1 #include "privileges.hpp"
2 
3 #include <boost/beast/http/verb.hpp>
4 
5 #include <array>
6 
7 #include <gmock/gmock.h>
8 #include <gtest/gtest.h>
9 
10 namespace redfish
11 {
12 namespace
13 {
14 
15 using ::testing::IsEmpty;
16 using ::testing::UnorderedElementsAre;
17 
TEST(PrivilegeTest,PrivilegeConstructor)18 TEST(PrivilegeTest, PrivilegeConstructor)
19 {
20     Privileges privileges{"Login", "ConfigureManager"};
21 
22     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
23                 UnorderedElementsAre("Login", "ConfigureManager"));
24 }
25 
TEST(PrivilegeTest,PrivilegeCheckForNoPrivilegesRequired)26 TEST(PrivilegeTest, PrivilegeCheckForNoPrivilegesRequired)
27 {
28     Privileges userPrivileges{"Login"};
29 
30     OperationMap entityPrivileges{{boost::beast::http::verb::get, {{"Login"}}}};
31 
32     EXPECT_TRUE(isMethodAllowedWithPrivileges(
33         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
34 }
35 
TEST(PrivilegeTest,PrivilegeCheckForSingleCaseSuccess)36 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseSuccess)
37 {
38     auto userPrivileges = Privileges{"Login"};
39     OperationMap entityPrivileges{{boost::beast::http::verb::get, {}}};
40 
41     EXPECT_TRUE(isMethodAllowedWithPrivileges(
42         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
43 }
44 
TEST(PrivilegeTest,PrivilegeCheckForSingleCaseFailure)45 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseFailure)
46 {
47     auto userPrivileges = Privileges{"Login"};
48     OperationMap entityPrivileges{
49         {boost::beast::http::verb::get, {{"ConfigureManager"}}}};
50 
51     EXPECT_FALSE(isMethodAllowedWithPrivileges(
52         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
53 }
54 
TEST(PrivilegeTest,PrivilegeCheckForANDCaseSuccess)55 TEST(PrivilegeTest, PrivilegeCheckForANDCaseSuccess)
56 {
57     auto userPrivileges =
58         Privileges{"Login", "ConfigureManager", "ConfigureSelf"};
59     OperationMap entityPrivileges{
60         {boost::beast::http::verb::get,
61          {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
62 
63     EXPECT_TRUE(isMethodAllowedWithPrivileges(
64         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
65 }
66 
TEST(PrivilegeTest,PrivilegeCheckForANDCaseFailure)67 TEST(PrivilegeTest, PrivilegeCheckForANDCaseFailure)
68 {
69     auto userPrivileges = Privileges{"Login", "ConfigureManager"};
70     OperationMap entityPrivileges{
71         {boost::beast::http::verb::get,
72          {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
73 
74     EXPECT_FALSE(isMethodAllowedWithPrivileges(
75         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
76 }
77 
TEST(PrivilegeTest,PrivilegeCheckForORCaseSuccess)78 TEST(PrivilegeTest, PrivilegeCheckForORCaseSuccess)
79 {
80     auto userPrivileges = Privileges{"ConfigureManager"};
81     OperationMap entityPrivileges{
82         {boost::beast::http::verb::get, {{"Login"}, {"ConfigureManager"}}}};
83 
84     EXPECT_TRUE(isMethodAllowedWithPrivileges(
85         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
86 }
87 
TEST(PrivilegeTest,PrivilegeCheckForORCaseFailure)88 TEST(PrivilegeTest, PrivilegeCheckForORCaseFailure)
89 {
90     auto userPrivileges = Privileges{"ConfigureComponents"};
91     OperationMap entityPrivileges = OperationMap(
92         {{boost::beast::http::verb::get, {{"Login"}, {"ConfigureManager"}}}});
93 
94     EXPECT_FALSE(isMethodAllowedWithPrivileges(
95         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
96 }
97 
TEST(PrivilegeTest,DefaultPrivilegeBitsetsAreEmpty)98 TEST(PrivilegeTest, DefaultPrivilegeBitsetsAreEmpty)
99 {
100     Privileges privileges;
101 
102     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
103                 IsEmpty());
104 
105     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
106                 IsEmpty());
107 }
108 
TEST(PrivilegeTest,GetActivePrivilegeNames)109 TEST(PrivilegeTest, GetActivePrivilegeNames)
110 {
111     Privileges privileges;
112 
113     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
114                 IsEmpty());
115 
116     std::array<const char*, 5> expectedPrivileges{
117         "Login", "ConfigureManager", "ConfigureUsers", "ConfigureComponents",
118         "ConfigureSelf"};
119 
120     for (const auto& privilege : expectedPrivileges)
121     {
122         EXPECT_TRUE(privileges.setSinglePrivilege(privilege));
123     }
124 
125     EXPECT_THAT(
126         privileges.getActivePrivilegeNames(PrivilegeType::BASE),
127         UnorderedElementsAre(expectedPrivileges[0], expectedPrivileges[1],
128                              expectedPrivileges[2], expectedPrivileges[3],
129                              expectedPrivileges[4]));
130 }
131 
TEST(PrivilegeTest,PrivilegeHostConsoleConstructor)132 TEST(PrivilegeTest, PrivilegeHostConsoleConstructor)
133 {
134     Privileges privileges{"OpenBMCHostConsole"};
135 
136     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
137                 UnorderedElementsAre("OpenBMCHostConsole"));
138 }
139 
140 } // namespace
141 } // namespace redfish
142