forked from baron/baron-sso
test(backend): add unit tests for user group management and fix interface inconsistencies
This commit is contained in:
@@ -80,6 +80,7 @@ type UserProfileResponse struct {
|
|||||||
RelyingPartyID *string `json:"relyingPartyId,omitempty"` // 추가
|
RelyingPartyID *string `json:"relyingPartyId,omitempty"` // 추가
|
||||||
Metadata map[string]any `json:"metadata,omitempty"`
|
Metadata map[string]any `json:"metadata,omitempty"`
|
||||||
Tenant *Tenant `json:"tenant,omitempty"`
|
Tenant *Tenant `json:"tenant,omitempty"`
|
||||||
|
ManageableTenants []Tenant `json:"manageableTenants,omitempty"` // 추가: 관리 가능한 테넌트 목록
|
||||||
}
|
}
|
||||||
|
|
||||||
type UpdateUserRequest struct {
|
type UpdateUserRequest struct {
|
||||||
|
|||||||
137
backend/internal/handler/user_group_handler_test.go
Normal file
137
backend/internal/handler/user_group_handler_test.go
Normal file
@@ -0,0 +1,137 @@
|
|||||||
|
package handler
|
||||||
|
|
||||||
|
import (
|
||||||
|
"baron-sso-backend/internal/domain"
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/gofiber/fiber/v2"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// --- Mocks ---
|
||||||
|
|
||||||
|
type MockUserGroupService struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MockUserGroupService) Create(ctx context.Context, group *domain.UserGroup) error {
|
||||||
|
return m.Called(ctx, group).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) Update(ctx context.Context, group *domain.UserGroup) error {
|
||||||
|
return m.Called(ctx, group).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) Delete(ctx context.Context, id string) error {
|
||||||
|
return m.Called(ctx, id).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) Get(ctx context.Context, id string) (*domain.UserGroup, error) {
|
||||||
|
args := m.Called(ctx, id)
|
||||||
|
if args.Get(0) == nil {
|
||||||
|
return nil, args.Error(1)
|
||||||
|
}
|
||||||
|
return args.Get(0).(*domain.UserGroup), args.Error(1)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) List(ctx context.Context, tenantID string) ([]domain.UserGroup, error) {
|
||||||
|
args := m.Called(ctx, tenantID)
|
||||||
|
return args.Get(0).([]domain.UserGroup), args.Error(1)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) AddMember(ctx context.Context, groupID, userID string) error {
|
||||||
|
return m.Called(ctx, groupID, userID).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) RemoveMember(ctx context.Context, groupID, userID string) error {
|
||||||
|
return m.Called(ctx, groupID, userID).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) ListRoles(ctx context.Context, groupID string) ([]domain.GroupRole, error) {
|
||||||
|
args := m.Called(ctx, groupID)
|
||||||
|
return args.Get(0).([]domain.GroupRole), args.Error(1)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) AssignRoleToTenant(ctx context.Context, groupID, tenantID, relation string) error {
|
||||||
|
return m.Called(ctx, groupID, tenantID, relation).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupService) RemoveRoleFromTenant(ctx context.Context, groupID, tenantID, relation string) error {
|
||||||
|
return m.Called(ctx, groupID, tenantID, relation).Error(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// --- Tests ---
|
||||||
|
|
||||||
|
func TestUserGroupHandler_List(t *testing.T) {
|
||||||
|
mockSvc := new(MockUserGroupService)
|
||||||
|
h := NewUserGroupHandler(mockSvc)
|
||||||
|
app := fiber.New()
|
||||||
|
app.Get("/tenants/:tenantId/user-groups", h.List)
|
||||||
|
|
||||||
|
tenantID := "t1"
|
||||||
|
