2017-06-12 08:48:55 -05:00
package api
import (
"encoding/json"
2017-06-12 16:05:32 -05:00
"path/filepath"
2017-06-12 08:48:55 -05:00
"testing"
2017-06-12 16:05:32 -05:00
macaron "gopkg.in/macaron.v1"
"github.com/go-macaron/session"
2017-06-12 08:48:55 -05:00
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/bus"
2017-06-12 16:05:32 -05:00
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/middleware"
2017-06-22 16:43:55 -05:00
m "github.com/grafana/grafana/pkg/models"
2017-06-12 16:05:32 -05:00
"github.com/grafana/grafana/pkg/services/alerting"
2017-12-12 09:15:24 -06:00
"github.com/grafana/grafana/pkg/services/dashboards"
2017-12-15 07:19:49 -06:00
"github.com/grafana/grafana/pkg/setting"
2017-06-12 08:48:55 -05:00
. "github.com/smartystreets/goconvey/convey"
)
2017-12-12 09:15:24 -06:00
type fakeDashboardRepo struct {
inserted [ ] * dashboards . SaveDashboardItem
getDashboard [ ] * m . Dashboard
}
func ( repo * fakeDashboardRepo ) SaveDashboard ( json * dashboards . SaveDashboardItem ) ( * m . Dashboard , error ) {
repo . inserted = append ( repo . inserted , json )
return json . Dashboard , nil
}
var fakeRepo * fakeDashboardRepo
2017-06-12 08:48:55 -05:00
func TestDashboardApiEndpoint ( t * testing . T ) {
Convey ( "Given a dashboard with a parent folder which does not have an acl" , t , func ( ) {
2017-06-22 16:43:55 -05:00
fakeDash := m . NewDashboard ( "Child dash" )
2017-06-17 17:24:38 -05:00
fakeDash . Id = 1
2017-06-23 15:00:26 -05:00
fakeDash . FolderId = 1
2017-06-12 08:48:55 -05:00
fakeDash . HasAcl = false
2018-01-29 14:23:07 -06:00
var getDashboardQueries [ ] * m . GetDashboardQuery
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardQuery ) error {
2017-06-12 08:48:55 -05:00
query . Result = fakeDash
2018-01-29 14:23:07 -06:00
getDashboardQueries = append ( getDashboardQueries , query )
2017-06-12 08:48:55 -05:00
return nil
} )
2017-06-22 16:43:55 -05:00
viewerRole := m . ROLE_VIEWER
editorRole := m . ROLE_EDITOR
aclMockResp := [ ] * m . DashboardAclInfoDTO {
{ Role : & viewerRole , Permission : m . PERMISSION_VIEW } ,
{ Role : & editorRole , Permission : m . PERMISSION_EDIT } ,
}
bus . AddHandler ( "test" , func ( query * m . GetDashboardAclInfoListQuery ) error {
2017-06-19 14:22:42 -05:00
query . Result = aclMockResp
return nil
} )
2017-12-08 09:25:45 -06:00
bus . AddHandler ( "test" , func ( query * m . GetTeamsByUserQuery ) error {
query . Result = [ ] * m . Team { }
2017-06-22 16:43:55 -05:00
return nil
} )
cmd := m . SaveDashboardCommand {
2017-06-12 16:05:32 -05:00
Dashboard : simplejson . NewFromAny ( map [ string ] interface { } {
2017-06-23 15:00:26 -05:00
"folderId" : fakeDash . FolderId ,
2017-06-12 16:05:32 -05:00
"title" : fakeDash . Title ,
2017-06-17 17:24:38 -05:00
"id" : fakeDash . Id ,
2017-06-12 16:05:32 -05:00
} ) ,
}
2017-06-12 08:48:55 -05:00
Convey ( "When user is an Org Viewer" , func ( ) {
2017-06-22 16:43:55 -05:00
role := m . ROLE_VIEWER
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
dash := GetDashboardShouldReturn200 ( sc )
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 08:48:55 -05:00
Convey ( "Should not be able to edit or save dashboard" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeFalse )
So ( dash . Meta . CanSave , ShouldBeFalse )
2017-06-22 17:34:19 -05:00
So ( dash . Meta . CanAdmin , ShouldBeFalse )
2017-06-12 08:48:55 -05:00
} )
} )
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
dash := GetDashboardShouldReturn200 ( sc )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should not be able to edit or save dashboard" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeFalse )
So ( dash . Meta . CanSave , ShouldBeFalse )
So ( dash . Meta . CanAdmin , ShouldBeFalse )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 16:05:32 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-13 17:28:34 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 16:05:32 -05:00
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
CallPostDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 08:48:55 -05:00
} )
Convey ( "When user is an Org Editor" , func ( ) {
2017-06-22 16:43:55 -05:00
role := m . ROLE_EDITOR
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
dash := GetDashboardShouldReturn200 ( sc )
