checkAllDeny(data, session);
}
+
+RUNNER_TEST(tc10_admin_change_extra_bucket)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket10";
+ const char *session = "session10";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+
+
+ const std::vector< std::vector<const char *> > data = {
+ { "client10_a", "user10_a", "privilege10_a" },
+ { "client10_b", "user10_b", "privilege10_b" }
+ };
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ data[0][0], data[0][1], data[0][2],
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ data[0][0], data[0][1], data[0][2],
+ CYNARA_ADMIN_DELETE, extraResult);
+ admin.setPolicies(cp);
+ }
+
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+}
+
+RUNNER_TEST(tc11_admin_bucket_not_found)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket11";
+ const char *client = "client11";
+ const char *session = "session11";
+ const char *user = "user11";
+ const char *privilege = "privilege11";
+
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp, CYNARA_ADMIN_API_BUCKET_NOT_FOUND);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket12";
+ const char *client = "client12";
+ const char *session = "session12";
+ const char *user = "user12";
+ const char *privilege = "privilege12";
+ const char *extra = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}
+
+RUNNER_TEST(tc13_admin_set_policies_to_extra_bucket)
+{
+ CynaraTestAdmin admin;
+ CynaraTestClient cynara;
+
+ const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+ const char *bucket = "bucket13";
+ const char *client = "client13";
+ const char *session = "session13";
+ const char *user = "user13";
+ const char *privilege = "privilege13";
+ const char *extra = nullptr;
+ const char *extraResult = nullptr;
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+
+ {
+ CynaraPoliciesContainer cp;
+ cp.add(bucketDefault,
+ client, user, privilege,
+ CYNARA_ADMIN_BUCKET, bucket);
+ cp.add(bucket,
+ client, user, privilege,
+ CYNARA_ADMIN_ALLOW, extraResult);
+ admin.setPolicies(cp);
+ }
+ cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
+
+ admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
+ cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
+}