27c8b08a16
Reorganize tests for better structure and coverage: - Move container/security_test.go from internal/ to tests/unit/container/ - Move related tests to proper unit test locations - Delete orphaned test files (startup_blacklist_test.go) - Add privacy middleware unit tests - Add worker config unit tests - Update E2E tests for homelab and websocket scenarios - Update test fixtures with utility functions - Add CLI helper script for arraylist fixes
130 lines
2.9 KiB
Go
130 lines
2.9 KiB
Go
package middleware_test
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/jfraeys/fetch_ml/internal/auth"
|
|
"github.com/jfraeys/fetch_ml/internal/middleware"
|
|
)
|
|
|
|
func TestPrivacyEnforcer_CanAccess(t *testing.T) {
|
|
ctx := context.Background()
|
|
|
|
tests := []struct {
|
|
name string
|
|
user *auth.User
|
|
owner string
|
|
level string
|
|
team string
|
|
enforceTeams bool
|
|
want bool
|
|
}{
|
|
{
|
|
name: "owner can access private",
|
|
user: &auth.User{Name: "alice"},
|
|
owner: "alice",
|
|
level: "private",
|
|
want: true,
|
|
},
|
|
{
|
|
name: "non-owner cannot access private",
|
|
user: &auth.User{Name: "bob"},
|
|
owner: "alice",
|
|
level: "private",
|
|
want: false,
|
|
},
|
|
{
|
|
name: "admin can access private",
|
|
user: &auth.User{Name: "admin", Admin: true},
|
|
owner: "alice",
|
|
level: "private",
|
|
want: true,
|
|
},
|
|
{
|
|
name: "public allows all",
|
|
user: &auth.User{Name: "anyone"},
|
|
owner: "alice",
|
|
level: "public",
|
|
want: true,
|
|
},
|
|
{
|
|
name: "owner can access team",
|
|
user: &auth.User{Name: "alice"},
|
|
owner: "alice",
|
|
level: "team",
|
|
team: "research",
|
|
want: true,
|
|
},
|
|
{
|
|
name: "non-owner denied team when enforcing",
|
|
user: &auth.User{Name: "bob"},
|
|
owner: "alice",
|
|
level: "team",
|
|
team: "research",
|
|
enforceTeams: true,
|
|
want: false,
|
|
},
|
|
{
|
|
name: "non-owner allowed team when not enforcing",
|
|
user: &auth.User{Name: "bob"},
|
|
owner: "alice",
|
|
level: "team",
|
|
team: "research",
|
|
enforceTeams: false,
|
|
want: true,
|
|
},
|
|
{
|
|
name: "anonymized allows all",
|
|
user: &auth.User{Name: "anyone"},
|
|
owner: "alice",
|
|
level: "anonymized",
|
|
want: true,
|
|
},
|
|
{
|
|
name: "unknown level defaults to private (deny)",
|
|
user: &auth.User{Name: "bob"},
|
|
owner: "alice",
|
|
level: "unknown",
|
|
want: false,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
pe := middleware.NewPrivacyEnforcer(tt.enforceTeams, false)
|
|
got, err := pe.CanAccess(ctx, tt.user, tt.owner, tt.level, tt.team)
|
|
if err != nil {
|
|
t.Errorf("CanAccess() error = %v", err)
|
|
return
|
|
}
|
|
if got != tt.want {
|
|
t.Errorf("CanAccess() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestGetPrivacyLevelFromString(t *testing.T) {
|
|
tests := []struct {
|
|
input string
|
|
expected middleware.PrivacyLevel
|
|
}{
|
|
{"private", middleware.PrivacyPrivate},
|
|
{"team", middleware.PrivacyTeam},
|
|
{"public", middleware.PrivacyPublic},
|
|
{"anonymized", middleware.PrivacyAnonymized},
|
|
{"unknown", middleware.PrivacyPrivate}, // Default
|
|
{"", middleware.PrivacyPrivate}, // Default
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.input, func(t *testing.T) {
|
|
got := middleware.GetPrivacyLevelFromString(tt.input)
|
|
if got != tt.expected {
|
|
t.Errorf("GetPrivacyLevelFromString(%q) = %v, want %v",
|
|
tt.input, got, tt.expected)
|
|
}
|
|
})
|
|
}
|
|
}
|