()
| 482 | } |
| 483 | |
| 484 | func (m *expects) FailSystemObjectChecks() *expects { |
| 485 | return m.WithSuccessAuthorizer(func(ctx context.Context, subject rbac.Subject, action policy.Action, obj rbac.Object) error { |
| 486 | if obj.Type == rbac.ResourceSystem.Type { |
| 487 | return xerrors.Errorf("hard coded system authz failed") |
| 488 | } |
| 489 | return nil |
| 490 | }) |
| 491 | } |
| 492 | |
| 493 | // WithSuccessAuthorizer is helpful when an optimization authz check is made |
| 494 | // to skip some RBAC checks. This check in testing would prevent the ability |
no test coverage detected