From 2bda8ee34c1d70f513006366b89c98159dc632d2 Mon Sep 17 00:00:00 2001 From: Mitja Zivkovic Date: Thu, 21 Feb 2019 23:07:09 +0100 Subject: [PATCH] upd(internal): remove unused rule functions --- internal/rules/interfaces.go | 3 -- internal/rules/resources.go | 35 --------------- internal/rules/resources_test.go | 74 +++++++++++++++++++------------- 3 files changed, 44 insertions(+), 68 deletions(-) diff --git a/internal/rules/interfaces.go b/internal/rules/interfaces.go index b04da3a99..50e2782cb 100644 --- a/internal/rules/interfaces.go +++ b/internal/rules/interfaces.go @@ -11,9 +11,6 @@ type ResourcesInterface interface { IsAllowed(resource string, operation string) Access - GrantByResource(roleID uint64, resource string, operations []string, value Access) error - ListByResource(roleID uint64, resource string) ([]Rule, error) - Grant(roleID uint64, rules []Rule) error List(roleID uint64) ([]Rule, error) Delete(roleID uint64) error diff --git a/internal/rules/resources.go b/internal/rules/resources.go index 47ad7dfe5..54a03e9de 100644 --- a/internal/rules/resources.go +++ b/internal/rules/resources.go @@ -99,41 +99,6 @@ func (r *resources) checkAccess(resource string, operation string) Access { return Inherit } -func (r *resources) GrantByResource(roleID uint64, resource string, operations []string, value Access) error { - return r.db.Transaction(func() error { - row := Rule{ - RoleID: roleID, - Resource: resource, - Value: value, - } - - var err error - for _, operation := range operations { - row.Operation = operation - switch value { - case Inherit: - _, err = r.db.NamedExec("delete from sys_rules where rel_role=:rel_role and resource=:resource and operation=:operation", row) - default: - err = r.db.Replace("sys_rules", row) - } - if err != nil { - return err - } - } - return nil - }) -} - -func (r *resources) ListByResource(roleID uint64, resource string) ([]Rule, error) { - result := []Rule{} - - query := "select * from sys_rules where rel_role = ? and resource = ?" - if err := r.db.Select(&result, query, roleID, resource); err != nil { - return nil, err - } - return result, nil -} - func (r *resources) Grant(roleID uint64, rules []Rule) error { return r.db.Transaction(func() error { var err error diff --git a/internal/rules/resources_test.go b/internal/rules/resources_test.go index 659128e81..bdf8808da 100644 --- a/internal/rules/resources_test.go +++ b/internal/rules/resources_test.go @@ -37,50 +37,64 @@ func TestRules(t *testing.T) { // default (unset=deny) { - Expect(rules.Inherit, resources.IsAllowed("channel:1", "edit"), "expected inherit") - Expect(rules.Inherit, resources.IsAllowed("channel:*", "edit"), "expected inherit") + Expect(rules.Inherit, resources.IsAllowed("channel:1", "update"), "expected inherit") + Expect(rules.Inherit, resources.IsAllowed("channel:*", "update"), "expected inherit") } // allow channel:2 group:2 (default deny, multi=allow) { - resources.GrantByResource(2, "channel:2", []string{"edit", "delete"}, rules.Allow) - Expect(rules.Inherit, resources.IsAllowed("channel:1", "edit"), "expected error, got nil") - Expect(rules.Allow, resources.IsAllowed("channel:2", "edit"), "channel:2 edit, expected no error") - Expect(rules.Allow, resources.IsAllowed("channel:*", "edit"), "channel:* edit, expected no error") + list := []rules.Rule{ + rules.Rule{Resource: "channel:2", Operation: "update", Value: rules.Allow}, + rules.Rule{Resource: "channel:2", Operation: "delete", Value: rules.Allow}, + } + + resources.Grant(2, list) + Expect(rules.Inherit, resources.IsAllowed("channel:1", "update"), "expected error, got nil") + Expect(rules.Allow, resources.IsAllowed("channel:2", "update"), "channel:2 