mirror of
https://github.com/grafana/grafana.git
synced 2025-01-02 12:17:01 -06:00
Guardian: Rewrite tests from goconvey (#29292)
* Guardian: Rewrite tests from goconvey Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Update pkg/services/guardian/guardian_test.go Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This commit is contained in:
Arve Knudsen
GitHub
parent
27b4390484
commit
4c47fc56bb
@ -7,10 +7,10 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
. "github.com/smartystreets/goconvey/convey"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
var (
|
||||
const (
|
||||
orgID = int64(1)
|
||||
defaultDashboardID = int64(-1)
|
||||
dashboardID = int64(1)
|
||||
@ -20,160 +20,157 @@ var (
|
||||
otherUserID = int64(2)
|
||||
teamID = int64(1)
|
||||
otherTeamID = int64(2)
|
||||
adminRole = models.ROLE_ADMIN
|
||||
editorRole = models.ROLE_EDITOR
|
||||
viewerRole = models.ROLE_VIEWER
|
||||
)
|
||||
|
||||
var (
|
||||
adminRole = models.ROLE_ADMIN
|
||||
editorRole = models.ROLE_EDITOR
|
||||
viewerRole = models.ROLE_VIEWER
|
||||
)
|
||||
|
||||
func TestGuardianAdmin(t *testing.T) {
|
||||
Convey("Guardian admin org role tests", t, func() {
|
||||
orgRoleScenario("Given user has admin org role", t, models.ROLE_ADMIN, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(USER, FULL_ACCESS)
|
||||
orgRoleScenario("Given user has admin org role", t, models.ROLE_ADMIN, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(USER, FULL_ACCESS)
|
||||
|
||||
// dashboard has user with permission
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// dashboard has user with permission
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// dashboard has team with permission
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// dashboard has team with permission
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// dashboard has editor role with permission
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// dashboard has editor role with permission
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// dashboard has viewer role with permission
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// dashboard has viewer role with permission
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// parent folder has user with permission
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// parent folder has user with permission
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// parent folder has team with permission
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// parent folder has team with permission
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// parent folder has editor role with permission
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
// parent folder has editor role with permission
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
|
||||
// parent folder has viewer role with permission
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
})
|
||||
// parent folder has viewer role with permission
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
|
||||
})
|
||||
}
|
||||
|
||||
func TestGuardianEditor(t *testing.T) {
|
||||
Convey("Guardian editor org role tests", t, func() {
|
||||
orgRoleScenario("Given user has editor org role", t, models.ROLE_EDITOR, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(USER, EDITOR_ACCESS)
|
||||
orgRoleScenario("Given user has editor org role", t, models.ROLE_EDITOR, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(USER, EDITOR_ACCESS)
|
||||
|
||||
// dashboard has user with permission
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, CAN_VIEW)
|
||||
// dashboard has user with permission
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, CAN_VIEW)
|
||||
|
||||
// dashboard has team with permission
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, CAN_VIEW)
|
||||
// dashboard has team with permission
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, CAN_VIEW)
|
||||
|
||||
// dashboard has editor role with permission
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// dashboard has editor role with permission
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// dashboard has viewer role with permission
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
// dashboard has viewer role with permission
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
|
||||
// parent folder has user with permission
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// parent folder has user with permission
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// parent folder has team with permission
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// parent folder has team with permission
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// parent folder has editor role with permission
