use chrono::Utc;
use libpep::factors::PseudonymizationDomain;
use paas_server::access_rules::{AccessRules, Permission};
use paas_server::auth::core::AuthInfo;
#[test]
fn test_access_rules_integration() {
let user = AuthInfo {
name: "test_user".to_string(),
sub: "test_user_sub".to_string(),
groups: vec!["group1".to_string()],
};
let permission = Permission {
usergroups: vec!["group1".to_string()],
start: Some(Utc::now() - chrono::Duration::hours(1)),
end: Some(Utc::now() + chrono::Duration::hours(1)),
from: vec![PseudonymizationDomain::from("domain1")],
to: vec![PseudonymizationDomain::from("domain2")],
};
let access_rules = AccessRules {
allow: vec![permission],
};
assert!(access_rules.has_access(
&user,
&PseudonymizationDomain::from("domain1"),
&PseudonymizationDomain::from("domain2")
));
}
#[test]
fn test_access_rules_edge_cases() {
let user_with_valid_group = AuthInfo {
name: "valid_user".to_string(),
sub: "valid_user_sub".to_string(),
groups: vec!["group1".to_string()],
};
let user_with_invalid_group = AuthInfo {
name: "invalid_user".to_string(),
sub: "invalid_user_sub".to_string(),
groups: vec!["group2".to_string()],
};
let permission = Permission {
usergroups: vec!["group1".to_string()],
start: Some(Utc::now() - chrono::Duration::hours(1)),
end: Some(Utc::now() + chrono::Duration::hours(1)),
from: vec![PseudonymizationDomain::from("domain1")],
to: vec![PseudonymizationDomain::from("domain2")],
};
let access_rules = AccessRules {
allow: vec![permission],
};
assert!(access_rules.has_access(
&user_with_valid_group,
&PseudonymizationDomain::from("domain1"),
&PseudonymizationDomain::from("domain2")
));
let permission_outside_time = Permission {
usergroups: vec!["group1".to_string()],
start: Some(Utc::now() + chrono::Duration::hours(1)),
end: Some(Utc::now() + chrono::Duration::hours(2)),
from: vec![PseudonymizationDomain::from("domain1")],
to: vec![PseudonymizationDomain::from("domain2")],
};
let access_rules_outside_time = AccessRules {
allow: vec![permission_outside_time],
};
assert!(!access_rules_outside_time.has_access(
&user_with_valid_group,
&PseudonymizationDomain::from("domain1"),
&PseudonymizationDomain::from("domain2")
));
assert!(!access_rules.has_access(
&user_with_invalid_group,
&PseudonymizationDomain::from("domain1"),
&PseudonymizationDomain::from("domain2")
));
assert!(!access_rules.has_access(
&user_with_valid_group,
&PseudonymizationDomain::from("domain3"),
&PseudonymizationDomain::from("domain4")
));
}