diff --git a/system/repository/applications_test.go b/system/repository/applications_test.go index 29dffd272..255bcefaf 100644 --- a/system/repository/applications_test.go +++ b/system/repository/applications_test.go @@ -4,10 +4,12 @@ import ( "context" "testing" + "github.com/pkg/errors" "github.com/titpetric/factory" - "github.com/crusttech/crust/internal/test" "github.com/crusttech/crust/system/types" + + . "github.com/crusttech/crust/internal/test" ) func TestApplication(t *testing.T) { @@ -16,51 +18,50 @@ func TestApplication(t *testing.T) { return } - crepo := Application(context.Background(), factory.Database.MustGet()) + db := factory.Database.MustGet() - { + // Create application repository. + crepo := Application(context.Background(), db) - tx(t, func() (err error) { - if _, err = factory.Database.MustGet().Exec("TRUNCATE sys_application"); err != nil { - return - } + // Run tests in transaction to maintain DB state. + Error(t, db.Transaction(func() error { + db.Delete("sys_application", "1=1") - app := &types.Application{ - Name: "created", - Enabled: true, - OwnerID: 1, - Unify: &types.ApplicationUnify{ - Name: "created", - Listed: true, - Order: 1, - Icon: "...ico", - }, - } + app := &types.Application{ + Name: "created", + Enabled: true, + OwnerID: 1, + Unify: &types.ApplicationUnify{ + Name: "created", + Listed: true, + Order: 1, + Icon: "...ico", + }, + } - app, err = crepo.Create(app) - test.NoError(t, err, "Application.Create error: %+v", err) - test.Assert(t, app.Valid(), "Expecting application to be valid after creation") - test.Assert(t, app.Name == "created", "Expecting application name to be set, got %q", app.Name) - test.Assert(t, app.Enabled, "Expecting application to be enabled") - test.Assert(t, app.Unify.Name == "created", "Expecting application name to be set in unify, got %q", app.Name) - test.Assert(t, app.Unify.Listed, "Expecting application to be listed in unify") - test.Assert(t, app.Unify.Order == 1, "Expecting application name to have order val 1") + app, err := crepo.Create(app) + NoError(t, err, "Application.Create error: %+v", err) + Assert(t, app.Valid(), "Expecting application to be valid after creation") + Assert(t, app.Name == "created", "Expecting application name to be set, got %q", app.Name) + Assert(t, app.Enabled, "Expecting application to be enabled") + Assert(t, app.Unify.Name == "created", "Expecting application name to be set in unify, got %q", app.Name) + Assert(t, app.Unify.Listed, "Expecting application to be listed in unify") + Assert(t, app.Unify.Order == 1, "Expecting application name to have order val 1") - app.Name = "updated" - app.Enabled = false - app.Unify.Name = "updated" - app.Unify.Listed = false - app, err = crepo.Update(app) + app.Name = "updated" + app.Enabled = false + app.Unify.Name = "updated" + app.Unify.Listed = false + app, err = crepo.Update(app) - test.NoError(t, err, "Application.Create error: %+v", err) - test.Assert(t, err == nil, "Application.Create error: %+v", err) - test.Assert(t, app.Name == "updated", "Expecting application name to be updated") - test.Assert(t, !app.Enabled, "Expecting application to be disabled") - test.Assert(t, app.Unify.Name == "updated", "Expecting application name to be updated in unify") - test.Assert(t, !app.Unify.Listed, "Expecting application to be unlisted in unify") + NoError(t, err, "Application.Create error: %+v", err) + Assert(t, err == nil, "Application.Create error: %+v", err) + Assert(t, app.Name == "updated", "Expecting application name to be updated") + Assert(t, !app.Enabled, "Expecting application to be