dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
master
fn_registry/functions/infra/rbac_check_test.go
T
egutierrez af2366acb5 feat: rbac_check (pure), jwt_middleware, rbac_middleware 
Fase 5 del issue 0010 — RBAC y middlewares de auth.
- rbac_check es pura: solo recorre la matriz roles/permisos
- jwt_middleware extrae token del header Authorization: Bearer, valida e
  inyecta claims en el context con una key privada (jwtCtxKey struct{})
- rbac_middleware requiere jwt_middleware antes; lee role de claims.Custom
- Helper JWTClaimsFromContext para acceder a las claims desde handlers
- 401 claro si RBAC se usa sin JWT antes (code: no_claims)
2026-04-18 17:44:04 +02:00

59 lines
1.4 KiB
Go
Raw Permalink Blame History

package infra
import "testing"
func makeRoles() []Role {
return []Role{
{
Name: "admin",
Permissions: []Permission{
{Resource: "users", Action: "read"},
{Resource: "users", Action: "write"},
{Resource: "users", Action: "delete"},
},
},
{
Name: "viewer",
Permissions: []Permission{
{Resource: "users", Action: "read"},
},
},
}
}
func TestRBACCheck_Granted(t *testing.T) {
roles := makeRoles()
if !RBACCheck(roles, "admin", Permission{Resource: "users", Action: "delete"}) {
t.Fatal("admin deberia tener users/delete")
}
if !RBACCheck(roles, "viewer", Permission{Resource: "users", Action: "read"}) {
t.Fatal("viewer deberia tener users/read")
}
}
func TestRBACCheck_Denied(t *testing.T) {
roles := makeRoles()
if RBACCheck(roles, "viewer", Permission{Resource: "users", Action: "delete"}) {
t.Fatal("viewer NO deberia tener users/delete")
}
}
func TestRBACCheck_UnknownRole(t *testing.T) {
roles := makeRoles()
if RBACCheck(roles, "ghost", Permission{Resource: "users", Action: "read"}) {
t.Fatal("rol inexistente no deberia tener permisos")
}
}
func TestRBACCheck_ExactMatch(t *testing.T) {
roles := makeRoles()
// Resource distinto
if RBACCheck(roles, "admin", Permission{Resource: "billing", Action: "read"}) {
t.Fatal("admin no tiene billing/read")
}
// Action distinta
if RBACCheck(roles, "viewer", Permission{Resource: "users", Action: "write"}) {
t.Fatal("viewer no tiene users/write")
}
}
Reference in New Issue View Git Blame Copy Permalink