package resolver import ( "context" "fmt" "testing" "github.com/golang/mock/gomock" "github.com/stretchr/testify/assert" "edge-infra.dev/pkg/edge/api/middleware" "edge-infra.dev/pkg/edge/api/mocks" ) const ( testUserID = "testuser1" testAdditionalRole1 = "EDGE_L3" testAdditionalRole2 = "EDGE_L4" testAdditionalRole3 = "EDGE_L2" testAdditionalRole4 = "EDGE_L1" testAdditionalRole5 = "EDGE_OI_ADMIN" testAdditionalRole6 = "EDGE_SUPER_USER" ) var testCurrentRoles = []string{ "EDGE_BANNER_OPERATOR", "EDGE_BANNER_VIEWER", } func TestReplaceAdditionalPermissionsValidAddition(t *testing.T) { mock := gomock.NewController(t) testNewRoles := []string{ testAdditionalRole1, } roleService := mocks.NewMockRoleService(mock) roleService.EXPECT().GetEdgeGroupsForUserUser(gomock.Any(), testUserID).Return(testCurrentRoles, nil) roleService.EXPECT().RevokeRoleFromUser(gomock.Any(), testUserID, gomock.Any()).Times(0) roleService.EXPECT().AddRoleToUser(gomock.Any(), testUserID, testAdditionalRole1) var ctxValue interface{} ctx := middleware.NewContext(context.Background(), &ctxValue) r := &Resolver{ RoleService: roleService, } res, err := r.Mutation().ReplaceAdditionalPermissions(ctx, testUserID, testNewRoles) assert.NoError(t, err) assert.NotNil(t, res) assert.Equal(t, res.StatusCode, 200) assert.Equal(t, res.Message, fmt.Sprintf("%s role added successfully", testNewRoles)) } func TestReplaceAdditionalPermissionsMultipleValidAddition(t *testing.T) { mock := gomock.NewController(t) testNewRoles := []string{ testAdditionalRole1, testAdditionalRole2, testAdditionalRole3, testAdditionalRole4, testAdditionalRole5, testAdditionalRole6, } roleService := mocks.NewMockRoleService(mock) roleService.EXPECT().GetEdgeGroupsForUserUser(gomock.Any(), testUserID).Return(testCurrentRoles, nil) roleService.EXPECT().RevokeRoleFromUser(gomock.Any(), testUserID, gomock.Any()).Times(0) roleService.EXPECT().AddRoleToUser(gomock.Any(), testUserID, gomock.Any()).Times(len(testNewRoles)) var ctxValue interface{} ctx := middleware.NewContext(context.Background(), &ctxValue) r := &Resolver{ RoleService: roleService, } res, err := r.Mutation().ReplaceAdditionalPermissions(ctx, testUserID, testNewRoles) assert.NoError(t, err) assert.NotNil(t, res) assert.Equal(t, res.StatusCode, 200) assert.Equal(t, res.Message, fmt.Sprintf("%s role added successfully", testNewRoles)) } func TestReplaceAdditionalPermissionsInvalidAddition(t *testing.T) { mock := gomock.NewController(t) testInvalidAdditionalRole1 := "EDGE_L4_INVALID" testNewRoles := []string{ testInvalidAdditionalRole1, } roleService := mocks.NewMockRoleService(mock) roleService.EXPECT().GetEdgeGroupsForUserUser(gomock.Any(), testUserID).Times(0) roleService.EXPECT().RevokeRoleFromUser(gomock.Any(), testUserID, gomock.Any()).Times(0) roleService.EXPECT().AddRoleToUser(gomock.Any(), testUserID, testInvalidAdditionalRole1).Times(0) var ctxValue interface{} ctx := middleware.NewContext(context.Background(), &ctxValue) r := &Resolver{ RoleService: roleService, } res, err := r.Mutation().ReplaceAdditionalPermissions(ctx, testUserID, testNewRoles) assert.EqualError(t, err, fmt.Sprintf("edge role provided is not an additional privilege that can be assigned: %s", testInvalidAdditionalRole1)) assert.Nil(t, res) } func TestReplaceAdditionalPermissionsNotAllowedAddition(t *testing.T) { mock := gomock.NewController(t) testInvalidAdditionalRole1 := "EDGE_ORG_ADMIN" testNewRoles := []string{ testInvalidAdditionalRole1, } roleService := mocks.NewMockRoleService(mock) roleService.EXPECT().GetEdgeGroupsForUserUser(gomock.Any(), testUserID).Times(0) roleService.EXPECT().RevokeRoleFromUser(gomock.Any(), testUserID, gomock.Any()).Times(0) roleService.EXPECT().AddRoleToUser(gomock.Any(), testUserID, testInvalidAdditionalRole1).Times(0) var ctxValue interface{} ctx := middleware.NewContext(context.Background(), &ctxValue) r := &Resolver{ RoleService: roleService, } res, err := r.Mutation().ReplaceAdditionalPermissions(ctx, testUserID, testNewRoles) assert.EqualError(t, err, fmt.Sprintf("edge role provided is not an additional privilege that can be assigned: %s", testInvalidAdditionalRole1)) assert.Nil(t, res) } func TestReplaceAdditionalPermissionsRevokeAllAdditionalRoles(t *testing.T) { mock := gomock.NewController(t) testCurrentRoles := append(testCurrentRoles, testAdditionalRole1) // Empty set to test revoke of any current additional roles testNewRoles := []string{} roleService := mocks.NewMockRoleService(mock) roleService.EXPECT().GetEdgeGroupsForUserUser(gomock.Any(), testUserID).Return(testCurrentRoles, nil) roleService.EXPECT().RevokeRoleFromUser(gomock.Any(), testUserID, testAdditionalRole1).Times(1) roleService.EXPECT().AddRoleToUser(gomock.Any(), testUserID, testAdditionalRole1).Times(0) var ctxValue interface{} ctx := middleware.NewContext(context.Background(), &ctxValue) r := &Resolver{ RoleService: roleService, } res, err := r.Mutation().ReplaceAdditionalPermissions(ctx, testUserID, testNewRoles) assert.NoError(t, err) assert.NotNil(t, res) assert.Equal(t, res.StatusCode, 200) assert.Equal(t, res.Message, "roles revoked successfully") } func TestReplaceAdditionalPermissionsRevokeOneAdditionalRoles(t *testing.T) { mock := gomock.NewController(t) testCurrentRoles := append(testCurrentRoles, testAdditionalRole1, testAdditionalRole2) // Revoke testAdditionalRole1 testNewRoles := []string{ testAdditionalRole2, } roleService := mocks.NewMockRoleService(mock) roleService.EXPECT().GetEdgeGroupsForUserUser(gomock.Any(), testUserID).Return(testCurrentRoles, nil) roleService.EXPECT().RevokeRoleFromUser(gomock.Any(), testUserID, gomock.Any()).Times(2) roleService.EXPECT().AddRoleToUser(gomock.Any(), testUserID, testAdditionalRole2).Times(1) var ctxValue interface{} ctx := middleware.NewContext(context.Background(), &ctxValue) r := &Resolver{ RoleService: roleService, } res, err := r.Mutation().ReplaceAdditionalPermissions(ctx, testUserID, testNewRoles) assert.NoError(t, err) assert.NotNil(t, res) assert.Equal(t, res.StatusCode, 200) assert.Equal(t, res.Message, fmt.Sprintf("%s role added successfully", testNewRoles)) }