cf-modkit-db 0.7.2

ModKit database library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

// Created: 2026-04-07 by Constructor Tech
use crate::secure::AccessScope;
use modkit_security::access_scope::{ScopeConstraint, ScopeFilter, pep_properties};
use uuid::Uuid;

#[test]
fn test_access_scope_is_deny_all() {
    // Empty scope = deny all
    let scope = AccessScope::default();
    assert!(scope.is_deny_all());

    // Scope with tenants is not deny-all
    let scope = AccessScope::for_tenants(vec![Uuid::new_v4()]);
    assert!(!scope.is_deny_all());

    // Scope with resources is not deny-all
    let scope = AccessScope::for_resources(vec![Uuid::new_v4()]);
    assert!(!scope.is_deny_all());

    // Scope with both is not deny-all
    let scope = AccessScope::single(ScopeConstraint::new(vec![
        ScopeFilter::in_uuids(pep_properties::OWNER_TENANT_ID, vec![Uuid::new_v4()]),
        ScopeFilter::in_uuids(pep_properties::RESOURCE_ID, vec![Uuid::new_v4()]),
    ]));
    assert!(!scope.is_deny_all());
}

#[test]
fn test_empty_scope_is_deny_all() {
    let empty_scope = AccessScope::default();

    assert!(empty_scope.is_deny_all());
    assert!(
        empty_scope
            .all_values_for(pep_properties::OWNER_TENANT_ID)
            .is_empty()
    );
    assert!(
        empty_scope
            .all_values_for(pep_properties::RESOURCE_ID)
            .is_empty()
    );
}

#[test]
fn test_access_scope_builders() {
    let tid = Uuid::new_v4();
    let rid = Uuid::new_v4();

    let scope = AccessScope::for_tenants(vec![tid]);
    assert_eq!(
        scope.all_uuid_values_for(pep_properties::OWNER_TENANT_ID),
        &[tid]
    );
    assert!(
        scope
            .all_uuid_values_for(pep_properties::RESOURCE_ID)
            .is_empty()
    );

    let scope = AccessScope::for_resources(vec![rid]);
    assert!(
        scope
            .all_uuid_values_for(pep_properties::OWNER_TENANT_ID)
            .is_empty()
    );
    assert_eq!(
        scope.all_uuid_values_for(pep_properties::RESOURCE_ID),
        &[rid]
    );

    let scope = AccessScope::single(ScopeConstraint::new(vec![
        ScopeFilter::in_uuids(pep_properties::OWNER_TENANT_ID, vec![tid]),
        ScopeFilter::in_uuids(pep_properties::RESOURCE_ID, vec![rid]),
    ]));
    assert_eq!(
        scope.all_uuid_values_for(pep_properties::OWNER_TENANT_ID),
        &[tid]
    );
    assert_eq!(
        scope.all_uuid_values_for(pep_properties::RESOURCE_ID),
        &[rid]
    );
}

#[test]
fn test_allow_all_is_unconstrained() {
    let scope = AccessScope::allow_all();
    assert!(scope.is_unconstrained());
    assert!(!scope.is_deny_all());
}

#[test]
fn test_or_constraints() {
    let t1 = Uuid::new_v4();
    let t2 = Uuid::new_v4();
    let r1 = Uuid::new_v4();

    let scope = AccessScope::from_constraints(vec![
        ScopeConstraint::new(vec![
            ScopeFilter::in_uuids(pep_properties::OWNER_TENANT_ID, vec![t1]),
            ScopeFilter::in_uuids(pep_properties::RESOURCE_ID, vec![r1]),
        ]),
        ScopeConstraint::new(vec![ScopeFilter::in_uuids(
            pep_properties::OWNER_TENANT_ID,
            vec![t2],
        )]),
    ]);

    assert_eq!(scope.constraints().len(), 2);
    assert!(scope.contains_uuid(pep_properties::OWNER_TENANT_ID, t1));
    assert!(scope.contains_uuid(pep_properties::OWNER_TENANT_ID, t2));
    assert!(scope.contains_uuid(pep_properties::RESOURCE_ID, r1));
    // all_values_for collects from all constraints
    assert_eq!(
        scope.all_values_for(pep_properties::OWNER_TENANT_ID).len(),
        2
    );
}

#[test]
fn test_has_property() {
    let tid = Uuid::new_v4();
    let scope = AccessScope::for_tenant(tid);
    assert!(scope.has_property(pep_properties::OWNER_TENANT_ID));
    assert!(!scope.has_property(pep_properties::RESOURCE_ID));
}