From 9bf448be7aa5e2468d5a6302d7c37ebad0f84176 Mon Sep 17 00:00:00 2001 From: 9p4 Date: Tue, 27 Feb 2024 10:07:29 -0500 Subject: [feature/oidc] Add support for very basic RBAC (#2642) * Add support for very basic RBAC * Add some small tests for allowedGroup and adminGroup * Switch to table-driven tests --- internal/api/auth/callback_test.go | 45 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 internal/api/auth/callback_test.go (limited to 'internal/api/auth/callback_test.go') diff --git a/internal/api/auth/callback_test.go b/internal/api/auth/callback_test.go new file mode 100644 index 000000000..2624f3f3f --- /dev/null +++ b/internal/api/auth/callback_test.go @@ -0,0 +1,45 @@ +package auth + +import ( + "testing" + + "github.com/superseriousbusiness/gotosocial/testrig" +) + +func TestAdminGroup(t *testing.T) { + testrig.InitTestConfig() + for _, test := range []struct { + name string + groups []string + expected bool + }{ + {name: "not in admin group", groups: []string{"group1", "group2", "allowedRole"}, expected: false}, + {name: "in admin group", groups: []string{"group1", "group2", "adminRole"}, expected: true}, + } { + test := test // loopvar capture + t.Run(test.name, func(t *testing.T) { + if got := adminGroup(test.groups); got != test.expected { + t.Fatalf("got: %t, wanted: %t", got, test.expected) + } + }) + } +} + +func TestAllowedGroup(t *testing.T) { + testrig.InitTestConfig() + for _, test := range []struct { + name string + groups []string + expected bool + }{ + {name: "not in allowed group", groups: []string{"group1", "group2", "adminRole"}, expected: false}, + {name: "in allowed group", groups: []string{"group1", "group2", "allowedRole"}, expected: true}, + } { + test := test // loopvar capture + t.Run(test.name, func(t *testing.T) { + if got := allowedGroup(test.groups); got != test.expected { + t.Fatalf("got: %t, wanted: %t", got, test.expected) + } + }) + } +} -- cgit v1.2.3