func (s *S) TestRemoveRole(c *check.C) {
s.conn.Roles().DropCollection()
_, err := permission.NewRole("test", "app")
c.Assert(err, check.IsNil)
req, err := http.NewRequest("DELETE", "/roles/test", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleDelete,
Context: permission.Context(permission.CtxGlobal, ""),
})
user, err := token.User()
c.Assert(err, check.IsNil)
err = user.AddRole("test", "app")
c.Assert(err, check.IsNil)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
recorder := httptest.NewRecorder()
server := RunServer(true)
server.ServeHTTP(recorder, req)
c.Assert(recorder.Code, check.Equals, http.StatusOK)
roles, err := permission.ListRoles()
c.Assert(err, check.IsNil)
c.Assert(roles, check.HasLen, 1)
user, err = token.User()
c.Assert(err, check.IsNil)
c.Assert(user.Roles, check.HasLen, 1)
}
func (s *S) TestAddRole(c *check.C) {
s.conn.Roles().DropCollection()
role := bytes.NewBufferString("name=test&context=global")
req, err := http.NewRequest("POST", "/roles", role)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleCreate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
recorder := httptest.NewRecorder()
server := RunServer(true)
server.ServeHTTP(recorder, req)
c.Assert(err, check.IsNil)
c.Assert(recorder.Code, check.Equals, http.StatusCreated)
roles, err := permission.ListRoles()
c.Assert(err, check.IsNil)
c.Assert(roles, check.HasLen, 2)
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
Owner: token.GetUserName(),
Kind: "role.create",
StartCustomData: []map[string]interface{}{
{"name": "name", "value": "test"},
{"name": "context", "value": "global"},
},
}, eventtest.HasEvent)
}
func (s *S) TestRemoveRole(c *check.C) {
s.conn.Roles().DropCollection()
_, err := permission.NewRole("test", "app", "")
c.Assert(err, check.IsNil)
req, err := http.NewRequest("DELETE", "/roles/test", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleDelete,
Context: permission.Context(permission.CtxGlobal, ""),
})
user, err := token.User()
c.Assert(err, check.IsNil)
err = user.AddRole("test", "app")
c.Assert(err, check.IsNil)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
recorder := httptest.NewRecorder()
server := RunServer(true)
server.ServeHTTP(recorder, req)
c.Assert(recorder.Code, check.Equals, http.StatusOK)
roles, err := permission.ListRoles()
c.Assert(err, check.IsNil)
c.Assert(roles, check.HasLen, 1)
user, err = token.User()
c.Assert(err, check.IsNil)
c.Assert(user.Roles, check.HasLen, 1)
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
Owner: token.GetUserName(),
Kind: "role.delete",
StartCustomData: []map[string]interface{}{
{"name": ":name", "value": "test"},
},
}, eventtest.HasEvent)
}
func listRoles(w http.ResponseWriter, r *http.Request, t auth.Token) error {
roles, err := permission.ListRoles()
if err != nil {
return err
}
b, err := json.Marshal(roles)
if err != nil {
return err
}
_, err = w.Write(b)
return err
}
func (s *S) TestAddRole(c *check.C) {
s.conn.Roles().DropCollection()
role := bytes.NewBufferString("name=test&context=global")
req, err := http.NewRequest("POST", "/roles", role)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleCreate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
recorder := httptest.NewRecorder()
server := RunServer(true)
server.ServeHTTP(recorder, req)
c.Assert(err, check.IsNil)
c.Assert(recorder.Code, check.Equals, http.StatusCreated)
roles, err := permission.ListRoles()
c.Assert(err, check.IsNil)
c.Assert(roles, check.HasLen, 2)
}
// title: role list
// path: /roles
// method: GET
// produce: application/json
// responses:
// 200: OK
// 401: Unauthorized
func listRoles(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !(permission.Check(t, permission.PermRoleUpdate) ||
permission.Check(t, permission.PermRoleUpdateAssign) ||
permission.Check(t, permission.PermRoleUpdateDissociate) ||
permission.Check(t, permission.PermRoleCreate) ||
permission.Check(t, permission.PermRoleDelete)) {
return permission.ErrUnauthorized
}
roles, err := permission.ListRoles()
if err != nil {
return err
}
b, err := json.Marshal(roles)
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")
_, err = w.Write(b)
return err
}
