2021-10-27 06:13:59 -05:00
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
|
|
|
|
"strings"
|
|
|
|
|
"testing"
|
|
|
|
|
|
2022-05-17 13:52:22 -05:00
|
|
|
"github.com/stretchr/testify/assert"
|
2022-05-23 10:14:27 -05:00
|
|
|
"github.com/stretchr/testify/mock"
|
2022-05-17 13:52:22 -05:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
2021-10-27 06:13:59 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
2022-05-17 13:52:22 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
2022-11-28 05:05:46 -06:00
|
|
|
"github.com/grafana/grafana/pkg/services/org"
|
2022-04-21 08:03:17 -05:00
|
|
|
pref "github.com/grafana/grafana/pkg/services/preference"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/preference/preftest"
|
2023-01-19 08:43:00 -06:00
|
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
|
|
|
"github.com/grafana/grafana/pkg/web/webtest"
|
2021-10-27 06:13:59 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
2022-03-17 07:07:20 -05:00
|
|
|
getOrgPreferencesURL = "/api/org/preferences/"
|
|
|
|
|
putOrgPreferencesURL = "/api/org/preferences/"
|
|
|
|
|
patchOrgPreferencesUrl = "/api/org/preferences/"
|
|
|
|
|
patchUserPreferencesUrl = "/api/user/preferences/"
|
|
|
|
|
|
2022-04-29 07:37:33 -05:00
|
|
|
testUpdateOrgPreferencesCmd = `{ "theme": "light", "homeDashboardId": 1 }`
|
|
|
|
|
testPatchOrgPreferencesCmd = `{"navbar":{"savedItems":[{"id":"snapshots","text":"Snapshots","icon":"camera","url":"/dashboard/snapshots"}]}}`
|
|
|
|
|
testPatchOrgPreferencesCmdBad = `this is not json`
|
|
|
|
|
testPatchUserPreferencesCmd = `{"navbar":{"savedItems":[{"id":"snapshots","text":"Snapshots","icon":"camera","url":"/dashboard/snapshots"}]}}`
|
|
|
|
|
testPatchUserPreferencesCmdBad = `this is not json`
|
|
|
|
|
testUpdateOrgPreferencesWithHomeDashboardUIDCmd = `{ "theme": "light", "homeDashboardUID": "home"}`
|
2021-10-27 06:13:59 -05:00
|
|
|
)
|
|
|
|
|
|
2023-05-23 09:29:20 -05:00
|
|
|
func TestAPIEndpoint_GetCurrentOrgPreferences(t *testing.T) {
|
2022-04-21 08:03:17 -05:00
|
|
|
prefService := preftest.NewPreferenceServiceFake()
|
|
|
|
|
prefService.ExpectedPreference = &pref.Preference{HomeDashboardID: 1, Theme: "dark"}
|
|
|
|
|
|
2023-01-19 08:43:00 -06:00
|
|
|
dashSvc := dashboards.NewFakeDashboardService(t)
|
2023-01-25 03:36:26 -06:00
|
|
|
qResult := &dashboards.Dashboard{UID: "home", ID: 1}
|
|
|
|
|
dashSvc.On("GetDashboard", mock.Anything, mock.AnythingOfType("*dashboards.GetDashboardQuery")).Return(qResult, nil)
|
2023-01-19 08:43:00 -06:00
|
|
|
|
|
|
|
|
server := SetupAPITestServer(t, func(hs *HTTPServer) {
|
|
|
|
|
hs.Cfg = setting.NewCfg()
|
|
|
|
|
hs.preferenceService = prefService
|
|
|
|
|
hs.DashboardService = dashSvc
|
|
|
|
|
})
|
2021-10-27 06:13:59 -05:00
|
|
|
|
|
|
|
|
t.Run("AccessControl allows getting org preferences with correct permissions", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewGetRequest(getOrgPreferencesURL), userWithPermissions(1, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsPreferencesRead}}))
|
|
|
|
|
res, err := server.Send(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, res.StatusCode)
|
|
|
|
|
require.NoError(t, res.Body.Close())
|
2021-10-27 06:13:59 -05:00
|
|
|
})
|
2021-11-17 03:12:28 -06:00
|
|
|
t.Run("AccessControl prevents getting org preferences with correct permissions in another org", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
// Set permissions in org 2, but set current org to org 1
|
|
|
|
|
user := userWithPermissions(2, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsPreferencesRead}})
|