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// parent folder has editor role with permission
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// parent folder has viewer role with permission
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
})
|
||||
// parent folder has viewer role with permission
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
})
|
||||
}
|
||||
|
||||
func TestGuardianViewer(t *testing.T) {
|
||||
Convey("Guardian viewer org role tests", t, func() {
|
||||
orgRoleScenario("Given user has viewer org role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(USER, VIEWER_ACCESS)
|
||||
orgRoleScenario("Given user has viewer org role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(USER, VIEWER_ACCESS)
|
||||
|
||||
// dashboard has user with permission
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// dashboard has user with permission
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// dashboard has team with permission
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// dashboard has team with permission
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// dashboard has editor role with permission
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
// dashboard has editor role with permission
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
|
||||
// dashboard has viewer role with permission
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// dashboard has viewer role with permission
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// parent folder has user with permission
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// parent folder has user with permission
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// parent folder has team with permission
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
// parent folder has team with permission
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
|
||||
// parent folder has editor role with permission
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
// parent folder has editor role with permission
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
|
||||
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
|
||||
|
||||
// parent folder has viewer role with permission
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
})
|
||||
// parent folder has viewer role with permission
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
|
||||
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
|
||||
})
|
||||
|
||||
apiKeyScenario("Given api key with viewer role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(VIEWER, VIEWER_ACCESS)
|
||||
})
|
||||
apiKeyScenario("Given api key with viewer role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
|
||||
// dashboard has default permissions
|
||||
sc.defaultPermissionScenario(VIEWER, VIEWER_ACCESS)
|
||||
})
|
||||
}
|
||||
|
||||
@ -186,13 +183,14 @@ func (sc *scenarioContext) defaultPermissionScenario(pt permissionType, flag per
|
||||
toDto(newViewerRolePermission(defaultDashboardID, models.PERMISSION_VIEW)),
|
||||
}
|
||||
|
||||
permissionScenario("and existing permissions is the default permissions (everyone with editor role can edit, everyone with viewer role can view)", dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
|
||||
sc.expectedFlags = flag
|
||||
sc.verifyExpectedPermissionsFlags()
|
||||
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
|
||||
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
|
||||
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
|
||||
})
|
||||
permissionScenario("and existing permissions are the default permissions (everyone with editor role can edit, everyone with viewer role can view)",
|
||||
dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
|
||||
sc.expectedFlags = flag
|
||||
sc.verifyExpectedPermissionsFlags()
|
||||
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
|
||||
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
|
||||
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
|
||||
})
|
||||
}
|
||||
|
||||
func (sc *scenarioContext) dashboardPermissionScenario(pt permissionType, permission models.PermissionType, flag permissionFlags) {
|
||||
@ -212,13 +210,14 @@ func (sc *scenarioContext) dashboardPermissionScenario(pt permissionType, permis
|
||||
existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &viewerRole, Permission: permission}}
|
||||
}
|
||||
|
||||
permissionScenario(fmt.Sprintf("and %s has permission to %s dashboard", pt.String(), permission.String()), dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
|
||||
sc.expectedFlags = flag
|
||||
sc.verifyExpectedPermissionsFlags()
|
||||
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
|
||||
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