disabled") + Assert(t, app.Unify.Name == "updated", "Expecting application name to be updated in unify") + Assert(t, !app.Unify.Listed, "Expecting application to be unlisted in unify") - return nil - }) - } + return errors.New("Rollback") + }), "expected rollback error") } diff --git a/system/repository/credentials_test.go b/system/repository/credentials_test.go index fe868f804..0f960b707 100644 --- a/system/repository/credentials_test.go +++ b/system/repository/credentials_test.go @@ -4,9 +4,12 @@ import ( "context" "testing" + "github.com/pkg/errors" "github.com/titpetric/factory" "github.com/crusttech/crust/system/types" + + . "github.com/crusttech/crust/internal/test" ) func TestCredentials(t *testing.T) { @@ -15,44 +18,42 @@ func TestCredentials(t *testing.T) { return } - crepo := Credentials(context.Background(), factory.Database.MustGet()) + db := factory.Database.MustGet() + + // Create credentials repository. + crepo := Credentials(context.Background(), db) + + // Run tests in transaction to maintain DB state. + Error(t, db.Transaction(func() error { + db.Delete("sys_credentials", "1=1") - { cc := types.CredentialsSet{ &types.Credentials{OwnerID: 10000, Kind: types.CredentialsKindLinkedin, Credentials: "linkedin-profile-id"}, &types.Credentials{OwnerID: 10000, Kind: types.CredentialsKindGPlus, Credentials: "gplus-profile-id"}, &types.Credentials{OwnerID: 20000, Kind: types.CredentialsKindFacebook, Credentials: "facebook-profile-id"}, } - tx(t, func() (err error) { - if _, err = factory.Database.MustGet().Exec("TRUNCATE sys_credentials"); err != nil { - return + for _, c := range cc { + cNew, err := crepo.Create(c) + assert(t, err == nil, "Credentials.Create error: %+v", err) + assert(t, c.ID > 0, "Expecting credentials to have a valid ID") + assert(t, c.Valid(), "Expecting credentials to be valid after creation") + + _, err = crepo.FindByID(cNew.ID) + assert(t, err == nil, "Credentials.FindByID error: %+v", err) + + { + r, err := crepo.FindByKind(c.OwnerID, c.Kind) + assert(t, err == nil, "Credentials.FindByKind error: %+v", err) + assert(t, len(r) == 1, "Expecting exactly 1 result from FindByKind, got: %v", len(r)) } - for _, c := range cc { - cNew, err := crepo.Create(c) - assert(t, err == nil, "Credentials.Create error: %+v", err) - assert(t, c.ID > 0, "Expecting credentials to have a valid ID") - assert(t, c.Valid(), "Expecting credentials to be valid after creation") - - _, err = crepo.FindByID(cNew.ID) - assert(t, err == nil, "Credentials.FindByID error: %+v", err) - - { - r, err := crepo.FindByKind(c.OwnerID, c.Kind) - assert(t, err == nil, "Credentials.FindByKind error: %+v", err) - assert(t, len(r) == 1, "Expecting exactly 1 result from FindByKind, got: %v", len(r)) - } - - { - r, err := crepo.FindByCredentials(c.Kind, c.Credentials) - assert(t, err == nil, "Credentials.FindByKind error: %+v", err) - assert(t, len(r) == 1, "Expecting exactly 1 result from FindByCredentials, got: %v", len(r)) - } + { + r, err := crepo.FindByCredentials(c.Kind, c.Credentials) + assert(t, err == nil, "Credentials.FindByKind error: %+v", err) + assert(t, len(r) == 1, "Expecting exactly 1 result from FindByCredentials, got: %v", len(r)) } - - return nil - }) - } - + } + return errors.New("Rollback") + }), "expected rollback error") } diff --git a/system/repository/main_test.go b/system/repository/main_test.go index 4b42d82f5..34fdd3106 100644 --- a/system/repository/main_test.go +++ b/system/repository/main_test.go @@ -39,16 +39,6 @@ func TestMain(m *testing.M) { return } - // clean up tables - { - for _, name := range []string{"sys_user", "sys_role", "sys_role_member", "sys_organisation", "settings"} { - _, err := db.Exec("truncate " + name) - if err != nil { - panic("Error when clearing " + name + ": " + err.Error()) - } - } - } - os.Exit(m.Run()) } diff --git a/system/repository/organisation_test.go b/system/repository/organisation_test.go index c76f34a67..e4cfe2182 100644 --- a/system/repository/organisation_test.go +++ b/system/repository/organisation_test.go @@ -2,12 +2,14 @@ package repository import ( "context" - - "github.com/titpetric/factory" - "testing" + "github.com/pkg/errors" + "github.com/titpetric/factory" + "github.com/crusttech/crust/system/types" + + . "github.com/crusttech/crust/internal/test" ) func TestOrganisation(t *testing.T) { @@ -16,49 +18,55 @@ func TestOrganisation(t *testing.T) { return } - rpo := Organisation(context.Background(), factory.Database.MustGet()) - org := &types.Organisation{ - Name: "Test organisation v1", - } + db := factory.Database.MustGet() - { - oa, err := rpo.CreateOrganisation(org) - assert(t, err == nil, "CreateOrganisation error: %+v", err) - assert(t, oa.Name == org.Name, "Changes were not stored") - } + // Run tests in transaction to maintain DB state. + Error(t, db.Transaction(func() error { + rpo := Organisation(context.Background(), db) + org := &types.Organisation{ + Name: "Test organisation v1", + } - { - org.Name = "Test organisation v2" + { + oa, err := rpo.CreateOrganisation(org) + assert(t, err == nil, "CreateOrganisation error: %+v", err) + assert(t, oa.Name == org.Name, "Changes were not stored") + } - oa, err := rpo.UpdateOrganisation(org) - assert(t, err == nil, "UpdateOrganisation error: %+v", err) - assert(t, oa.Name == org.Name, "Changes were not stored") - } + { + org.Name = "Test organisation v2" - { - oa, err := rpo.FindOrganisationByID(org.ID) - assert(t, err == nil, "FindOrganisationByID error: %+v", err) - assert(t, oa.Name == org.Name, "Changes were not stored") - } + oa, err := rpo.UpdateOrganisation(org) + assert(t, err == nil, "UpdateOrganisation error: %+v", err) + assert(t, oa.Name == org.Name, "Changes were not stored") + } - { - oa, err := rpo.FindOrganisations(&types.OrganisationFilter{Query: org.Name}) - assert(t, err == nil, "FindOrganisations error: %+v", err) - assert(t, len(oa) != 0, "No results found") - } + { + oa, err := rpo.FindOrganisationByID(org.ID) + assert(t, err == nil, "FindOrganisationByID error: %+v", err) + assert(t, oa.Name == org.Name, "Changes were not stored") + } - { - err := rpo.ArchiveOrganisationByID(org.ID) - assert(t, err == nil, "ArchiveOrganisationByID error: %+v", err) - } + { + oa, err := rpo.FindOrganisations(&types.OrganisationFilter{Query: org.Name}) + assert(t, err == nil, "FindOrganisations error: %+v", err) + assert(t, len(oa) != 0, "No results found") + } - { - err := rpo.UnarchiveOrganisationByID(org.ID) - assert(t, err == nil, "UnarchiveOrganisationByID error: %+v", err) - } + { + err := rpo.ArchiveOrganisationByID(org.ID) + assert(t, err == nil, "ArchiveOrganisationByID error: %+v", err) + } - { - err := rpo.DeleteOrganisationByID(org.ID) - assert(t, err == nil, "DeleteOrganisationByID error: %+v", err) - } + { + err := rpo.UnarchiveOrganisationByID(org.ID) + assert(t, err == nil, "UnarchiveOrganisationByID error: %+v", err) + } + + { + err := rpo.DeleteOrganisationByID(org.ID) + assert(t, err == nil, "DeleteOrganisationByID error: %+v", err) + } + return errors.New("Rollback") + }), "expected rollback error") } diff --git a/system/repository/role_test.go b/system/repository/role_test.go index 5b358ae6d..463de4a54 100644 --- a/system/repository/role_test.go +++ b/system/repository/role_test.go @@ -2,12 +2,14 @@ package repository import ( "context" - - "github.com/titpetric/factory" - "testing" + "github.com/pkg/errors" + "github.com/titpetric/factory" + "github.com/crusttech/crust/system/types" + + . "github.com/crusttech/crust/internal/test" ) func TestRole(t *testing.T) { @@ -16,88 +18,93 @@ func TestRole(t *testing.T) { return } - userRepo := User(context.Background(), factory.Database.MustGet()) - user := &types.User{ - Name: "John Role Doe", - Username: "johndoe", - } - user.GeneratePassword("johndoe") + db := factory.Database.MustGet() - { - u1, err := userRepo.Create(user) - assert(t, err == nil, "Owner.Create error: %+v", err) - assert(t, user.ID == u1.ID, "Changes were not stored") - } + Error(t, db.Transaction(func() error { + userRepo := User(context.Background(), db) + user := &types.User{ + Name: "John Role Doe", + Username: "johndoe", + } + user.GeneratePassword("johndoe") - roleRepo := Role(context.Background(), factory.Database.MustGet()) - role := &types.Role{ - Name: "Test role v1", - } + { + u1, err := userRepo.Create(user) + assert(t, err == nil, "Owner.Create error: %+v", err) + assert(t, user.ID == u1.ID, "Changes were not stored") + } - { - t1, err := roleRepo.Create(role) - assert(t, err == nil, "Role.Create error: %+v", err) - assert(t, role.Name == t1.Name, "Changes were not stored") - } + roleRepo := Role(context.Background(), db) + role := &types.Role{ + Name: "Test role v1", + } - { - role.Name = "Test role v2" - t1, err := roleRepo.Update(role) - assert(t, err == nil, "Role.Update error: %+v", err) - assert(t, role.Name == t1.Name, "Changes were not stored") - } + { + t1, err := roleRepo.Create(role) + assert(t, err == nil, "Role.Create error: %+v", err) + assert(t, role.Name == t1.Name, "Changes were not stored") + } - { - t1, err := roleRepo.FindByID(role.ID) - assert(t, err == nil, "Role.FindByID error: %+v", err) - assert(t, role.Name == t1.Name, "Changes were not stored") - } + { + role.Name = "Test role v2" + t1, err := roleRepo.Update(role) + assert(t, err == nil, "Role.Update error: %+v", err) + assert(t, role.Name == t1.Name, "Changes were not stored") + } - { - aa, err := roleRepo.Find(&types.RoleFilter{Query: role.Name}) - assert(t, err == nil, "Role.Find error: %+v", err) - assert(t, len(aa) > 0, "No results found") - } + { + t1, err := roleRepo.FindByID(role.ID) + assert(t, err == nil, "Role.FindByID error: %+v", err) + assert(t, role.Name == t1.Name, "Changes were not stored") + } - { - err := roleRepo.ArchiveByID(role.ID) - assert(t, err == nil, "Role.ArchiveByID error: %+v", err) - } + { + aa, err := roleRepo.Find(&types.RoleFilter{Query: role.Name}) + assert(t, err == nil, "Role.Find error: %+v", err) + assert(t, len(aa) > 0, "No results found") + } - { - err := roleRepo.UnarchiveByID(role.ID) - assert(t, err == nil, "Role.UnarchiveByID error: %+v", err) - } + { + err := roleRepo.ArchiveByID(role.ID) + assert(t, err == nil, "Role.ArchiveByID error: %+v", err) + } - { - err := roleRepo.MemberAddByID(role.ID, user.ID) - assert(t, err == nil, "Role.MemberAddByID error: %+v", err) - } + { + err := roleRepo.UnarchiveByID(role.ID) + assert(t, err == nil, "Role.UnarchiveByID error: %+v", err) + } - { - roles, err := roleRepo.FindByMemberID(user.ID) - assert(t, err == nil, "Role.FindByMemberID error: %+v", err) - assert(t, len(roles) > 0, "No results found") - } + { + err := roleRepo.MemberAddByID(role.ID, user.ID) + assert(t, err == nil, "Role.MemberAddByID error: %+v", err) + } - { - roles, err := roleRepo.FindByMemberID(0) - assert(t, err == nil, "Role.FindByMemberID error: %+v", err) - assert(t, len(roles) == 0, "Results found") - } + { + roles, err := roleRepo.FindByMemberID(user.ID) + assert(t, err == nil, "Role.FindByMemberID error: %+v", err) + assert(t, len(roles) > 0, "No results found") + } - { - err := roleRepo.MemberRemoveByID(role.ID, user.ID) - assert(t, err == nil, "Role.MemberRemoveByID error: %+v", err) - } + { + roles, err := roleRepo.FindByMemberID(0) + assert(t, err == nil, "Role.FindByMemberID error: %+v", err) + assert(t, len(roles) == 0, "Results found") + } - { - err := roleRepo.DeleteByID(role.ID) - assert(t, err == nil, "Role.DeleteByID error: %+v", err) - } + { + err := roleRepo.MemberRemoveByID(role.ID, user.ID) + assert(t, err == nil, "Role.MemberRemoveByID error: %+v", err) + } - { - err := userRepo.DeleteByID(user.ID) - assert(t, err == nil, "Owner.DeleteByID error: %+v", err) - } + { + err := roleRepo.DeleteByID(role.ID) + assert(t, err == nil, "Role.DeleteByID error: %+v", err) + } + + { + err := userRepo.DeleteByID(user.ID) + assert(t, err == nil, "Owner.DeleteByID error: %+v", err) + } + return errors.New("Rollback") + }), "expected rollback error") } diff --git a/system/repository/user_test.go b/system/repository/user_test.go index b34ee648d..6a116da17 100644 --- a/system/repository/user_test.go +++ b/system/repository/user_test.go @@ -4,9 +4,12 @@ import ( "context" "testing" + "github.com/pkg/errors" "github.com/titpetric/factory" "github.com/crusttech/crust/system/types" + + . "github.com/crusttech/crust/internal/test" ) func TestUser(t *testing.T) { @@ -15,44 +18,50 @@ func TestUser(t *testing.T) { return } - userRepo := User(context.Background(), factory.Database.MustGet()) - user := &types.User{ - Name: "John User Doe", - Username: "johndoe", - SatosaID: "1234", - } - user.GeneratePassword("johndoe") + db := factory.Database.MustGet() - { - uu, err := userRepo.Create(user) - assert(t, err == nil, "Owner.Create error: %+v", err) - assert(t, user.ID == uu.ID, "Changes were not stored") - } + // Run tests in transaction to maintain DB state. + Error(t, db.Transaction(func() error { + userRepo := User(context.Background(), db) + user := &types.User{ + Name: "John User Doe", + Username: "johndoe", + SatosaID: "1234", + } + user.GeneratePassword("johndoe") - roleRepo := Role(context.Background(), factory.Database.MustGet()) - role := &types.Role{ - Name: "Test role v1", - } + { + uu, err := userRepo.Create(user) + assert(t, err == nil, "Owner.Create error: %+v", err) + assert(t, user.ID == uu.ID, "Changes were not stored") + } - { - t1, err := roleRepo.Create(role) - assert(t, err == nil, "Role.Create error: %+v", err) - assert(t, role.Name == t1.Name, "Changes were not stored") + roleRepo := Role(context.Background(), db) + role := &types.Role{ + Name: "Test role v1", + } - err = roleRepo.MemberAddByID(t1.ID, user.ID) - assert(t, err == nil, "Role.MemberAddByID error: %+v", err) - } + { + t1, err := roleRepo.Create(role) + assert(t, err == nil, "Role.Create error: %+v", err) + assert(t, role.Name == t1.Name, "Changes were not stored") - { - uu, err := userRepo.FindByID(user.ID) - assert(t, err == nil, "Owner.FindByID error: %+v", err) - assert(t, len(uu.Roles) == 1, "Expected 1 role, got %d", len(uu.Roles)) - } + err = roleRepo.MemberAddByID(t1.ID, user.ID) + assert(t, err == nil, "Role.MemberAddByID error: %+v", err) + } - { - users, err := userRepo.Find(&types.UserFilter{Query: "John User Doe"}) - assert(t, err == nil, "Owner.Find error: %+v", err) - assert(t, len(users) == 1, "Owner.Find: expected 1 user, got %d", len(users)) - assert(t, len(users[0].Roles) == 1, "Owner.Find: expected 