|
|
|
|
user.OrgID = 1
|
|
|
|
|
|
|
|
|
|
req := webtest.RequestWithSignedInUser(server.NewGetRequest(getOrgPreferencesURL), user)
|
|
|
|
|
res, err := server.Send(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusForbidden, res.StatusCode)
|
|
|
|
|
require.NoError(t, res.Body.Close())
|
2021-10-27 06:13:59 -05:00
|
|
|
})
|
|
|
|
|
t.Run("AccessControl prevents getting org preferences with incorrect permissions", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewGetRequest(getOrgPreferencesURL), userWithPermissions(1, []accesscontrol.Permission{{Action: "orgs:invalid"}}))
|
|
|
|
|
res, err := server.Send(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusForbidden, res.StatusCode)
|
|
|
|
|
require.NoError(t, res.Body.Close())
|
2021-10-27 06:13:59 -05:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-23 09:29:20 -05:00
|
|
|
func TestAPIEndpoint_PutCurrentOrgPreferences(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
prefService := preftest.NewPreferenceServiceFake()
|
|
|
|
|
prefService.ExpectedPreference = &pref.Preference{HomeDashboardID: 1, Theme: "dark"}
|
2021-10-27 06:13:59 -05:00
|
|
|
|
2023-01-19 08:43:00 -06:00
|
|
|
server := SetupAPITestServer(t, func(hs *HTTPServer) {
|
|
|
|
|
hs.Cfg = setting.NewCfg()
|
|
|
|
|
hs.preferenceService = prefService
|
|
|
|
|
})
|
2021-10-27 06:13:59 -05:00
|
|
|
|
|
|
|
|
input := strings.NewReader(testUpdateOrgPreferencesCmd)
|
|
|
|
|
t.Run("AccessControl allows updating org preferences with correct permissions", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, putOrgPreferencesURL, input), userWithPermissions(1, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsPreferencesWrite}}))
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2021-10-27 06:13:59 -05:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
input = strings.NewReader(testUpdateOrgPreferencesCmd)
|
2021-11-17 03:12:28 -06:00
|
|
|
t.Run("AccessControl prevents updating org preferences with correct permissions in another org", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
user := userWithPermissions(2, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsPreferencesWrite}})
|
|
|
|
|
user.OrgID = 1
|
|
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, putOrgPreferencesURL, input), user)
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusForbidden, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2021-10-27 06:13:59 -05:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
input = strings.NewReader(testUpdateOrgPreferencesCmd)
|
|
|
|
|
t.Run("AccessControl prevents updating org preferences with incorrect permissions", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, putOrgPreferencesURL, input), userWithPermissions(1, []accesscontrol.Permission{{Action: "orgs:invalid"}}))
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusForbidden, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2021-10-27 06:13:59 -05:00
|
|
|
})
|
|
|
|
|
}
|
2022-03-17 07:07:20 -05:00
|
|
|
|
|
|
|
|
func TestAPIEndpoint_PatchUserPreferences(t *testing.T) {
|
2022-08-11 08:37:31 -05:00
|
|
|
cfg := setting.NewCfg()
|
2022-03-17 07:07:20 -05:00
|
|
|
|
2023-01-19 08:43:00 -06:00
|
|
|
dashSvc := dashboards.NewFakeDashboardService(t)
|
2023-01-25 03:36:26 -06:00
|
|
|
qResult := &dashboards.Dashboard{UID: "home", ID: 1}
|
|
|
|
|
dashSvc.On("GetDashboard", mock.Anything, mock.AnythingOfType("*dashboards.GetDashboardQuery")).Return(qResult, nil)
|
2023-01-19 08:43:00 -06:00
|
|
|
|
|
|
|
|
server := SetupAPITestServer(t, func(hs *HTTPServer) {
|
|
|
|
|
hs.Cfg = cfg
|
|
|
|
|
hs.preferenceService = preftest.NewPreferenceServiceFake()
|
|
|
|
|
hs.DashboardService = dashSvc
|
|
|
|
|
})
|
2022-03-17 07:07:20 -05:00
|
|
|
|
|
|
|
|
input := strings.NewReader(testPatchUserPreferencesCmd)
|
|
|
|
|
t.Run("Returns 200 on success", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPatch, patchUserPreferencesUrl, input), &user.SignedInUser{
|
2023-10-09 09:07:28 -05:00
|
|
|
UserID: 1,
|
2023-01-19 08:43:00 -06:00
|
|
|
OrgID: 1,
|
|
|
|
|
OrgRole: org.RoleAdmin,
|
|
|
|
|
})
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2022-03-17 07:07:20 -05:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
input = strings.NewReader(testPatchUserPreferencesCmdBad)
|
|
|
|
|
t.Run("Returns 400 with bad data", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPatch, patchUserPreferencesUrl, input), &user.SignedInUser{
|
2023-10-09 09:07:28 -05:00
|
|
|
UserID: 1,
|
2023-01-19 08:43:00 -06:00
|
|
|
OrgID: 1,
|
|
|
|
|
OrgRole: org.RoleAdmin,
|
|
|
|
|
})
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusBadRequest, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2022-03-17 07:07:20 -05:00
|
|
|
})
|
2023-01-19 08:43:00 -06:00
|
|
|
|
2022-04-29 07:37:33 -05:00
|
|
|
input = strings.NewReader(testUpdateOrgPreferencesWithHomeDashboardUIDCmd)
|
|
|
|
|
t.Run("Returns 200 on success", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPatch, patchUserPreferencesUrl, input), &user.SignedInUser{
|
2023-10-09 09:07:28 -05:00
|
|
|
UserID: 1,
|
2023-01-19 08:43:00 -06:00
|
|
|
OrgID: 1,
|
|
|
|
|
OrgRole: org.RoleAdmin,
|
|
|
|
|
})
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2022-04-29 07:37:33 -05:00
|
|
|
})
|
2022-03-17 07:07:20 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestAPIEndpoint_PatchOrgPreferences(t *testing.T) {
|
2022-08-11 08:37:31 -05:00
|
|
|
cfg := setting.NewCfg()
|
2022-03-17 07:07:20 -05:00
|
|
|
|
2023-01-19 08:43:00 -06:00
|
|
|
server := SetupAPITestServer(t, func(hs *HTTPServer) {
|
|
|
|
|
hs.Cfg = cfg
|
|
|
|
|
hs.preferenceService = preftest.NewPreferenceServiceFake()
|
|
|
|
|
})
|
2022-03-17 07:07:20 -05:00
|
|
|
|
|
|
|
|
input := strings.NewReader(testPatchOrgPreferencesCmd)
|
|
|
|
|
t.Run("Returns 200 on success", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPatch, patchOrgPreferencesUrl, input), &user.SignedInUser{
|
2023-10-09 09:07:28 -05:00
|
|
|
UserID: 1,
|
2023-05-03 06:02:48 -05:00
|
|
|
OrgID: 1,
|
|
|
|
|
OrgRole: org.RoleAdmin,
|
|
|
|
|
Permissions: map[int64]map[string][]string{1: {accesscontrol.ActionOrgsPreferencesWrite: {}}},
|
2023-01-19 08:43:00 -06:00
|
|
|
})
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusOK, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2022-03-17 07:07:20 -05:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
input = strings.NewReader(testPatchOrgPreferencesCmdBad)
|
|
|
|
|
t.Run("Returns 400 with bad data", func(t *testing.T) {
|
2023-01-19 08:43:00 -06:00
|
|
|
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPatch, patchOrgPreferencesUrl, input), &user.SignedInUser{
|
2023-10-09 09:07:28 -05:00
|
|
|
UserID: 1,
|
2023-05-03 06:02:48 -05:00
|
|
|
OrgID: 1,
|
|
|
|
|
OrgRole: org.RoleAdmin,
|
|
|
|
|
Permissions: map[int64]map[string][]string{1: {accesscontrol.ActionOrgsPreferencesWrite: {}}},
|
2023-01-19 08:43:00 -06:00
|
|
|
})
|
|
|
|
|
response, err := server.SendJSON(req)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
assert.Equal(t, http.StatusBadRequest, response.StatusCode)
|
|
|
|
|
require.NoError(t, response.Body.Close())
|
2022-03-17 07:07:20 -05:00
|
|
|
})
|
|
|
|
|
}
|