|
||||
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
|
||||
})
|
||||
permissionScenario(fmt.Sprintf("and %s has permission to %s dashboard", pt.String(), permission.String()),
|
||||
dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
|
||||
sc.expectedFlags = flag
|
||||
sc.verifyExpectedPermissionsFlags()
|
||||
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
|
||||
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
|
||||
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
|
||||
})
|
||||
}
|
||||
|
||||
func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, permission models.PermissionType, flag permissionFlags) {
|
||||
@ -229,34 +228,43 @@ func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, per
|
||||
|
||||
switch pt {
|
||||
case USER:
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, UserId: userID, Permission: permission, Inherited: true}}
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
|
||||
UserId: userID, Permission: permission, Inherited: true}}
|
||||
case TEAM:
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID, Permission: permission, Inherited: true}}
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID,
|
||||
Permission: permission, Inherited: true}}
|
||||
case EDITOR:
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &editorRole, Permission: permission, Inherited: true}}
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
|
||||
Role: &editorRole, Permission: permission, Inherited: true}}
|
||||
case VIEWER:
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &viewerRole, Permission: permission, Inherited: true}}
|
||||
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
|
||||
Role: &viewerRole, Permission: permission, Inherited: true}}
|
||||
}
|
||||
|
||||
permissionScenario(fmt.Sprintf("and parent folder has %s with permission to %s", pt.String(), permission.String()), childDashboardID, sc, folderPermissionList, func(sc *scenarioContext) {
|
||||
sc.expectedFlags = flag
|
||||
sc.verifyExpectedPermissionsFlags()
|
||||
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
|
||||
sc.verifyUpdateChildDashboardPermissionsShouldBeAllowed(pt, permission)
|
||||
sc.verifyUpdateChildDashboardPermissionsShouldNotBeAllowed(pt, permission)
|
||||
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldBeAllowed(pt, permission)
|
||||
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldNotBeAllowed(pt, permission)
|
||||
})
|
||||
permissionScenario(fmt.Sprintf("and parent folder has %s with permission to %s", pt.String(), permission.String()),
|
||||
childDashboardID, sc, folderPermissionList, func(sc *scenarioContext) {
|
||||
sc.expectedFlags = flag
|
||||
sc.verifyExpectedPermissionsFlags()
|
||||
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
|
||||
sc.verifyUpdateChildDashboardPermissionsShouldBeAllowed(pt, permission)
|
||||
sc.verifyUpdateChildDashboardPermissionsShouldNotBeAllowed(pt, permission)
|
||||
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldBeAllowed(pt, permission)
|
||||
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldNotBeAllowed(pt, permission)
|
||||
})
|
||||
}
|
||||
|
||||
func (sc *scenarioContext) verifyExpectedPermissionsFlags() {
|
||||
canAdmin, _ := sc.g.CanAdmin()
|
||||
canEdit, _ := sc.g.CanEdit()
|
||||
canSave, _ := sc.g.CanSave()
|
||||
canView, _ := sc.g.CanView()
|
||||
|
||||
tc := fmt.Sprintf("should have permissions to %s", sc.expectedFlags.String())
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
canAdmin, err := sc.g.CanAdmin()
|
||||
require.NoError(t, err)
|
||||
canEdit, err := sc.g.CanEdit()
|
||||
require.NoError(t, err)
|
||||
canSave, err := sc.g.CanSave()
|
||||
require.NoError(t, err)
|
||||
canView, err := sc.g.CanView()
|
||||
require.NoError(t, err)
|
||||
|
||||
var actualFlag permissionFlags
|
||||
|
||||
if canAdmin {
|
||||
@ -293,7 +301,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
|
||||
}
|
||||
|
||||
tc := "When updating dashboard permissions with duplicate permission for user should not be allowed"
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
p := []*models.DashboardAcl{
|
||||
newDefaultUserPermission(dashboardID, models.PERMISSION_VIEW),
|
||||
newDefaultUserPermission(dashboardID, models.PERMISSION_ADMIN),
|
||||
@ -308,7 +316,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
|
||||
})
|
||||
|
||||
tc = "When updating dashboard permissions with duplicate permission for team should not be allowed"
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
p := []*models.DashboardAcl{
|
||||
newDefaultTeamPermission(dashboardID, models.PERMISSION_VIEW),
|
||||
newDefaultTeamPermission(dashboardID, models.PERMISSION_ADMIN),
|
||||
@ -322,7 +330,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
