@@ -3,6 +3,7 @@ package middlewares
33import (
44 "app/base/rbac"
55 "app/base/utils"
6+ "encoding/json"
67 "net/http"
78 "net/http/httptest"
89 "testing"
@@ -412,3 +413,106 @@ func TestMultiplePermissions(t *testing.T) {
412413 assert .True (t , checkPermissions (& access , handler , "GET" ))
413414 assert .False (t , checkPermissions (& access , handler , "DELETE" ))
414415}
416+
417+ var allowedOperations = `{"data": [
418+ {
419+ "resourceDefinitions": [],
420+ "permission": "patch:*:read"
421+ },
422+ {
423+ "resourceDefinitions": [
424+ {
425+ "attributeFilter": {
426+ "key": "group.id",
427+ "value": "00000000-f688-49d4-a8e2-87394f1ac1b1",
428+ "operation": "equal"
429+ }
430+ }
431+ ],
432+ "permission": "inventory:hosts:read"
433+ },
434+ {
435+ "resourceDefinitions": [
436+ {
437+ "attributeFilter": {
438+ "key": "group.id",
439+ "value": [ "00000000-f7a6-45a1-b5a8-410f20052fb1", "00000000-78e0-4cad-bf01-63cf1e4b1dca" ],
440+ "operation": "in"
441+ }
442+ }
443+ ],
444+ "permission": "inventory:hosts:read"
445+ },
446+ {
447+ "resourceDefinitions": [
448+ {
449+ "attributeFilter": {
450+ "key": "group.id",
451+ "value": [ "00000000-f688-49d4-a8e2-ee394f1ac1b1" ],
452+ "operation": "in"
453+ }
454+ }
455+ ],
456+ "permission": "inventory:hosts:read"
457+ },
458+ {
459+ "resourceDefinitions": [
460+ {
461+ "attributeFilter": {
462+ "key": "group.id",
463+ "value": null,
464+ "operation": "equal"
465+ }
466+ }
467+ ],
468+ "permission": "inventory:hosts:read"
469+ }
470+ ]
471+ }
472+ `
473+
474+ func TestPermissionsAllowedOperations (t * testing.T ) {
475+ handler := "SystemsListHandler"
476+ access := rbac.AccessPagination {}
477+ err := json .Unmarshal ([]byte (allowedOperations ), & access )
478+ assert .NoError (t , err )
479+ assert .True (t , checkPermissions (& access , handler , "GET" ))
480+ groups , err := findInventoryGroups (& access )
481+ assert .NoError (t , err )
482+ assert .Equal (t , "[]" , groups ["ungrouped" ])
483+ assert .Equal (t , `{"[{\"id\":\"00000000-f688-49d4-a8e2-87394f1ac1b1\"}]",` +
484+ `"[{\"id\":\"00000000-f7a6-45a1-b5a8-410f20052fb1\"}]",` +
485+ `"[{\"id\":\"00000000-78e0-4cad-bf01-63cf1e4b1dca\"}]",` +
486+ `"[{\"id\":\"00000000-f688-49d4-a8e2-ee394f1ac1b1\"}]"}` , groups ["grouped" ])
487+ }
488+
489+ var unknownOperation = `{"data": [
490+ {
491+ "resourceDefinitions": [],
492+ "permission": "patch:*:read"
493+ },
494+ {
495+ "resourceDefinitions": [
496+ {
497+ "attributeFilter": {
498+ "key": "group.id",
499+ "value": "00000000-f688-49d4-a8e2-87394f1ac1b1",
500+ "operation": "not_in"
501+ }
502+ }
503+ ],
504+ "permission": "inventory:hosts:read"
505+ }
506+ ]
507+ }
508+ `
509+
510+ func TestPermissionsUnknownOperation (t * testing.T ) {
511+ handler := "SystemsListHandler"
512+ access := rbac.AccessPagination {}
513+ err := json .Unmarshal ([]byte (unknownOperation ), & access )
514+ assert .NoError (t , err )
515+ assert .True (t , checkPermissions (& access , handler , "GET" ))
516+ _ , err = findInventoryGroups (& access )
517+ assert .EqualError (t , err , "invalid value 'not_in' for attributeFilter.Operation" )
518+ }
0 commit comments