58 lines
1.4 KiB
Rust
58 lines
1.4 KiB
Rust
use domain::entities::permission::{admin_permissions, viewer_permissions};
|
|
use domain::entities::{Permission, PermissionAction, ResourceType, Role};
|
|
use domain::services::permission_service::PermissionChecker;
|
|
|
|
#[test]
|
|
fn viewer_can_read() {
|
|
let role = Role::new("viewer", viewer_permissions(), true);
|
|
assert!(PermissionChecker::has_permission(
|
|
&[role],
|
|
PermissionAction::ReadAsset,
|
|
ResourceType::Asset,
|
|
));
|
|
}
|
|
|
|
#[test]
|
|
fn viewer_cannot_delete() {
|
|
let role = Role::new("viewer", viewer_permissions(), true);
|
|
assert!(!PermissionChecker::has_permission(
|
|
&[role],
|
|
PermissionAction::DeleteAsset,
|
|
ResourceType::Asset,
|
|
));
|
|
}
|
|
|
|
#[test]
|
|
fn roles_additive() {
|
|
let r1 = Role::new(
|
|
"r1",
|
|
[Permission::new(
|
|
PermissionAction::ReadAsset,
|
|
ResourceType::Global,
|
|
)]
|
|
.into(),
|
|
false,
|
|
);
|
|
let r2 = Role::new(
|
|
"r2",
|
|
[Permission::new(
|
|
PermissionAction::WriteMetadata,
|
|
ResourceType::Global,
|
|
)]
|
|
.into(),
|
|
false,
|
|
);
|
|
let eff = PermissionChecker::effective_permissions(&[r1, r2]);
|
|
assert_eq!(eff.len(), 2);
|
|
}
|
|
|
|
#[test]
|
|
fn global_covers_specific() {
|
|
let role = Role::new("admin", admin_permissions(), true);
|
|
assert!(PermissionChecker::has_permission(
|
|
&[role],
|
|
PermissionAction::ReadAsset,
|
|
ResourceType::Album,
|
|
));
|
|
}
|