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 08:48:55 -05:00
Convey ( "Should be able to edit or save dashboard" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeTrue )
2017-06-22 17:34:19 -05:00
So ( dash . Meta . CanAdmin , ShouldBeFalse )
2017-06-12 08:48:55 -05:00
} )
} )
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
dash := GetDashboardShouldReturn200 ( sc )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should be able to edit or save dashboard" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeTrue )
So ( dash . Meta . CanAdmin , ShouldBeFalse )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 16:05:32 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-13 17:28:34 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
} )
2017-06-12 16:05:32 -05:00
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
2018-01-30 16:37:54 -06:00
CallPostDashboardShouldReturnSuccess ( sc )
2017-06-12 16:05:32 -05:00
} )
2017-06-15 19:45:21 -05:00
Convey ( "When saving a dashboard folder in another folder" , func ( ) {
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardQuery ) error {
2017-06-15 19:45:21 -05:00
query . Result = fakeDash
query . Result . IsFolder = true
return nil
} )
2017-06-22 16:43:55 -05:00
invalidCmd := m . SaveDashboardCommand {
2017-06-23 15:00:26 -05:00
FolderId : fakeDash . FolderId ,
2017-06-17 17:24:38 -05:00
IsFolder : true ,
2017-06-15 19:45:21 -05:00
Dashboard : simplejson . NewFromAny ( map [ string ] interface { } {
2017-06-23 15:00:26 -05:00
"folderId" : fakeDash . FolderId ,
2017-06-15 19:45:21 -05:00
"title" : fakeDash . Title ,
} ) ,
}
Convey ( "Should return an error" , func ( ) {
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , invalidCmd , func ( sc * scenarioContext ) {
CallPostDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 400 )
} )
} )
} )
2017-06-12 08:48:55 -05:00
} )
} )
Convey ( "Given a dashboard with a parent folder which has an acl" , t , func ( ) {
2017-06-22 16:43:55 -05:00
fakeDash := m . NewDashboard ( "Child dash" )
2017-06-17 17:24:38 -05:00
fakeDash . Id = 1
2017-06-23 15:00:26 -05:00
fakeDash . FolderId = 1
2017-06-12 08:48:55 -05:00
fakeDash . HasAcl = true
2017-12-15 07:19:49 -06:00
setting . ViewersCanEdit = false
2017-06-12 08:48:55 -05:00
2017-06-22 16:43:55 -05:00
aclMockResp := [ ] * m . DashboardAclInfoDTO {
2017-06-19 14:22:42 -05:00
{
DashboardId : 1 ,
2017-06-22 16:43:55 -05:00
Permission : m . PERMISSION_EDIT ,
2017-06-19 14:22:42 -05:00
UserId : 200 ,
} ,
}
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardAclInfoListQuery ) error {
2017-06-19 14:22:42 -05:00
query . Result = aclMockResp
return nil
} )
2018-01-29 14:23:07 -06:00
var getDashboardQueries [ ] * m . GetDashboardQuery
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardQuery ) error {
2017-06-12 08:48:55 -05:00
query . Result = fakeDash
2018-01-29 14:23:07 -06:00
getDashboardQueries = append ( getDashboardQueries , query )
2017-06-12 08:48:55 -05:00
return nil
} )
2017-12-08 09:25:45 -06:00
bus . AddHandler ( "test" , func ( query * m . GetTeamsByUserQuery ) error {
query . Result = [ ] * m . Team { }
2017-06-12 08:48:55 -05:00
return nil
} )
2017-06-22 16:43:55 -05:00
cmd := m . SaveDashboardCommand {
2017-06-23 15:00:26 -05:00
FolderId : fakeDash . FolderId ,
2017-06-12 16:05:32 -05:00
Dashboard : simplejson . NewFromAny ( map [ string ] interface { } {
2017-06-17 17:24:38 -05:00
"id" : fakeDash . Id ,
2017-06-23 15:00:26 -05:00
"folderId" : fakeDash . FolderId ,
2017-06-12 16:05:32 -05:00
"title" : fakeDash . Title ,
} ) ,
}
2017-06-12 08:48:55 -05:00
Convey ( "When user is an Org Viewer and has no permissions for this dashboard" , func ( ) {
2017-06-22 16:43:55 -05:00
role := m . ROLE_VIEWER
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 08:48:55 -05:00
sc . handlerFunc = GetDashboard
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 08:48:55 -05:00
Convey ( "Should be denied access" , func ( ) {
So ( sc . resp . Code , ShouldEqual , 403 )
} )
} )
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
sc . handlerFunc = GetDashboard
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should be denied access" , func ( ) {
