cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
}
+
+RUNNER_TEST(tc08_admin_set_policies_allow_remove1)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session08_1";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultDelete = CYNARA_ADMIN_DELETE;
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client08_1_a", "user08_1_a", "privilege08_1_a" },
+ { "client08_1_b", "user08_1_b", "privilege08_1_b" },
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow first policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
+
+ // delete first policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
+
+ // delete second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_TEST(tc08_admin_set_policies_allow_remove2)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session08_2";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultDelete = CYNARA_ADMIN_DELETE;
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client08_2_a", "user08_2_a", "privilege08_2_a" },
+ { "client08_2_b", "user08_2_b", "privilege08_2_b" },
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow first policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // delete first, allow second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
+
+ // delete second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_TEST(tc08_admin_set_policies_allow_remove3)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *session = "session08_3";
+ const int resultAllow = CYNARA_ADMIN_ALLOW;
+ const int resultDelete = CYNARA_ADMIN_DELETE;
+ const char *resultExtra = nullptr;
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client08_3_a", "user08_3_a", "privilege08_3_a" },
+ { "client08_3_b", "user08_3_b", "privilege08_3_b" },
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ // allow first and second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
+ admin.setPolicies(cp);
+ }
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
+
+ // delete first and second policy
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
+ cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+}
projects / platform / core / test / security-tests.git / commitdiff