return anyWildcard(*this, other) || valuesMatch(*this, other);
}
+ bool operator==(const PolicyKeyFeature::ValueType &other) const {
+ return anyWildcard(*this, other) || valuesMatch(*this, other);
+ }
+
const std::string &toString() const;
protected:
- PolicyKeyFeature(ValueType value) : m_value(value), m_isWildcard(false) {}
+ PolicyKeyFeature(const ValueType &value) : m_value(value),
+ m_isWildcard(value == PolicyKeyFeature::m_wildcardValue) {}
PolicyKeyFeature() : m_value(m_wildcardValue), m_isWildcard(true) {}
static bool anyWildcard(const PolicyKeyFeature &pkf1, const PolicyKeyFeature &pkf2) {
const PolicyKeyFeature &privilegeId)
: m_client(clientId), m_user(userId), m_privilege(privilegeId) {};
+ PolicyKey(const PolicyKeyFeature::ValueType &clientId,
+ const PolicyKeyFeature::ValueType &userId,
+ const PolicyKeyFeature::ValueType &privilegeId)
+ : m_client(clientId), m_user(userId), m_privilege(privilegeId) {};
+
bool operator==(const PolicyKey &other) const {
return std::tie(m_client, m_user, m_privilege)
== std::tie(other.m_client, other.m_user, other.m_privilege);
}
};
+bool operator ==(const PolicyKeyFeature::ValueType &pkf1, const PolicyKeyFeature &pkf2);
+
} /* namespace Cynara */
#include "../../helpers.h"
+#include <algorithm>
+#include <tuple>
+
using namespace Cynara;
class PolicyBucketFixture : public ::testing::Test {
Policy::simpleWithKey(pk1, PredefinedPolicyType::ALLOW),
Policy::simpleWithKey(pk1, PredefinedPolicyType::ALLOW)
};
+
+ const PolicyCollection wildcardPolicies = {
+ Policy::simpleWithKey(PolicyKey("c1", "u1", "p1"), PredefinedPolicyType::ALLOW),
+ Policy::simpleWithKey(PolicyKey("c1", "u1", "p2"), PredefinedPolicyType::ALLOW),
+ Policy::simpleWithKey(PolicyKey("c2", "u1", "p1"), PredefinedPolicyType::ALLOW)
+ };
+
+ PolicyCollection filterHelper(const PolicyCollection &original,
+ std::function<bool(const PolicyCollection::value_type &)> pred) {
+ PolicyCollection filtered(original.size());
+ auto endIt = std::copy_if(std::begin(original), std::end(original),
+ std::begin(filtered), pred);
+ filtered.resize(std::distance(std::begin(filtered), endIt));
+ return filtered;
+ }
};
TEST_F(PolicyBucketFixture, filtered) {
// default policy should be preserved
ASSERT_EQ(PredefinedPolicyType::DENY, filtered.defaultPolicy());
}
+
+TEST_F(PolicyBucketFixture, filtered_wildcard_privilege) {
+ using ::testing::UnorderedElementsAreArray;
+
+ // Leave policies with given client, given user and any privilege
+ auto policiesToStay = filterHelper(wildcardPolicies,
+ [] (const PolicyCollection::value_type &privilege) {
+ const auto &key = privilege->key();
+ return std::tie("c1", "u1") == std::tie(key.client(), key.user());
+ });
+
+ PolicyBucket bucket(wildcardPolicies);
+ auto filtered = bucket.filtered(PolicyKey("c1", "u1", "*"));
+ ASSERT_THAT(filtered.policyCollection(), UnorderedElementsAreArray(policiesToStay));
+}
+
+TEST_F(PolicyBucketFixture, filtered_wildcard_client) {
+ using ::testing::UnorderedElementsAreArray;
+
+ // Leave policies with given client, given user and any privilege
+ auto policiesToStay = filterHelper(wildcardPolicies,
+ [] (const PolicyCollection::value_type &privilege) {
+ const auto &key = privilege->key();
+ return std::tie("u1", "p1") == std::tie(key.user(), key.privilege());
+ });
+
+ PolicyBucket bucket(wildcardPolicies);
+ auto filtered = bucket.filtered(PolicyKey("*", "u1", "p1"));
+ ASSERT_THAT(filtered.policyCollection(), UnorderedElementsAreArray(policiesToStay));
+}
+
+TEST_F(PolicyBucketFixture, filtered_wildcard_client_privilege) {
+ using ::testing::UnorderedElementsAreArray;
+
+ // Leave policies with given client, given user and any privilege
+ auto policiesToStay = filterHelper(wildcardPolicies,
+ [] (const PolicyCollection::value_type &privilege) {
+ const auto &key = privilege->key();
+ return key.user() == "u1";
+ });
+
+ PolicyBucket bucket(wildcardPolicies);
+ auto filtered = bucket.filtered(PolicyKey("*", "u1", "*"));
+ ASSERT_THAT(filtered.policyCollection(), UnorderedElementsAreArray(policiesToStay));
+}
+
+TEST_F(PolicyBucketFixture, filtered_wildcard_none) {
+ using ::testing::IsEmpty;
+
+ PolicyBucket bucket(wildcardPolicies);
+ auto filtered = bucket.filtered(PolicyKey("*", "u2", "*"));
+ ASSERT_THAT(filtered.policyCollection(), IsEmpty());
+}
projects / platform / core / security / cynara.git / commitdiff