So ( sc . resp . Code , ShouldEqual , 403 )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 16:05:32 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-13 17:28:34 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 16:05:32 -05:00
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
CallPostDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 08:48:55 -05:00
} )
Convey ( "When user is an Org Editor and has no permissions for this dashboard" , func ( ) {
2017-06-22 16:43:55 -05:00
role := m . ROLE_EDITOR
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 08:48:55 -05:00
sc . handlerFunc = GetDashboard
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 08:48:55 -05:00
Convey ( "Should be denied access" , func ( ) {
So ( sc . resp . Code , ShouldEqual , 403 )
} )
} )
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
sc . handlerFunc = GetDashboard
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should be denied access" , func ( ) {
So ( sc . resp . Code , ShouldEqual , 403 )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 16:05:32 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-13 17:28:34 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 16:05:32 -05:00
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
CallPostDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 08:48:55 -05:00
} )
Convey ( "When user is an Org Viewer but has an edit permission" , func ( ) {
2017-06-22 16:43:55 -05:00
role := m . ROLE_VIEWER
2017-06-12 16:05:32 -05:00
2017-06-22 16:43:55 -05:00
mockResult := [ ] * m . DashboardAclInfoDTO {
{ Id : 1 , OrgId : 1 , DashboardId : 2 , UserId : 1 , Permission : m . PERMISSION_EDIT } ,
2017-06-12 08:48:55 -05:00
}
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardAclInfoListQuery ) error {
2017-06-12 08:48:55 -05:00
query . Result = mockResult
return nil
} )
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
dash := GetDashboardShouldReturn200 ( sc )
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 08:48:55 -05:00
Convey ( "Should be able to get dashboard with edit rights" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeTrue )
2017-06-22 17:34:19 -05:00
So ( dash . Meta . CanAdmin , ShouldBeFalse )
} )
} )
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
dash := GetDashboardShouldReturn200 ( sc )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should be able to get dashboard with edit rights" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeTrue )
So ( dash . Meta . CanAdmin , ShouldBeFalse )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-22 17:34:19 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-22 17:34:19 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-22 17:34:19 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
} )
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
2018-01-30 16:37:54 -06:00
CallPostDashboardShouldReturnSuccess ( sc )
2017-06-22 17:34:19 -05:00
} )
} )
2017-12-15 07:19:49 -06:00
Convey ( "When user is an Org Viewer and viewers can edit" , func ( ) {
role := m . ROLE_VIEWER
setting . ViewersCanEdit = true
mockResult := [ ] * m . DashboardAclInfoDTO {
{ Id : 1 , OrgId : 1 , DashboardId : 2 , UserId : 1 , Permission : m . PERMISSION_VIEW } ,
}
bus . AddHandler ( "test" , func ( query * m . GetDashboardAclInfoListQuery ) error {
query . Result = mockResult
return nil
} )
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-12-15 07:19:49 -06:00
dash := GetDashboardShouldReturn200 ( sc )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-12-15 07:19:49 -06:00
Convey ( "Should be able to get dashboard with edit rights but can save should be false" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeFalse )
So ( dash . Meta . CanAdmin , ShouldBeFalse )
} )
} )
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
dash := GetDashboardShouldReturn200 ( sc )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should be able to get dashboard with edit rights but can save should be false" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeFalse )
So ( dash . Meta . CanAdmin , ShouldBeFalse )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-12-15 07:19:49 -06:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-12-15 07:19:49 -06:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-12-15 07:19:49 -06:00
} )
2017-06-22 17:34:19 -05:00
