|
@ -89,10 +89,13 @@ func TestCanDo(t *testing.T) { |
|
|
Actions: []Action{ |
|
|
Actions: []Action{ |
|
|
"Read:bucket1", |
|
|
"Read:bucket1", |
|
|
"Write:bucket1/*", |
|
|
"Write:bucket1/*", |
|
|
|
|
|
"WriteAcp:bucket1", |
|
|
}, |
|
|
}, |
|
|
} |
|
|
} |
|
|
assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) |
|
|
|
|
|
assert.Equal(t, true, ident2.canDo(ACTION_WRITE_ACP, "bucket1", "")) |
|
|
|
|
|
assert.Equal(t, false, ident2.canDo(ACTION_READ_ACP, "bucket1", "")) |
|
|
assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt")) |
|
|
|
|
|
|
|
|
// across buckets
|
|
|
// across buckets
|
|
@ -106,15 +109,18 @@ func TestCanDo(t *testing.T) { |
|
|
assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some")) |
|
|
assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some")) |
|
|
|
|
|
assert.Equal(t, false, ident3.canDo(ACTION_WRITE_ACP, "bucket1", "")) |
|
|
|
|
|
|
|
|
// partial buckets
|
|
|
// partial buckets
|
|
|
ident4 := &Identity{ |
|
|
ident4 := &Identity{ |
|
|
Name: "anything", |
|
|
Name: "anything", |
|
|
Actions: []Action{ |
|
|
Actions: []Action{ |
|
|
"Read:special_*", |
|
|
"Read:special_*", |
|
|
|
|
|
"ReadAcp:special_*", |
|
|
}, |
|
|
}, |
|
|
} |
|
|
} |
|
|
assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt")) |
|
|
|
|
|
assert.Equal(t, true, ident4.canDo(ACTION_READ_ACP, "special_bucket", "")) |
|
|
assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) |
|
|
|
|
|
|
|
|
// admin buckets
|
|
|
// admin buckets
|
|
@ -125,7 +131,9 @@ func TestCanDo(t *testing.T) { |
|
|
}, |
|
|
}, |
|
|
} |
|
|
} |
|
|
assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt")) |
|
|
|
|
|
assert.Equal(t, true, ident5.canDo(ACTION_READ_ACP, "special_bucket", "")) |
|
|
assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt")) |
|
|
assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt")) |
|
|
|
|
|
assert.Equal(t, true, ident5.canDo(ACTION_WRITE_ACP, "special_bucket", "")) |
|
|
|
|
|
|
|
|
// anonymous buckets
|
|
|
// anonymous buckets
|
|
|
ident6 := &Identity{ |
|
|
ident6 := &Identity{ |
|
|