Add tests for global max-depth

ory · Dec 6, 2021 · afb88c4 · afb88c4
1 parent 0acc968
commit afb88c4
Showing 1 changed file with 32 additions and 17 deletions.
diff --git a/internal/check/engine_test.go b/internal/check/engine_test.go
@@ -45,7 +45,7 @@ func TestEngine(t *testing.T) {
 			Relation:  "owner",
 			Object:    object,
 			Namespace: ns,
-			Subject:   &relationtuple.SubjectSet{
+			Subject: &relationtuple.SubjectSet{
 				Relation:  "admin",
 				Object:    object,
 				Namespace: ns,
@@ -56,7 +56,7 @@ func TestEngine(t *testing.T) {
 			Relation:  "access",
 			Object:    object,
 			Namespace: ns,
-			Subject:   &relationtuple.SubjectSet{
+			Subject: &relationtuple.SubjectSet{
 				Relation:  "owner",
 				Object:    object,
 				Namespace: ns,
@@ -76,14 +76,29 @@ func TestEngine(t *testing.T) {
 			Subject:   user,
 		}
 
-		// max-depth=2 is not enough
+		// global max-depth defaults to 10
+		assert.Equal(t, reg.Config().ReadAPIMaxDepth(), 10)
+
+		// req max-depth takes precedence, max-depth=2 is not enough
 		res, err := e.SubjectIsAllowed(context.Background(), userHasAccess, 2)
 		require.NoError(t, err)
 		assert.False(t, res)
 
-		// max-depth=3 is enough
+		// req max-depth takes precedence, max-depth=3 is enough
+		res, err = e.SubjectIsAllowed(context.Background(), userHasAccess, 3)
+		require.NoError(t, err)
+		assert.True(t, res)
+
+		// global max-depth takes precedence and max-depth=2 is not enough
+		reg.Config().Set(config.KeyReadMaxDepth, 2)
 		res, err = e.SubjectIsAllowed(context.Background(), userHasAccess, 3)
 		require.NoError(t, err)
+		assert.False(t, res)
+
+		// global max-depth takes precedence and max-depth=3 is enough
+		reg.Config().Set(config.KeyReadMaxDepth, 3)
+		res, err = e.SubjectIsAllowed(context.Background(), userHasAccess, 0)
+		require.NoError(t, err)
 		assert.True(t, res)
 	})
 
@@ -102,7 +117,7 @@ func TestEngine(t *testing.T) {
 
 		e := check.NewEngine(reg)
 
-		res, err := e.SubjectIsAllowed(context.Background(), &rel, 100)
+		res, err := e.SubjectIsAllowed(context.Background(), &rel, 0)
 		require.NoError(t, err)
 		assert.True(t, res)
 	})
@@ -143,7 +158,7 @@ func TestEngine(t *testing.T) {
 			Object:    dust,
 			Subject:   &mark,
 			Namespace: sofaNamespace,
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.True(t, res)
 	})
@@ -171,7 +186,7 @@ func TestEngine(t *testing.T) {
 			Object:    rel.Object,
 			Namespace: rel.Namespace,
 			Subject:   &relationtuple.SubjectID{ID: "not " + user.ID},
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.False(t, res)
 	})
@@ -203,7 +218,7 @@ func TestEngine(t *testing.T) {
 			Relation: access.Relation,
 			Object:   object,
 			Subject:  user.Subject,
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.False(t, res)
 	})
@@ -241,7 +256,7 @@ func TestEngine(t *testing.T) {
 			Object:    diaryEntry,
 			Namespace: diaryNamespace,
 			Subject:   user.Subject,
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.False(t, res)
 	})
@@ -299,7 +314,7 @@ func TestEngine(t *testing.T) {
 			Relation:  writeRel.Relation,
 			Object:    object,
 			Subject:   &user,
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.True(t, res)
 
@@ -309,7 +324,7 @@ func TestEngine(t *testing.T) {
 			Relation:  orgMembers.Relation,
 			Object:    organization,
 			Subject:   &user,
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.True(t, res)
 	})
@@ -349,7 +364,7 @@ func TestEngine(t *testing.T) {
 			Relation: directoryAccess.Relation,
 			Object:   file,
 			Subject:  &user,
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.False(t, res)
 	})
@@ -393,7 +408,7 @@ func TestEngine(t *testing.T) {
 			Object:    obj,
 			Relation:  ownerRel,
 			Subject:   &relationtuple.SubjectID{ID: directOwner},
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.True(t, res)
 
@@ -402,7 +417,7 @@ func TestEngine(t *testing.T) {
 			Object:    obj,
 			Relation:  ownerRel,
 			Subject:   &relationtuple.SubjectID{ID: indirectOwner},
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.True(t, res)
 	})
@@ -435,7 +450,7 @@ func TestEngine(t *testing.T) {
 					Object:    obj,
 					Relation:  access,
 					Subject:   &relationtuple.SubjectID{ID: user},
-				}, 100)
+				}, 0)
 				require.NoError(t, err)
 				assert.True(t, allowed)
 
@@ -489,7 +504,7 @@ func TestEngine(t *testing.T) {
 				Relation:  access,
 				Subject:   &relationtuple.SubjectID{ID: user},
 			}
-			allowed, err := e.SubjectIsAllowed(context.Background(), req, 100)
+			allowed, err := e.SubjectIsAllowed(context.Background(), req, 0)
 			require.NoError(t, err)
 			assert.True(t, allowed, req.String())
 		}
@@ -543,7 +558,7 @@ func TestEngine(t *testing.T) {
 			Subject: &relationtuple.SubjectID{
 				ID: stations[2],
 			},
-		}, 100)
+		}, 0)
 		require.NoError(t, err)
 		assert.False(t, res)
 	})