From 5b06f4ede855e2192341a39ba8438fdaa29603bf Mon Sep 17 00:00:00 2001
From: Allan <allan@4gl.io>
Date: Sat, 7 Oct 2023 22:46:32 +0100
Subject: [PATCH] chore: improving docs for mpe_accesscheck and adding a test
 for mpe_accesscheck

---
 sas/sasjs/macros/mpe_accesscheck.sas      | 52 ++++++++++--------
 sas/sasjs/macros/mpe_accesscheck.test.sas | 67 +++++++++++++++++++++++
 2 files changed, 95 insertions(+), 24 deletions(-)
 create mode 100644 sas/sasjs/macros/mpe_accesscheck.test.sas

diff --git a/sas/sasjs/macros/mpe_accesscheck.sas b/sas/sasjs/macros/mpe_accesscheck.sas
index d09a294..63f9ca2 100755
--- a/sas/sasjs/macros/mpe_accesscheck.sas
+++ b/sas/sasjs/macros/mpe_accesscheck.sas
@@ -6,18 +6,28 @@
     MPE_SECURITY table.  Alternatively, they may be in the &mpeadmins
     group (which has full access to everything).
 
+  @param [in] base_table The base table to check for
+  @param [in] user= The user for which the access level should be returned. If
+    not provided, the mf_user() result is used instead.
+  @param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd.
+    Valid values:
+      @li EDIT
+      @li APPROVE
+      @li VIEW
+  @param [in] cntl_lib= (MPELIB) The name of a global macro variable that
+    contains the libref in which the MPE_SECURITY table is stored
+  @param [out] outds= (MED_ACCESSCHECK) Output WORK table containing all the
+    groups for which the user is granted the particular ACCESS_LEVEL.
+
   <h4> SAS Macros </h4>
   @li mp_abort.sas
   @li mf_getuniquename.sas
   @li mf_getuser.sas
   @li mf_verifymacvars.sas
-  @li mp_dropmembers.sas
   @li mpe_getgroups.sas
 
-  @param [in] base_table The base table to check for
-  @param [in] access_level= (APPROVE) access_level (per MPE_SECURITY) reqd
-  @param [out] outds= (MED_ACCESSCHECK) Output table containing all the groups
-    the user is a member of, which are granted the access_level requested.
+  <h4> Related Macros </h4>
+  @li mpe_accesscheck.test.sas
 
   @version 9.2
   @author 4GL Apps Ltd
@@ -31,42 +41,36 @@
     ,outds=med_accesscheck /* WORK table to contain access details */
     ,user= /* metadata user to check for */
     ,access_level=APPROVE
+    ,cntl_lib=MPELIB
   );
 
   %if &user= %then %let user=%mf_getuser();
 
-  %if %index(&outds,.) %then %do;
-    %local lib ds;
-    %let lib=%scan(&outds,1,.);
-    %let ds=%scan(&outds,2,.);
-    %if %upcase(&lib) ne WORK %then %do;
-      %mp_abort(msg=outds should be a WORK table
-        ,mac=mpe_accesscheck);
-    %end;
-  %end;
-  %else %let ds=&outds;
+  %mp_abort(
+    iftrue=(%index(&outds,.)>0 and %upcase(%scan(&outds,1,.)) ne WORK)
+    ,mac=mpe_accesscheck
+    ,msg=%str(outds should be a WORK table)
+  )
 
   %mp_abort(
     iftrue=(%mf_verifymacvars(base_table user access_level)=0)
-    ,mac=bitemporal_dataloader
-    ,msg=%str(Missing base_table/user access_level)
+    ,mac=mpe_accesscheck
+    ,msg=%str(Missing base_table/user access_level variables)
   )
 
-  /* ensure any existing table is dropped */
-  %mp_dropmembers(&ds)
+  /* make unique temp table vars */
+  %local tempds1 tempds2;
+  %let tempds1=%mf_getuniquename(prefix=usergroups);
+  %let tempds2=%mf_getuniquename(prefix=tablegroups);
 
   /* get list of user groups */
-  %local tempds1;
-  %let tempds1=%mf_getuniquename(prefix=usergroups);
   %mpe_getgroups(user=&user,outds=&tempds1)
 
   /* get list of groups with access for that table */
-  %local tempds2;
-  %let tempds2=%mf_getuniquename(prefix=tablegroups);
   proc sql;
   create table &tempds2 as
     select distinct sas_group
-    from &mpelib..mpe_security
+    from &&&cntl_lib...mpe_security
     where &dc_dttmtfmt. lt tx_to
     and access_level="&access_level"
     and (
diff --git a/sas/sasjs/macros/mpe_accesscheck.test.sas b/sas/sasjs/macros/mpe_accesscheck.test.sas
new file mode 100644
index 0000000..3b39845
--- /dev/null
+++ b/sas/sasjs/macros/mpe_accesscheck.test.sas
@@ -0,0 +1,67 @@
+/**
+  @file
+  @brief Testing mpe_accesscheck macro
+  @details Checking functionality of mpe_accesscheck.sas macro
+
+
+  <h4> SAS Macros </h4>
+  @li mf_getuniquename.sas
+  @li mf_getuser.sas
+  @li mp_assertdsobs.sas
+  @li mpe_getgroups.sas
+  @li mpe_accesscheck.sas
+
+
+  @author 4GL Apps Ltd
+  @copyright 4GL Apps Ltd.  This code may only be used within Data Controller
+    and may not be re-distributed or re-sold without the express permission of
+    4GL Apps Ltd.
+
+**/
+
+/* get the groups this user is actually a member of */
+%mpe_getgroups(user=%mf_getuser(),outds=work.groups)
+
+data _null_;
+  set work.groups;
+  call symputx('groupname',groupname);
+run;
+
+/* create demo MPE_SECURITY table */
+data work.mpe_security;
+  if 0 then set &dc_libref..mpe_security;
+  do access_level='EDIT','APPROVE','VIEW';
+    LIBREF='SOMELIB';
+    DSN='SOMEDS';
+    sas_group="&groupname";
+    tx_from=0;
+    tx_to='31dec4999:23:59:59'dt;
+    output;
+  end;
+run;
+
+
+%mpe_accesscheck(
+  SOMELIB.SOMEDS
+  ,outds=work.test1
+  ,access_level=APPROVE
+  ,cntl_lib=WORK
+)
+%mp_assertdsobs(work.test1,
+  desc=Test 1 - One record returned,
+  test=EQUALS 1,
+  outds=work.test_results
+)
+
+%mpe_accesscheck(
+  SOMELIB.INVALID
+  ,outds=work.test2
+  ,access_level=APPROVE
+  ,cntl_lib=WORK
+)
+%mp_assertdsobs(work.test1,
+  desc=Test 12 - 0 records returned,
+  test=EQUALS 0,
+  outds=work.test_results
+)
+