Finish the test suite. This should now be fairly comprehensive.

1 files changed, 261 insertions, 1 deletions

diff --git a/perl/t/server.t b/perl/t/server.t
index 4aeff11..d7a2dce 100755
--- a/perl/t/server.t
+++ b/perl/t/server.t
@@ -3,7 +3,7 @@
 #
 # t/server.t -- Tests for the wallet server API.
 
-use Test::More tests => 85;
+use Test::More tests => 198;
 
 use DBD::SQLite;
 use Wallet::Config;
@@ -128,6 +128,25 @@ is ($server->destroy ('base', 'service/test'), 1,
 is ($server->destroy ('base', 'service/test'), undef, ' but not twice');
 is ($server->error, 'cannot find base:service/test', ' with the right error');
 
+# Test manipulating expires.
+my $now = time;
+is ($server->expires ('base', 'service/test'), undef,
+    'Retrieving expires on an unknown object fails');
+is ($server->error, 'cannot find base:service/test', ' with the right error');
+is ($server->expires ('base', 'service/test', $now), undef,
+    ' and setting it also fails');
+is ($server->error, 'cannot find base:service/test', ' with the right error');
+is ($server->expires ('base', 'service/admin'), undef,
+    'Retrieving expires for the right object returns undef');
+is ($server->error, undef, ' but there is no error');
+is ($server->expires ('base', 'service/admin', $now), 1,
+    ' and we can set it');
+is ($server->expires ('base', 'service/admin'), $now,
+    ' and get the value back');
+is ($server->expires ('base', 'service/admin', ''), 1, ' and clear it');
+is ($server->expires ('base', 'service/admin'), undef, ' and now it is gone');
+is ($server->error, undef, ' and still no error');
+
 # Because we're admin, we should be able to show one of these objects, but we
 # still shouldn't be able to get or store since there are no ACLs.
 is ($server->show ('base', 'service/test'), undef,
@@ -176,6 +195,247 @@ is ($server->acl ('base', 'service/admin', 'get', ''), 1,
 is ($server->get ('base', 'service/admin'), undef, ' and now get fails');
 is ($server->error, "$admin not authorized to get base:service/admin",
     ' with the right error');
+is ($server->acl ('base', 'service/admin', 'store', 'ADMIN'), 1,
+    'Setting the store ACL works');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' and now store fails');
+is ($server->error,
+    "cannot store base:service/admin: object type is immutable",
+    ' with a different error message');
+is ($server->get ('base', 'service/admin'), undef, ' and get still fails');
+is ($server->error, "$admin not authorized to get base:service/admin",
+    ' with the right error');
+is ($server->acl ('base', 'service/admin', 'store', ''), 1,
+    'Clearing the ACL works');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' and storing the object now fails');
+is ($server->error, "$admin not authorized to store base:service/admin",
+    ' with the right error');
+
+# Test manipulating the owner.
+is ($server->owner ('base', 'service/test'), undef,
+    'Owner of nonexistent object fails');
+is ($server->error, 'cannot find base:service/test', ' with the right error');
+is ($server->owner ('base', 'service/test', 'ADMIN'), undef,
+    ' as does setting it');
+is ($server->error, 'cannot find base:service/test', ' with the right error');
+is ($server->owner ('base', 'service/admin'), undef,
+    'Owner of existing object is also undef');
+is ($server->error, undef, ' but there is no error');
+is ($server->owner ('base', 'service/admin', 'test2'), undef,
+    'Setting it to an unknown ACL fails');
+is ($server->error, 'ACL test2 not found', ' with the right error');
+is ($server->owner ('base', 'service/admin', 'ADMIN'), 1,
+    'Setting it to ADMIN works');
+$result = eval { $server->get ('base', 'service/admin') };
+is ($result, undef, ' and get still fails');
+is ($@, "Do not instantiate Wallet::Object::Base directly\n",
+    ' but the method is called');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' and now store fails');
+is ($server->error,
+    "cannot store base:service/admin: object type is immutable",
+    ' with a different error message');
+is ($server->acl ('base', 'service/admin', 'get', 'empty'), 1,
+    'Setting the get ACL succeeds');
+is ($server->get ('base', 'service/admin'), undef, ' and get now fails');
+is ($server->error, "$admin not authorized to get base:service/admin",
