IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Guardian: Rewrite tests from goconvey (#29292)

Browse Source 
* Guardian: Rewrite tests from goconvey

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/services/guardian/guardian_test.go

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This commit is contained in:
Arve Knudsen
2020-11-24 11:36:00 +01:00
committed by GitHub
parent 27b4390484
commit 4c47fc56bb
2 changed files with 244 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

347
pkg/services/guardian/guardian_test.go
View File

@@ -7,10 +7,10 @@ import (
"testing"
"github.com/grafana/grafana/pkg/models"
. "github.com/smartystreets/goconvey/convey"
"github.com/stretchr/testify/require"
)
var (
const (
orgID = int64(1)
defaultDashboardID = int64(-1)
dashboardID = int64(1)
@@ -20,160 +20,157 @@ var (
otherUserID = int64(2)
teamID = int64(1)
otherTeamID = int64(2)
adminRole = models.ROLE_ADMIN
editorRole = models.ROLE_EDITOR
viewerRole = models.ROLE_VIEWER
)
var (
adminRole = models.ROLE_ADMIN
editorRole = models.ROLE_EDITOR
viewerRole = models.ROLE_VIEWER
)
func TestGuardianAdmin(t *testing.T) {
Convey("Guardian admin org role tests", t, func() {
orgRoleScenario("Given user has admin org role", t, models.ROLE_ADMIN, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, FULL_ACCESS)
orgRoleScenario("Given user has admin org role", t, models.ROLE_ADMIN, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, FULL_ACCESS)
// dashboard has user with permission
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has user with permission
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has team with permission
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has team with permission
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has editor role with permission
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has editor role with permission
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has viewer role with permission
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
// dashboard has viewer role with permission
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has user with permission
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has user with permission
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has team with permission
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has team with permission
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has editor role with permission
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has editor role with permission
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, FULL_ACCESS)
// parent folder has viewer role with permission
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
})
// parent folder has viewer role with permission
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, FULL_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, FULL_ACCESS)
})
}
func TestGuardianEditor(t *testing.T) {
Convey("Guardian editor org role tests", t, func() {
orgRoleScenario("Given user has editor org role", t, models.ROLE_EDITOR, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, EDITOR_ACCESS)
orgRoleScenario("Given user has editor org role", t, models.ROLE_EDITOR, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, EDITOR_ACCESS)
// dashboard has user with permission
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, CAN_VIEW)
// dashboard has user with permission
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, CAN_VIEW)
// dashboard has team with permission
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, CAN_VIEW)
// dashboard has team with permission
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, CAN_VIEW)
// dashboard has editor role with permission
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has editor role with permission
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has viewer role with permission
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
// dashboard has viewer role with permission
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
// parent folder has user with permission
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has user with permission
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has team with permission
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has team with permission
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has editor role with permission
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has editor role with permission
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has viewer role with permission
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
})
// parent folder has viewer role with permission
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, NO_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, NO_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, NO_ACCESS)
})
}
func TestGuardianViewer(t *testing.T) {
Convey("Guardian viewer org role tests", t, func() {
orgRoleScenario("Given user has viewer org role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, VIEWER_ACCESS)
orgRoleScenario("Given user has viewer org role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(USER, VIEWER_ACCESS)
// dashboard has user with permission
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has user with permission
sc.dashboardPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has team with permission