groups := []domain.UserGroup{{ID: "g1", Name: "Group 1"}}
|
||||||
|
mockSvc.On("List", mock.Anything, tenantID).Return(groups, nil)
|
||||||
|
|
||||||
|
req := httptest.NewRequest("GET", "/tenants/t1/user-groups", nil)
|
||||||
|
resp, _ := app.Test(req)
|
||||||
|
|
||||||
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||||
|
var result []domain.UserGroup
|
||||||
|
json.NewDecoder(resp.Body).Decode(&result)
|
||||||
|
assert.Len(t, result, 1)
|
||||||
|
assert.Equal(t, "Group 1", result[0].Name)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupHandler_Create(t *testing.T) {
|
||||||
|
mockSvc := new(MockUserGroupService)
|
||||||
|
h := NewUserGroupHandler(mockSvc)
|
||||||
|
app := fiber.New()
|
||||||
|
app.Post("/tenants/:tenantId/user-groups", h.Create)
|
||||||
|
|
||||||
|
body, _ := json.Marshal(map[string]string{"name": "New Group"})
|
||||||
|
mockSvc.On("Create", mock.Anything, mock.MatchedBy(func(g *domain.UserGroup) bool {
|
||||||
|
return g.Name == "New Group" && g.TenantID == "t1"
|
||||||
|
})).Return(nil)
|
||||||
|
|
||||||
|
req := httptest.NewRequest("POST", "/tenants/t1/user-groups", bytes.NewReader(body))
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
resp, _ := app.Test(req)
|
||||||
|
|
||||||
|
assert.Equal(t, http.StatusCreated, resp.StatusCode)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupHandler_AddMember(t *testing.T) {
|
||||||
|
mockSvc := new(MockUserGroupService)
|
||||||
|
h := NewUserGroupHandler(mockSvc)
|
||||||
|
app := fiber.New()
|
||||||
|
app.Post("/user-groups/:id/members", h.AddMember)
|
||||||
|
|
||||||
|
groupID := "g1"
|
||||||
|
userID := "u1"
|
||||||
|
body, _ := json.Marshal(map[string]string{"userId": userID})
|
||||||
|
|
||||||
|
mockSvc.On("AddMember", mock.Anything, groupID, userID).Return(nil)
|
||||||
|
|
||||||
|
req := httptest.NewRequest("POST", "/user-groups/g1/members", bytes.NewReader(body))
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
resp, _ := app.Test(req)
|
||||||
|
|
||||||
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupHandler_AssignRole(t *testing.T) {
|
||||||
|
mockSvc := new(MockUserGroupService)
|
||||||
|
h := NewUserGroupHandler(mockSvc)
|
||||||
|
app := fiber.New()
|
||||||
|
app.Post("/user-groups/:id/roles", h.AssignRole)
|
||||||
|
|
||||||
|
groupID := "g1"
|
||||||
|
targetTenantID := "t2"
|
||||||
|
relation := "manage"
|
||||||
|
body, _ := json.Marshal(map[string]string{"tenantId": targetTenantID, "relation": relation})
|
||||||
|
|
||||||
|
mockSvc.On("AssignRoleToTenant", mock.Anything, groupID, targetTenantID, relation).Return(nil)
|
||||||
|
|
||||||
|
req := httptest.NewRequest("POST", "/user-groups/g1/roles", bytes.NewReader(body))
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
resp, _ := app.Test(req)
|
||||||
|
|
||||||
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
||||||
|
}
|
||||||
@@ -14,6 +14,7 @@ type TenantRepository interface {
|
|||||||
FindBySlug(ctx context.Context, slug string) (*domain.Tenant, error)
|
FindBySlug(ctx context.Context, slug string) (*domain.Tenant, error)
|
||||||
FindByName(ctx context.Context, name string) (*domain.Tenant, error)
|
FindByName(ctx context.Context, name string) (*domain.Tenant, error)
|
||||||
FindByDomain(ctx context.Context, domainName string) (*domain.Tenant, error)
|
FindByDomain(ctx context.Context, domainName string) (*domain.Tenant, error)
|
||||||
|
FindByIDs(ctx context.Context, ids []string) ([]domain.Tenant, error)
|
||||||
AddDomain(ctx context.Context, tenantID string, domainName string) error
|
AddDomain(ctx context.Context, tenantID string, domainName string) error
