false +} -- cgit v1.2.3-1-g7c22