openperm-kt/src/test/kotlin/KotlinTest.kt at main · cufyorg/openperm-kt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package org.cufy.openperm

import kotlinx.coroutines.runBlocking
import org.junit.jupiter.api.Test

// Model module

data class Grant(
    val ownerId: String,
    val value: String
)

data class MyEntity(
    val id: String,
    val ownerId: String,
    val isPublic: Boolean,
    val grants: List<Grant>
)

data class MyAccount(
    val id: String,
    val isSuspended: Boolean,
    val isAdmin: Boolean
)

// Auth module

data class MyGrantRole(
    val value: String,
    val entity: MyEntity,
    override val error: Throwable? = null
) : Role()

data class MyOwnershipRole(
    val entity: MyEntity,
    override val error: Throwable? = null
) : Role()

fun createMyAccountPrivilege(account: MyAccount) =
    Privilege { role ->
        when {
            account.isSuspended -> Privilege(false, Denial("account_suspended"))
            account.isAdmin -> Privilege(true)
            role is MyGrantRole -> Privilege(role.entity.grants.any {
                it.ownerId == account.id && it.value == role.value
            })
            role is MyOwnershipRole -> Privilege(
                role.entity.ownerId == account.id
            )
            else -> Privilege(false)
        }
    }

// Permission module

object MyEntityPermit {
    val READ = Permit<MyEntity> {
        Permit(MyGrantRole(value = "READ", entity = it, error = Denial("entity_read")))
    }
    val WRITE = Permit<MyEntity> {
        Permit(MyGrantRole(value = "WRITE", entity = it, error = Denial("entity_write")))
    }
    val OWNER = Permit<MyEntity> {
        Permit(MyOwnershipRole(entity = it, error = Denial("entity_owner")))
    }
}

object MyEntityPrerequisite {
    val PUBLIC = Permission<MyEntity> { _, target ->
        Permission(target.isPublic, Denial("entity_not_public"))
    }
}

object MyEntityPermission {
    object Read {
        val OWNER = SomePermission(
            Permission(MyEntityPermit.OWNER)
        )
        val GRANTED = SomePermission(
            Permission(MyEntityPermit.READ),
            OWNER
        )
        val ANONYMOUS = SomePermission(
            MyEntityPrerequisite.PUBLIC,
            GRANTED
        )
    }

    object Write {
        val OWNER = SomePermission(
            Permission(MyEntityPermit.OWNER)
        )
        val GRANTED = SomePermission(
            Permission(MyEntityPermit.WRITE),
            OWNER
        )
        val ANONYMOUS = SomePermission(
            MyEntityPrerequisite.PUBLIC,
            GRANTED
        )
    }
}

// Test

class KotlinTest {
    @Test
    fun main() {
        runBlocking {
            suspendMain()
        }
    }

    suspend fun suspendMain() {
        val myAccount1 = MyAccount(
            id = "MyAccount.1",
            isSuspended = false,
            isAdmin = true
        )
        val myAccount2 = MyAccount(
            id = "MyAccount.2",
            isSuspended = false,
            isAdmin = false
        )
        val myEntity1 = MyEntity(
            id = "MyEntity.1",
            ownerId = myAccount1.id,
            isPublic = false,
            grants = listOf()
        )
        val myEntity2 = MyEntity(
            id = "MyEntity.2",
            ownerId = myAccount2.id,
            isPublic = true,
            grants = listOf()
        )

        val myPrivilege1 = createMyAccountPrivilege(myAccount1)
        val myPrivilege2 = createMyAccountPrivilege(myAccount2)

        requirePermission(MyEntityPermission.Read.GRANTED, myPrivilege1, myEntity2)
    }
}