[pve-access-control.git] / test / perm-test6.pl

#!/usr/bin/perl -w

use strict;
use PVE::Tools;
use PVE::AccessControl;
use PVE::RPCEnvironment;
use Getopt::Long;

my $rpcenv = PVE::RPCEnvironment->init('cli');

my $cfgfn = "test6.cfg";
$rpcenv->init_request(userconfig => $cfgfn);

sub check_roles {
    my ($user, $path, $expected_result) = @_;

    my @ra = $rpcenv->roles($user, $path);
    my $res = join(',', sort @ra);

    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    print "ROLES:$path:$user:$res\n";
}

check_roles('User1@pve', '', '');
check_roles('User2@pve', '', '');
check_roles('User3@pve', '', '');
check_roles('User4@pve', '', '');

check_roles('User1@pve', '/vms', 'RoleTEST1');
check_roles('User2@pve', '/vms', 'RoleTEST1');
check_roles('User3@pve', '/vms', 'NoAccess');
check_roles('User4@pve', '/vms', '');

check_roles('User1@pve', '/vms/100', 'RoleTEST1');
check_roles('User2@pve', '/vms/100', 'RoleTEST1');
check_roles('User3@pve', '/vms/100', 'NoAccess');
check_roles('User4@pve', '/vms/100', '');

check_roles('User1@pve', '/vms/300', 'Role1');
check_roles('User2@pve', '/vms/300', 'RoleTEST1');
check_roles('User3@pve', '/vms/300', 'NoAccess');
check_roles('User4@pve', '/vms/300', 'Role1');

check_roles('User1@pve', '/vms/500', 'RoleDEVEL,RoleTEST1');
check_roles('User2@pve', '/vms/500', 'RoleDEVEL,RoleTEST1');
check_roles('User3@pve', '/vms/500', 'NoAccess');
check_roles('User4@pve', '/vms/500', '');

check_roles('User1@pve', '/vms/600', 'RoleMARKETING,RoleTEST1');
check_roles('User2@pve', '/vms/600', 'RoleTEST1');
check_roles('User3@pve', '/vms/600', 'NoAccess');
check_roles('User4@pve', '/vms/600', 'RoleMARKETING');

check_roles('User1@pve', '/storage/store1', 'RoleDEVEL,RoleMARKETING');
check_roles('User2@pve', '/storage/store1', 'RoleDEVEL');
check_roles('User3@pve', '/storage/store1', 'RoleDEVEL');
check_roles('User4@pve', '/storage/store1', 'RoleMARKETING');

check_roles('User1@pve', '/storage/store2', 'RoleDEVEL');
check_roles('User2@pve', '/storage/store2', 'RoleDEVEL');
check_roles('User3@pve', '/storage/store2', 'RoleDEVEL');
check_roles('User4@pve', '/storage/store2', '');

print "all tests passed\n";

exit (0);
Commit	Line	Data
4bc17477 DM	1	#!/usr/bin/perl -w
	2
	3	use strict;
	4	use PVE::Tools;
	5	use PVE::AccessControl;
	6	use PVE::RPCEnvironment;
	7	use Getopt::Long;
	8
	9	my $rpcenv = PVE::RPCEnvironment->init('cli');
	10
	11	my $cfgfn = "test6.cfg";
	12	$rpcenv->init_request(userconfig => $cfgfn);
	13
	14	sub check_roles {
	15	my ($user, $path, $expected_result) = @_;
	16
	17	my @ra = $rpcenv->roles($user, $path);
	18	my $res = join(',', sort @ra);
	19
	20	die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	21	if $res ne $expected_result;
	22
	23	print "ROLES:$path:$user:$res\n";
	24	}
	25
	26	check_roles('User1@pve', '', '');
	27	check_roles('User2@pve', '', '');
	28	check_roles('User3@pve', '', '');
	29	check_roles('User4@pve', '', '');
	30
	31	check_roles('User1@pve', '/vms', 'RoleTEST1');
	32	check_roles('User2@pve', '/vms', 'RoleTEST1');
	33	check_roles('User3@pve', '/vms', 'NoAccess');
	34	check_roles('User4@pve', '/vms', '');
	35
	36	check_roles('User1@pve', '/vms/100', 'RoleTEST1');
	37	check_roles('User2@pve', '/vms/100', 'RoleTEST1');
	38	check_roles('User3@pve', '/vms/100', 'NoAccess');
	39	check_roles('User4@pve', '/vms/100', '');
	40
	41	check_roles('User1@pve', '/vms/300', 'Role1');
	42	check_roles('User2@pve', '/vms/300', 'RoleTEST1');
	43	check_roles('User3@pve', '/vms/300', 'NoAccess');
	44	check_roles('User4@pve', '/vms/300', 'Role1');
	45
	46	check_roles('User1@pve', '/vms/500', 'RoleDEVEL,RoleTEST1');
	47	check_roles('User2@pve', '/vms/500', 'RoleDEVEL,RoleTEST1');
	48	check_roles('User3@pve', '/vms/500', 'NoAccess');
	49	check_roles('User4@pve', '/vms/500', '');
	50
	51	check_roles('User1@pve', '/vms/600', 'RoleMARKETING,RoleTEST1');
	52	check_roles('User2@pve', '/vms/600', 'RoleTEST1');
	53	check_roles('User3@pve', '/vms/600', 'NoAccess');
	54	check_roles('User4@pve', '/vms/600', 'RoleMARKETING');
	55
	56	check_roles('User1@pve', '/storage/store1', 'RoleDEVEL,RoleMARKETING');
	57	check_roles('User2@pve', '/storage/store1', 'RoleDEVEL');
	58	check_roles('User3@pve', '/storage/store1', 'RoleDEVEL');
	59	check_roles('User4@pve', '/storage/store1', 'RoleMARKETING');
	60
	61	check_roles('User1@pve', '/storage/store2', 'RoleDEVEL');
	62	check_roles('User2@pve', '/storage/store2', 'RoleDEVEL');
	63	check_roles('User3@pve', '/storage/store2', 'RoleDEVEL');
	64	check_roles('User4@pve', '/storage/store2', '');
65
66	print "all tests passed\n";
67
68	exit (0);