You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
OneAuth/tests/resource_perm_test.go

76 lines
2.0 KiB
Go

package tests
import (
"testing"
)
func TestResourcePermission(t *testing.T) {
ensureUsers(t)
// Case 1: Admin modifies User1 (Should Success)
t.Run("Admin modifies User1", func(t *testing.T) {
resp := doRequest(t, "PATCH", "/api/users/"+User1ID, map[string]string{
"nickname": "Edited By Admin",
}, AdminToken)
assertStatus(t, resp, 200)
var data UserResp
decodeResponse(t, resp, &data)
if data.Nickname != "Edited By Admin" {
t.Errorf("Expected nickname 'Edited By Admin', got '%s'", data.Nickname)
}
})
// Case 2: User1 modifies User1 (Should Success)
t.Run("User1 modifies User1", func(t *testing.T) {
resp := doRequest(t, "PATCH", "/api/users/"+User1ID, map[string]string{
"nickname": "Edited By Self",
}, User1Token)
assertStatus(t, resp, 200)
var data UserResp
decodeResponse(t, resp, &data)
if data.Nickname != "Edited By Self" {
t.Errorf("Expected nickname 'Edited By Self', got '%s'", data.Nickname)
}
})
// Case 3: User1 modifies User2 (Should Fail 403/404)
t.Run("User1 modifies User2", func(t *testing.T) {
resp := doRequest(t, "PATCH", "/api/users/"+User2ID, map[string]string{
"nickname": "Hacked By User1",
}, User1Token)
// Expecting 403 Forbidden or 404 NotFound
if resp.Code != 200 {
// Good
} else {
// Check Vigo code
var errResp BaseResp
decodeResponse(t, resp, &errResp)
// Common Forbidden/NotFound codes: 40300, 40400, etc.
// Or maybe 40100 Unauthorized
if errResp.Code < 40000 {
t.Errorf("Expected error code, got %d. Msg: %s", errResp.Code, errResp.Msg)
}
}
})
// Case 4: User1 modifies Admin (Should Fail 403/404)
t.Run("User1 modifies Admin", func(t *testing.T) {
resp := doRequest(t, "PATCH", "/api/users/"+AdminID, map[string]string{
"nickname": "Hacked By User1",
}, User1Token)
if resp.Code != 200 {
// Good
} else {
var errResp BaseResp
decodeResponse(t, resp, &errResp)
if errResp.Code < 40000 {
t.Errorf("Expected error code, got %d. Msg: %s", errResp.Code, errResp.Msg)
}
}
})
}