From db9d98b69b54dc887d4f11a77595ef495bfb2a31 Mon Sep 17 00:00:00 2001
From: Oliver Gorwits <oliver@cpan.org>
Date: Sat, 6 May 2017 15:16:43 +0100
Subject: [PATCH] Move tests to /xt as they are RELEASE tests

Squashed commit of the following:

commit 606d572db561d8de659bce6ac96252f8a1d7ee29
Author: Oliver Gorwits <oliver@cpan.org>
Date:   Sat May 6 14:56:07 2017 +0100

    tests should be release tests, so move to xt/

commit 7673f3ee1e5048d59b4942fc39b278849e31499a
Author: Oliver Gorwits <oliver@cpan.org>
Date:   Sat May 6 14:19:19 2017 +0100

    allow check_acl to accept Device or NetAddr::IP instance

commit c31059bc01e4e2b4dcfccd67ac6b5b88fed3af94
Author: Oliver Gorwits <oliver@cpan.org>
Date:   Sat May 6 14:19:00 2017 +0100

    update docs

commit deaeab2670b430fe7a170cacc1b9ad93a5849fa6
Author: Oliver Gorwits <oliver@cpan.org>
Date:   Sat May 6 14:18:27 2017 +0100

    SNMP only stanza has access to full check_acl features

commit 4a44fa5863d8a56a96d00656b95a6c28dc474de1
Author: Oliver Gorwits <oliver@cpan.org>
Date:   Mon May 1 18:49:38 2017 +0100

    add AND operator and negation support to ACLs
---
 MANIFEST                     | 11 +++--
 {t => xt}/10-sort_port.t     |  0
 {t => xt}/11-portsort.t      |  0
 xt/20-checkacl.t             | 94 ++++++++++++++++++++++++++++++++++++
 {t => xt}/html/portsort.html |  0
 {t => xt}/js/qunit-tap.js    |  0
 {t => xt}/js/run_qunit.js    |  0
 7 files changed, 100 insertions(+), 5 deletions(-)
 rename {t => xt}/10-sort_port.t (100%)
 rename {t => xt}/11-portsort.t (100%)
 mode change 100755 => 100644
 create mode 100644 xt/20-checkacl.t
 rename {t => xt}/html/portsort.html (100%)
 rename {t => xt}/js/qunit-tap.js (100%)
 rename {t => xt}/js/run_qunit.js (100%)

