Update acl tests to new internal access rules syntax
This commit is contained in:
Paweł Chmielowski
parent
1d3959b5a2
commit
f252b9d489
|
|
@ -36,7 +36,7 @@ defmodule ACLTest do
|
|||
|
||||
test "access rule match with user part ACL" do
|
||||
:acl.add(:global, :basic_acl_1, {:user, "test1"})
|
||||
:acl.add_access(:global, :basic_rule_1, [{:basic_acl_1, :allow}])
|
||||
:acl.add_access(:global, :basic_rule_1, [{:allow, [{:acl, :basic_acl_1}]}])
|
||||
# JID can only be passes as jid record.
|
||||
# => TODO: Support passing JID as binary.
|
||||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test1@domain1")) == :allow
|
||||
|
|
@ -46,7 +46,7 @@ defmodule ACLTest do
|
|||
assert :acl.match_rule(:global, :basic_rule_1, :jid.from_string("test11@domain1")) == :deny
|
||||
|
||||
:acl.add(:global, :basic_acl_2, {:user, {"test2", "domain1"}})
|
||||
:acl.add_access(:global, :basic_rule_2, [{:basic_acl_2, :allow}])
|
||||
:acl.add_access(:global, :basic_rule_2, [{:allow, [{:acl, :basic_acl_2}]}])
|
||||
assert :acl.match_rule(:global, :basic_rule_2, :jid.from_string("test2@domain1")) == :allow
|
||||
assert :acl.match_rule(:global, :basic_rule_2, :jid.from_string("test2@domain2")) == :deny
|
||||
assert :acl.match_rule(:global, :basic_rule_2, :jid.from_string("test2@otherdomain")) == :deny
|
||||
|
|
@ -55,7 +55,7 @@ defmodule ACLTest do
|
|||
|
||||
test "IP based ACL" do
|
||||
:acl.add(:global, :ip_acl_1, {:ip, "127.0.0.0/24"})
|
||||
:acl.add_access(:global, :ip_rule_1, [{:ip_acl_1, :allow}])
|
||||
:acl.add_access(:global, :ip_rule_1, [{:allow, [{:acl, :ip_acl_1}]}])
|
||||
# IP must be expressed as a tuple when calling match rule
|
||||
assert :acl.match_rule(:global, :ip_rule_1, {127,0,0,1}) == :allow
|
||||
assert :acl.match_rule(:global, :ip_rule_1, {127,0,1,1}) == :deny
|
||||
|
|
@ -65,7 +65,7 @@ defmodule ACLTest do
|
|||
test "Access rule are evaluated sequentially" do
|
||||
:acl.add(:global, :user_acl_1, {:user, {"test1", "domain2"}})
|
||||
:acl.add(:global, :user_acl_2, {:user, "test1"})
|
||||
:acl.add_access(:global, :user_rule_1, [{:user_acl_1, :deny}, {:user_acl_2, :allow}])
|
||||
:acl.add_access(:global, :user_rule_1, [{:deny, [{:acl, :user_acl_1}]}, {:allow, [{:acl, :user_acl_2}]}])
|
||||
assert :acl.match_rule(:global, :user_rule_1, :jid.from_string("test1@domain1")) == :allow
|
||||
assert :acl.match_rule(:global, :user_rule_1, :jid.from_string("test1@domain2")) == :deny
|
||||
end
|
||||
|
|
@ -74,7 +74,7 @@ defmodule ACLTest do
|
|||
test "Access rules providing values" do
|
||||
:acl.add(:global, :user_acl, {:user_regexp, ""})
|
||||
:acl.add(:global, :admin_acl, {:user, "admin"})
|
||||
:acl.add_access(:global, :value_rule_1, [{:admin_acl, 10}, {:user_acl, 5}])
|
||||
:acl.add_access(:global, :value_rule_1, [{10, [{:acl, :admin_acl}]}, {5, [{:acl, :user_acl}]}])
|
||||
assert :acl.match_rule(:global, :value_rule_1, :jid.from_string("test1@domain1")) == 5
|
||||
assert :acl.match_rule(:global, :value_rule_1, :jid.from_string("admin@domain1")) == 10
|
||||
|
||||
|
|
@ -91,21 +91,15 @@ defmodule ACLTest do
|
|||
test "mixing IP and user access rules" do
|
||||
:acl.add(:global, :user_acl_1, {:user, "test1"})
|
||||
:acl.add(:global, :ip_acl_1, {:ip, "127.0.0.0/24"})
|
||||
:acl.add_access(:global, :mixed_rule_1, [{:user_acl_1, :allow}, {:ip_acl_1, :allow}])
|
||||
:acl.add_access(:global, :mixed_rule_1, [{:allow, [{:acl, :user_acl_1}]}, {:allow, [{:acl, :ip_acl_1}]}])
|
||||
assert :acl.match_rule(:global, :mixed_rule_1, :jid.from_string("test1@domain1")) == :allow
|
||||
assert :acl.match_rule(:global, :mixed_rule_1, {127,0,0,1}) == :allow
|
||||
|
||||
:acl.add_access(:global, :mixed_rule_2, [{:user_acl_1, :deny}, {:ip_acl_1, :allow}])
|
||||
:acl.add_access(:global, :mixed_rule_2, [{:deny, [{:acl, :user_acl_1}]}, {:allow, [{:acl, :ip_acl_1}]}])
|
||||
assert :acl.match_rule(:global, :mixed_rule_2, :jid.from_string("test1@domain1")) == :deny
|
||||
assert :acl.match_rule(:global, :mixed_rule_2, {127,0,0,1}) == :allow
|
||||
end
|
||||
|
||||
test "acl:match_access can match directly on user pattern" do
|
||||
pattern = {:user, {"test1", "domain1"}}
|
||||
assert :acl.match_access(:global, pattern, :jid.from_string("test1@domain1"), :allow) == :allow
|
||||
assert :acl.match_access(:global, pattern, :jid.from_string("test2@domain1"), :allow) == :deny
|
||||
end
|
||||
|
||||
## Checking ACL on both user pattern and IP
|
||||
## ========================================
|
||||
|
||||
|
|
@ -115,8 +109,8 @@ defmodule ACLTest do
|
|||
test "module can test both IP and user through two independent :acl.match_rule check (deprecated)" do
|
||||
:acl.add(:global, :user_acl, {:user, {"test1", "domain1"}})
|
||||
:acl.add(:global, :ip_acl, {:ip, "127.0.0.0/24"})
|
||||
:acl.add_access(:global, :user_rule, [{:user_acl, :allow}])
|
||||
:acl.add_access(:global, :ip_rule, [{:ip_acl, :allow}])
|
||||
:acl.add_access(:global, :user_rule, [{:allow, [{:acl, :user_acl}]}])
|
||||
:acl.add_access(:global, :ip_rule, [{:allow, [{:acl, :ip_acl}]}])
|
||||
|
||||
# acl module in 16.03 is not able to provide a function for compound result:
|
||||
assert :acl.match_rule(:global, :user_rule, :jid.from_string("test1@domain1")) == :allow
|
||||
|
|
|
|||
Loading…
Reference in New Issue