Convey ( "When user is an Org Viewer but has an admin permission" , func ( ) {
role := m . ROLE_VIEWER
mockResult := [ ] * m . DashboardAclInfoDTO {
{ Id : 1 , OrgId : 1 , DashboardId : 2 , UserId : 1 , Permission : m . PERMISSION_ADMIN } ,
}
bus . AddHandler ( "test" , func ( query * m . GetDashboardAclInfoListQuery ) error {
query . Result = mockResult
return nil
} )
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-22 17:34:19 -05:00
dash := GetDashboardShouldReturn200 ( sc )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-22 17:34:19 -05:00
Convey ( "Should be able to get dashboard with edit rights" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeTrue )
So ( dash . Meta . CanAdmin , ShouldBeTrue )
2017-06-12 08:48:55 -05:00
} )
} )
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
dash := GetDashboardShouldReturn200 ( sc )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
Convey ( "Should be able to get dashboard with edit rights" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeTrue )
So ( dash . Meta . CanSave , ShouldBeTrue )
So ( dash . Meta . CanAdmin , ShouldBeTrue )
} )
} )
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 16:05:32 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-13 17:28:34 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
} )
2017-06-12 16:05:32 -05:00
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
2018-01-30 16:37:54 -06:00
CallPostDashboardShouldReturnSuccess ( sc )
2017-06-12 16:05:32 -05:00
} )
2017-06-12 08:48:55 -05:00
} )
Convey ( "When user is an Org Editor but has a view permission" , func ( ) {
2017-06-22 16:43:55 -05:00
role := m . ROLE_EDITOR
2017-06-12 16:05:32 -05:00
2017-06-22 16:43:55 -05:00
mockResult := [ ] * m . DashboardAclInfoDTO {
{ Id : 1 , OrgId : 1 , DashboardId : 2 , UserId : 1 , Permission : m . PERMISSION_VIEW } ,
2017-06-12 08:48:55 -05:00
}
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardAclInfoListQuery ) error {
2017-06-12 08:48:55 -05:00
query . Result = mockResult
return nil
} )
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
dash := GetDashboardShouldReturn200 ( sc )
2017-06-12 08:48:55 -05:00
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
Convey ( "Should not be able to edit or save dashboard" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeFalse )
So ( dash . Meta . CanSave , ShouldBeFalse )
} )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
dash := GetDashboardShouldReturn200 ( sc )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
2017-06-12 08:48:55 -05:00
Convey ( "Should not be able to edit or save dashboard" , func ( ) {
So ( dash . Meta . CanEdit , ShouldBeFalse )
So ( dash . Meta . CanSave , ShouldBeFalse )
} )
} )
2017-06-12 16:05:32 -05:00
2018-01-29 14:23:07 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/db/child-dash" , "/api/dashboards/db/:slug" , role , func ( sc * scenarioContext ) {
2017-06-12 16:05:32 -05:00
CallDeleteDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
2018-01-29 14:23:07 -06:00
Convey ( "Should lookup dashboard by slug" , func ( ) {
So ( getDashboardQueries [ 0 ] . Slug , ShouldEqual , "child-dash" )
} )
2017-06-12 16:05:32 -05:00
} )
2018-01-31 09:46:31 -06:00
loggedInUserScenarioWithRole ( "When calling DELETE on" , "DELETE" , "/api/dashboards/uid/abcdefghi" , "/api/dashboards/uid/:uid" , role , func ( sc * scenarioContext ) {
CallDeleteDashboardByUid ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
Convey ( "Should lookup dashboard by uid" , func ( ) {
So ( getDashboardQueries [ 0 ] . Uid , ShouldEqual , "abcdefghi" )
} )
} )
2017-06-13 17:28:34 -05:00
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions/1" , "/api/dashboards/id/:dashboardId/versions/:id" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersion ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
loggedInUserScenarioWithRole ( "When calling GET on" , "GET" , "/api/dashboards/id/2/versions" , "/api/dashboards/id/:dashboardId/versions" , role , func ( sc * scenarioContext ) {
CallGetDashboardVersions ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 16:05:32 -05:00
postDashboardScenario ( "When calling POST on" , "/api/dashboards" , "/api/dashboards" , role , cmd , func ( sc * scenarioContext ) {
CallPostDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 403 )
