func TestSet(t *testing.T) {
/*
Access ACL
*/
f := testutil.MustTempFile(t, "", "acl").Name()
defer os.Remove(f)
acl, err := Get(f)
testutil.Must(t, err)
for i := range acl {
acl[i].Perms = (^acl[i].Perms) & 0x7 // Flip the rwx bits
}
err = Set(f, acl)
testutil.Must(t, err)
acl2, err := Get(f)
testutil.Must(t, err)
if !reflect.DeepEqual(acl, acl2) {
t.Errorf("unexpected ACL: want %v; got %v", acl, acl2)
}
/*
Default ACL
*/
d := testutil.MustTempDir(t, "", "acl")
defer os.Remove(d)
// reuse the acl from above since we know it's valid
err = SetDefault(d, acl)
testutil.Must(t, err)
acl2, err = GetDefault(d)
testutil.Must(t, err)
if !reflect.DeepEqual(acl, acl2) {
t.Errorf("unexpected default ACL: want %v; got %v", acl, acl2)
}
}
func TestDefault(t *testing.T) {
d := testutil.MustTempDir(t, "", "acl")
defer os.RemoveAll(d)
// Set default ACL to no permissions, which is pretty much
// guaranteed not to be the system-wide default.
// That way we know it's not a fluke if that's the ACL
// on a newly-created file.
dacl := ACL{Entry{Tag: TagUserObj}, Entry{Tag: TagUser, Qualifier: "0"},
Entry{Tag: TagGroupObj}, Entry{Tag: TagGroup, Qualifier: "0"},
Entry{Tag: TagMask}, Entry{Tag: TagOther}}
err := SetDefault(d, dacl)
testutil.Must(t, err)
_, err = os.Create(filepath.Join(d, "file"))
testutil.Must(t, err)
acl, err := Get(filepath.Join(d, "file"))
testutil.Must(t, err)
if !reflect.DeepEqual(dacl, acl) {
t.Errorf("access ACL does not match parent's default ACL: got %v; want %v",
acl, dacl)
}
err = os.Mkdir(filepath.Join(d, "dir"), 0666)
testutil.Must(t, err)
dacl2, err := GetDefault(filepath.Join(d, "dir"))
testutil.Must(t, err)
if !reflect.DeepEqual(dacl, dacl2) {
t.Errorf("default ACL does not match parent's default ACL: got %v; want %v",
dacl2, dacl)
}
}
func TestGet(t *testing.T) {
f := testutil.MustTempFile(t, "", "acl").Name()
defer os.Remove(f)
_, err := Get(f)
testutil.Must(t, err)
d := testutil.MustTempDir(t, "", "acl")
defer os.Remove(d)
_, err = GetDefault(d)
testutil.Must(t, err)
}
func TestIsValid(t *testing.T) {
f := testutil.MustTempFile(t, "", "acl").Name()
defer os.Remove(f)
acl, err := Get(f)
testutil.Must(t, err)
if !acl.IsValid() {
t.Errorf("ACL reported invalid: %v", acl)
}
for _, v := range validACLs {
if !v.IsValid() {
t.Errorf("ACL reported invalid: %v", v)
}
}
for _, i := range invalidACLs {
if i.IsValid() {
t.Errorf("ACL reported valid: %v", i)
}
}
}
func TestAdd(t *testing.T) {
f := testutil.MustTempFile(t, "", "acl").Name()
defer os.Remove(f)
base := ACL{
{TagUserObj, "", 7},
{TagGroupObj, "", 0},
{TagOther, "", 0},
}
testCases := []struct {
Before ACL
Add []Entry
Afer ACL
}{
// Make sure mask is generated
{
base,
[]Entry{{TagUser, "0", 4}, {TagGroup, "0", 2}},
append(ACL{{TagUser, "0", 4}, {TagGroup, "0", 2}, {TagMask, "", 6}}, base...),
},
// Make sure mask is not generated if a mask is supplied
{
base,
[]Entry{{TagUser, "0", 4}, {TagGroup, "0", 2}, {TagMask, "", 1}},
append(ACL{{TagUser, "0", 4}, {TagGroup, "0", 2}, {TagMask, "", 1}}, base...),
},
// Make sure the original mask is overridden
{
append(ACL{{TagMask, "", 7}}, base...),
[]Entry{{TagUser, "0", 4}, {TagGroup, "0", 2}},
append(ACL{{TagUser, "0", 4}, {TagGroup, "0", 2}, {TagMask, "", 6}}, base...),
},
// Make sure TagUser, TagGroup, or TagGroupObj in original is used
// in calculating new mask
{
append(ACL{{TagUser, "0", 4}, {TagMask, "", 0}}, base...),
[]Entry{{TagGroup, "0", 2}, {TagGroupObj, "", 1}},
ACL{{TagUser, "0", 4}, {TagGroup, "0", 2}, {TagMask, "", 7},
{TagUserObj, "", 7},
{TagGroupObj, "", 1},
{TagOther, "", 0}},
},
// Make sure TagUser or TagGroup in original is NOT used
// in calculating new mask if it's overwritten
{
append(ACL{{TagUser, "0", 7}, {TagMask, "", 0}}, base...),
[]Entry{{TagUser, "0", 4}, {TagGroup, "0", 2}},
append(ACL{{TagUser, "0", 4}, {TagGroup, "0", 2}, {TagMask, "", 6}}, base...),
},
}
for i, c := range testCases {
err := Set(f, c.Before)
testutil.Must(t, err)
err = Add(f, c.Add...)
testutil.Must(t, err)
acl, err := Get(f)
testutil.Must(t, err)
m1 := make(map[Entry]bool)
m2 := make(map[Entry]bool)
for _, e := range acl {
m1[e] = true
}
for _, e := range c.Afer {
m2[e] = true
}
if !reflect.DeepEqual(m1, m2) {
t.Errorf("case %v: unexpected ACL: want %v; got %v", i, c.Afer, acl)
}
}
}