go/httpauth
2
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

feat(httpauth)!: promote to v1.0.0 — add ChainPermissionProvider, bump rbac to v1.0.0

Browse Source 
Add NewChainPermissionProvider: tries each rbac.PermissionProvider in order,
returns the first non-zero mask, propagates errors immediately. Primary use case:
ClaimsPermissionProvider (JWT fast-path, no DB call) chained with
CachedPermissionProvider (DB fallback). Bump rbac dependency to v1.0.0.
API committed as stable.
This commit is contained in:
Rene Nochebuena
2026-05-07 23:08:38 -06:00
parent 18e5a16f7e
commit 3c6636f905
5 changed files with 113 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
httpauth_test.go
View File

@@ -299,3 +299,52 @@ func TestCachedPermissionProvider_InnerError(t *testing.T) {
t.Error("expected error from inner, got nil")
}
}
// --- ChainPermissionProvider ---
func TestChainPermissionProvider_FirstNonZero(t *testing.T) {
first := &mockProvider{mask: 515}
second := &mockProvider{mask: 999}
p := NewChainPermissionProvider(first, second)
mask, err := p.ResolveMask(context.Background(), "uid1", "usuarios")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if mask != 515 {
t.Errorf("want 515 from first provider, got %d", mask)
}
}
func TestChainPermissionProvider_Fallthrough(t *testing.T) {
first := &mockProvider{mask: 0}
second := &mockProvider{mask: 42}
p := NewChainPermissionProvider(first, second)
mask, err := p.ResolveMask(context.Background(), "uid1", "usuarios")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if mask != 42 {
t.Errorf("want 42 from second provider, got %d", mask)
}
}
func TestChainPermissionProvider_AllZero(t *testing.T) {
p := NewChainPermissionProvider(&mockProvider{mask: 0}, &mockProvider{mask: 0})
mask, err := p.ResolveMask(context.Background(), "uid1", "usuarios")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if mask != 0 {
t.Errorf("want 0 when all providers return 0, got %d", mask)
}
}
func TestChainPermissionProvider_ErrorPropagates(t *testing.T) {
first := &mockProvider{err: errors.New("db error")}
second := &mockProvider{mask: 42}
p := NewChainPermissionProvider(first, second)
_, err := p.ResolveMask(context.Background(), "uid1", "usuarios")
if err == nil {
t.Error("expected error from first provider, got nil")
}
}