107 lines
3.3 KiB
Go
107 lines
3.3 KiB
Go
package roles_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/tendermint/go-wire/data"
|
|
|
|
"github.com/tendermint/basecoin"
|
|
"github.com/tendermint/basecoin/modules/roles"
|
|
"github.com/tendermint/basecoin/stack"
|
|
"github.com/tendermint/basecoin/state"
|
|
)
|
|
|
|
// shortcut for the lazy
|
|
type ba []basecoin.Actor
|
|
|
|
func createRole(app basecoin.Handler, store state.KVStore,
|
|
name []byte, min uint32, sigs ...basecoin.Actor) (basecoin.Actor, error) {
|
|
tx := roles.NewCreateRoleTx(name, min, sigs)
|
|
ctx := stack.MockContext("foo", 1)
|
|
_, err := app.DeliverTx(ctx, store, tx)
|
|
return roles.NewPerm(name), err
|
|
}
|
|
|
|
func TestAssumeRole(t *testing.T) {
|
|
assert := assert.New(t)
|
|
require := require.New(t)
|
|
|
|
// one handle to add a role, another to check permissions
|
|
disp := stack.NewDispatcher(
|
|
stack.WrapHandler(roles.NewHandler()),
|
|
stack.WrapHandler(stack.CheckHandler{}),
|
|
)
|
|
// and wrap with the roles middleware
|
|
app := stack.New(roles.NewMiddleware()).Use(disp)
|
|
|
|
// basic state for the app
|
|
ctx := stack.MockContext("role-chain", 123)
|
|
store := state.NewMemKVStore()
|
|
|
|
// potential actors
|
|
a := basecoin.Actor{App: "sig", Address: []byte("jae")}
|
|
b := basecoin.Actor{App: "sig", Address: []byte("bucky")}
|
|
c := basecoin.Actor{App: "sig", Address: []byte("ethan")}
|
|
d := basecoin.Actor{App: "tracko", Address: []byte("rigel")}
|
|
|
|
// devs is a 2-of-3 multisig
|
|
devs := data.Bytes{0, 1, 0, 1}
|
|
pdev, err := createRole(app, store, devs, 2, b, c, d)
|
|
require.Nil(err)
|
|
|
|
// deploy requires a dev role, or supreme authority
|
|
// shows how we can build larger constructs, eg. (A and B) OR C
|
|
deploy := data.Bytes("deploy")
|
|
pdeploy, err := createRole(app, store, deploy, 1, a, pdev)
|
|
require.Nil(err)
|
|
|
|
// now, let's test the roles are set properly
|
|
cases := []struct {
|
|
valid bool
|
|
// which roles we try to assume (can be multiple!)
|
|
// note: that wrapping is FILO, so tries to assume last role first
|
|
roles []data.Bytes
|
|
signers []basecoin.Actor // which people sign the tx
|
|
required []basecoin.Actor // which permission we require to succeed
|
|
}{
|
|
// basic checks to see logic works
|
|
{true, nil, nil, nil},
|
|
{true, nil, ba{b, c}, ba{b}},
|
|
{false, nil, ba{b}, ba{b, c}},
|
|
|
|
// simple role check
|
|
{false, []data.Bytes{devs}, ba{a, b}, ba{pdev}}, // not enough sigs
|
|
{false, nil, ba{b, c}, ba{pdev}}, // must explicitly request group status
|
|
{true, []data.Bytes{devs}, ba{b, c}, ba{pdev}}, // ahh... better
|
|
{true, []data.Bytes{deploy}, ba{a, b}, ba{b, pdeploy}}, // deploy also works
|
|
|
|
// multiple levels of roles - must be in correct order - assume dev, then deploy
|
|
{false, []data.Bytes{devs, deploy}, ba{c, d}, ba{pdeploy}},
|
|
{true, []data.Bytes{deploy, devs}, ba{c, d}, ba{pdev, pdeploy}},
|
|
}
|
|
|
|
for i, tc := range cases {
|
|
// set the signers, the required check
|
|
myCtx := ctx.WithPermissions(tc.signers...)
|
|
tx := stack.NewCheckTx(tc.required)
|
|
// and the roles we attempt to assume
|
|
for _, r := range tc.roles {
|
|
tx = roles.NewAssumeRoleTx(r, tx)
|
|
}
|
|
|
|
// try CheckTx and DeliverTx and make sure they both assert permissions
|
|
_, err := app.CheckTx(myCtx, store, tx)
|
|
_, err2 := app.DeliverTx(myCtx, store, tx)
|
|
if tc.valid {
|
|
assert.Nil(err, "%d: %+v", i, err)
|
|
assert.Nil(err2, "%d: %+v", i, err2)
|
|
} else {
|
|
assert.NotNil(err, "%d", i)
|
|
assert.NotNil(err2, "%d", i)
|
|
}
|
|
}
|
|
}
|