/
public-access-indirect.feature
91 lines (83 loc) · 3.86 KB
/
public-access-indirect.feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
@wac-allow-public
Feature: The WAC-Allow header shows public access modes for a public agent when given indirect access via a container
Background: Create test resources giving a public agent different access modes
* def modesList = [['read'], ['read', 'control'], ['read', 'write'], ['read', 'append'], ['read', 'write', 'append']]
* def setup =
"""
function() {
const resources = {}
for (const modes of modesList) {
const testContainer = rootTestContainer.createContainer();
const access = testContainer.accessDatasetBuilder
.setInheritablePublicAccess(testContainer.url, modes)
.build();
testContainer.accessDataset = access;
const resource = testContainer.createResource('.ttl', karate.readAsString('../fixtures/example.ttl'), 'text/turtle');
resources[modes.join('/')] = resource;
}
return resources;
}
"""
* def resources = callonce setup
* def resource = resources['read']
@setup
Scenario: Define test cases
* table testModes
| test | modes | check |
| 'read' | ['read'] | 'only' |
| 'read/control' | ['read', 'control'] | 'only' |
| 'read/write' | ['read', 'write'] | '' |
| 'read/append' | ['read', 'append'] | 'only' |
| 'read/write/append' | ['read', 'write', 'append'] | 'only' |
Scenario: There is no acl on the resource that references a public agent
Given url resource.aclUrl
And headers clients.alice.getAuthHeaders('GET', resource.aclUrl)
And header Accept = 'text/turtle'
When method GET
Then status 404
Scenario: There is an acl on the parent containing a public agent
Given url resource.container.aclUrl
And headers clients.alice.getAuthHeaders('GET', resource.container.aclUrl)
And header Accept = 'text/turtle'
When method GET
Then status 200
And match header Content-Type contains 'text/turtle'
And assert parse(response, 'text/turtle', resource.url).contains(null, iri(ACL, 'agentClass'), iri(FOAF, 'Agent'))
Scenario: Alice calls GET and the header shows full access for user
Given url resource.url
And headers clients.alice.getAuthHeaders('GET', resource.url)
When method GET
Then status 200
And match header WAC-Allow != null
* def result = parseWacAllowHeader(responseHeaders)
And match result.user contains ['read', 'write', 'control']
# note append is sometimes seen but redundant since it is a subset of write
Scenario: Alice calls HEAD and the header shows full access for user
Given url resource.url
And headers clients.alice.getAuthHeaders('HEAD', resource.url)
When method HEAD
Then status 200
And match header WAC-Allow != null
* def result = parseWacAllowHeader(responseHeaders)
And match result.user contains ['read', 'write', 'control']
Scenario Outline: A public user calls GET on a resource with <test> access and the header shows <test> access for publi
Given url resources['<test>'].url
When method GET
Then status 200
And match header WAC-Allow != null
* def result = parseWacAllowHeader(responseHeaders)
And match result.public contains <check> <modes>
# user access is implied by public
And match result.user contains <check> <modes>
Examples:
| karate.setup().testModes |
Scenario Outline: A public user calls HEAD on a resource with <test> access and the header shows <test> access for public
Given url resources['<test>'].url
When method HEAD
Then status 200
And match header WAC-Allow != null
* def result = parseWacAllowHeader(responseHeaders)
And match result.public contains <check> <modes>
And match result.user contains <check> <modes>
Examples:
| karate.setup().testModes |