evan.jarrett.net / at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
73
fork

Configure Feed

Select the types of activity you want to include in your feed.

at-container-registry / pkg / auth / hold_authorizer_test.go
at main 90 lines 2.4 kB view raw
Evan Jarrett unit tests
b0799cd9
1package auth 2 3import ( 4 "testing" 5 6 "atcr.io/pkg/atproto" 7) 8 9func TestCheckReadAccessWithCaptain_PublicHold(t *testing.T) { 10 captain := &atproto.CaptainRecord{ 11 Public: true, 12 Owner: "did:plc:owner123", 13 } 14 15 // Public hold - anonymous user should be allowed 16 allowed := CheckReadAccessWithCaptain(captain, "") 17 if !allowed { 18 t.Error("Expected anonymous user to have read access to public hold") 19 } 20 21 // Public hold - authenticated user should be allowed 22 allowed = CheckReadAccessWithCaptain(captain, "did:plc:user123") 23 if !allowed { 24 t.Error("Expected authenticated user to have read access to public hold") 25 } 26} 27 28func TestCheckReadAccessWithCaptain_PrivateHold(t *testing.T) { 29 captain := &atproto.CaptainRecord{ 30 Public: false, 31 Owner: "did:plc:owner123", 32 } 33 34 // Private hold - anonymous user should be denied 35 allowed := CheckReadAccessWithCaptain(captain, "") 36 if allowed { 37 t.Error("Expected anonymous user to be denied read access to private hold") 38 } 39 40 // Private hold - authenticated user should be allowed 41 allowed = CheckReadAccessWithCaptain(captain, "did:plc:user123") 42 if !allowed { 43 t.Error("Expected authenticated user to have read access to private hold") 44 } 45} 46 47func TestCheckWriteAccessWithCaptain_Owner(t *testing.T) { 48 captain := &atproto.CaptainRecord{ 49 Public: false, 50 Owner: "did:plc:owner123", 51 } 52 53 // Owner should have write access 54 allowed := CheckWriteAccessWithCaptain(captain, "did:plc:owner123", false) 55 if !allowed { 56 t.Error("Expected owner to have write access") 57 } 58} 59 60func TestCheckWriteAccessWithCaptain_Crew(t *testing.T) { 61 captain := &atproto.CaptainRecord{ 62 Public: false, 63 Owner: "did:plc:owner123", 64 } 65 66 // Crew member should have write access 67 allowed := CheckWriteAccessWithCaptain(captain, "did:plc:crew123", true) 68 if !allowed { 69 t.Error("Expected crew member to have write access") 70 } 71 72 // Non-crew member should be denied 73 allowed = CheckWriteAccessWithCaptain(captain, "did:plc:user123", false) 74 if allowed { 75 t.Error("Expected non-crew member to be denied write access") 76 } 77} 78 79func TestCheckWriteAccessWithCaptain_Anonymous(t *testing.T) { 80 captain := &atproto.CaptainRecord{ 81 Public: false, 82 Owner: "did:plc:owner123", 83 } 84 85 // Anonymous user should be denied 86 allowed := CheckWriteAccessWithCaptain(captain, "", false) 87 if allowed { 88 t.Error("Expected anonymous user to be denied write access") 89 } 90}