mirror of
https://codeberg.org/redict/redict.git
synced 2025-01-23 00:28:26 -05:00
23325c135f
Summary of changes: 1. Rename `redisCommand->name` to `redisCommand->declared_name`, it is a const char * for native commands and SDS for module commands. 2. Store the [sub]command fullname in `redisCommand->fullname` (sds). 3. List subcommands in `ACL CAT` 4. List subcommands in `COMMAND LIST` 5. `moduleUnregisterCommands` now will also free the module subcommands. 6. RM_GetCurrentCommandName returns full command name Other changes: 1. Add `addReplyErrorArity` and `addReplyErrorExpireTime` 2. Remove `getFullCommandName` function that now is useless. 3. Some cleanups about `fullname` since now it is SDS. 4. Delete `populateSingleCommand` function from server.h that is useless. 5. Added tests to cover this change. 6. Add some module unload tests and fix the leaks 7. Make error messages uniform, make sure they always contain the full command name and that it's quoted. 7. Fixes some typos see the history in #9504, fixes #10124 Co-authored-by: Oran Agra <oran@redislabs.com> Co-authored-by: guybe7 <guy.benoish@redislabs.com>
80 lines
2.8 KiB
Tcl
80 lines
2.8 KiB
Tcl
set testmodule [file normalize tests/modules/aclcheck.so]
|
|
|
|
start_server {tags {"modules acl"}} {
|
|
r module load $testmodule
|
|
|
|
test {test module check acl for command perm} {
|
|
# by default all commands allowed
|
|
assert_equal [r aclcheck.rm_call.check.cmd set x 5] OK
|
|
# block SET command for user
|
|
r acl setuser default -set
|
|
catch {r aclcheck.rm_call.check.cmd set x 5} e
|
|
assert_match {*DENIED CMD*} $e
|
|
|
|
# verify that new log entry added
|
|
set entry [lindex [r ACL LOG] 0]
|
|
assert {[dict get $entry username] eq {default}}
|
|
assert {[dict get $entry context] eq {module}}
|
|
assert {[dict get $entry object] eq {set}}
|
|
}
|
|
|
|
test {test module check acl for key perm} {
|
|
# give permission for SET and block all keys but x
|
|
r acl setuser default +set resetkeys ~x %W~y %R~z
|
|
|
|
assert_equal [r aclcheck.set.check.key "*" x 5] OK
|
|
catch {r aclcheck.set.check.key "*" v 5} e
|
|
assert_match "*DENIED KEY*" $e
|
|
|
|
assert_equal [r aclcheck.set.check.key "W" y 5] OK
|
|
catch {r aclcheck.set.check.key "W" v 5} e
|
|
assert_match "*DENIED KEY*" $e
|
|
|
|
assert_equal [r aclcheck.set.check.key "R" z 5] OK
|
|
catch {r aclcheck.set.check.key "R" v 5} e
|
|
assert_match "*DENIED KEY*" $e
|
|
}
|
|
|
|
test {test module check acl for module user} {
|
|
# the module user has access to all keys
|
|
assert_equal [r aclcheck.rm_call.check.cmd.module.user set y 5] OK
|
|
}
|
|
|
|
test {test module check acl for channel perm} {
|
|
# block all channels but ch1
|
|
r acl setuser default resetchannels &ch1
|
|
assert_equal [r aclcheck.publish.check.channel ch1 msg] 0
|
|
catch {r aclcheck.publish.check.channel ch2 msg} e
|
|
set e
|
|
} {*DENIED CHANNEL*}
|
|
|
|
test {test module check acl in rm_call} {
|
|
# rm call check for key permission (x can be accessed)
|
|
assert_equal [r aclcheck.rm_call set x 5] OK
|
|
# rm call check for key permission (y can't be accessed)
|
|
catch {r aclcheck.rm_call set y 5} e
|
|
assert_match {*NOPERM*} $e
|
|
|
|
# verify that new log entry added
|
|
set entry [lindex [r ACL LOG] 0]
|
|
assert {[dict get $entry username] eq {default}}
|
|
assert {[dict get $entry context] eq {module}}
|
|
assert {[dict get $entry object] eq {y}}
|
|
|
|
# rm call check for command permission
|
|
r acl setuser default -set
|
|
catch {r aclcheck.rm_call set x 5} e
|
|
assert_match {*NOPERM*} $e
|
|
|
|
# verify that new log entry added
|
|
set entry [lindex [r ACL LOG] 0]
|
|
assert {[dict get $entry username] eq {default}}
|
|
assert {[dict get $entry context] eq {module}}
|
|
assert {[dict get $entry object] eq {set}}
|
|
}
|
|
|
|
test "Unload the module - aclcheck" {
|
|
assert_equal {OK} [r module unload aclcheck]
|
|
}
|
|
}
|