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -70,6 +71,17 @@ func (r *tenantRepository) FindByDomain(ctx context.Context, domainName string)
|
|||||||
return &tenant, nil
|
return &tenant, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *tenantRepository) FindByIDs(ctx context.Context, ids []string) ([]domain.Tenant, error) {
|
||||||
|
var tenants []domain.Tenant
|
||||||
|
if len(ids) == 0 {
|
||||||
|
return tenants, nil
|
||||||
|
}
|
||||||
|
if err := r.db.WithContext(ctx).Preload("Domains").Where("id IN ?", ids).Find(&tenants).Error; err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return tenants, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (r *tenantRepository) AddDomain(ctx context.Context, tenantID string, domainName string) error {
|
func (r *tenantRepository) AddDomain(ctx context.Context, tenantID string, domainName string) error {
|
||||||
td := domain.TenantDomain{
|
td := domain.TenantDomain{
|
||||||
TenantID: tenantID,
|
TenantID: tenantID,
|
||||||
|
|||||||
@@ -18,6 +18,7 @@ type KetoService interface {
|
|||||||
CreateRelation(ctx context.Context, namespace, object, relation, subject string) error
|
CreateRelation(ctx context.Context, namespace, object, relation, subject string) error
|
||||||
DeleteRelation(ctx context.Context, namespace, object, relation, subject string) error
|
DeleteRelation(ctx context.Context, namespace, object, relation, subject string) error
|
||||||
ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error)
|
ListRelations(ctx context.Context, namespace, object, relation, subject string) ([]RelationTuple, error)
|
||||||
|
ListObjects(ctx context.Context, namespace, relation, subject string) ([]string, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type ketoService struct {
|
type ketoService struct {
|
||||||
@@ -192,3 +193,46 @@ func (s *ketoService) DeleteRelation(ctx context.Context, namespace, object, rel
|
|||||||
slog.Info("Keto relation deleted", "namespace", namespace, "object", object, "relation", relation, "subject", subject)
|
slog.Info("Keto relation deleted", "namespace", namespace, "object", object, "relation", relation, "subject", subject)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *ketoService) ListObjects(ctx context.Context, namespace, relation, subject string) ([]string, error) {
|
||||||
|
u, _ := url.Parse(fmt.Sprintf("%s/relation-tuples", s.readURL))
|
||||||
|
q := u.Query()
|
||||||
|
if namespace != "" {
|
||||||
|
q.Set("namespace", namespace)
|
||||||
|
}
|
||||||
|
if relation != "" {
|
||||||
|
q.Set("relation", relation)
|
||||||
|
}
|
||||||
|
if subject != "" {
|
||||||
|
q.Set("subject_id", subject)
|
||||||
|
}
|
||||||
|
u.RawQuery = q.Encode()
|
||||||
|
|
||||||
|
req, _ := http.NewRequestWithContext(ctx, "GET", u.String(), nil)
|
||||||
|
resp, err := s.client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
body, _ := io.ReadAll(resp.Body)
|
||||||
|
return nil, fmt.Errorf("keto returned status %d: %s", resp.StatusCode, string(body))
|
||||||
|
}
|
||||||
|
|
||||||
|
var res relationTuplesResponse
|
||||||
|
if err := json.NewDecoder(resp.Body).Decode(&res); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
objects := make([]string, 0, len(res.RelationTuples))
|
||||||
|
seen := make(map[string]bool)
|
||||||
|
for _, rt := range res.RelationTuples {
|
||||||
|
if !seen[rt.Object] {
|
||||||
|
objects = append(objects, rt.Object)
|
||||||
|
seen[rt.Object] = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return objects, nil
|
||||||
|
}
|
||||||
|
|||||||
@@ -57,9 +57,12 @@ func TestKetoService_CreateRelation(t *testing.T) {