|
||||
})
|
||||
|
||||
tc = "When updating dashboard permissions with duplicate permission for editor role should not be allowed"
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
p := []*models.DashboardAcl{
|
||||
newEditorRolePermission(dashboardID, models.PERMISSION_VIEW),
|
||||
newEditorRolePermission(dashboardID, models.PERMISSION_ADMIN),
|
||||
@ -337,7 +345,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
|
||||
})
|
||||
|
||||
tc = "When updating dashboard permissions with duplicate permission for viewer role should not be allowed"
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
p := []*models.DashboardAcl{
|
||||
newViewerRolePermission(dashboardID, models.PERMISSION_VIEW),
|
||||
newViewerRolePermission(dashboardID, models.PERMISSION_ADMIN),
|
||||
@ -351,7 +359,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
|
||||
})
|
||||
|
||||
tc = "When updating dashboard permissions with duplicate permission for admin role should not be allowed"
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
p := []*models.DashboardAcl{
|
||||
newAdminRolePermission(dashboardID, models.PERMISSION_ADMIN),
|
||||
}
|
||||
@ -371,8 +379,7 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldBeAllowed(pt pe
|
||||
|
||||
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
|
||||
tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should be allowed", p.String())
|
||||
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
permissionList := []*models.DashboardAcl{}
|
||||
switch pt {
|
||||
case USER:
|
||||
@ -418,8 +425,7 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt
|
||||
|
||||
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
|
||||
tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should NOT be allowed", p.String())
|
||||
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
permissionList := []*models.DashboardAcl{
|
||||
newEditorRolePermission(dashboardID, p),
|
||||
newViewerRolePermission(dashboardID, p),
|
||||
@ -457,8 +463,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldBeAllowed(
|
||||
|
||||
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
|
||||
tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should be allowed", p.String())
|
||||
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
permissionList := []*models.DashboardAcl{}
|
||||
switch pt {
|
||||
case USER:
|
||||
@ -519,8 +524,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldNotBeAllow
|
||||
|
||||
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
|
||||
tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should NOT be allowed", p.String())
|
||||
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
permissionList := []*models.DashboardAcl{}
|
||||
switch pt {
|
||||
case USER:
|
||||
@ -586,8 +590,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou
|
||||
}
|
||||
|
||||
tc := fmt.Sprintf("When updating child dashboard permissions overriding parent %s permission with %s permission should NOT be allowed", pt.String(), p.String())
|
||||
|
||||
Convey(tc, func() {
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
permissionList := []*models.DashboardAcl{}
|
||||
switch pt {
|
||||
case USER:
|
||||
@ -629,9 +632,11 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou
|
||||
continue
|
||||
}
|
||||
|
||||
tc := fmt.Sprintf("When updating child dashboard permissions overriding parent %s permission with %s permission should be allowed", pt.String(), p.String())
|
||||
|
||||
Convey(tc, func() {
|
||||
tc := fmt.Sprintf(
|
||||
"When updating child dashboard permissions overriding parent %s permission with %s permission should be allowed",
|
||||
pt.String(), p.String(),
|
||||
)
|
||||
sc.t.Run(tc, func(t *testing.T) {
|
||||
permissionList := []*models.DashboardAcl{}
|
||||
switch pt {
|
||||
case USER:
|
||||
|
||||
@ -8,7 +8,7 @@ import (
|
||||
|
||||
"github.com/grafana/grafana/pkg/bus"
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
. "github.com/smartystreets/goconvey/convey"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
type scenarioContext struct {
|
||||
@ -29,88 +29,89 @@ type scenarioContext struct {
|
||||
type scenarioFunc func(c *scenarioContext)
|
||||
|
||||
func orgRoleScenario(desc string, t *testing.T, role models.RoleType, fn scenarioFunc) {
|
||||
user := &models.SignedInUser{
|
||||
UserId: userID,
|
||||
OrgId: orgID,
|
||||
OrgRole: role,
|
||||
}
|
||||
guard := New(dashboardID, orgID, user)
|
||||
sc := &scenarioContext{
|
||||
t: t,
|
||||
orgRoleScenario: desc,
|
||||
givenUser: user,
|
||||
givenDashboardID: dashboardID,
|
||||
g: guard,
|
||||
}
|
||||
t.Run(desc, func(t *testing.T) {
|
||||
user := &models.SignedInUser{
|
||||
UserId: userID,
|
||||
OrgId: orgID,
|
||||
OrgRole: role,