update, expected no error") + Expect(rules.Allow, resources.IsAllowed("channel:*", "update"), "channel:* update, expected no error") } - // list grants for role - { - grants, err := resources.ListByResource(2, "channel:2") - NoError(t, err, "expect no error") - Assert(t, len(grants) == 2, "expected 2 grants") - Assert(t, grants[0].RoleID == 2, "expected RoleID == 2, got %v", grants[0].RoleID) - Assert(t, grants[0].Resource == "channel:2", "expected Resource == channel:2, got %s", grants[0].Resource) - Assert(t, grants[0].Operation == "delete", "expected Operation == delete, got %s", grants[0].Operation) - Assert(t, grants[0].Value == rules.Allow, "expected Value == Allow, got %s", grants[0].Value) - } - - // list all by role + // list grants for role 2 { grants, err := resources.List(2) - NoError(t, err, "expected no error") - Assert(t, len(grants) == 2, "expected grants == 2, got %v", len(grants)) + NoError(t, err, "expect no error") + Assert(t, len(grants) == 2, "expected 2 grants") + + for _, grant := range grants { + Assert(t, grant.RoleID == 2, "expected RoleID == 2, got %v", grant.RoleID) + Assert(t, grant.Resource == "channel:2", "expected Resource == channel:2, got %s", grant.Resource) + // Assert(t, grant.Operation == "delete", "expected Operation == delete, got %s", grant.Operation) + Assert(t, grant.Value == rules.Allow, "expected Value == Allow, got %s", grant.Value) + } } // deny channel:1 group:1 (explicit deny, multi=deny) { - resources.GrantByResource(1, "channel:1", []string{"edit"}, rules.Deny) - Expect(rules.Deny, resources.IsAllowed("channel:1", "edit"), "expected error, got nil") - Expect(rules.Allow, resources.IsAllowed("channel:2", "edit"), "channel:2 edit, expected no error") - Expect(rules.Deny, resources.IsAllowed("channel:*", "edit"), "expected error, got nil") + list := []rules.Rule{ + rules.Rule{Resource: "channel:1", Operation: "update", Value: rules.Deny}, + } + resources.Grant(1, list) + Expect(rules.Deny, resources.IsAllowed("channel:1", "update"), "expected error, got nil") + Expect(rules.Allow, resources.IsAllowed("channel:2", "update"), "channel:2 update, expected no error") + Expect(rules.Deny, resources.IsAllowed("channel:*", "update"), "expected error, got nil") } // reset (unset=deny) { - resources.GrantByResource(2, "channel:2", []string{"edit", "delete"}, rules.Inherit) - resources.GrantByResource(1, "channel:1", []string{"edit", "delete"}, rules.Inherit) - Expect(rules.Inherit, resources.IsAllowed("channel:1", "edit"), "expected error, got nil") - Expect(rules.Inherit, resources.IsAllowed("channel:*", "edit"), "expected error, got nil") + list1 := []rules.Rule{ + rules.Rule{Resource: "channel:1", Operation: "update", Value: rules.Inherit}, + rules.Rule{Resource: "channel:1", Operation: "delete", Value: rules.Inherit}, + } + resources.Grant(1, list1) + + list2 := []rules.Rule{ + rules.Rule{Resource: "channel:2", Operation: "update", Value: rules.Inherit}, + rules.Rule{Resource: "channel:2", Operation: "delete", Value: rules.Inherit}, + } + resources.Grant(2, list2) + + Expect(rules.Inherit, resources.IsAllowed("channel:1", "update"), "expected error, got nil") + Expect(rules.Inherit, resources.IsAllowed("channel:*", "update"), "expected error, got nil") } // Grant by roleID @@ -105,13 +119,13 @@ func TestRules(t *testing.T) { Assert(t, len(grants) == 3, "expected grants == 3, got %v", len(grants)) } - // delete all by role + // delete all by roleID { err := resources.Delete(2) NoError(t, err, "expected no error") } - // list all by role + // list all by roleID { grants, err := resources.List(2) NoError(t, err, "expected no error")