1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package utils
import (
"encoding/json"
"fmt"
"io/ioutil"
"reflect"
"strings"
"testing"
"github.com/stretchr/testify/require"
"github.com/mattermost/mattermost-server/model"
)
type RoleState struct {
RoleName string `json:"roleName"`
Permission string `json:"permission"`
ShouldHave bool `json:"shouldHave"`
}
func mockConfig() *model.Config {
config := model.Config{}
config.SetDefaults()
return &config
}
func mapping() (map[string]map[string][]RoleState, error) {
policiesRolesMapping := make(map[string]map[string][]RoleState)
raw, err := ioutil.ReadFile("./policies-roles-mapping.json")
if err != nil {
return policiesRolesMapping, err
}
var f map[string]interface{}
err = json.Unmarshal(raw, &f)
if err != nil {
return policiesRolesMapping, err
}
for policyName, value := range f {
capitalizedName := fmt.Sprintf("%v%v", strings.ToUpper(policyName[:1]), policyName[1:])
policiesRolesMapping[capitalizedName] = make(map[string][]RoleState)
for policyValue, roleStatesMappings := range value.(map[string]interface{}) {
var roleStates []RoleState
for _, roleStateMapping := range roleStatesMappings.([]interface{}) {
roleStateMappingJSON, _ := json.Marshal(roleStateMapping)
var roleState RoleState
_ = json.Unmarshal(roleStateMappingJSON, &roleState)
roleStates = append(roleStates, roleState)
}
policiesRolesMapping[capitalizedName][policyValue] = roleStates
}
}
return policiesRolesMapping, nil
}
func TestSetRolePermissionsFromConfig(t *testing.T) {
mapping, err := mapping()
if err != nil {
require.NoError(t, err)
}
for policyName, v := range mapping {
for policyValue, rolesMappings := range v {
config := mockConfig()
updateConfig(config, policyName, policyValue)
roles := model.MakeDefaultRoles()
SetRolePermissionsFromConfig(roles, config, true)
for _, roleMappingItem := range rolesMappings {
role := roles[roleMappingItem.RoleName]
permission := roleMappingItem.Permission
hasPermission := roleHasPermission(role, permission)
if (roleMappingItem.ShouldHave && !hasPermission) || (!roleMappingItem.ShouldHave && hasPermission) {
wording := "not to"
if roleMappingItem.ShouldHave {
wording = "to"
}
t.Errorf("Expected '%v' %v have '%v' permission when '%v' is set to '%v'.", role.Name, wording, permission, policyName, policyValue)
}
}
}
}
}
func updateConfig(config *model.Config, key string, value string) {
v := reflect.ValueOf(config.ServiceSettings)
field := v.FieldByName(key)
if !field.IsValid() {
v = reflect.ValueOf(config.TeamSettings)
field = v.FieldByName(key)
}
field.Elem().SetString(value)
}
func roleHasPermission(role *model.Role, permission string) bool {
for _, p := range role.Permissions {
if p == permission {
return true
}
}
return false
}
|