|
||||
}
|
||||
guard := New(dashboardID, orgID, user)
|
||||
|
||||
Convey(desc, func() {
|
||||
sc := &scenarioContext{
|
||||
t: t,
|
||||
orgRoleScenario: desc,
|
||||
givenUser: user,
|
||||
givenDashboardID: dashboardID,
|
||||
g: guard,
|
||||
}
|
||||
fn(sc)
|
||||
})
|
||||
}
|
||||
|
||||
func apiKeyScenario(desc string, t *testing.T, role models.RoleType, fn scenarioFunc) {
|
||||
user := &models.SignedInUser{
|
||||
UserId: 0,
|
||||
OrgId: orgID,
|
||||
OrgRole: role,
|
||||
ApiKeyId: 10,
|
||||
}
|
||||
guard := New(dashboardID, orgID, user)
|
||||
sc := &scenarioContext{
|
||||
t: t,
|
||||
orgRoleScenario: desc,
|
||||
givenUser: user,
|
||||
givenDashboardID: dashboardID,
|
||||
g: guard,
|
||||
}
|
||||
t.Run(desc, func(t *testing.T) {
|
||||
user := &models.SignedInUser{
|
||||
UserId: 0,
|
||||
OrgId: orgID,
|
||||
OrgRole: role,
|
||||
ApiKeyId: 10,
|
||||
}
|
||||
guard := New(dashboardID, orgID, user)
|
||||
sc := &scenarioContext{
|
||||
t: t,
|
||||
orgRoleScenario: desc,
|
||||
givenUser: user,
|
||||
givenDashboardID: dashboardID,
|
||||
g: guard,
|
||||
}
|
||||
|
||||
Convey(desc, func() {
|
||||
fn(sc)
|
||||
})
|
||||
}
|
||||
|
||||
func permissionScenario(desc string, dashboardID int64, sc *scenarioContext, permissions []*models.DashboardAclInfoDTO, fn scenarioFunc) {
|
||||
bus.ClearBusHandlers()
|
||||
func permissionScenario(desc string, dashboardID int64, sc *scenarioContext,
|
||||
permissions []*models.DashboardAclInfoDTO, fn scenarioFunc) {
|
||||
sc.t.Run(desc, func(t *testing.T) {
|
||||
bus.ClearBusHandlers()
|
||||
|
||||
bus.AddHandler("test", func(query *models.GetDashboardAclInfoListQuery) error {
|
||||
if query.OrgID != sc.givenUser.OrgId {
|
||||
sc.reportFailure("Invalid organization id for GetDashboardAclInfoListQuery", sc.givenUser.OrgId, query.OrgID)
|
||||
}
|
||||
if query.DashboardID != sc.givenDashboardID {
|
||||
sc.reportFailure("Invalid dashboard id for GetDashboardAclInfoListQuery", sc.givenDashboardID, query.DashboardID)
|
||||
bus.AddHandler("test", func(query *models.GetDashboardAclInfoListQuery) error {
|
||||
if query.OrgID != sc.givenUser.OrgId {
|
||||
sc.reportFailure("Invalid organization id for GetDashboardAclInfoListQuery", sc.givenUser.OrgId, query.OrgID)
|
||||
}
|
||||
if query.DashboardID != sc.givenDashboardID {
|
||||
sc.reportFailure("Invalid dashboard id for GetDashboardAclInfoListQuery", sc.givenDashboardID, query.DashboardID)
|
||||
}
|
||||
|
||||
query.Result = permissions
|
||||
return nil
|
||||
})
|
||||
|
||||
teams := []*models.TeamDTO{}
|
||||
|
||||
for _, p := range permissions {
|
||||
if p.TeamId > 0 {
|
||||
teams = append(teams, &models.TeamDTO{Id: p.TeamId})
|
||||
}
|
||||
}
|
||||
|
||||
query.Result = permissions
|
||||
return nil
|
||||
})
|
||||
bus.AddHandler("test", func(query *models.GetTeamsByUserQuery) error {
|
||||
if query.OrgId != sc.givenUser.OrgId {
|
||||
sc.reportFailure("Invalid organization id for GetTeamsByUserQuery", sc.givenUser.OrgId, query.OrgId)
|
||||
}
|
||||
if query.UserId != sc.givenUser.UserId {
|
||||
sc.reportFailure("Invalid user id for GetTeamsByUserQuery", sc.givenUser.UserId, query.UserId)
|
||||
}
|
||||
|
||||
teams := []*models.TeamDTO{}
|
||||
query.Result = teams
|
||||
return nil
|
||||
})
|
||||
|
||||
for _, p := range permissions {
|
||||
if p.TeamId > 0 {
|
||||
teams = append(teams, &models.TeamDTO{Id: p.TeamId})
|
||||
}
|
||||
}
|
||||
sc.permissionScenario = desc
|
||||
sc.g = New(dashboardID, sc.givenUser.OrgId, sc.givenUser)
|
||||
sc.givenDashboardID = dashboardID
|
||||
sc.givenPermissions = permissions
|
||||
sc.givenTeams = teams
|
||||
|
||||
bus.AddHandler("test", func(query *models.GetTeamsByUserQuery) error {
|
||||
if query.OrgId != sc.givenUser.OrgId {
|
||||
sc.reportFailure("Invalid organization id for GetTeamsByUserQuery", sc.givenUser.OrgId, query.OrgId)
|
||||
}
|
||||
if query.UserId != sc.givenUser.UserId {
|
||||
sc.reportFailure("Invalid user id for GetTeamsByUserQuery", sc.givenUser.UserId, query.UserId)
|
||||
}
|
||||
|
||||
query.Result = teams
|
||||
return nil
|
||||
})
|
||||
|
||||
sc.permissionScenario = desc
|
||||
sc.g = New(dashboardID, sc.givenUser.OrgId, sc.givenUser)
|
||||
sc.givenDashboardID = dashboardID
|
||||
sc.givenPermissions = permissions
|
||||
sc.givenTeams = teams
|
||||
|
||||
Convey(desc, func() {
|
||||
fn(sc)
|
||||
})
|
||||
}
|
||||
@ -194,7 +195,7 @@ func (f permissionFlags) String() string {
|
||||
}
|
||||
|
||||
func (sc *scenarioContext) reportSuccess() {
|
||||
So(true, ShouldBeTrue)
|
||||
assert.True(sc.t, true)
|
||||
}
|
||||
|
||||
func (sc *scenarioContext) reportFailure(desc string, expected interface{}, actual interface{}) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user