Merge branch '16265-security-updates' into dependabot/bundler/services/api/rake-13.0.1
[arvados.git] / services / ws / permission_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package main
6
7 import (
8         "git.arvados.org/arvados.git/sdk/go/arvados"
9         "git.arvados.org/arvados.git/sdk/go/arvadostest"
10         check "gopkg.in/check.v1"
11 )
12
13 var _ = check.Suite(&permSuite{})
14
15 type permSuite struct{}
16
17 func (s *permSuite) TestCheck(c *check.C) {
18         pc := newPermChecker(*(arvados.NewClientFromEnv())).(*cachingPermChecker)
19         setToken := func(label, token string) {
20                 c.Logf("...%s token %q", label, token)
21                 pc.SetToken(token)
22         }
23         wantError := func(uuid string) {
24                 c.Log(uuid)
25                 ok, err := pc.Check(uuid)
26                 c.Check(ok, check.Equals, false)
27                 c.Check(err, check.NotNil)
28         }
29         wantYes := func(uuid string) {
30                 c.Log(uuid)
31                 ok, err := pc.Check(uuid)
32                 c.Check(ok, check.Equals, true)
33                 c.Check(err, check.IsNil)
34         }
35         wantNo := func(uuid string) {
36                 c.Log(uuid)
37                 ok, err := pc.Check(uuid)
38                 c.Check(ok, check.Equals, false)
39                 c.Check(err, check.IsNil)
40         }
41
42         setToken("no", "")
43         wantNo(arvadostest.UserAgreementCollection)
44         wantNo(arvadostest.UserAgreementPDH)
45         wantNo(arvadostest.FooBarDirCollection)
46
47         setToken("anonymous", arvadostest.AnonymousToken)
48         wantYes(arvadostest.UserAgreementCollection)
49         wantYes(arvadostest.UserAgreementPDH)
50         wantNo(arvadostest.FooBarDirCollection)
51         wantNo(arvadostest.FooCollection)
52
53         setToken("active", arvadostest.ActiveToken)
54         wantYes(arvadostest.UserAgreementCollection)
55         wantYes(arvadostest.UserAgreementPDH)
56         wantYes(arvadostest.FooBarDirCollection)
57         wantYes(arvadostest.FooCollection)
58
59         setToken("admin", arvadostest.AdminToken)
60         wantYes(arvadostest.UserAgreementCollection)
61         wantYes(arvadostest.UserAgreementPDH)
62         wantYes(arvadostest.FooBarDirCollection)
63         wantYes(arvadostest.FooCollection)
64
65         // hack to empty the cache
66         pc.SetToken("")
67         pc.SetToken(arvadostest.ActiveToken)
68
69         c.Log("...network error")
70         pc.Client.APIHost = "127.0.0.1:discard"
71         wantError(arvadostest.UserAgreementCollection)
72         wantError(arvadostest.FooBarDirCollection)
73
74         c.Logf("%d checks, %d misses, %d invalid, %d cached", pc.nChecks, pc.nMisses, pc.nInvalid, len(pc.cache))
75 }