afefba3184
Introduce server-side control-logic flow graphs (cron/alarm triggers, Lua blocks) with CRUD endpoints, panel-logic lifecycle triggers and user-interaction dialog nodes, and a synthetic node-graph editor. Add an optional logic-editor allowlist (server.logic_editors) gating who may add/edit panel logic and control logic, surfaced via /api/v1/me and enforced in the API; hide logic affordances in the UI accordingly. Update README, example config, and functional/technical specs to cover all current features (plot panels, panel/control logic, local variables, access control) and refresh the in-app manual and contextual help. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
36 lines
994 B
Go
36 lines
994 B
Go
package access
|
|
|
|
import "testing"
|
|
|
|
func TestCanEditLogic(t *testing.T) {
|
|
groups := map[string][]string{"ops": {"carol"}}
|
|
|
|
// No allowlist configured: everyone with write access may edit logic.
|
|
open := New("", nil, groups, nil)
|
|
for _, u := range []string{"", "alice", "carol"} {
|
|
if !open.CanEditLogic(u) {
|
|
t.Errorf("unrestricted: CanEditLogic(%q) = false, want true", u)
|
|
}
|
|
}
|
|
if open.LogicRestricted() {
|
|
t.Error("LogicRestricted() = true with no allowlist")
|
|
}
|
|
|
|
// Allowlist by username and by group name.
|
|
p := New("", nil, groups, []string{"alice", "ops"})
|
|
if !p.LogicRestricted() {
|
|
t.Error("LogicRestricted() = false with allowlist set")
|
|
}
|
|
cases := map[string]bool{
|
|
"": true, // anonymous / trusted LAN
|
|
"alice": true, // listed user
|
|
"carol": true, // member of listed group "ops"
|
|
"bob": false, // not listed
|
|
}
|
|
for u, want := range cases {
|
|
if got := p.CanEditLogic(u); got != want {
|
|
t.Errorf("CanEditLogic(%q) = %v, want %v", u, got, want)
|
|
}
|
|
}
|
|
}
|