zitadel/internal/api/auth/permissions_test.go

package auth

import (
	"context"
	"testing"

	caos_errs "github.com/caos/zitadel/internal/errors"
)

func getTestCtx(userID, orgID string) context.Context {
	return context.WithValue(context.Background(), dataKey, CtxData{UserID: userID, OrgID: orgID})
}

type testVerifier struct {
	grants []*Grant
}

func (v *testVerifier) VerifyAccessToken(ctx context.Context, token string) (string, string, string, error) {
	return "userID", "clientID", "agentID", nil
}

func (v *testVerifier) ResolveGrants(ctx context.Context, sub, orgID string) ([]*Grant, error) {
	return v.grants, nil
}

func (v *testVerifier) GetProjectIDByClientID(ctx context.Context, clientID string) (string, error) {
	return "", nil
}

func equalStringArray(a, b []string) bool {
	if len(a) != len(b) {
		return false
	}
	for i, v := range a {
		if v != b[i] {
			return false
		}
	}
	return true
}

func Test_GetUserMethodPermissions(t *testing.T) {
	type args struct {
		ctx          context.Context
		verifier     TokenVerifier
		requiredPerm string
		authConfig   *Config
	}
	tests := []struct {
		name    string
		args    args
		wantErr bool
		errFunc func(err error) bool
		result  []string
	}{
		{
			name: "Empty Context",
			args: args{
				ctx: getTestCtx("", ""),
				verifier: &testVerifier{grants: []*Grant{&Grant{
					Roles: []string{"ORG_OWNER"}}}},
				requiredPerm: "project.read",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			wantErr: true,
			errFunc: caos_errs.IsUnauthenticated,
			result:  []string{"project.read"},
		},
		{
			name: "No Grants",
			args: args{
				ctx:          getTestCtx("", ""),
				verifier:     &testVerifier{grants: []*Grant{}},
				requiredPerm: "project.read",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			result: make([]string, 0),
		},
		{
			name: "Get Permissions",
			args: args{
				ctx: getTestCtx("userID", "orgID"),
				verifier: &testVerifier{grants: []*Grant{&Grant{
					Roles: []string{"ORG_OWNER"}}}},
				requiredPerm: "project.read",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			result: []string{"project.read"},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			_, perms, err := getUserMethodPermissions(tt.args.ctx, tt.args.verifier, tt.args.requiredPerm, tt.args.authConfig)

			if tt.wantErr && err == nil {
				t.Errorf("got wrong result, should get err: actual: %v ", err)
			}

			if tt.wantErr && !tt.errFunc(err) {
				t.Errorf("got wrong err: %v ", err)
			}

			if !tt.wantErr && !equalStringArray(perms, tt.result) {
				t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, perms)
			}
		})
	}
}

func Test_MapGrantsToPermissions(t *testing.T) {
	type args struct {
		requiredPerm string
		grants       []*Grant
		authConfig   *Config
	}
	tests := []struct {
		name   string
		args   args
		result []string
	}{
		{
			name: "One Role existing perm",
			args: args{
				requiredPerm: "project.read",
				grants: []*Grant{&Grant{
					Roles: []string{"ORG_OWNER"}}},
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			result: []string{"project.read"},
		},
		{
			name: "One Role not existing perm",
			args: args{
				requiredPerm: "project.write",
				grants: []*Grant{&Grant{
					Roles: []string{"ORG_OWNER"}}},
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			result: []string{},
		},
		{
			name: "Multiple Roles one existing",
			args: args{
				requiredPerm: "project.read",
				grants: []*Grant{&Grant{
					Roles: []string{"ORG_OWNER", "IAM_OWNER"}}},
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			result: []string{"project.read"},
		},
		{
			name: "Multiple Roles, global and specific",
			args: args{
				requiredPerm: "project.read",
				grants: []*Grant{&Grant{
					Roles: []string{"ORG_OWNER", "PROJECT_OWNER:1"}}},
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "PROJECT_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
			},
			result: []string{"project.read", "project.read:1"},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := mapGrantsToPermissions(tt.args.requiredPerm, tt.args.grants, tt.args.authConfig)
			if !equalStringArray(result, tt.result) {
				t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
			}
		})
	}
}