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has team with permission
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has editor role with permission
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
// dashboard has editor role with permission
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
sc.dashboardPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
// dashboard has viewer role with permission
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// dashboard has viewer role with permission
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.dashboardPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has user with permission
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has user with permission
sc.parentFolderPermissionScenario(USER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(USER, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has team with permission
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has team with permission
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(TEAM, models.PERMISSION_VIEW, VIEWER_ACCESS)
// parent folder has editor role with permission
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
// parent folder has editor role with permission
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_ADMIN, NO_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_EDIT, NO_ACCESS)
sc.parentFolderPermissionScenario(EDITOR, models.PERMISSION_VIEW, NO_ACCESS)
// parent folder has viewer role with permission
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
})
// parent folder has viewer role with permission
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_ADMIN, FULL_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_EDIT, EDITOR_ACCESS)
sc.parentFolderPermissionScenario(VIEWER, models.PERMISSION_VIEW, VIEWER_ACCESS)
})
apiKeyScenario("Given api key with viewer role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(VIEWER, VIEWER_ACCESS)
})
apiKeyScenario("Given api key with viewer role", t, models.ROLE_VIEWER, func(sc *scenarioContext) {
// dashboard has default permissions
sc.defaultPermissionScenario(VIEWER, VIEWER_ACCESS)
})
}
@@ -186,13 +183,14 @@ func (sc *scenarioContext) defaultPermissionScenario(pt permissionType, flag per
toDto(newViewerRolePermission(defaultDashboardID, models.PERMISSION_VIEW)),
}
permissionScenario("and existing permissions is the default permissions (everyone with editor role can edit, everyone with viewer role can view)", dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
sc.expectedFlags = flag
sc.verifyExpectedPermissionsFlags()
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
})
permissionScenario("and existing permissions are the default permissions (everyone with editor role can edit, everyone with viewer role can view)",
dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
sc.expectedFlags = flag
sc.verifyExpectedPermissionsFlags()
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
})
}
func (sc *scenarioContext) dashboardPermissionScenario(pt permissionType, permission models.PermissionType, flag permissionFlags) {
@@ -212,13 +210,14 @@ func (sc *scenarioContext) dashboardPermissionScenario(pt permissionType, permis
existingPermissions = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: dashboardID, Role: &viewerRole, Permission: permission}}
}
permissionScenario(fmt.Sprintf("and %s has permission to %s dashboard", pt.String(), permission.String()), dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
sc.expectedFlags = flag
sc.verifyExpectedPermissionsFlags()
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
})
permissionScenario(fmt.Sprintf("and %s has permission to %s dashboard", pt.String(), permission.String()),
dashboardID, sc, existingPermissions, func(sc *scenarioContext) {
sc.expectedFlags = flag
sc.verifyExpectedPermissionsFlags()
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
sc.verifyUpdateDashboardPermissionsShouldBeAllowed(pt)
sc.verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt)
})
}
func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, permission models.PermissionType, flag permissionFlags) {
@@ -229,34 +228,43 @@ func (sc *scenarioContext) parentFolderPermissionScenario(pt permissionType, per
switch pt {
case USER:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, UserId: userID, Permission: permission, Inherited: true}}
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
UserId: userID, Permission: permission, Inherited: true}}
case TEAM:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID, Permission: permission, Inherited: true}}
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, TeamId: teamID,
Permission: permission, Inherited: true}}
case EDITOR:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &editorRole, Permission: permission, Inherited: true}}
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
Role: &editorRole, Permission: permission, Inherited: true}}
case VIEWER:
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID, Role: &viewerRole, Permission: permission, Inherited: true}}
folderPermissionList = []*models.DashboardAclInfoDTO{{OrgId: orgID, DashboardId: parentFolderID,
Role: &viewerRole, Permission: permission, Inherited: true}}
}
permissionScenario(fmt.Sprintf("and parent folder has %s with permission to %s", pt.String(), permission.String()), childDashboardID, sc, folderPermissionList, func(sc *scenarioContext) {
sc.expectedFlags = flag
sc.verifyExpectedPermissionsFlags()
