graphql-engine/server/src-test/Hasura/RQL/PermissionSpec.hs
Robert 11a454c2d6 server, pro: actually reformat the code-base using ormolu
This commit applies ormolu to the whole Haskell code base by running `make format`.

For in-flight branches, simply merging changes from `main` will result in merge conflicts.
To avoid this, update your branch using the following instructions. Replace `<format-commit>`
by the hash of *this* commit.

$ git checkout my-feature-branch
$ git merge <format-commit>^    # and resolve conflicts normally
$ make format
$ git commit -a -m "reformat with ormolu"
$ git merge -s ours post-ormolu

https://github.com/hasura/graphql-engine-mono/pull/2404

GitOrigin-RevId: 75049f5c12f430c615eafb4c6b8e83e371e01c8e
2021-09-23 22:57:37 +00:00

51 lines
2.6 KiB
Haskell

module Hasura.RQL.PermissionSpec (spec) where
import Data.HashMap.Strict qualified as Map
import Data.HashSet qualified as Set
import Hasura.Prelude
import Hasura.RQL.DDL.Schema.Cache
import Hasura.RQL.DDL.Schema.Cache.Permission
import Hasura.RQL.Types.Action
import Hasura.RQL.Types.Roles
import Hasura.Session
import Test.Hspec
spec :: Spec
spec = do
booleanPermissionSpec
mkRoleNameE :: Text -> RoleName
mkRoleNameE = fromMaybe (error "rolename error") . mkRoleName
orderRolesE :: [Role] -> OrderedRoles
orderRolesE = either (error "orderRoles error") id . runExcept . orderRoles
-- | spec to test permissions inheritance for boolean permissions (actions and custom function permissions)
booleanPermissionSpec :: Spec
booleanPermissionSpec = do
let role1Name = mkRoleNameE "role1"
role2Name = mkRoleNameE "role2"
role3Name = mkRoleNameE "role3"
inheritedRole1Name = mkRoleNameE "inheritedRole1"
inheritedRole2Name = mkRoleNameE "inheritedRole2"
inheritedRole3Name = mkRoleNameE "inheritedRole3"
role1 = Role role1Name $ ParentRoles mempty
role2 = Role role2Name $ ParentRoles mempty
role3 = Role role3Name $ ParentRoles mempty
inheritedRole1 = Role inheritedRole1Name $ ParentRoles $ Set.fromList [role1Name, role2Name]
inheritedRole2 = Role inheritedRole2Name $ ParentRoles $ Set.fromList [role3Name, inheritedRole1Name]
inheritedRole3 = Role inheritedRole3Name $ ParentRoles $ Set.fromList [role1Name, role2Name]
orderedRoles = orderRolesE [role1, role2, role3, inheritedRole1, inheritedRole2, inheritedRole3]
metadataPermissions =
Map.fromList $ [(role3Name, ActionPermissionInfo role3Name), (inheritedRole1Name, ActionPermissionInfo inheritedRole1Name)]
processedPermissions = mkBooleanPermissionMap ActionPermissionInfo metadataPermissions orderedRoles
describe "Action Permissions" $ do
it "overrides the inherited permission for a role if permission already exists in the metadata" $
Map.lookup inheritedRole1Name processedPermissions
`shouldBe` (Just (ActionPermissionInfo inheritedRole1Name))
it "when a role doesn't have a metadata permission and at least one of its parents has, then the inherited role should inherit the permission" $
Map.lookup inheritedRole2Name processedPermissions
`shouldBe` (Just (ActionPermissionInfo inheritedRole2Name))
it "when a role doesn't have a metadata permission and none of the parents have permissions, then the inherited role should not inherit the permission" $
Map.lookup inheritedRole3Name processedPermissions `shouldBe` Nothing