1 role, got %d", len(users[0].Roles)) - } + { + uu, err := userRepo.FindByID(user.ID) + assert(t, err == nil, "Owner.FindByID error: %+v", err) + assert(t, len(uu.Roles) == 1, "Expected 1 role, got %d", len(uu.Roles)) + } + + { + users, err := userRepo.Find(&types.UserFilter{Query: "John User Doe"}) + assert(t, err == nil, "Owner.Find error: %+v", err) + assert(t, len(users) == 1, "Owner.Find: expected 1 user, got %d", len(users)) + assert(t, len(users[0].Roles) == 1, "Owner.Find: expected 1 role, got %d", len(users[0].Roles)) + } + return errors.New("Rollback") + }), "expected rollback error") } diff --git a/system/service/main_test.go b/system/service/main_test.go index c5edb8624..1c1c5fc7f 100644 --- a/system/service/main_test.go +++ b/system/service/main_test.go @@ -43,16 +43,6 @@ func TestMain(m *testing.M) { return } - // clean up tables - { - for _, name := range []string{"sys_user", "sys_role", "sys_role_member", "sys_organisation", "sys_rules"} { - _, err := db.Exec("truncate " + name) - if err != nil { - panic("Error when clearing " + name + ": " + err.Error()) - } - } - } - os.Exit(m.Run()) } diff --git a/system/service/rules_test.go b/system/service/rules_test.go index 7b4833780..1a17256d6 100644 --- a/system/service/rules_test.go +++ b/system/service/rules_test.go @@ -4,14 +4,14 @@ import ( "context" "testing" + "github.com/pkg/errors" "github.com/titpetric/factory" internalAuth "github.com/crusttech/crust/internal/auth" internalRules "github.com/crusttech/crust/internal/rules" - . "github.com/crusttech/crust/internal/test" - - "github.com/crusttech/crust/system/repository" "github.com/crusttech/crust/system/types" + + . "github.com/crusttech/crust/internal/test" ) func TestRules(t *testing.T) { @@ -19,145 +19,142 @@ func TestRules(t *testing.T) { t.Skip("skipping test in short mode.") return } - ctx := context.TODO() - // Create user for test. - userRepo := repository.User(ctx, factory.Database.MustGet()) - user := &types.User{ - Name: "John Doe", - Username: "johndoe", - SatosaID: "1234", - } - err := user.GeneratePassword("johndoe") - NoError(t, err, "expected no error generating password, got %v", err) + // Create test user and role. + user := &types.User{ID: 1337} + role := &types.Role{ID: 123456, Name: "Test role"} - _, err = userRepo.Create(user) - NoError(t, err, "expected no error creating user, got %v", err) + // Write user to context. + ctx := internalAuth.SetIdentityToContext(context.Background(), user) - // Create role for test and add user - roleRepo := repository.Role(ctx, factory.Database.MustGet()) - role := &types.Role{ - Name: "Test role v1", - } - _, err = roleRepo.Create(role) - NoError(t, err, "expected no error creating role, got %v", err) + // Connect do DB. + db := factory.Database.MustGet() - err = roleRepo.MemberAddByID(role.ID, user.ID) - NoError(t, err, "expected no error adding user to role, got %v", err) + // Create resources interface. + resources := internalRules.NewResources(ctx, db) - // Set Identity. - ctx = internalAuth.SetIdentityToContext(ctx, user) + // Run tests in transaction to maintain DB state. + Error(t, db.Transaction(func() error { + db.Delete("sys_rules", "1=1") + db.Insert("sys_user", user) + db.Insert("sys_role", role) + db.Insert("sys_role_member", types.RoleMember{RoleID: role.ID, UserID: user.ID}) - // Create rules service. - rulesSvc := Rules().With(ctx) - - // Update rules for test role, with error. - { - list := []internalRules.Rule{ - internalRules.Rule{Resource: "messaging:channel:1", Operation: "message.update.all", Value: internalRules.Allow}, - } - _, err := rulesSvc.Update(role.ID, list) - Error(t, err, "expected error == No Allow rule for messaging") - } - - // Insert `grant` permission for `messaging` and `system`. - { - db := repository.DB(ctx) - resources := internalRules.NewResources(ctx, db) - - list := []internalRules.Rule{ - internalRules.Rule{Resource: "system", Operation: "grant", Value: internalRules.Allow}, - internalRules.Rule{Resource: "messaging", Operation: "grant", Value: internalRules.Allow}, + // delete all for test roleID = 123456 + { + err := resources.Delete(role.ID) + NoError(t, err, "expected no error, got %+v", err) } - err := resources.Grant(role.ID, list) - NoError(t, err, "expected no error, got %v", err) - } + // Create rules service. + rulesSvc := Rules().With(ctx) - // List possible permissions with `messaging` and `system` grants. - { - ret, err := rulesSvc.List() - NoError(t, err, "expected no error, got %v", err) - - perms := ret.([]types.Permission) - - Assert(t, len(perms) > 0, "expected len(rules) > 0, got %v", len(perms)) - } - - // Update rules for test role. - { - list := []internalRules.Rule{ - internalRules.Rule{Resource: "messaging:channel:*", Operation: "message.update.all", Value: internalRules.Allow}, - internalRules.Rule{Resource: "messaging:channel:1", Operation: "message.update.all", Value: internalRules.Deny}, - internalRules.Rule{Resource: "messaging:channel:2", Operation: "message.update.all"}, - internalRules.Rule{Resource: "system", Operation: "organisation.create", Value: internalRules.Allow}, - internalRules.Rule{Resource: "system:organisation:*", Operation: "access", Value: internalRules.Allow}, - internalRules.Rule{Resource: "messaging:channel", Operation: "message.update.all", Value: internalRules.Allow}, + // Update rules for test role, with error. + { + list := []internalRules.Rule{ + internalRules.Rule{Resource: "messaging:channel:1", Operation: "message.update.all", Value: internalRules.Allow}, + } + _, err := rulesSvc.Update(role.ID, list) + Error(t, err, "expected error == No Allow rule for messaging") } - _, err := rulesSvc.Update(role.ID, list) - NoError(t, err, "expected no error, got %v", err) - } - // Update with invalid roles - { - list := []internalRules.Rule{ - internalRules.Rule{Resource: "nosystem:channel:*", Operation: "message.update.all", Value: internalRules.Allow}, + // Insert `grant` permission for `messaging` and `system`. + { + list := []internalRules.Rule{ + internalRules.Rule{Resource: "system", Operation: "grant", Value: internalRules.Allow}, + internalRules.Rule{Resource: "messaging", Operation: "grant", Value: internalRules.Allow}, + } + + err := resources.Grant(role.ID, list) + NoError(t, err, "expected no error, got %v+", err) } - _, err := rulesSvc.Update(role.ID, list) - Error(t, err, "expected error") - list = []internalRules.Rule{ - internalRules.Rule{Resource: "messaging:noresource:1", Operation: "message.update.all", Value: internalRules.Deny}, + // List possible permissions with `messaging` and `system` grants. + { + ret, err := rulesSvc.List() + NoError(t, err, "expected no error, got %+v", err) + + perms := ret.