xref: /openbmc/bmcweb/test/redfish-core/include/privileges_test.cpp (revision 40e9b92ec19acffb46f83a6e55b18974da5d708e) 
1 // SPDX-License-Identifier: Apache-2.0
2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors
3 #include "privileges.hpp"
4 
5 #include <boost/beast/http/verb.hpp>
6 
7 #include <array>
8 
9 #include <gmock/gmock.h>
10 #include <gtest/gtest.h>
11 
12 namespace redfish
13 {
14 namespace
15 {
16 
17 using ::testing::IsEmpty;
18 using ::testing::UnorderedElementsAre;
19 
TEST(PrivilegeTest,PrivilegeConstructor)20 TEST(PrivilegeTest, PrivilegeConstructor)
21 {
22     Privileges privileges{"Login", "ConfigureManager"};
23 
24     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
25                 UnorderedElementsAre("Login", "ConfigureManager"));
26 }
27 
TEST(PrivilegeTest,PrivilegeCheckForNoPrivilegesRequired)28 TEST(PrivilegeTest, PrivilegeCheckForNoPrivilegesRequired)
29 {
30     Privileges userPrivileges{"Login"};
31 
32     OperationMap entityPrivileges{{boost::beast::http::verb::get, {{"Login"}}}};
33 
34     EXPECT_TRUE(isMethodAllowedWithPrivileges(
35         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
36 }
37 
TEST(PrivilegeTest,PrivilegeCheckForSingleCaseSuccess)38 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseSuccess)
39 {
40     auto userPrivileges = Privileges{"Login"};
41     OperationMap entityPrivileges{{boost::beast::http::verb::get, {}}};
42 
43     EXPECT_TRUE(isMethodAllowedWithPrivileges(
44         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
45 }
46 
TEST(PrivilegeTest,PrivilegeCheckForSingleCaseFailure)47 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseFailure)
48 {
49     auto userPrivileges = Privileges{"Login"};
50     OperationMap entityPrivileges{
51         {boost::beast::http::verb::get, {{"ConfigureManager"}}}};
52 
53     EXPECT_FALSE(isMethodAllowedWithPrivileges(
54         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
55 }
56 
TEST(PrivilegeTest,PrivilegeCheckForANDCaseSuccess)57 TEST(PrivilegeTest, PrivilegeCheckForANDCaseSuccess)
58 {
59     auto userPrivileges =
60         Privileges{"Login", "ConfigureManager", "ConfigureSelf"};
61     OperationMap entityPrivileges{
62         {boost::beast::http::verb::get,
63          {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
64 
65     EXPECT_TRUE(isMethodAllowedWithPrivileges(
66         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
67 }
68 
TEST(PrivilegeTest,PrivilegeCheckForANDCaseFailure)69 TEST(PrivilegeTest, PrivilegeCheckForANDCaseFailure)
70 {
71     auto userPrivileges = Privileges{"Login", "ConfigureManager"};
72     OperationMap entityPrivileges{
73         {boost::beast::http::verb::get,
74          {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
75 
76     EXPECT_FALSE(isMethodAllowedWithPrivileges(
77         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
78 }
79 
TEST(PrivilegeTest,PrivilegeCheckForORCaseSuccess)80 TEST(PrivilegeTest, PrivilegeCheckForORCaseSuccess)
81 {
82     auto userPrivileges = Privileges{"ConfigureManager"};
83     OperationMap entityPrivileges{
84         {boost::beast::http::verb::get, {{"Login"}, {"ConfigureManager"}}}};
85 
86     EXPECT_TRUE(isMethodAllowedWithPrivileges(
87         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
88 }
89 
TEST(PrivilegeTest,PrivilegeCheckForORCaseFailure)90 TEST(PrivilegeTest, PrivilegeCheckForORCaseFailure)
91 {
92     auto userPrivileges = Privileges{"ConfigureComponents"};
93     OperationMap entityPrivileges = OperationMap(
94         {{boost::beast::http::verb::get, {{"Login"}, {"ConfigureManager"}}}});
95 
96     EXPECT_FALSE(isMethodAllowedWithPrivileges(
97         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
98 }
99 
TEST(PrivilegeTest,DefaultPrivilegeBitsetsAreEmpty)100 TEST(PrivilegeTest, DefaultPrivilegeBitsetsAreEmpty)
101 {
102     Privileges privileges;
103 
104     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
105                 IsEmpty());
106 
107     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
108                 IsEmpty());
109 }
110 
TEST(PrivilegeTest,GetActivePrivilegeNames)111 TEST(PrivilegeTest, GetActivePrivilegeNames)
112 {
113     Privileges privileges;
114 
115     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
116                 IsEmpty());
117 
118     std::array<const char*, 5> expectedPrivileges{
119         "Login", "ConfigureManager", "ConfigureUsers", "ConfigureComponents",
120         "ConfigureSelf"};
121 
122     for (const auto& privilege : expectedPrivileges)
123     {
124         EXPECT_TRUE(privileges.setSinglePrivilege(privilege));
125     }
126 
127     EXPECT_THAT(
128         privileges.getActivePrivilegeNames(PrivilegeType::BASE),
129         UnorderedElementsAre(expectedPrivileges[0], expectedPrivileges[1],
130                              expectedPrivileges[2], expectedPrivileges[3],
131                              expectedPrivileges[4]));
132 }
133 
TEST(PrivilegeTest,PrivilegeHostConsoleConstructor)134 TEST(PrivilegeTest, PrivilegeHostConsoleConstructor)
135 {
136     Privileges privileges{"OpenBMCHostConsole"};
137 
138     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
139                 UnorderedElementsAre("OpenBMCHostConsole"));
140 }
141 
142 } // namespace
143 } // namespace redfish
144