From 60f3ecd9b1b09c315258fb013e790feb8a0ac044 Mon Sep 17 00:00:00 2001 From: Ethan Frey Date: Wed, 12 Jul 2017 17:30:48 +0200 Subject: [PATCH] Test multiple nested roles --- modules/roles/middleware_test.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/roles/middleware_test.go b/modules/roles/middleware_test.go index ecf83b267f..69f60a1ca7 100644 --- a/modules/roles/middleware_test.go +++ b/modules/roles/middleware_test.go @@ -53,14 +53,17 @@ func TestAssumeRole(t *testing.T) { require.Nil(err) // deploy requires a dev role, or supreme authority + // shows how we can build larger constructs, eg. (A and B) OR C deploy := data.Bytes("deploy") - _, err = createRole(app, store, deploy, 1, a, pdev) + pdeploy, err := createRole(app, store, deploy, 1, a, pdev) require.Nil(err) // now, let's test the roles are set properly cases := []struct { - valid bool - roles []data.Bytes // which roles we try to assume (can be multiple!) + valid bool + // which roles we try to assume (can be multiple!) + // note: that wrapping is FILO, so tries to assume last role first + roles []data.Bytes signers []basecoin.Actor // which people sign the tx required []basecoin.Actor // which permission we require to succeed }{ @@ -70,6 +73,14 @@ func TestAssumeRole(t *testing.T) { {false, nil, ba{b}, ba{b, c}}, // simple role check + {false, []data.Bytes{devs}, ba{a, b}, ba{pdev}}, // not enough sigs + {false, nil, ba{b, c}, ba{pdev}}, // must explicitly request group status + {true, []data.Bytes{devs}, ba{b, c}, ba{pdev}}, // ahh... better + {true, []data.Bytes{deploy}, ba{a, b}, ba{b, pdeploy}}, // deploy also works + + // multiple levels of roles - must be in correct order - assume dev, then deploy + {false, []data.Bytes{devs, deploy}, ba{c, d}, ba{pdeploy}}, + {true, []data.Bytes{deploy, devs}, ba{c, d}, ba{pdev, pdeploy}}, } for i, tc := range cases {