From b7cfc4eda84016bece84094c95bf681112f109c8 Mon Sep 17 00:00:00 2001 From: Marcin Niesluchowski Date: Thu, 17 Jul 2014 13:43:59 +0200 Subject: [PATCH] Add allow remove set policies cynara tests Change-Id: I4be35a4242e381fbac176ad5591d2a90e50dc423 --- tests/cynara-tests/test_cases.cpp | 146 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) diff --git a/tests/cynara-tests/test_cases.cpp b/tests/cynara-tests/test_cases.cpp index c5add3c..5e2e084 100644 --- a/tests/cynara-tests/test_cases.cpp +++ b/tests/cynara-tests/test_cases.cpp @@ -142,3 +142,149 @@ RUNNER_TEST(tc07_admin_set_bucket_admin_allow_deny) cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); } + +RUNNER_TEST(tc08_admin_set_policies_allow_remove1) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *session = "session08_1"; + const int resultAllow = CYNARA_ADMIN_ALLOW; + const int resultDelete = CYNARA_ADMIN_DELETE; + const char *resultExtra = nullptr; + + const std::vector< std::vector > data = { + { "client08_1_a", "user08_1_a", "privilege08_1_a" }, + { "client08_1_b", "user08_1_b", "privilege08_1_b" }, + }; + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + // allow first policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + // allow second policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS); + + // delete first policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS); + + // delete second policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); +} + +RUNNER_TEST(tc08_admin_set_policies_allow_remove2) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *session = "session08_2"; + const int resultAllow = CYNARA_ADMIN_ALLOW; + const int resultDelete = CYNARA_ADMIN_DELETE; + const char *resultExtra = nullptr; + + const std::vector< std::vector > data = { + { "client08_2_a", "user08_2_a", "privilege08_2_a" }, + { "client08_2_b", "user08_2_b", "privilege08_2_b" }, + }; + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + // allow first policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + // delete first, allow second policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra); + cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS); + + // delete second policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra); + admin.setPolicies(cp); + } + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); +} + +RUNNER_TEST(tc08_admin_set_policies_allow_remove3) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *session = "session08_3"; + const int resultAllow = CYNARA_ADMIN_ALLOW; + const int resultDelete = CYNARA_ADMIN_DELETE; + const char *resultExtra = nullptr; + + const std::vector< std::vector > data = { + { "client08_3_a", "user08_3_a", "privilege08_3_a" }, + { "client08_3_b", "user08_3_b", "privilege08_3_b" }, + }; + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + // allow first and second policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra); + cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra); + admin.setPolicies(cp); + } + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS); + + // delete first and second policy + { + CynaraPoliciesContainer cp; + cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra); + cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra); + admin.setPolicies(cp); + } + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); +} -- 2.7.4