1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
#!/usr/bin/perl
use Test::More;
use lib qw(t);
eval "use DBD::SQLite";
plan skip_all => "DBD::SQLite required for this test" if $@;
plan tests => 22;
use strict;
use warnings;
our $DBNAME = 't/sqlite.db';
unlink $DBNAME if -e $DBNAME;
my $dbh = DBI->connect( "dbi:SQLite:dbname=$DBNAME", "", "" );
$dbh->do(<<"");
CREATE TABLE account (
id INTEGER,
name VARCHAR(20)
)
$dbh->do(<<"");
INSERT INTO account VALUES (1, 'testuser');
$dbh->do(<<"");
CREATE TABLE task (
id INTEGER,
userid INTEGER,
name VARCHAR(20)
)
$dbh->do(<<"");
INSERT INTO task VALUES (1, 1, 'task1');
$dbh->do(<<"");
INSERT INTO task VALUES (2, 1, 'task2');
$dbh->do(<<"");
CREATE TABLE ip (
id INTEGER,
userid INTEGER,
address VARCHAR(20)
)
$dbh->do(<<"");
INSERT INTO ip VALUES (1, 1, '10.0.0.1');
$dbh->do(<<"");
INSERT INTO ip VALUES (2, 1, '10.0.0.2');
{
package TestAppDriverDBISimple;
use base qw(TestAppDriver);
__PACKAGE__->authz->config(
DRIVER => [ 'DBI',
DBH => $dbh,
TABLE => ['account A', 'task T'],
JOIN_ON => 'A.id = T.userid',
USERNAME => 'A.name',
CONSTRAINTS => { 'T.name' => '__PARAM_1__' },
],
GET_USERNAME => sub { 'testuser' },
);
}
my $cgiapp = TestAppDriverDBISimple->new;
my $authz = $cgiapp->authz;
my ($driver) = $authz->drivers;
isa_ok($driver, 'CGI::Application::Plugin::Authorization::Driver::DBI');
can_ok($driver, 'authorize_user');
ok($driver->authorize_user('testuser', 'task1'), 'Successful authorization');
ok(! $driver->authorize_user('testuser', 'bastask'), 'Failed authorization');
ok(! $driver->authorize_user('baduser', 'task1'), 'Failed authorization');
TestAppDriverDBISimple->run_authz_success_tests( [qw(task1)], [qw(task2)] );
TestAppDriverDBISimple->run_authz_failure_tests( [qw(badtask)], [qw(badtask otherbadtask)] );
{
package TestAppDriverDBIGroup;
use base qw(TestAppDriver);
__PACKAGE__->authz->config(
DRIVER => [ 'DBI',
DBH => $dbh,
TABLE => ['account A', 'task T'],
JOIN_ON => 'A.id = T.userid',
CONSTRAINTS => { 'A.name' => '__USERNAME__', 'T.name' => '__GROUP__' },
],
GET_USERNAME => sub { 'testuser' },
);
}
TestAppDriverDBIGroup->run_authz_success_tests( [qw(task1)], [qw(task2)] );
TestAppDriverDBIGroup->run_authz_failure_tests( [qw(badtask)], [qw(badtask otherbadtask)] );
{
package TestAppDriverDBISQL;
use base qw(TestAppDriver);
__PACKAGE__->authz->config(
DRIVER => [ 'DBI',
DBH => $dbh,
SQL => 'SELECT count(*)
FROM account
JOIN task ON (account.id = task.userid)
WHERE account.name = ?
AND task.name = ?
',
],
GET_USERNAME => sub { 'testuser' },
);
}
TestAppDriverDBISQL->run_authz_success_tests( [qw(task1)], [qw(task2)] );
TestAppDriverDBISQL->run_authz_failure_tests( [qw(badtask)], [qw(otherbadtask)] );
{
package TestAppDriverDBIComplex;
use base qw(TestAppDriver);
__PACKAGE__->authz->config(
DRIVER => [ 'DBI',
DBH => $dbh,
TABLE => [qw(account task ip)],
JOIN_ON => 'account.id = task.userid AND account.id = ip.userid',
USERNAME => 'account.name',
CONSTRAINTS => {
'task.name' => '__PARAM_2__',
'ip.address' => '__PARAM_1__',
},
],
GET_USERNAME => sub { 'testuser' },
);
}
TestAppDriverDBIComplex->run_authz_success_tests( [qw(10.0.0.1 task1)], [qw(10.0.0.2 task2)] );
TestAppDriverDBIComplex->run_authz_failure_tests( [qw(badip task1)], [qw(10.0.0.1 badtask)], [qw(task1)] );
|