func Test_MapRoleToPerm(t *testing.T) {
	type args struct {
		requiredPerm        string
		actualRole          string
		authConfig          *Config
		resolvedPermissions []string
	}
	tests := []struct {
		name   string
		args   args
		result []string
	}{
		{
			name: "first perm without context id",
			args: args{
				requiredPerm: "project.read",
				actualRole:   "ORG_OWNER",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
				resolvedPermissions: []string{},
			},
			result: []string{"project.read"},
		},
		{
			name: "existing perm without context id",
			args: args{
				requiredPerm: "project.read",
				actualRole:   "ORG_OWNER",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "IAM_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
				resolvedPermissions: []string{"project.read"},
			},
			result: []string{"project.read"},
		},
		{
			name: "first perm with context id",
			args: args{
				requiredPerm: "project.read",
				actualRole:   "PROJECT_OWNER:1",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "PROJECT_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
				resolvedPermissions: []string{},
			},
			result: []string{"project.read:1"},
		},
		{
			name: "perm with context id, existing global",
			args: args{
				requiredPerm: "project.read",
				actualRole:   "PROJECT_OWNER:1",
				authConfig: &Config{
					RolePermissionMappings: []RoleMapping{
						RoleMapping{
							Role:        "PROJECT_OWNER",
							Permissions: []string{"project.read"},
						},
						RoleMapping{
							Role:        "ORG_OWNER",
							Permissions: []string{"org.read", "project.read"},
						},
					},
				},
				resolvedPermissions: []string{"project.read"},
			},
			result: []string{"project.read", "project.read:1"},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := mapRoleToPerm(tt.args.requiredPerm, tt.args.actualRole, tt.args.authConfig, tt.args.resolvedPermissions)
			if !equalStringArray(result, tt.result) {
				t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
			}
		})
	}
}

func Test_AddRoleContextIDToPerm(t *testing.T) {
	type args struct {
		perm  string
		ctxID string
	}
	tests := []struct {
		name   string
		args   args
		result string
	}{
		{
			name: "with ctx id",
			args: args{
				perm:  "perm1",
				ctxID: "2",
			},
			result: "perm1:2",
		},
		{
			name: "with ctx id",
			args: args{
				perm:  "perm1",
				ctxID: "",
			},
			result: "perm1",
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := addRoleContextIDToPerm(tt.args.perm, tt.args.ctxID)
			if result != tt.result {
				t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
			}
		})
	}
}

func Test_ExistisPerm(t *testing.T) {
	type args struct {
		existing []string
		perm     string
	}
	tests := []struct {
		name   string
		args   args
		result bool
	}{
		{
			name: "not existing perm",
			args: args{
				existing: []string{"perm1", "perm2", "perm3"},
				perm:     "perm4",
			},
			result: false,
		},
		{
			name: "existing perm",
			args: args{
				existing: []string{"perm1", "perm2", "perm3"},
				perm:     "perm2",
			},
			result: true,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			result := existsPerm(tt.args.existing, tt.args.perm)
			if result != tt.result {
				t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
			}
		})
	}
}
feat: add some api packages 2020-03-23 06:01:59 +00:00			`package auth`

			`import (`
			`"context"`
			`"testing"`

			`caos_errs "github.com/caos/zitadel/internal/errors"`
			`)`

			`func getTestCtx(userID, orgID string) context.Context {`
change context keys and fix tests 2020-03-30 09:52:08 +00:00			`return context.WithValue(context.Background(), dataKey, CtxData{UserID: userID, OrgID: orgID})`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`}`