+    ' with the right error');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' but store fails');
+is ($server->error,
+    "cannot store base:service/admin: object type is immutable",
+    ' with the same error message');
+is ($server->acl ('base', 'service/admin', 'store', 'empty'), 1,
+    ' until we do the same thing with store');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' and now store fails');
+is ($server->error, "$admin not authorized to store base:service/admin",
+    ' due to permissions');
+is ($server->acl ('base', 'service/admin', 'store', ''), 1,
+    'Clearing the store ACL works');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' and fixes that');
+is ($server->error,
+    "cannot store base:service/admin: object type is immutable",
+    ' since we are back to immutable');
+is ($server->owner ('base', 'service/admin', ''), 1,
+    ' but clearing the owner works');
+is ($server->store ('base', 'service/admin', 'stuff'), undef,
+    ' and now store fails');
+is ($server->error, "$admin not authorized to store base:service/admin",
+    ' due to permissions again');
+
+# Now let's set up some additional ACLs for future tests.
+is ($server->owner ('base', 'service/user1', 'user1'), 1, 'Set user1 owner');
+is ($server->owner ('base', 'service/user2', 'user2'), 1, 'Set user2 owner');
+is ($server->owner ('base', 'service/both', 'both'), 1, 'Set both owner');
+is ($server->acl ('base', 'service/both', 'show', 'user1'), 1, ' and show');
+is ($server->acl ('base', 'service/both', 'destroy', 'user2'), 1,
+    ' and destroy');
+
+# Okay, now we can switch users and be sure we don't have admin rights.
+$server = eval { Wallet::Server->new ($user1, $host) };
+is ($@, '', 'Switching users works');
+is ($server->acl_create ('new'), undef, ' and now we cannot create ACLs');
+is ($server->error, "$user1 not authorized to create ACL", ' with error');
+is ($server->acl_rename ('user1', 'alice'), undef, ' or rename ACLs');
+is ($server->error, "$user1 not authorized to rename ACL user1",
+    ' with error');
+is ($server->acl_destroy ('user2'), undef, ' or destroy ACLs');
+is ($server->error, "$user1 not authorized to destroy ACL user2",
+    ' with error');
+is ($server->acl_add ('user1', 'krb5', $user2), undef, ' or add to ACLs');
+is ($server->error, "$user1 not authorized to add to ACL user1",
+    ' with error');
+is ($server->acl_remove ('user1', 'krb5', $user1), undef,
+    ' or remove from ACLs');
+is ($server->error, "$user1 not authorized to remove from ACL user1",
+    ' with error');
+is ($server->create ('base', 'service/test'), undef,
+    ' nor can we create objects');
+is ($server->error, "$user1 not authorized to create base:service/test",
+    ' with error');
+is ($server->destroy ('base', 'service/user1'), undef,
+    ' or destroy objects');
+is ($server->error, "$user1 not authorized to destroy base:service/user1",
+    ' with error');
+is ($server->owner ('base', 'service/user1', 'user2'), undef,
+    ' or set the owner');
+is ($server->error,
+    "$user1 not authorized to set owner for base:service/user1",
+    ' with error');
+is ($server->expires ('base', 'service/user1', $now), undef,
+    ' or set expires');
+is ($server->error,
+    "$user1 not authorized to set expires for base:service/user1",
+    ' with error');
+is ($server->acl ('base', 'service/user1', 'get', 'user1'), undef,
+    ' or set an ACL');
+is ($server->error,
+    "$user1 not authorized to set ACL for base:service/user1",
+    ' with error');
+
+# However, we can perform object actions on things we own.
+$result = eval { $server->get ('base', 'service/user1') };
+is ($result, undef, 'We can get an object we own');
+is ($@, "Do not instantiate Wallet::Object::Base directly\n",
+    ' and the method is called');
+is ($server->store ('base', 'service/user1', 'stuff'), undef,
+    ' or store an object we own');
+is ($server->error,
+    "cannot store base:service/user1: object type is immutable",
+    ' and the method is called');
+$show = $server->show ('base', 'service/user1');
+$show =~ s/(Created on:) \d+$/$1 0/;
+$expected = <<"EOO";
+           Type: base
+           Name: service/user1
+          Owner: user1
+     Created by: $admin
+   Created from: $host
+     Created on: 0
+EOO
+is ($show, $expected, ' and show an object we own');
+
