upstream/mattermost
1
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2026-02-19 02:28:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
mattermost/server/public/model/access_policy_test.go
Ben Schumacher 892a7c9c69
Some checks are pending
API / build (push) Waiting to run
Details
Server CI / Compute Go Version (push) Waiting to run
Details
Server CI / Check mocks (push) Blocked by required conditions
Details
Server CI / Check go mod tidy (push) Blocked by required conditions
Details
Server CI / check-style (push) Blocked by required conditions
Details
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Details
Server CI / Vet API (push) Blocked by required conditions
Details
Server CI / Check migration files (push) Blocked by required conditions
Details
Server CI / Generate email templates (push) Blocked by required conditions
Details
Server CI / Check store layers (push) Blocked by required conditions
Details
Server CI / Check mmctl docs (push) Blocked by required conditions
Details
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Details
Server CI / Postgres (push) Blocked by required conditions
Details
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Details
Server CI / Generate Test Coverage (push) Blocked by required conditions
Details
Server CI / Run mmctl tests (push) Blocked by required conditions
Details
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Details
Server CI / Build mattermost server app (push) Blocked by required conditions
Details
Web App CI / check-lint (push) Waiting to run
Details
Web App CI / check-i18n (push) Waiting to run
Details
Web App CI / check-types (push) Waiting to run
Details
Web App CI / test (push) Waiting to run
Details
Web App CI / build (push) Waiting to run
Details
Use golangci-lints's build-in modernize linter (#34341)
2025-11-04 12:09:11 +01:00

215 lines
7.2 KiB
Go
Raw Permalink Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package model
import (
"strings"
"testing"
"github.com/stretchr/testify/require"
)
func TestAccessPolicyVersionV0_1(t *testing.T) {
t.Run("invalid type", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: "policy_id",
Type: "invalid_type",
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for invalid type")
require.Equal(t, "model.access_policy.is_valid.type.app_error", err.Id)
})
t.Run("invalid ID", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: "",
Type: AccessControlPolicyTypeParent,
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for invalid ID")
require.Equal(t, "model.access_policy.is_valid.id.app_error", err.Id)
})
t.Run("parent policy with empty name", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: "",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for empty name in parent policy")
require.Equal(t, "model.access_policy.is_valid.name.app_error", err.Id)
})
t.Run("parent policy with too long name", func(t *testing.T) {
var longName strings.Builder
for i := 0; i <= MaxPolicyNameLength; i++ {
longName.WriteString("a")
}
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: longName.String(),
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for too long name in parent policy")
require.Equal(t, "model.access_policy.is_valid.name.app_error", err.Id)
})
t.Run("negative revision", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: "Test Policy",
Revision: -1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for negative revision")
require.Equal(t, "model.access_policy.is_valid.revision.app_error", err.Id)
})
t.Run("invalid version", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: "Test Policy",
Revision: 1,
Version: "invalid-version",
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for invalid version")
require.Equal(t, "model.access_policy.is_valid.version.app_error", err.Id)
})
t.Run("parent policy with no rules", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for parent policy with no rules")
require.Equal(t, "model.access_policy.is_valid.rules.app_error", err.Id)
})
t.Run("parent policy with imports", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
Imports: []string{"some_import"},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for parent policy with imports")
require.Equal(t, "model.access_policy.is_valid.imports.app_error", err.Id)
})
t.Run("channel policy with no rules", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeChannel,
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{},
Imports: []string{"parent_policy_id"},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for channel policy with no rules")
require.Equal(t, "model.access_policy.is_valid.rules.app_error", err.Id)
})
t.Run("channel policy with no imports", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeChannel,
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
Imports: []string{},
}
err := policy.accessPolicyVersionV0_1()
require.Nil(t, err, "Should not return error for channel policy with no imports")
})
t.Run("channel policy with multiple imports", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeChannel,
Name: "Test Policy",
Revision: 1,
Version: AccessControlPolicyVersionV0_1,
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
Imports: []string{"parent_policy_id1", "parent_policy_id2"},
}
err := policy.accessPolicyVersionV0_1()
require.NotNil(t, err, "Should return error for channel policy with multiple imports")
require.Equal(t, "model.access_policy.is_valid.imports.app_error", err.Id)
})
t.Run("valid parent policy", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeParent,
Name: "Test Policy",
Revision: 1,
Version: "v0.1",
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
}
err := policy.accessPolicyVersionV0_1()
require.Nil(t, err, "Should not return error for valid parent policy")
})
t.Run("valid channel policy", func(t *testing.T) {
policy := &AccessControlPolicy{
ID: NewId(),
Type: AccessControlPolicyTypeChannel,
Name: "Test Policy",
Revision: 1,
Version: "v0.1",
Rules: []AccessControlPolicyRule{{Actions: []string{"read"}, Expression: "user.role == 'admin'"}},
Imports: []string{"parent_policy_id"},
}
err := policy.accessPolicyVersionV0_1()
require.Nil(t, err, "Should not return error for valid channel policy")
})
}
Reference in a new issue View git blame Copy permalink