First release of open core

2026-04-02 10:57:36 -04:00
parent 1c94f12d1c
commit 084c1321fc
101 changed files with 8812 additions and 17 deletions
--- a/pkg/auth/rbac_middleware_test.go
+++ b/pkg/auth/rbac_middleware_test.go
@@ -0,0 +1,49 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestRequireRoleMiddleware(t *testing.T) {
+	a, db := setupTestAuth(t)
+	defer db.Close()
+
+	sheriff, _ := a.Store.CreateUser(context.Background(), "sheriff@ranch.com", "Wyatt Earp", "hash", "Sheriff")
+	rangeHand, _ := a.Store.CreateUser(context.Background(), "hand@ranch.com", "Jesse James", "hash", "RangeHand")
+
+	vipHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte("Welcome to the Manager's Office"))
+	})
+
+	protectedHandler := a.RequireRole("Sheriff")(vipHandler)
+
+	tests := []struct {
+		name           string
+		userID         int
+		expectedStatus int
+	}{
+		{"Valid Sheriff Access", sheriff.ID, http.StatusOK},
+		{"Denied RangeHand Access", rangeHand.ID, http.StatusForbidden},
+		{"Unknown User", 9999, http.StatusForbidden},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := httptest.NewRequest(http.MethodGet, "/admin/passwords", nil)
+
+			ctx := context.WithValue(req.Context(), UserIDKey, tt.userID)
+			req = req.WithContext(ctx)
+
+			rr := httptest.NewRecorder()
+			protectedHandler.ServeHTTP(rr, req)
+
+			if rr.Code != tt.expectedStatus {
+				t.Errorf("Expected status %d, got %d", tt.expectedStatus, rr.Code)
+			}
+		})
+	}
+}