diff --git a/MANIFEST b/MANIFEST
index 1847a693..d05a392c 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -420,8 +420,9 @@ share/views/sidebar/report/subnets.tt
 share/views/sidebar/search/device.tt
 share/views/sidebar/search/node.tt
 share/views/sidebar/search/port.tt
-t/10-sort_port.t
-t/11-portsort.t
-t/html/portsort.html
-t/js/qunit-tap.js
-t/js/run_qunit.js
+xt/10-sort_port.t
+xt/11-portsort.t
+xt/20-checkacl.t
+xt/html/portsort.html
+xt/js/qunit-tap.js
+xt/js/run_qunit.js
diff --git a/t/10-sort_port.t b/xt/10-sort_port.t
similarity index 100%
rename from t/10-sort_port.t
rename to xt/10-sort_port.t
diff --git a/t/11-portsort.t b/xt/11-portsort.t
old mode 100755
new mode 100644
similarity index 100%
rename from t/11-portsort.t
rename to xt/11-portsort.t
diff --git a/xt/20-checkacl.t b/xt/20-checkacl.t
new file mode 100644
index 00000000..a9b7cb3d
--- /dev/null
+++ b/xt/20-checkacl.t
@@ -0,0 +1,94 @@
+#!/usr/bin/env perl
+
+use strict; use warnings FATAL => 'all';
+use Test::More 1.302083;
+
+BEGIN {
+  use_ok( 'App::Netdisco::Util::Permission', 'check_acl' );
+}
+
+my @conf = (
+  # +ve match       -ve match
+  'localhost',     '!www.example.com', # 0, 1
+  '127.0.0.1',     '!192.0.2.1',       # 2, 3
+  '::1',           '!2001:db8::1',     # 4, 5
+  '127.0.0.0/29',  '!192.0.2.0/24',    # 6, 7
+  '::1/128',       '!2001:db8::/32',   # 8, 9
+
+  '127.0.0.1-10',  '!192.0.2.1-10',    # 10,11
+  '::1-10',        '!2001:db8::1-10',  # 12,13
+
+  qr/^localhost$/, qr/^www.example.com$/,    # 14,15
+  qr/(?!:www.example.com)/, '!127.0.0.0/29', # 16,17
+  '!127.0.0.1-10', qr/(?!:localhost)/,       # 18,19
+
+  'op:and', # 20
+);
+
+# name, ipv4, ipv6, v4 prefix, v6 prefix
+ok(check_acl('localhost',[$conf[0]]), 'same name');
+ok(check_acl('127.0.0.1',[$conf[2]]), 'same ipv4');
+ok(check_acl('::1',[$conf[4]]), 'same ipv6');
+ok(check_acl('127.0.0.0/29',[$conf[6]]), 'same v4 prefix');
+ok(check_acl('::1/128',[$conf[8]]), 'same v6 prefix');
+
+# failed name, ipv4, ipv6, v4 prefix, v6 prefix
+is(check_acl('www.microsoft.com',[$conf[0]]),  0, 'failed name');
+is(check_acl('172.20.0.1',[$conf[2]]),         0, 'failed ipv4');
+is(check_acl('2001:db8::5',[$conf[4]]),        0, 'failed ipv6');
+is(check_acl('172.16.1.3/29',[$conf[6]]),      0, 'failed v4 prefix');
+is(check_acl('2001:db8:f00d::/64',[$conf[8]]), 0, 'failed v6 prefix');
+
+# negated name, ipv4, ipv6, v4 prefix, v6 prefix
+ok(check_acl('localhost',[$conf[1]]), 'not same name');
+ok(check_acl('127.0.0.1',[$conf[3]]), 'not same ipv4');
+ok(check_acl('::1',[$conf[5]]), 'not same ipv6');
+ok(check_acl('127.0.0.0/29',[$conf[7]]), 'not same v4 prefix');
+ok(check_acl('::1/128',[$conf[9]]), 'not same v6 prefix');
+
+# v4 range, v6 range
+ok(check_acl('127.0.0.1',[$conf[10]]), 'in v4 range');
+ok(check_acl('::1',[$conf[12]]), 'in v6 range');
+
+# failed v4 range, v6 range
+is(check_acl('172.20.0.1',[$conf[10]]), 0, 'failed v4 range');
+is(check_acl('2001:db8::5',[$conf[12]]), 0, 'failed v6 range');
+
+# negated v4 range, v6 range
+ok(check_acl('127.0.0.1',[$conf[11]]), 'not in v4 range');
+ok(check_acl('::1',[$conf[13]]), 'not in v6 range');
+
+# hostname regexp
+ok(check_acl('localhost',[$conf[14]]), 'name regexp');
+ok(check_acl('127.0.0.1',[$conf[14]]), 'IP regexp');
+is(check_acl('www.google.com',[$conf[14]]), 0, 'failed regexp');
+
+# OR of prefix, range, regexp, property (2 of, 3 of, 4 of)
+ok(check_acl('127.0.0.1',[@conf[8,0]]), 'OR: prefix, name');
+ok(check_acl('127.0.0.1',[@conf[8,12,0]]), 'OR: prefix, range, name');
+ok(check_acl('127.0.0.1',[@conf[8,12,15,0]]), 'OR: prefix, range, regexp, name');
+
+# OR of negated prefix, range, regexp, property (2 of, 3 of, 4 of)
+ok(check_acl('127.0.0.1',[@conf[17,0]]), 'OR: !prefix, name');
+ok(check_acl('127.0.0.1',[@conf[17,18,0]]), 'OR: !prefix, !range, name');
+ok(check_acl('127.0.0.1',[@conf[17,18,19,0]]), 'OR: !prefix, !range, !regexp, name');
+
+# AND of prefix, range, regexp, property (2 of, 3 of, 4 of)
+ok(check_acl('127.0.0.1',[@conf[6,0,20]]), 'AND: prefix, name');
+ok(check_acl('127.0.0.1',[@conf[6,10,0,20]]), 'AND: prefix, range, name');
+ok(check_acl('127.0.0.1',[@conf[6,10,14,0,20]]), 'AND: prefix, range, regexp, name');
+
+# failed AND on prefix, range, regexp
+is(check_acl('127.0.0.1',[@conf[8,10,14,0,20]]), 0, 'failed AND: prefix!, range, regexp, name');
+is(check_acl('127.0.0.1',[@conf[6,12,14,0,20]]), 0, 'failed AND: prefix, range!, regexp, name');
+is(check_acl('127.0.0.1',[@conf[6,10,15,0,20]]), 0, 'failed AND: prefix, range, regexp!, name');
+
+# AND of negated prefix, range, regexp, property (2 of, 3 of, 4 of)
+ok(check_acl('127.0.0.1',[@conf[9,0,20]]), 'AND: !prefix, name');
+ok(check_acl('127.0.0.1',[@conf[7,11,0,20]]), 'AND: !prefix, !range, name');
+ok(check_acl('127.0.0.1',[@conf[9,13,16,0,20]]), 'AND: !prefix, !range, !regexp, name');
+
+# device property
+# negated device property
+
+done_testing;
diff --git a/t/html/portsort.html b/xt/html/portsort.html
similarity index 100%
rename from t/html/portsort.html
rename to xt/html/portsort.html
diff --git a/t/js/qunit-tap.js b/xt/js/qunit-tap.js
similarity index 100%
rename from t/js/qunit-tap.js
rename to xt/js/qunit-tap.js
diff --git a/t/js/run_qunit.js b/xt/js/run_qunit.js
similarity index 100%
rename from t/js/run_qunit.js
rename to xt/js/run_qunit.js