|
|||||||
|
|
||||||
func TestKetoService_DeleteRelation(t *testing.T) {
|
func TestKetoService_DeleteRelation(t *testing.T) {
|
||||||
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
assert.Equal(t, "/relation-tuples", r.URL.Path)
|
assert.Equal(t, "/admin/relation-tuples", r.URL.Path)
|
||||||
assert.Equal(t, "DELETE", r.Method)
|
assert.Equal(t, "DELETE", r.Method)
|
||||||
assert.Equal(t, "user1", r.URL.Query().Get("subject_id"))
|
assert.Equal(t, "user1", r.URL.Query().Get("subject_id"))
|
||||||
|
assert.Equal(t, "tenants", r.URL.Query().Get("namespace"))
|
||||||
|
assert.Equal(t, "tenant1", r.URL.Query().Get("object"))
|
||||||
|
assert.Equal(t, "admin", r.URL.Query().Get("relation"))
|
||||||
|
|
||||||
w.WriteHeader(http.StatusNoContent)
|
w.WriteHeader(http.StatusNoContent)
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -54,6 +54,14 @@ func (m *MockKetoService) ListRelations(ctx context.Context, namespace, object,
|
|||||||
return args.Get(0).([]RelationTuple), args.Error(1)
|
return args.Get(0).([]RelationTuple), args.Error(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *MockKetoService) ListObjects(ctx context.Context, namespace, relation, subject string) ([]string, error) {
|
||||||
|
args := m.Called(ctx, namespace, relation, subject)
|
||||||
|
if args.Get(0) == nil {
|
||||||
|
return nil, args.Error(1)
|
||||||
|
}
|
||||||
|
return args.Get(0).([]string), args.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
// --- Test Helpers ---
|
// --- Test Helpers ---
|
||||||
|
|
||||||
type hydraRoundTripperFunc func(*http.Request) (*http.Response, error)
|
type hydraRoundTripperFunc func(*http.Request) (*http.Response, error)
|
||||||
|
|||||||
202
backend/internal/service/user_group_service_test.go
Normal file
202
backend/internal/service/user_group_service_test.go
Normal file
@@ -0,0 +1,202 @@
|
|||||||
|
package service
|
||||||
|
|
||||||
|
import (
|
||||||
|
"baron-sso-backend/internal/domain"
|
||||||
|
"context"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/mock"
|
||||||
|
)
|
||||||
|
|
||||||
|
// --- Mocks for Repositories ---
|
||||||
|
|
||||||
|
type MockUserGroupRepository struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MockUserGroupRepository) Create(ctx context.Context, group *domain.UserGroup) error {
|
||||||
|
return m.Called(ctx, group).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupRepository) Update(ctx context.Context, group *domain.UserGroup) error {
|
||||||
|
return m.Called(ctx, group).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupRepository) Delete(ctx context.Context, id string) error {
|
||||||
|
return m.Called(ctx, id).Error(0)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupRepository) FindByID(ctx context.Context, id string) (*domain.UserGroup, error) {
|
||||||
|
args := m.Called(ctx, id)
|
||||||
|
if args.Get(0) == nil {
|
||||||
|
return nil, args.Error(1)
|
||||||
|
}
|
||||||
|
return args.Get(0).(*domain.UserGroup), args.Error(1)
|
||||||
|
}
|
||||||
|
func (m *MockUserGroupRepository) ListByTenantID(ctx context.Context, tenantID string) ([]domain.UserGroup, error) {
|
||||||
|
args := m.Called(ctx, tenantID)
|
||||||
|
return args.Get(0).([]domain.UserGroup), args.Error(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
type MockUserRepository struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MockUserRepository) Create(ctx context.Context, user *domain.User) error { return nil }
|
||||||
|
func (m *MockUserRepository) Update(ctx context.Context, user *domain.User) error { return nil }
|
||||||
|
