blob: acef76cfce083f15796a2c7b2141ab539c8fe5ce [file] [log] [blame]
// Roles are part of the Skia Infra Authorization system.
//
// See go/proxy-auth-skia.
package roles
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestFromHeader_RoundTripToFromHeader_InvalidRolesAreRemoved(t *testing.T) {
roles := FromHeader(AllRoles.ToHeader())
require.Equal(t, AllValidRoles, roles)
}
func TestRoleFromString_NotValidRole_ReturnsInvalidRole(t *testing.T) {
require.Equal(t, InvalidRole, RoleFromString("this-is-not-a-valid-role"))
}
func TestRolesHas_DoesContainRole_ReturnsTrue(t *testing.T) {
require.True(t, Roles{Viewer}.Has(Viewer))
}
func TestRolesHas_DoesNotContainRole_ReturnsFalse(t *testing.T) {
require.False(t, Roles{Viewer}.Has(Editor))
}
func TestRolesHas_RolesIsEmpty_ReturnsFalse(t *testing.T) {
require.False(t, Roles{}.Has(Editor))
}
func TestRolesFromStrings_NotValidRole_ReturnsEmpty(t *testing.T) {
require.Equal(t, Roles(nil), RolesFromStrings("this-is-not-a-valid-role"))
}
func TestRolesFromStrings_ValidRole(t *testing.T) {
require.Equal(t, Roles{Viewer}, RolesFromStrings(string(Viewer)))
}
func TestRoles_IsAuthorized(t *testing.T) {
require.False(t, Roles(nil).IsAuthorized(Roles{Editor}))
require.False(t, Roles{Viewer}.IsAuthorized(Roles(nil)))
require.False(t, Roles{Viewer}.IsAuthorized(Roles{Editor}))
require.False(t, Roles{Admin}.IsAuthorized(Roles{Editor, Viewer}))
require.True(t, Roles{Editor}.IsAuthorized(Roles{Editor, Viewer}))
require.True(t, Roles{Viewer, Editor}.IsAuthorized(Roles{Editor, Viewer}))
require.True(t, Roles{Admin, Editor}.IsAuthorized(Roles{Editor, Viewer}))
}