+# But not on things we don't own.
+is ($server->get ('base', 'service/user2'), undef,
+    'But we cannot get an object we do not own');
+is ($server->error, "$user1 not authorized to get base:service/user2",
+    ' with the right error');
+is ($server->store ('base', 'service/user2', 'stuff'), undef,
+    ' or store it');
+is ($server->error, "$user1 not authorized to store base:service/user2",
+    ' with the right error');
+is ($server->show ('base', 'service/user2'), undef, ' or show it');
+is ($server->error, "$user1 not authorized to show base:service/user2",
+    ' with the right error');
+
+# And only some things on an object we own with some ACLs.
+$result = eval { $server->get ('base', 'service/both') };
+is ($result, undef, 'We can get an object we jointly own');
+is ($@, "Do not instantiate Wallet::Object::Base directly\n",
+    ' and the method is called');
+is ($server->store ('base', 'service/both', 'stuff'), undef,
+    ' or store an object we jointly own');
+is ($server->error,
+    "cannot store base:service/both: object type is immutable",
+    ' and the method is called');
+$show = $server->show ('base', 'service/both');
+$show =~ s/(Created on:) \d+$/$1 0/;
+$expected = <<"EOO";
+           Type: base
+           Name: service/both
+          Owner: both
+       Show ACL: user1
+    Destroy ACL: user2
+     Created by: $admin
+   Created from: $host
+     Created on: 0
+EOO
+is ($show, $expected, ' and show an object we jointly own');
+is ($server->destroy ('base', 'service/both'), undef,
+    ' but not destroy it');
+is ($server->error, "$user1 not authorized to destroy base:service/both",
+    ' due to permissions');
+
+# Now switch to the other user and make sure we can do things on objects we
+# own.
+$server = eval { Wallet::Server->new ($user2, $host) };
+is ($@, '', 'Switching users works');
+$result = eval { $server->get ('base', 'service/user2') };
+is ($result, undef, 'We can get an object we own');
+is ($@, "Do not instantiate Wallet::Object::Base directly\n",
+    ' and the method is called');
+is ($server->store ('base', 'service/user2', 'stuff'), undef,
+    ' or store an object we own');
+is ($server->error,
+    "cannot store base:service/user2: object type is immutable",
+    ' and the method is called');
+$show = $server->show ('base', 'service/user2');
+$show =~ s/(Created on:) \d+$/$1 0/;
+$expected = <<"EOO";
+           Type: base
+           Name: service/user2
+          Owner: user2
+     Created by: $admin
+   Created from: $host
+     Created on: 0
+EOO
+is ($show, $expected, ' and show an object we own');
+
+# But not on things we don't own.
+is ($server->get ('base', 'service/user1'), undef,
+    'But we cannot get an object we do not own');
+is ($server->error, "$user2 not authorized to get base:service/user1",
+    ' with the right error');
+is ($server->store ('base', 'service/user1', 'stuff'), undef,
+    ' or store it');
+is ($server->error, "$user2 not authorized to store base:service/user1",
+    ' with the right error');
+is ($server->show ('base', 'service/user1'), undef, ' or show it');
+is ($server->error, "$user2 not authorized to show base:service/user1",
+    ' with the right error');
+
+# And only some things on an object we own with some ACLs.
+$result = eval { $server->get ('base', 'service/both') };
+is ($result, undef, 'We can get an object we jointly own');
+is ($@, "Do not instantiate Wallet::Object::Base directly\n",
+    ' and the method is called');
+is ($server->store ('base', 'service/both', 'stuff'), undef,
+    ' or store an object we jointly own');
+is ($server->error,
+    "cannot store base:service/both: object type is immutable",
+    ' and the method is called');
+is ($server->show ('base', 'service/both'), undef, ' but we cannot show it');
+is ($server->error, "$user2 not authorized to show base:service/both",
+    ' with the right error');
+is ($server->destroy ('base', 'service/both'), 1, ' and we can destroy it');
+is ($server->get ('base', 'service/both'), undef, ' and now cannot get it');
+is ($server->error, 'cannot find base:service/both', ' because it is gone');
+is ($server->store ('base', 'service/both', 'stuff'), undef,
+    ' or store it');
+is ($server->error, 'cannot find base:service/both', ' because it is gone');
 
 # Clean up.
 unlink 'wallet-db';