tests: create permissions tests
-
How to clean up the records and have the different permissions? Different API KEYs?
Cases:
####################
# Permission tests #
####################
# Case 1
# Read access: User belongs to one egroup, but there is no read property.
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"delete": ["CernSearch-Administrators@cern.ch"],
"owner": ["CernSearch-Administrators@cern.ch"],
"update": ["CernSearch-Administrators@cern.ch"]
},
"content": "User belongs to one egroup, but there is no read property.",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: applicatoin/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"delete": ["CernSearch-Administrators@cern.ch"],
"owner": ["CernSearch-Administrators@cern.ch"],
"update": ["CernSearch-Administrators@cern.ch"]
},
"content": "User belongs to one egroup, but there is no read property. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'
####################
# Case 2
# Read access: User does not belongs to one egroup, but there is no read property.
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User does not belongs to one egroup, but there is no read property",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should not be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User does not belongs to one egroup, but there is no read property. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should not be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'
####################
# Case 3
# Read access: User belongs to _access.read
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"read": ["CernSearch-Administrators@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User belongs to _access.read",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
#Should not appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=CernSearch-Administrators' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should not be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"read": ["CernSearch-Administrators@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User belongs to _access.read. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should not be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'
####################
# Case 4
# Read access: User belongs to _access.update
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["CernSearch-Administrators@cern.ch"]
},
"content": "User belongs to _access.update",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
#Should not appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=CernSearch-Administrators' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=random-egroup' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["CernSearch-Administrators@cern.ch"]
},
"content": "User belongs to _access.update. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should not be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'
####################
# Case 5
# Read access: User belongs to _access.delete
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["CernSearch-Administrators@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User belongs to _access.delete",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
#Should not appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=CernSearch-Administrators' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=random-egroup' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["CernSearch-Administrators@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User belongs to _access.delete. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'
####################
# Case 6
# Read access: User belongs to _access.owner
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["CernSearch-Administrators@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User belongs to _access.owner",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
#Should not appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=CernSearch-Administrators' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=random-egroup' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["CernSearch-Administrators@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User belongs to _access.owner. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'
####################
# Case 7
# User is admin user
curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/records/' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User is admin user",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
#Should not appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/records/?access=random-egroup' | jq .
# Should appear at
curl -k -X GET -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" 'https://dev-cern-search.web.cern.ch/api/record/<PID>' | jq .
# Should be updated
curl -X PUT -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>' --data '
{
"_access": {
"read": ["random-egroup@cern.ch"],
"delete": ["random-egroup@cern.ch"],
"owner": ["random-egroup@cern.ch"],
"update": ["random-egroup@cern.ch"]
},
"content": "User is admin user. [UPDATED]",
"control_number": "<PID>",
"$schema": "http://dev-cern-search.web.cern.ch/schemas/test/permission_v0.0.1.json"
}
'
# Should be deleted
curl -X DELETE -H 'Content-Type: application/json' -H 'Accept: application/json' \
-H "Authorization:Bearer $TOKEN" -i 'https://dev-cern-search.web.cern.ch/api/record/<PID>'