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
sc.verifyUpdateChildDashboardPermissionsShouldBeAllowed(pt, permission)
sc.verifyUpdateChildDashboardPermissionsShouldNotBeAllowed(pt, permission)
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldBeAllowed(pt, permission)
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldNotBeAllowed(pt, permission)
})
permissionScenario(fmt.Sprintf("and parent folder has %s with permission to %s", pt.String(), permission.String()),
childDashboardID, sc, folderPermissionList, func(sc *scenarioContext) {
sc.expectedFlags = flag
sc.verifyExpectedPermissionsFlags()
sc.verifyDuplicatePermissionsShouldNotBeAllowed()
sc.verifyUpdateChildDashboardPermissionsShouldBeAllowed(pt, permission)
sc.verifyUpdateChildDashboardPermissionsShouldNotBeAllowed(pt, permission)
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldBeAllowed(pt, permission)
sc.verifyUpdateChildDashboardPermissionsWithOverrideShouldNotBeAllowed(pt, permission)
})
}
func (sc *scenarioContext) verifyExpectedPermissionsFlags() {
canAdmin, _ := sc.g.CanAdmin()
canEdit, _ := sc.g.CanEdit()
canSave, _ := sc.g.CanSave()
canView, _ := sc.g.CanView()
tc := fmt.Sprintf("should have permissions to %s", sc.expectedFlags.String())
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
canAdmin, err := sc.g.CanAdmin()
require.NoError(t, err)
canEdit, err := sc.g.CanEdit()
require.NoError(t, err)
canSave, err := sc.g.CanSave()
require.NoError(t, err)
canView, err := sc.g.CanView()
require.NoError(t, err)
var actualFlag permissionFlags
if canAdmin {
@@ -293,7 +301,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
}
tc := "When updating dashboard permissions with duplicate permission for user should not be allowed"
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
newDefaultUserPermission(dashboardID, models.PERMISSION_VIEW),
newDefaultUserPermission(dashboardID, models.PERMISSION_ADMIN),
@@ -308,7 +316,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
})
tc = "When updating dashboard permissions with duplicate permission for team should not be allowed"
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
newDefaultTeamPermission(dashboardID, models.PERMISSION_VIEW),
newDefaultTeamPermission(dashboardID, models.PERMISSION_ADMIN),
@@ -322,7 +330,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
})
tc = "When updating dashboard permissions with duplicate permission for editor role should not be allowed"
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
newEditorRolePermission(dashboardID, models.PERMISSION_VIEW),
newEditorRolePermission(dashboardID, models.PERMISSION_ADMIN),
@@ -337,7 +345,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
})
tc = "When updating dashboard permissions with duplicate permission for viewer role should not be allowed"
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
newViewerRolePermission(dashboardID, models.PERMISSION_VIEW),
newViewerRolePermission(dashboardID, models.PERMISSION_ADMIN),
@@ -351,7 +359,7 @@ func (sc *scenarioContext) verifyDuplicatePermissionsShouldNotBeAllowed() {
})
tc = "When updating dashboard permissions with duplicate permission for admin role should not be allowed"
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
p := []*models.DashboardAcl{
newAdminRolePermission(dashboardID, models.PERMISSION_ADMIN),
}
@@ -371,8 +379,7 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldBeAllowed(pt pe
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should be allowed", p.String())
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
switch pt {
case USER:
@@ -418,8 +425,7 @@ func (sc *scenarioContext) verifyUpdateDashboardPermissionsShouldNotBeAllowed(pt
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating dashboard permissions with %s permissions should NOT be allowed", p.String())
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{
newEditorRolePermission(dashboardID, p),
newViewerRolePermission(dashboardID, p),
@@ -457,8 +463,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldBeAllowed(
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should be allowed", p.String())
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
switch pt {
case USER:
@@ -519,8 +524,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsShouldNotBeAllow
for _, p := range []models.PermissionType{models.PERMISSION_ADMIN, models.PERMISSION_EDIT, models.PERMISSION_VIEW} {
tc := fmt.Sprintf("When updating child dashboard permissions with %s permissions should NOT be allowed", p.String())
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
switch pt {
case USER:
@@ -586,8 +590,7 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou
}
tc := fmt.Sprintf("When updating child dashboard permissions overriding parent %s permission with %s permission should NOT be allowed", pt.String(), p.String())
Convey(tc, func() {
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
switch pt {
case USER:
@@ -629,9 +632,11 @@ func (sc *scenarioContext) verifyUpdateChildDashboardPermissionsWithOverrideShou
continue
}
tc := fmt.Sprintf("When updating child dashboard permissions overriding parent %s permission with %s permission should be allowed", pt.String(), p.String())
Convey(tc, func() {
tc := fmt.Sprintf(
"When updating child dashboard permissions overriding parent %s permission with %s permission should be allowed",
pt.String(), p.String(),
)
sc.t.Run(tc, func(t *testing.T) {
permissionList := []*models.DashboardAcl{}
switch pt {
case USER: