mssun commented on a change in pull request #128: Access control in TDFS and TMS
URL: https://github.com/apache/incubator-mesatee/pull/128#discussion_r354612751
##########
File path: tests/functional_test/sgx_trusted_lib/src/tests/tdfs_test.rs
##########
@@ -33,96 +33,166 @@ pub fn save_and_read() {
let mut client = setup_tdfs_internal_client();
let data = b"abc";
- let user_id = "user1";
- let disallowed_user = "user2";
- let task_id = "task1";
+ let user_id = "fake";
+ let disallowed_user = "disallowed_user";
+ let task_id = "fake";
+ let task_token = "fake";
let allow_policy = 0;
let file_id = client
- .save_file(data, user_id, task_id, &[], allow_policy)
+ .save_file(data, user_id, task_id, task_token, &[], allow_policy)
.unwrap();
- let plaintxt = client.read_file(&file_id, None).unwrap();
+ let plaintxt = client.read_file(&file_id, task_id, task_token).unwrap();
assert_eq!(plaintxt, b"abc");
- let plaintxt = client.read_file(&file_id, Some(user_id)).unwrap();
- assert_eq!(plaintxt, b"abc");
+ let accessible = client.check_access_permission(&file_id,
user_id).unwrap();
+ assert_eq!(accessible, true);
- let read_err = client.read_file(&file_id, Some(disallowed_user));
- assert!(read_err.is_err());
+ let accessible = client
+ .check_access_permission(&file_id, disallowed_user)
+ .unwrap();
+ assert_eq!(accessible, false);
}
-pub fn check_file_permission() {
- trace!("Test tdfs: check file permission file.");
+pub fn check_user_permission() {
+ trace!("Test tdfs: check user permission.");
let mut client = setup_tdfs_internal_client();
let data = b"abcd";
- let user_id = "user1";
+ let user_id = "fake";
let disallowed_user = "user2";
- let task_id = "task1";
+ let task_id = "fake";
+ let task_token = "fake";
let allow_policy = 0;
let file_id = client
- .save_file(data, user_id, task_id, &[], allow_policy)
+ .save_file(data, user_id, task_id, task_token, &[], allow_policy)
.unwrap();
- let plaintxt = client.read_file(&file_id, None).unwrap();
+ let plaintxt = client.read_file(&file_id, task_id, task_token).unwrap();
assert_eq!(plaintxt, b"abcd");
+ let accessible = client.check_access_permission(&file_id,
&user_id).unwrap();
+ assert!(accessible);
+
let accessible = client
.check_access_permission(&file_id, &disallowed_user)
.unwrap();
assert!(!accessible);
}
+
+pub fn check_write_permission() {
+ trace!("Test tdfs: check write permission");
+ let data = b"bcd";
+ let task_id = "fake_multi_task";
+ let task_token = "fake";
+ let allow_policy = 1;
+
+ let mut client = setup_tdfs_internal_client();
+ let user_id = "fake";
+ let collaborator = "fake_file_owner";
+ let collorabor_list = vec![collaborator];
+ let disallowed_user = "user3";
+ let disallowed_collorabor_list = vec![disallowed_user];
+
+ let result = client.save_file(
+ data,
+ user_id,
+ task_id,
+ task_token,
+ &collorabor_list,
+ allow_policy,
+ );
+ assert!(result.is_ok());
Review comment:
Why do we assert the result here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
