mirror of
https://tangled.org/evan.jarrett.net/at-container-registry
synced 2026-04-20 08:30:29 +00:00
91 lines
2.3 KiB
Go
91 lines
2.3 KiB
Go
package auth
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"atcr.io/pkg/atproto"
|
|
)
|
|
|
|
func TestCheckReadAccessWithCaptain_PublicHold(t *testing.T) {
|
|
captain := &atproto.CaptainRecord{
|
|
Public: true,
|
|
Owner: "did:plc:owner123",
|
|
}
|
|
|
|
// Public hold - anonymous user should be allowed
|
|
allowed := CheckReadAccessWithCaptain(captain, "")
|
|
if !allowed {
|
|
t.Error("Expected anonymous user to have read access to public hold")
|
|
}
|
|
|
|
// Public hold - authenticated user should be allowed
|
|
allowed = CheckReadAccessWithCaptain(captain, "did:plc:user123")
|
|
if !allowed {
|
|
t.Error("Expected authenticated user to have read access to public hold")
|
|
}
|
|
}
|
|
|
|
func TestCheckReadAccessWithCaptain_PrivateHold(t *testing.T) {
|
|
captain := &atproto.CaptainRecord{
|
|
Public: false,
|
|
Owner: "did:plc:owner123",
|
|
}
|
|
|
|
// Private hold - anonymous user should be denied
|
|
allowed := CheckReadAccessWithCaptain(captain, "")
|
|
if allowed {
|
|
t.Error("Expected anonymous user to be denied read access to private hold")
|
|
}
|
|
|
|
// Private hold - authenticated user should be allowed
|
|
allowed = CheckReadAccessWithCaptain(captain, "did:plc:user123")
|
|
if !allowed {
|
|
t.Error("Expected authenticated user to have read access to private hold")
|
|
}
|
|
}
|
|
|
|
func TestCheckWriteAccessWithCaptain_Owner(t *testing.T) {
|
|
captain := &atproto.CaptainRecord{
|
|
Public: false,
|
|
Owner: "did:plc:owner123",
|
|
}
|
|
|
|
// Owner should have write access
|
|
allowed := CheckWriteAccessWithCaptain(captain, "did:plc:owner123", false)
|
|
if !allowed {
|
|
t.Error("Expected owner to have write access")
|
|
}
|
|
}
|
|
|
|
func TestCheckWriteAccessWithCaptain_Crew(t *testing.T) {
|
|
captain := &atproto.CaptainRecord{
|
|
Public: false,
|
|
Owner: "did:plc:owner123",
|
|
}
|
|
|
|
// Crew member should have write access
|
|
allowed := CheckWriteAccessWithCaptain(captain, "did:plc:crew123", true)
|
|
if !allowed {
|
|
t.Error("Expected crew member to have write access")
|
|
}
|
|
|
|
// Non-crew member should be denied
|
|
allowed = CheckWriteAccessWithCaptain(captain, "did:plc:user123", false)
|
|
if allowed {
|
|
t.Error("Expected non-crew member to be denied write access")
|
|
}
|
|
}
|
|
|
|
func TestCheckWriteAccessWithCaptain_Anonymous(t *testing.T) {
|
|
captain := &atproto.CaptainRecord{
|
|
Public: false,
|
|
Owner: "did:plc:owner123",
|
|
}
|
|
|
|
// Anonymous user should be denied
|
|
allowed := CheckWriteAccessWithCaptain(captain, "", false)
|
|
if allowed {
|
|
t.Error("Expected anonymous user to be denied write access")
|
|
}
|
|
}
|