simpler, returning first missing

treeverse · Nov 5, 2024 · 758d910 · 758d910
1 parent 803d4a3
commit 758d910
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
@@ -5387,10 +5387,10 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 					},
 				},
 			},
-			expected: "denied from:\nfs:DeleteRepository",
+			expected: "denied permission to fs:DeleteRepository",
 		}, /////////////////////////////////////////////////////////////////
 		{
-			name: "deny multiple actions",
+			name: "deny multiple actions, one concerning the request",
 			node: permissions.Node{
 				Type: permissions.NodeTypeNode,
 				Permission: permissions.Permission{
@@ -5410,7 +5410,7 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 					},
 				},
 			},
-			expected: "denied from:\nfs:DeleteRepository\nfs:CreateRepository",
+			expected: "denied permission to fs:DeleteRepository",
 		}, /////////////////////////////////////////////////////////////////
 		{
 			name: "neutral action",
@@ -5433,10 +5433,10 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 					},
 				},
 			},
-			expected: "lacking permissions for:\nfs:ReadRepository",
+			expected: "missing permission to fs:ReadRepository",
 		}, /////////////////////////////////////////////////////////////////
 		{
-			name: "node and no policy",
+			name: "nodeAnd no policy, returns first missing one",
 			node: permissions.Node{
 				Type: permissions.NodeTypeAnd,
 				Nodes: []permissions.Node{
@@ -5457,10 +5457,10 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 				},
 			},
 			username: "user1",
-			expected: "lacking permissions for:\nfs:CreateRepository",
+			expected: "missing permission to fs:CreateRepository",
 		},
 		{
-			name: "node and one policy",
+			name: "nodeAnd one policy, returns first missing policy",
 			node: permissions.Node{
 				Type: permissions.NodeTypeAnd,
 				Nodes: []permissions.Node{
@@ -5492,12 +5492,12 @@ func TestCheckPermissions_UnpermittedRequests(t *testing.T) {
 					},
 				},
 			},
-			expected: "lacking permissions for:\nfs:AttachStorageNamespace",
+			expected: "missing permission to fs:AttachStorageNamespace",
 		},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			perm := &auth.NeededPermissions{}
+			perm := &auth.MissingPermissions{}
 			result := auth.CheckPermissions(ctx, tc.node, tc.username, tc.policies, perm)
 			fmt.Println("expected:\n" + tc.expected)
 			fmt.Println("got:\n" + perm.String())

diff --git a/pkg/auth/service.go b/pkg/auth/service.go
@@ -1157,7 +1157,7 @@ func NewAPIAuthServiceWithClient(client ClientWithResponsesInterface, externalPr
 
 func (n *MissingPermissions) String() string {
 	if len(n.Denied) != 0 {
-		return fmt.Sprintf("denied permissions to %s", strings.Join(n.Denied, ","))
+		return fmt.Sprintf("denied permission to %s", strings.Join(n.Denied, ","))
 	}
 	if len(n.Unauthorized) != 0 {
 		return fmt.Sprintf("missing permission to %s", strings.Join(n.Unauthorized, ","))