([]types.Permission) + + Assert(t, len(perms) > 0, "expected len(rules) > 0, got %v", len(perms)) } - _, err = rulesSvc.Update(role.ID, list) - Error(t, err, "expected error") - list = []internalRules.Rule{ - internalRules.Rule{Resource: "messaging:channel:", Operation: "message.update.all"}, + // Update rules for test role. + { + list := []internalRules.Rule{ + internalRules.Rule{Resource: "messaging:channel:*", Operation: "message.update.all", Value: internalRules.Allow}, + internalRules.Rule{Resource: "messaging:channel:1", Operation: "message.update.all", Value: internalRules.Deny}, + internalRules.Rule{Resource: "messaging:channel:2", Operation: "message.update.all"}, + internalRules.Rule{Resource: "system", Operation: "organisation.create", Value: internalRules.Allow}, + internalRules.Rule{Resource: "system:organisation:*", Operation: "access", Value: internalRules.Allow}, + internalRules.Rule{Resource: "messaging:channel", Operation: "message.update.all", Value: internalRules.Allow}, + } + _, err := rulesSvc.Update(role.ID, list) + NoError(t, err, "expected no error, got %+v", err) } - _, err = rulesSvc.Update(role.ID, list) - Error(t, err, "expected error") - list = []internalRules.Rule{ - internalRules.Rule{Resource: "system:organisation:*", Operation: "invalid", Value: internalRules.Allow}, + // Update with invalid roles + { + list := []internalRules.Rule{ + internalRules.Rule{Resource: "nosystem:channel:*", Operation: "message.update.all", Value: internalRules.Allow}, + } + _, err := rulesSvc.Update(role.ID, list) + Error(t, err, "expected error") + + list = []internalRules.Rule{ + internalRules.Rule{Resource: "messaging:noresource:1", Operation: "message.update.all", Value: internalRules.Deny}, + } + _, err = rulesSvc.Update(role.ID, list) + Error(t, err, "expected error") + + list = []internalRules.Rule{ + internalRules.Rule{Resource: "messaging:channel:", Operation: "message.update.all"}, + } + _, err = rulesSvc.Update(role.ID, list) + Error(t, err, "expected error") + + list = []internalRules.Rule{ + internalRules.Rule{Resource: "system:organisation:*", Operation: "invalid", Value: internalRules.Allow}, + } + _, err = rulesSvc.Update(role.ID, list) + Error(t, err, "expected error") } - _, err = rulesSvc.Update(role.ID, list) - Error(t, err, "expected error") - } - // Read rules for test role. - { - ret, err := rulesSvc.Read(role.ID) - NoError(t, err, "expected no error, got %v", err) + // Read rules for test role. + { + ret, err := rulesSvc.Read(role.ID) + NoError(t, err, "expected no error, got %+v", err) - rules := ret.([]internalRules.Rule) + rules := ret.([]internalRules.Rule) - Assert(t, len(rules) == 7, "expected len(rules) == 7, got %v", len(rules)) - } + Assert(t, len(rules) == 7, "expected len(rules) == 7, got %v", len(rules)) + } - // Delete rules for test role. - { - _, err := rulesSvc.Delete(role.ID) - NoError(t, err, "expected no error, got %v", err) - } + // Delete rules for test role. + { + _, err := rulesSvc.Delete(role.ID) + NoError(t, err, "expected no error, got %+v", err) + } - // Read rules for test role. - { - ret, err := rulesSvc.Read(role.ID) - NoError(t, err, "expected no error, got %v", err) + // Read rules for test role. + { + ret, err := rulesSvc.Read(role.ID) + NoError(t, err, "expected no error, got %+v", err) - rules := ret.([]internalRules.Rule) + rules := ret.([]internalRules.Rule) - Assert(t, len(rules) == 0, "expected len(rules) == 0, got %v", len(rules)) - } + Assert(t, len(rules) == 0, "expected len(rules) == 0, got %v", len(rules)) + } - // List possible permissions with no grants. - { - ret, err := rulesSvc.List() - NoError(t, err, "expected no error, got %v", err) + // List possible permissions with no grants. + { + ret, err := rulesSvc.List() + NoError(t, err, "expected no error, got %+v", err) - perms := ret.([]types.Permission) + perms := ret.([]types.Permission) - Assert(t, len(perms) == 0, "expected len(rules) == 0, got %v", len(perms)) - } + Assert(t, len(perms) == 0, "expected len(rules) == 0, got %v", len(perms)) + } + return errors.New("Rollback") + }), "expected rollback error") }