1 #include "privileges.hpp"
2 
3 #include <boost/beast/http/verb.hpp>
4 
5 #include <array>
6 
7 #include <gmock/gmock.h> // IWYU pragma: keep
8 #include <gtest/gtest.h> // IWYU pragma: keep
9 
10 // IWYU pragma: no_include <gtest/gtest-message.h>
11 // IWYU pragma: no_include <gtest/gtest-test-part.h>
12 // IWYU pragma: no_include "gtest/gtest_pred_impl.h"
13 // IWYU pragma: no_include <gmock/gmock-matchers.h>
14 // IWYU pragma: no_include <gmock/gmock-more-matchers.h>
15 
16 namespace redfish
17 {
18 namespace
19 {
20 
21 using ::testing::IsEmpty;
22 using ::testing::UnorderedElementsAre;
23 
24 TEST(PrivilegeTest, PrivilegeConstructor)
25 {
26     Privileges privileges{"Login", "ConfigureManager"};
27 
28     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
29                 UnorderedElementsAre("Login", "ConfigureManager"));
30 }
31 
32 TEST(PrivilegeTest, PrivilegeCheckForNoPrivilegesRequired)
33 {
34     Privileges userPrivileges{"Login"};
35 
36     OperationMap entityPrivileges{{boost::beast::http::verb::get, {{"Login"}}}};
37 
38     EXPECT_TRUE(isMethodAllowedWithPrivileges(
39         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
40 }
41 
42 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseSuccess)
43 {
44     auto userPrivileges = Privileges{"Login"};
45     OperationMap entityPrivileges{{boost::beast::http::verb::get, {}}};
46 
47     EXPECT_TRUE(isMethodAllowedWithPrivileges(
48         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
49 }
50 
51 TEST(PrivilegeTest, PrivilegeCheckForSingleCaseFailure)
52 {
53     auto userPrivileges = Privileges{"Login"};
54     OperationMap entityPrivileges{
55         {boost::beast::http::verb::get, {{"ConfigureManager"}}}};
56 
57     EXPECT_FALSE(isMethodAllowedWithPrivileges(
58         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
59 }
60 
61 TEST(PrivilegeTest, PrivilegeCheckForANDCaseSuccess)
62 {
63     auto userPrivileges =
64         Privileges{"Login", "ConfigureManager", "ConfigureSelf"};
65     OperationMap entityPrivileges{
66         {boost::beast::http::verb::get,
67          {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
68 
69     EXPECT_TRUE(isMethodAllowedWithPrivileges(
70         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
71 }
72 
73 TEST(PrivilegeTest, PrivilegeCheckForANDCaseFailure)
74 {
75     auto userPrivileges = Privileges{"Login", "ConfigureManager"};
76     OperationMap entityPrivileges{
77         {boost::beast::http::verb::get,
78          {{"Login", "ConfigureManager", "ConfigureSelf"}}}};
79 
80     EXPECT_FALSE(isMethodAllowedWithPrivileges(
81         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
82 }
83 
84 TEST(PrivilegeTest, PrivilegeCheckForORCaseSuccess)
85 {
86     auto userPrivileges = Privileges{"ConfigureManager"};
87     OperationMap entityPrivileges{
88         {boost::beast::http::verb::get, {{"Login"}, {"ConfigureManager"}}}};
89 
90     EXPECT_TRUE(isMethodAllowedWithPrivileges(
91         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
92 }
93 
94 TEST(PrivilegeTest, PrivilegeCheckForORCaseFailure)
95 {
96     auto userPrivileges = Privileges{"ConfigureComponents"};
97     OperationMap entityPrivileges = OperationMap(
98         {{boost::beast::http::verb::get, {{"Login"}, {"ConfigureManager"}}}});
99 
100     EXPECT_FALSE(isMethodAllowedWithPrivileges(
101         boost::beast::http::verb::get, entityPrivileges, userPrivileges));
102 }
103 
104 TEST(PrivilegeTest, DefaultPrivilegeBitsetsAreEmpty)
105 {
106     Privileges privileges;
107 
108     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
109                 IsEmpty());
110 
111     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
112                 IsEmpty());
113 }
114 
115 TEST(PrivilegeTest, GetActivePrivilegeNames)
116 {
117     Privileges privileges;
118 
119     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE),
120                 IsEmpty());
121 
122     std::array<const char*, 5> expectedPrivileges{
123         "Login", "ConfigureManager", "ConfigureUsers", "ConfigureComponents",
124         "ConfigureSelf"};
125 
126     for (const auto& privilege : expectedPrivileges)
127     {
128         EXPECT_TRUE(privileges.setSinglePrivilege(privilege));
129     }
130 
131     EXPECT_THAT(
132         privileges.getActivePrivilegeNames(PrivilegeType::BASE),
133         UnorderedElementsAre(expectedPrivileges[0], expectedPrivileges[1],
134                              expectedPrivileges[2], expectedPrivileges[3],
135                              expectedPrivileges[4]));
136 }
137 
138 TEST(PrivilegeTest, PrivilegeHostConsoleConstructor)
139 {
140     Privileges privileges{"OpenBMCHostConsole"};
141 
142     EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::OEM),
143                 UnorderedElementsAre("OpenBMCHostConsole"));
144 }
145 
146 } // namespace
147 } // namespace redfish
148