			`type testVerifier struct {`
			`grants []*Grant`
			`}`

			`func (v *testVerifier) VerifyAccessToken(ctx context.Context, token string) (string, string, string, error) {`
Project commands (#26) * feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com> 2020-04-07 11:23:04 +00:00			`return "userID", "clientID", "agentID", nil`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`}`

			`func (v testVerifier) ResolveGrants(ctx context.Context, sub, orgID string) ([]Grant, error) {`
			`return v.grants, nil`
			`}`

			`func (v *testVerifier) GetProjectIDByClientID(ctx context.Context, clientID string) (string, error) {`
			`return "", nil`
			`}`

fix test 2020-03-30 08:09:38 +00:00			`func equalStringArray(a, b []string) bool {`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`if len(a) != len(b) {`
			`return false`
			`}`
			`for i, v := range a {`
			`if v != b[i] {`
			`return false`
			`}`
			`}`
			`return true`
			`}`

			`func Test_GetUserMethodPermissions(t *testing.T) {`
			`type args struct {`
			`ctx context.Context`
			`verifier TokenVerifier`
			`requiredPerm string`
			`authConfig *Config`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`wantErr bool`
			`errFunc func(err error) bool`
			`result []string`
			`}{`
			`{`
			`name: "Empty Context",`
			`args: args{`
			`ctx: getTestCtx("", ""),`
			`verifier: &testVerifier{grants: []*Grant{&Grant{`
			`Roles: []string{"ORG_OWNER"}}}},`
			`requiredPerm: "project.read",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`wantErr: true,`
improve some functions 2020-03-30 07:28:00 +00:00			`errFunc: caos_errs.IsUnauthenticated,`
			`result: []string{"project.read"},`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`},`
			`{`
			`name: "No Grants",`
			`args: args{`
			`ctx: getTestCtx("", ""),`
			`verifier: &testVerifier{grants: []*Grant{}},`
			`requiredPerm: "project.read",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`result: make([]string, 0),`
			`},`
			`{`
			`name: "Get Permissions",`
			`args: args{`
			`ctx: getTestCtx("userID", "orgID"),`
			`verifier: &testVerifier{grants: []*Grant{&Grant{`
			`Roles: []string{"ORG_OWNER"}}}},`
			`requiredPerm: "project.read",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`result: []string{"project.read"},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`_, perms, err := getUserMethodPermissions(tt.args.ctx, tt.args.verifier, tt.args.requiredPerm, tt.args.authConfig)`

			`if tt.wantErr && err == nil {`
			`t.Errorf("got wrong result, should get err: actual: %v ", err)`
			`}`

			`if tt.wantErr && !tt.errFunc(err) {`
			`t.Errorf("got wrong err: %v ", err)`
			`}`

fix test 2020-03-30 08:09:38 +00:00			`if !tt.wantErr && !equalStringArray(perms, tt.result) {`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, perms)`
			`}`
			`})`
			`}`
			`}`

			`func Test_MapGrantsToPermissions(t *testing.T) {`
			`type args struct {`
			`requiredPerm string`
			`grants []*Grant`
			`authConfig *Config`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`result []string`
			`}{`
			`{`
			`name: "One Role existing perm",`
			`args: args{`
			`requiredPerm: "project.read",`
			`grants: []*Grant{&Grant{`
			`Roles: []string{"ORG_OWNER"}}},`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`result: []string{"project.read"},`
			`},`
			`{`
			`name: "One Role not existing perm",`
			`args: args{`
			`requiredPerm: "project.write",`
			`grants: []*Grant{&Grant{`
			`Roles: []string{"ORG_OWNER"}}},`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`result: []string{},`
			`},`
			`{`
			`name: "Multiple Roles one existing",`
			`args: args{`
			`requiredPerm: "project.read",`
			`grants: []*Grant{&Grant{`
			`Roles: []string{"ORG_OWNER", "IAM_OWNER"}}},`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`result: []string{"project.read"},`
			`},`
			`{`
			`name: "Multiple Roles, global and specific",`
			`args: args{`
			`requiredPerm: "project.read",`
			`grants: []*Grant{&Grant{`
			`Roles: []string{"ORG_OWNER", "PROJECT_OWNER:1"}}},`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "PROJECT_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`},`
			`result: []string{"project.read", "project.read:1"},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`result := mapGrantsToPermissions(tt.args.requiredPerm, tt.args.grants, tt.args.authConfig)`
fix test 2020-03-30 08:09:38 +00:00			`if !equalStringArray(result, tt.result) {`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)`
			`}`
			`})`
			`}`
			`}`

