Skip to content

Commit 1fac0d9

Browse files
Emyrkjohnstcn
Emyrk
authored and
johnstcn
committed
WIP: don't look at this
1 parent 84a90f3 commit 1fac0d9

File tree

6 files changed

+175
-10
lines changed

6 files changed

+175
-10
lines changed

coderd/authz/authztest/set_test.go

Lines changed: 26 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,27 @@ import (
55
"testing"
66
)
77

8+
func BenchmarkRole(b *testing.B) {
9+
all := GroupedPermissions(AllPermissions())
10+
r := ParseRole(all, "w(pa) s(*e) s(*e) s(*e) s(pe) s(pe) s(*) s(*)")
11+
b.ResetTimer()
12+
for n := 0; n < b.N; n++ {
13+
if !r.Next() {
14+
r.Reset()
15+
}
16+
FakeAuthorize(r.Permissions())
17+
}
18+
}
19+
820
func TestRole(t *testing.T) {
921
all := GroupedPermissions(AllPermissions())
1022
testCases := []struct {
1123
Name string
1224
Permutations *Role
1325
Access bool
14-
}{
26+
}{ // 410,367,658
1527
{
28+
// [w] x [s1, s2, ""] = (w, s1), (w, s2), (w, "")
1629
Name: "W+",
1730
Permutations: ParseRole(all, "w(pa) s(*e) o(*e) u(*e)"),
1831
Access: true,
@@ -71,20 +84,23 @@ func TestRole(t *testing.T) {
7184
fmt.Printf("Total cases=%d\n", total)
7285

7386
// This is how you run the test cases
74-
//for _, c := range testCases {
75-
// t.Run(c.Name, func(t *testing.T) {
76-
// c.Permutations.Each(func(set Set) {
77-
// // Actually printing all the errors would be insane
78-
// //require.Equal(t, c.Access, FakeAuthorize(set))
79-
// FakeAuthorize(set)
80-
// })
81-
// })
82-
//}
87+
for _, c := range testCases {
88+
//t.Run(c.Name, func(t *testing.T) {
89+
c.Permutations.Each(func(set Set) {
90+
// Actually printing all the errors would be insane
91+
//require.Equal(t, c.Access, FakeAuthorize(set))
92+
FakeAuthorize(set)
93+
})
94+
//})
95+
}
8396
}
8497

8598
func FakeAuthorize(s Set) bool {
8699
var f bool
87100
for _, i := range s {
101+
if i == nil {
102+
continue
103+
}
88104
if i.Type() == "+" {
89105
f = true
90106
}

coderd/authz/permission.go

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
package authz
2+
3+
import "strings"
4+
5+
type permLevel string
6+
7+
const (
8+
LevelWildcard permLevel = "*"
9+
LevelSite permLevel = "site"
10+
LevelOrg permLevel = "org"
11+
LevelUser permLevel = "user"
12+
)
13+
14+
var PermissionLevels = [4]permLevel{LevelWildcard, LevelSite, LevelOrg, LevelUser}
15+
16+
type Permission struct {
17+
// Sign is positive or negative.
18+
// True = Positive, False = negative
19+
Sign bool
20+
Level permLevel
21+
// LevelID is used for identifying a particular org.
22+
// org:1234
23+
LevelID string
24+
25+
ResourceType string
26+
ResourceID string
27+
Action string
28+
}
29+
30+
// String returns the <level>.<resource_type>.<id>.<action> string formatted permission.
31+
// A string builder is used to be the most efficient.
32+
func (p Permission) String() string {
33+
var s strings.Builder
34+
// This could be 1 more than the actual capacity. But being 1 byte over for capacity is ok.
35+
s.Grow(1 + 4 + len(p.Level) + len(p.LevelID) + len(p.ResourceType) + len(p.ResourceID) + len(p.Action))
36+
if p.Sign {
37+
s.WriteRune('+')
38+
} else {
39+
s.WriteRune('-')
40+
}
41+
s.WriteString(string(p.Level))
42+
if p.LevelID != "" {
43+
s.WriteRune(':')
44+
s.WriteString(p.LevelID)
45+
}
46+
s.WriteRune('.')
47+
s.WriteString(p.ResourceType)
48+
s.WriteRune('.')
49+
s.WriteString(p.ResourceID)
50+
s.WriteRune('.')
51+
s.WriteString(p.Action)
52+
return s.String()
53+
}

coderd/authz/testdata/group.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
package testdata
2+
3+
type permissionSet string
4+
5+
const (
6+
SetPositive permissionSet = "j"
7+
SetNegative permissionSet = "j!"
8+
SetNeutral permissionSet = "a"
9+
)
10+
11+
var (
12+
PermissionSets = []permissionSet{SetPositive, SetNegative, SetNeutral}
13+
)

coderd/authz/testdata/permissions.go

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
package testdata
2+
3+
import (
4+
. "github.com/coder/coder/coderd/authz"
5+
)
6+
7+
type level string
8+
9+
const (
10+
otherOption = "other"
11+
12+
levelWild level = "*"
13+
levelSite level = "site"
14+
levelOrg level = "org"
15+
levelOrgMem level = "org:mem"
16+
// levelOrgAll is a helper to get both org levels above
17+
levelOrgAll level = "org:*"
18+
levelUser level = "user"
19+
)
20+
21+
var (
22+
PermissionTypes = []bool{true, false}
23+
Levels = PermissionLevels
24+
LevelIDs = []string{"", "mem"}
25+
ResourceTypes = []string{"resource", "*", otherOption}
26+
ResourceIDs = []string{"rid", "*", otherOption}
27+
Actions = []string{"action", "*", otherOption}
28+
)
29+
30+
func AllPermissions() Set {
31+
all := make(Set, 0, 2*len(Levels)*len(LevelIDs)*len(ResourceTypes)*len(ResourceIDs)*len(Actions))
32+
for _, p := range PermissionTypes {
33+
for _, l := range Levels {
34+
for _, lid := range LevelIDs {
35+
for _, t := range ResourceTypes {
36+
for _, i := range ResourceIDs {
37+
for _, a := range Actions {
38+
all = append(all, &Permission{
39+
Sign: p,
40+
Level: l,
41+
LevelID: lid,
42+
ResourceType: t,
43+
ResourceID: i,
44+
Action: a,
45+
})
46+
}
47+
}
48+
}
49+
}
50+
}
51+
}
52+
return all
53+
}

coderd/authz/testdata/role.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
package testdata
2+
3+
import (
4+
. "github.com/coder/coder/coderd/authz"
5+
)
6+
7+
var _ Permission
8+
9+
type Role struct {
10+
}

coderd/authz/testdata/set.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
package testdata
2+
3+
import (
4+
"strings"
5+
6+
. "github.com/coder/coder/coderd/authz"
7+
)
8+
9+
type Set []*Permission
10+
11+
func (s Set) String() string {
12+
var str strings.Builder
13+
sep := ""
14+
for _, v := range s {
15+
str.WriteString(sep)
16+
str.WriteString(v.String())
17+
sep = ", "
18+
}
19+
return str.String()
20+
}

0 commit comments

Comments
 (0)