updated Dao.CanAccessRecord to return the invalid filter or db error

2023-07-11 11:50:10 +03:00
parent 7bb33d4453
commit 3d3fe5c614
4 changed files with 73 additions and 24 deletions
--- a/daos/record_test.go
+++ b/daos/record_test.go
@@ -607,6 +607,7 @@ func TestCanAccessRecord(t *testing.T) {
 		requestData *models.RequestData
 		rule        *string
 		expected    bool
+		expectError bool
 	}{
 		{
 			"as admin with nil rule",
@@ -616,6 +617,7 @@ func TestCanAccessRecord(t *testing.T) {
 			},
 			nil,
 			true,
+			false,
 		},
 		{
 			"as admin with non-empty rule",
@@ -625,6 +627,17 @@ func TestCanAccessRecord(t *testing.T) {
 			},
 			types.Pointer("id = ''"), // the filter rule should be ignored
 			true,
+			false,
+		},
+		{
+			"as admin with invalid rule",
+			record,
+			&models.RequestData{
+				Admin: admin,
+			},
+			types.Pointer("id ?!@ 1"), // the filter rule should be ignored
+			true,
+			false,
 		},
 		{
 			"as guest with nil rule",
@@ -632,13 +645,23 @@ func TestCanAccessRecord(t *testing.T) {
 			&models.RequestData{},
 			nil,
 			false,
+			false,
 		},
 		{
 			"as guest with empty rule",
-			nil,
+			record,
 			&models.RequestData{},
 			types.Pointer(""),
 			true,
+			false,
+		},
+		{
+			"as guest with invalid rule",
+			record,
+			&models.RequestData{},
+			types.Pointer("id ?!@ 1"),
+			false,
+			true,
 		},
 		{
 			"as guest with mismatched rule",
@@ -646,6 +669,7 @@ func TestCanAccessRecord(t *testing.T) {
 			&models.RequestData{},
 			types.Pointer("@request.auth.id != ''"),
 			false,
+			false,
 		},
 		{
 			"as guest with matched rule",
@@ -655,6 +679,7 @@ func TestCanAccessRecord(t *testing.T) {
 			},
 			types.Pointer("@request.auth.id != '' || @request.data.test = 1"),
 			true,
+			false,
 		},
 		{
 			"as auth record with nil rule",
@@ -664,15 +689,27 @@ func TestCanAccessRecord(t *testing.T) {
 			},
 			nil,
 			false,
+			false,
 		},
 		{
 			"as auth record with empty rule",
-			nil,
+			record,
 			&models.RequestData{
 				AuthRecord: authRecord,
 			},
 			types.Pointer(""),
 			true,
+			false,
+		},
+		{
+			"as auth record with invalid rule",
+			record,
+			&models.RequestData{
+				AuthRecord: authRecord,
+			},
+			types.Pointer("id ?!@ 1"),
+			false,
+			true,
 		},
 		{
 			"as auth record with mismatched rule",
@@ -683,6 +720,7 @@ func TestCanAccessRecord(t *testing.T) {
 			},
 			types.Pointer("@request.auth.id != '' && @request.data.test > 1"),
 			false,
+			false,
 		},
 		{
 			"as auth record with matched rule",
@@ -693,15 +731,21 @@ func TestCanAccessRecord(t *testing.T) {
 			},
 			types.Pointer("@request.auth.id != '' && @request.data.test > 1"),
 			true,
+			false,
 		},
 	}

 	for _, s := range scenarios {
-		result := app.Dao().CanAccessRecord(s.record, s.requestData, s.rule)
+		result, err := app.Dao().CanAccessRecord(s.record, s.requestData, s.rule)

 		if result != s.expected {
 			t.Errorf("[%s] Expected %v, got %v", s.name, s.expected, result)
 		}
+
+		hasErr := err != nil
+		if hasErr != s.expectError {
+			t.Errorf("[%s] Expected hasErr %v, got %v (%v)", s.name, s.expectError, hasErr, err)
+		}
 	}
 }