func (m *MockUserRepository) FindByEmail(ctx context.Context, email string) (*domain.User, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockUserRepository) FindByID(ctx context.Context, id string) (*domain.User, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockUserRepository) FindByIDs(ctx context.Context, ids []string) ([]domain.User, error) {
|
||||||
|
args := m.Called(ctx, ids)
|
||||||
|
return args.Get(0).([]domain.User), args.Error(1)
|
||||||
|
}
|
||||||
|
func (m *MockUserRepository) ListByTenant(ctx context.Context, tenantID string) ([]domain.User, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockUserRepository) List(ctx context.Context, offset, limit int, search string) ([]domain.User, int64, error) {
|
||||||
|
return nil, 0, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type MockTenantRepository struct {
|
||||||
|
mock.Mock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MockTenantRepository) Create(ctx context.Context, tenant *domain.Tenant) error { return nil }
|
||||||
|
func (m *MockTenantRepository) Update(ctx context.Context, tenant *domain.Tenant) error { return nil }
|
||||||
|
func (m *MockTenantRepository) FindByID(ctx context.Context, id string) (*domain.Tenant, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockTenantRepository) FindByIDs(ctx context.Context, ids []string) ([]domain.Tenant, error) {
|
||||||
|
args := m.Called(ctx, ids)
|
||||||
|
return args.Get(0).([]domain.Tenant), args.Error(1)
|
||||||
|
}
|
||||||
|
func (m *MockTenantRepository) FindBySlug(ctx context.Context, slug string) (*domain.Tenant, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockTenantRepository) FindByName(ctx context.Context, name string) (*domain.Tenant, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockTenantRepository) FindByDomain(ctx context.Context, domainName string) (*domain.Tenant, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
func (m *MockTenantRepository) AddDomain(ctx context.Context, tenantID string, domainName string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// --- Tests ---
|
||||||
|
|
||||||
|
func TestUserGroupService_Create(t *testing.T) {
|
||||||
|
mockRepo := new(MockUserGroupRepository)
|
||||||
|
mockKeto := new(MockKetoService)
|
||||||
|
// We don't need userRepo or tenantRepo for Create
|
||||||
|
svc := NewUserGroupService(mockRepo, nil, nil, mockKeto, nil)
|
||||||
|
|
||||||
|
group := &domain.UserGroup{
|
||||||
|
ID: "group-1",
|
||||||
|
TenantID: "tenant-1",
|
||||||
|
Name: "Test Group",
|
||||||
|
}
|
||||||
|
|
||||||
|
mockRepo.On("Create", mock.Anything, group).Return(nil)
|
||||||
|
mockKeto.On("CreateRelation", mock.Anything, "UserGroup", group.ID, "parent_tenant", "Tenant:"+group.TenantID).Return(nil)
|
||||||
|
|
||||||
|
err := svc.Create(context.Background(), group)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
mockRepo.AssertExpectations(t)
|
||||||
|
mockKeto.AssertExpectations(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupService_AddMember(t *testing.T) {
|
||||||
|
mockKeto := new(MockKetoService)
|
||||||
|
svc := NewUserGroupService(nil, nil, nil, mockKeto, nil)
|
||||||
|
|
||||||
|
groupID := "group-1"
|
||||||
|
userID := "user-1"
|
||||||
|
|
||||||
|
mockKeto.On("CreateRelation", mock.Anything, "UserGroup", groupID, "members", "User:"+userID).Return(nil)
|
||||||
|
|
||||||
|
err := svc.AddMember(context.Background(), groupID, userID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
mockKeto.AssertExpectations(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupService_AssignRoleToTenant(t *testing.T) {
