diff options
author | Jan Lehnardt <jan@apache.org> | 2019-08-25 16:40:25 +0200 |
---|---|---|
committer | Jan Lehnardt <jan@apache.org> | 2019-08-25 16:40:25 +0200 |
commit | bde3a721b59ebf940c23bd7bcb170e00b98fa51d (patch) | |
tree | 29f16c946ed30790235cbb6508d5e7b19f9a1a32 | |
parent | 73acc3cc713c44b63d0a77220519effb8c868172 (diff) | |
download | couchdb-bde3a721b59ebf940c23bd7bcb170e00b98fa51d.tar.gz |
test: doc updates
-rw-r--r-- | src/couch/test/couchdb_access_tests.erl | 52 |
1 files changed, 48 insertions, 4 deletions
diff --git a/src/couch/test/couchdb_access_tests.erl b/src/couch/test/couchdb_access_tests.erl index 249f0053b..f985528f3 100644 --- a/src/couch/test/couchdb_access_tests.erl +++ b/src/couch/test/couchdb_access_tests.erl @@ -64,12 +64,19 @@ after_all(_) -> access_test_() -> Tests = [ + % Doc creation fun should_not_let_anonymous_user_create_doc/2, fun should_let_admin_create_doc_with_access/2, fun should_let_admin_create_doc_without_access/2, fun should_let_user_create_doc_for_themselves/2, fun should_not_let_user_create_doc_for_someone_else/2, + % Doc updates + fun users_with_access_can_update_doc/2, + fun users_with_access_can_not_change_access/2, + fun users_with_access_can_not_remove_access/2, + + % Doc reads fun should_let_admin_read_doc_with_access/2, fun user_with_access_can_read_doc/2, fun user_without_access_can_not_read_doc/2, @@ -77,16 +84,20 @@ access_test_() -> fun admin_with_access_can_read_conflicted_doc/2, fun user_with_access_can_not_read_conflicted_doc/2, + % Doc deletes fun should_let_admin_delete_doc_with_access/2, fun should_let_user_delete_doc_for_themselves/2, fun should_not_let_user_delete_doc_for_someone_else/2, + % _all_docs with include_docs fun should_let_admin_fetch_all_docs/2, fun should_let_user_fetch_their_own_all_docs/2, + % _changes fun should_let_admin_fetch_changes/2, fun should_let_user_fetch_their_own_changes/2, + % views fun should_not_allow_admin_access_ddoc_view_request/2, fun should_not_allow_user_access_ddoc_view_request/2, fun should_allow_admin_users_access_ddoc_view_request/2, @@ -139,6 +150,38 @@ should_not_let_user_create_doc_for_someone_else(_PortType, Url) -> ?USERY_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"), ?_assertEqual(403, Code). +% Doc updates + +users_with_access_can_update_doc(_PortType, Url) -> + {ok, _, _, Body} = test_request:put(Url ++ "/db/b", + ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"), + {Json} = jiffy:decode(Body), + Rev = couch_util:get_value(<<"rev">>, Json), + {ok, Code, _, _} = test_request:put(Url ++ "/db/b", + ?USERX_REQ_HEADERS, + "{\"a\":2,\"_access\":[\"x\"],\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"), + ?_assertEqual(201, Code). + +users_with_access_can_not_change_access(_PortType, Url) -> + {ok, _, _, Body} = test_request:put(Url ++ "/db/b", + ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"), + {Json} = jiffy:decode(Body), + Rev = couch_util:get_value(<<"rev">>, Json), + {ok, Code, _, _} = test_request:put(Url ++ "/db/b", + ?USERX_REQ_HEADERS, + "{\"a\":2,\"_access\":[\"y\"],\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"), + ?_assertEqual(403, Code). + +users_with_access_can_not_remove_access(_PortType, Url) -> + {ok, _, _, Body} = test_request:put(Url ++ "/db/b", + ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"), + {Json} = jiffy:decode(Body), + Rev = couch_util:get_value(<<"rev">>, Json), + {ok, Code, _, _} = test_request:put(Url ++ "/db/b", + ?USERX_REQ_HEADERS, + "{\"a\":2,\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"), + ?_assertEqual(403, Code). + % Doc reads should_let_admin_read_doc_with_access(_PortType, Url) -> {ok, 201, _, _} = test_request:put(Url ++ "/db/a", @@ -271,11 +314,12 @@ should_let_user_fetch_their_own_changes(_PortType, Url) -> AmountOfDocs = length(proplists:get_value(<<"results">>, Json)), ?_assertEqual(2, AmountOfDocs). +% views should_not_allow_admin_access_ddoc_view_request(_PortType, Url) -> DDoc = "{\"a\":1,\"_access\":[\"x\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}", {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a", ?ADMIN_REQ_HEADERS, DDoc), - ?_assertEqual(201, Code), + ?assertEqual(201, Code), {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo", ?ADMIN_REQ_HEADERS), ?_assertEqual(403, Code1). @@ -284,7 +328,7 @@ should_not_allow_user_access_ddoc_view_request(_PortType, Url) -> DDoc = "{\"a\":1,\"_access\":[\"x\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}", {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a", ?ADMIN_REQ_HEADERS, DDoc), - ?_assertEqual(201, Code), + ?assertEqual(201, Code), {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo", ?USERX_REQ_HEADERS), ?_assertEqual(403, Code1). @@ -293,7 +337,7 @@ should_allow_admin_users_access_ddoc_view_request(_PortType, Url) -> DDoc = "{\"a\":1,\"_access\":[\"_users\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}", {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a", ?ADMIN_REQ_HEADERS, DDoc), - ?_assertEqual(201, Code), + ?assertEqual(201, Code), {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo", ?ADMIN_REQ_HEADERS), ?_assertEqual(200, Code1). @@ -302,7 +346,7 @@ should_allow_user_users_access_ddoc_view_request(_PortType, Url) -> DDoc = "{\"a\":1,\"_access\":[\"_users\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}", {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a", ?ADMIN_REQ_HEADERS, DDoc), - ?_assertEqual(201, Code), + ?assertEqual(201, Code), {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo", ?USERX_REQ_HEADERS), ?_assertEqual(200, Code1). |