			`func Test_MapRoleToPerm(t *testing.T) {`
			`type args struct {`
			`requiredPerm string`
			`actualRole string`
			`authConfig *Config`
			`resolvedPermissions []string`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`result []string`
			`}{`
			`{`
			`name: "first perm without context id",`
			`args: args{`
			`requiredPerm: "project.read",`
			`actualRole: "ORG_OWNER",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`resolvedPermissions: []string{},`
			`},`
			`result: []string{"project.read"},`
			`},`
			`{`
			`name: "existing perm without context id",`
			`args: args{`
			`requiredPerm: "project.read",`
			`actualRole: "ORG_OWNER",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "IAM_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`resolvedPermissions: []string{"project.read"},`
			`},`
			`result: []string{"project.read"},`
			`},`
			`{`
			`name: "first perm with context id",`
			`args: args{`
			`requiredPerm: "project.read",`
			`actualRole: "PROJECT_OWNER:1",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "PROJECT_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`resolvedPermissions: []string{},`
			`},`
			`result: []string{"project.read:1"},`
			`},`
			`{`
			`name: "perm with context id, existing global",`
			`args: args{`
			`requiredPerm: "project.read",`
			`actualRole: "PROJECT_OWNER:1",`
			`authConfig: &Config{`
			`RolePermissionMappings: []RoleMapping{`
			`RoleMapping{`
			`Role: "PROJECT_OWNER",`
			`Permissions: []string{"project.read"},`
			`},`
			`RoleMapping{`
			`Role: "ORG_OWNER",`
			`Permissions: []string{"org.read", "project.read"},`
			`},`
			`},`
			`},`
			`resolvedPermissions: []string{"project.read"},`
			`},`
			`result: []string{"project.read", "project.read:1"},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`result := mapRoleToPerm(tt.args.requiredPerm, tt.args.actualRole, tt.args.authConfig, tt.args.resolvedPermissions)`
fix test 2020-03-30 08:09:38 +00:00			`if !equalStringArray(result, tt.result) {`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)`
			`}`
			`})`
			`}`
			`}`

			`func Test_AddRoleContextIDToPerm(t *testing.T) {`
			`type args struct {`
			`perm string`
			`ctxID string`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`result string`
			`}{`
			`{`
			`name: "with ctx id",`
			`args: args{`
			`perm: "perm1",`
			`ctxID: "2",`
			`},`
			`result: "perm1:2",`
			`},`
			`{`
			`name: "with ctx id",`
			`args: args{`
			`perm: "perm1",`
			`ctxID: "",`
			`},`
			`result: "perm1",`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`result := addRoleContextIDToPerm(tt.args.perm, tt.args.ctxID)`
			`if result != tt.result {`
			`t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)`
			`}`
			`})`
			`}`
			`}`

			`func Test_ExistisPerm(t *testing.T) {`
			`type args struct {`
			`existing []string`
			`perm string`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`result bool`
			`}{`
			`{`
			`name: "not existing perm",`
			`args: args{`
			`existing: []string{"perm1", "perm2", "perm3"},`
			`perm: "perm4",`
			`},`
			`result: false,`
			`},`
			`{`
			`name: "existing perm",`
			`args: args{`
			`existing: []string{"perm1", "perm2", "perm3"},`
			`perm: "perm2",`
			`},`
			`result: true,`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`result := existsPerm(tt.args.existing, tt.args.perm)`
			`if result != tt.result {`
			`t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)`
			`}`
			`})`
			`}`
			`}`