|
||||||
|
mockKeto := new(MockKetoService)
|
||||||
|
svc := NewUserGroupService(nil, nil, nil, mockKeto, nil)
|
||||||
|
|
||||||
|
groupID := "group-1"
|
||||||
|
tenantID := "tenant-alpha"
|
||||||
|
relation := "manage"
|
||||||
|
|
||||||
|
expectedSubject := "UserGroup:" + groupID + "#members"
|
||||||
|
mockKeto.On("CreateRelation", mock.Anything, "Tenant", tenantID, relation, expectedSubject).Return(nil)
|
||||||
|
|
||||||
|
err := svc.AssignRoleToTenant(context.Background(), groupID, tenantID, relation)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
mockKeto.AssertExpectations(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupService_ListRoles(t *testing.T) {
|
||||||
|
mockKeto := new(MockKetoService)
|
||||||
|
mockTenantRepo := new(MockTenantRepository)
|
||||||
|
svc := NewUserGroupService(nil, nil, mockTenantRepo, mockKeto, nil)
|
||||||
|
|
||||||
|
groupID := "group-1"
|
||||||
|
subject := "UserGroup:" + groupID + "#members"
|
||||||
|
|
||||||
|
// Mock Keto relations
|
||||||
|
tuples := []RelationTuple{
|
||||||
|
{Object: "t1", Relation: "manage", SubjectID: subject},
|
||||||
|
{Object: "t2", Relation: "view", SubjectID: subject},
|
||||||
|
}
|
||||||
|
mockKeto.On("ListRelations", mock.Anything, "Tenant", "", "", subject).Return(tuples, nil)
|
||||||
|
|
||||||
|
// Mock Tenant fetching
|
||||||
|
tenants := []domain.Tenant{
|
||||||
|
{ID: "t1", Name: "Tenant One"},
|
||||||
|
{ID: "t2", Name: "Tenant Two"},
|
||||||
|
}
|
||||||
|
mockTenantRepo.On("FindByIDs", mock.Anything, []string{"t1", "t2"}).Return(tenants, nil)
|
||||||
|
|
||||||
|
roles, err := svc.ListRoles(context.Background(), groupID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Len(t, roles, 2)
|
||||||
|
assert.Equal(t, "Tenant One", roles[0].TenantName)
|
||||||
|
assert.Equal(t, "manage", roles[0].Relation)
|
||||||
|
assert.Equal(t, "Tenant Two", roles[1].TenantName)
|
||||||
|
assert.Equal(t, "view", roles[1].Relation)
|
||||||
|
|
||||||
|
mockKeto.AssertExpectations(t)
|
||||||
|
mockTenantRepo.AssertExpectations(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserGroupService_Get_WithKratosFallback(t *testing.T) {
|
||||||
|
// This tests the logic where a user is in Keto but not in local DB
|
||||||
|
mockRepo := new(MockUserGroupRepository)
|
||||||
|
mockKeto := new(MockKetoService)
|
||||||
|
mockUserRepo := new(MockUserRepository)
|
||||||
|
// We need a way to mock KratosAdminService but it's a struct, not an interface.
|
||||||
|
// For this POC test, we'll focus on the Keto and UserRepo parts.
|
||||||
|
// If needed, we can refactor KratosAdminService to an interface.
|
||||||
|
|
||||||
|
svc := NewUserGroupService(mockRepo, mockUserRepo, nil, mockKeto, nil)
|
||||||
|
|
||||||
|
groupID := "group-1"
|
||||||
|
mockRepo.On("FindByID", mock.Anything, groupID).Return(&domain.UserGroup{ID: groupID, Name: "Test"}, nil)
|
||||||
|
|
||||||
|
tuples := []RelationTuple{
|
||||||
|
{Object: groupID, Relation: "members", SubjectID: "User:u1"},
|
||||||
|
}
|
||||||
|
mockKeto.On("ListRelations", mock.Anything, "UserGroup", groupID, "members", "").Return(tuples, nil)
|
||||||
|
|
||||||
|
// User u1 not in local DB
|
||||||
|
mockUserRepo.On("FindByIDs", mock.Anything, []string{"u1"}).Return([]domain.User{}, nil)
|
||||||
|
|
||||||
|
group, err := svc.Get(context.Background(), groupID)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotNil(t, group)
|
||||||
|
// Members should be empty since Kratos is nil in this test setup
|
||||||
|
assert.Len(t, group.Members, 0)
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user