You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2019/08/26 08:09:58 UTC
[couchdb] 01/06: test: add two more tests and reformat for
eadability
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch access
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit dade59f92177943b679fc269945757f90909939f
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sun Aug 25 14:29:21 2019 +0200
test: add two more tests and reformat for eadability
---
src/couch/test/couchdb_access_tests.erl | 125 +++++++++++++++++++++++---------
1 file changed, 89 insertions(+), 36 deletions(-)
diff --git a/src/couch/test/couchdb_access_tests.erl b/src/couch/test/couchdb_access_tests.erl
index 74ee77c..e386f60 100644
--- a/src/couch/test/couchdb_access_tests.erl
+++ b/src/couch/test/couchdb_access_tests.erl
@@ -66,11 +66,13 @@ access_test_() ->
Tests = [
fun should_not_let_anonymous_user_create_doc/2,
fun should_let_admin_create_doc_with_access/2,
+ fun should_let_admin_create_doc_without_access/2,
fun should_let_user_create_doc_for_themselves/2,
fun should_not_let_user_create_doc_for_someone_else/2,
fun should_let_admin_read_doc_with_access/2,
fun user_with_access_can_read_doc/2,
fun user_without_access_can_not_read_doc/2,
+ fun user_can_not_read_doc_without_access/2,
fun should_let_admin_delete_doc_with_access/2,
fun should_let_user_delete_doc_for_themselves/2,
fun should_not_let_user_delete_doc_for_someone_else/2,
@@ -78,6 +80,9 @@ access_test_() ->
fun should_let_user_fetch_their_own_all_docs/2,
fun should_let_admin_fetch_changes/2,
fun should_let_user_fetch_their_own_changes/2
+ % TODO: create test db with role and not _users in _security.members
+ % and make sure a user in that group can access while a user not
+ % in that group cant
],
{
"Access tests",
@@ -103,87 +108,135 @@ should_not_let_anonymous_user_create_doc(_PortType, Url) ->
?_assertEqual(401, Code).
should_let_admin_create_doc_with_access(_PortType, Url) ->
- {ok, Code, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?_assertEqual(201, Code).
+
+should_let_admin_create_doc_without_access(_PortType, Url) ->
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1}"),
?_assertEqual(201, Code).
should_let_user_create_doc_for_themselves(_PortType, Url) ->
- {ok, Code, _, _} = test_request:put(Url ++ "/db/b", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
?_assertEqual(201, Code).
should_not_let_user_create_doc_for_someone_else(_PortType, Url) ->
- {ok, Code, _, _} = test_request:put(Url ++ "/db/c", ?USERY_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/c",
+ ?USERY_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
?_assertEqual(403, Code).
% Doc reads
should_let_admin_read_doc_with_access(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, Code, _, _} = test_request:get(Url ++ "/db/a", ?ADMIN_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS),
?_assertEqual(200, Code).
user_with_access_can_read_doc(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, Code, _, _} = test_request:get(Url ++ "/db/a", ?USERX_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
?_assertEqual(200, Code).
user_without_access_can_not_read_doc(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, Code, _, _} = test_request:get(Url ++ "/db/a", ?USERY_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERY_REQ_HEADERS),
+ ?_assertEqual(403, Code).
+
+user_can_not_read_doc_without_access(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
?_assertEqual(403, Code).
% Doc deletes
should_let_admin_delete_doc_with_access(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5", ?ADMIN_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5",
+ ?ADMIN_REQ_HEADERS),
?_assertEqual(201, Code).
should_let_user_delete_doc_for_themselves(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, _, _, _} = test_request:get(Url ++ "/db/a", ?USERX_REQ_HEADERS),
- {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5", ?USERX_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
+ {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5",
+ ?USERX_REQ_HEADERS),
?_assertEqual(201, Code).
should_not_let_user_delete_doc_for_someone_else(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5", ?USERY_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5",
+ ?USERY_REQ_HEADERS),
?_assertEqual(403, Code).
% _all_docs with include_docs
should_let_admin_fetch_all_docs(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/b", ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/c", ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/d", ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
- {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true", ?ADMIN_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
{Json} = jiffy:decode(Body),
?_assertEqual(4, proplists:get_value(<<"total_rows">>, Json)).
should_let_user_fetch_their_own_all_docs(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/b", ?USERX_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/c", ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/d", ?USERY_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
- {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true", ?USERX_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?USERY_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?USERX_REQ_HEADERS),
{Json} = jiffy:decode(Body),
?_assertEqual(2, length(proplists:get_value(<<"rows">>, Json))).
% TODO ?_assertEqual(2, proplists:get_value(<<"total_rows">>, Json)).
% _changes
should_let_admin_fetch_changes(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/b", ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/c", ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/d", ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
- {ok, 200, _, Body} = test_request:get(Url ++ "/db/_changes", ?ADMIN_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_changes",
+ ?ADMIN_REQ_HEADERS),
{Json} = jiffy:decode(Body),
AmountOfDocs = length(proplists:get_value(<<"results">>, Json)),
?_assertEqual(4, AmountOfDocs).
should_let_user_fetch_their_own_changes(_PortType, Url) ->
- {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/b", ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/c", ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
- {ok, 201, _, _} = test_request:put(Url ++ "/db/d", ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
- {ok, 200, _, Body} = test_request:get(Url ++ "/db/_changes", ?USERX_REQ_HEADERS),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_changes",
+ ?USERX_REQ_HEADERS),
{Json} = jiffy:decode(Body),
AmountOfDocs = length(proplists:get_value(<<"results">>, Json)),
?_assertEqual(2, AmountOfDocs).