acl.test.ts (3448B)
1 import { ACL, ACLItem, resolveACL, validateACL } from '@/lib/security/acl' 2 3 describe('ACL', () => { 4 const tests: Array<{ 5 name: string 6 token: { uid: number; aclGroup?: string[] } | null 7 acl: ACLItem[] 8 expected: boolean 9 }> = [{ 10 name: 'should allow all', 11 token: { uid: 1, aclGroup: ['test'] }, 12 acl: [ 13 { cond: 'special:all', allow: true }, 14 ], 15 expected: true, 16 }, { 17 name: 'should deny all', 18 token: { uid: 1, aclGroup: ['test'] }, 19 acl: [ 20 { cond: 'special:all', allow: false }, 21 ], 22 expected: false, 23 }, { 24 name: 'should allow member', 25 token: { uid: 1, aclGroup: ['test'] }, 26 acl: [ 27 { cond: 'special:member', allow: true }, 28 ], 29 expected: true, 30 }, { 31 name: 'should deny member', 32 token: { uid: 1, aclGroup: ['test'] }, 33 acl: [ 34 { cond: 'special:member', allow: false }, 35 ], 36 expected: false, 37 }, { 38 name: 'should allow anon', 39 token: null, 40 acl: [ 41 { cond: 'special:anon', allow: true }, 42 ], 43 expected: true, 44 }, { 45 name: 'should deny anon', 46 token: null, 47 acl: [ 48 { cond: 'special:anon', allow: false }, 49 ], 50 expected: false, 51 }, { 52 name: 'should allow user', 53 token: { uid: 1, aclGroup: ['test'] }, 54 acl: [ 55 { cond: 'user:1', allow: true }, 56 ], 57 expected: true, 58 }, { 59 name: 'should deny user', 60 token: { uid: 1, aclGroup: ['test'] }, 61 acl: [ 62 { cond: 'user:1', allow: false }, 63 ], 64 expected: false, 65 }, { 66 name: 'should allow group', 67 token: { uid: 1, aclGroup: ['test'] }, 68 acl: [ 69 { cond: 'group:test', allow: true }, 70 ], 71 expected: true, 72 }, { 73 name: 'should deny group', 74 token: { uid: 1, aclGroup: ['test'] }, 75 acl: [ 76 { cond: 'group:test', allow: false }, 77 ], 78 expected: false, 79 }, { 80 name: 'should allow whitelisted user', 81 token: { uid: 1, aclGroup: ['test'] }, 82 acl: [ 83 { cond: 'special:all', allow: false }, 84 { cond: 'user:1', allow: true }, 85 ], 86 expected: true, 87 }, { 88 name: 'should deny blacklisted user', 89 token: { uid: 1, aclGroup: ['test'] }, 90 acl: [ 91 { cond: 'special:all', allow: true }, 92 { cond: 'user:1', allow: false }, 93 ], 94 expected: false, 95 }, { 96 name: 'should allow whitelisted group', 97 token: { uid: 1, aclGroup: ['test'] }, 98 acl: [ 99 { cond: 'special:all', allow: false }, 100 { cond: 'group:test', allow: true }, 101 ], 102 expected: true, 103 }, { 104 name: 'should deny blacklisted group', 105 token: { uid: 1, aclGroup: ['test'] }, 106 acl: [ 107 { cond: 'special:all', allow: true }, 108 { cond: 'group:test', allow: false }, 109 ], 110 expected: false, 111 }] 112 113 for (const test of tests) { 114 it(test.name, () => { 115 expect(resolveACL(test.token, { test: test.acl }, 'test')) 116 .toBe(test.expected) 117 }) 118 } 119 }) 120 121 describe('Validate ACL', () => { 122 const tests: Array<{ 123 name: string 124 acl: object 125 expected: boolean 126 }> = [{ 127 name: 'should be valid', 128 acl: { 129 test: [ 130 { cond: 'special:all', allow: true }, 131 { cond: 'special:member', allow: true }, 132 ], 133 }, 134 expected: true, 135 }, { 136 name: 'should be invalid', 137 acl: { 138 test: { cond: 'special:all', allow: true }, 139 }, 140 expected: false, 141 }] 142 143 for (const test of tests) { 144 it(test.name, () => { 145 expect(validateACL(test.acl)) 146 .toBe(test.expected) 147 }) 148 } 149 }) 150 151 export {}