} )
2017-06-12 08:48:55 -05:00
} )
} )
}
2017-06-12 16:05:32 -05:00
func GetDashboardShouldReturn200 ( sc * scenarioContext ) dtos . DashboardFullWithMeta {
sc . handlerFunc = GetDashboard
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
So ( sc . resp . Code , ShouldEqual , 200 )
dash := dtos . DashboardFullWithMeta { }
err := json . NewDecoder ( sc . resp . Body ) . Decode ( & dash )
So ( err , ShouldBeNil )
return dash
}
2017-06-13 17:28:34 -05:00
func CallGetDashboardVersion ( sc * scenarioContext ) {
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardVersionQuery ) error {
query . Result = & m . DashboardVersion { }
2017-06-13 17:28:34 -05:00
return nil
} )
sc . handlerFunc = GetDashboardVersion
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
}
func CallGetDashboardVersions ( sc * scenarioContext ) {
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( query * m . GetDashboardVersionsQuery ) error {
query . Result = [ ] * m . DashboardVersionDTO { }
2017-06-13 17:28:34 -05:00
return nil
} )
sc . handlerFunc = GetDashboardVersions
sc . fakeReqWithParams ( "GET" , sc . url , map [ string ] string { } ) . exec ( )
}
2017-06-12 16:05:32 -05:00
func CallDeleteDashboard ( sc * scenarioContext ) {
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( cmd * m . DeleteDashboardCommand ) error {
2017-06-12 16:05:32 -05:00
return nil
} )
sc . handlerFunc = DeleteDashboard
sc . fakeReqWithParams ( "DELETE" , sc . url , map [ string ] string { } ) . exec ( )
}
2018-01-31 09:46:31 -06:00
func CallDeleteDashboardByUid ( sc * scenarioContext ) {
bus . AddHandler ( "test" , func ( cmd * m . DeleteDashboardCommand ) error {
return nil
} )
sc . handlerFunc = DeleteDashboardByUid
sc . fakeReqWithParams ( "DELETE" , sc . url , map [ string ] string { } ) . exec ( )
}
2017-06-12 16:05:32 -05:00
func CallPostDashboard ( sc * scenarioContext ) {
bus . AddHandler ( "test" , func ( cmd * alerting . ValidateDashboardAlertsCommand ) error {
return nil
} )
2017-06-22 16:43:55 -05:00
bus . AddHandler ( "test" , func ( cmd * m . SaveDashboardCommand ) error {
cmd . Result = & m . Dashboard { Id : 2 , Slug : "Dash" , Version : 2 }
2017-06-12 16:05:32 -05:00
return nil
} )
bus . AddHandler ( "test" , func ( cmd * alerting . UpdateDashboardAlertsCommand ) error {
return nil
} )
sc . fakeReqWithParams ( "POST" , sc . url , map [ string ] string { } ) . exec ( )
}
2018-01-30 16:37:54 -06:00
func CallPostDashboardShouldReturnSuccess ( sc * scenarioContext ) {
CallPostDashboard ( sc )
So ( sc . resp . Code , ShouldEqual , 200 )
result := sc . ToJson ( )
So ( result . Get ( "status" ) . MustString ( ) , ShouldEqual , "success" )
So ( result . Get ( "id" ) . MustInt64 ( ) , ShouldBeGreaterThan , 0 )
So ( result . Get ( "uid" ) . MustString ( ) , ShouldNotBeNil )
So ( result . Get ( "slug" ) . MustString ( ) , ShouldNotBeNil )
So ( result . Get ( "url" ) . MustString ( ) , ShouldNotBeNil )
}
2017-06-22 16:43:55 -05:00
func postDashboardScenario ( desc string , url string , routePattern string , role m . RoleType , cmd m . SaveDashboardCommand , fn scenarioFunc ) {
2017-06-12 16:05:32 -05:00
Convey ( desc + " " + url , func ( ) {
defer bus . ClearBusHandlers ( )
sc := & scenarioContext {
url : url ,
}
viewsPath , _ := filepath . Abs ( "../../public/views" )
sc . m = macaron . New ( )
sc . m . Use ( macaron . Renderer ( macaron . RenderOptions {
Directory : viewsPath ,
Delims : macaron . Delims { Left : "[[" , Right : "]]" } ,
} ) )
sc . m . Use ( middleware . GetContextHandler ( ) )
sc . m . Use ( middleware . Sessioner ( & session . Options { } ) )
sc . defaultHandler = wrap ( func ( c * middleware . Context ) Response {
sc . context = c
sc . context . UserId = TestUserID
sc . context . OrgId = TestOrgID
sc . context . OrgRole = role
return PostDashboard ( c , cmd )
} )
2017-12-12 09:15:24 -06:00
fakeRepo = & fakeDashboardRepo { }
dashboards . SetRepository ( fakeRepo )
2017-06-12 16:05:32 -05:00
sc . m . Post ( routePattern , sc . defaultHandler )
fn ( sc )
} )
}
2018-01-29 12:27:53 -06:00
func ( sc * scenarioContext ) ToJson ( ) * simplejson . Json {
var result * simplejson . Json
err := json . NewDecoder ( sc . resp . Body ) . Decode ( & result )
So ( err , ShouldBeNil )
return result
}
