RBAC: Cleaup team api rbac tests (#57265)

* RBAC: Remove the access control evaluator fake * API: Change to use access control implementation instead of mocks with rbac disabled in tests * Tests: Set cfg and access control defaults after applying options * Tests: Rewrite team legacy access control tests * Tests: Add helper function to create user with permissions * Tests: set fake quota service as default * Team: Add ExpectedTeamDTO and set in query result * RBAC: Revert change * RBAC: Add deprecation notice to mock
2025-02-25 18:55:37 -06:00 · 2022-10-20 09:11:47 +02:00
parent 0dd721d4ce
commit 764d5b9929
4 changed files with 206 additions and 187 deletions
--- a/pkg/api/common_test.go
+++ b/pkg/api/common_test.go
@@ -46,6 +46,7 @@ import (
 	"github.com/grafana/grafana/pkg/services/org/orgtest"
 	"github.com/grafana/grafana/pkg/services/preference/preftest"
 	"github.com/grafana/grafana/pkg/services/quota/quotaimpl"
+	"github.com/grafana/grafana/pkg/services/quota/quotatest"
 	"github.com/grafana/grafana/pkg/services/rendering"
 	"github.com/grafana/grafana/pkg/services/search"
 	"github.com/grafana/grafana/pkg/services/searchusers"
@@ -315,6 +316,10 @@ func setAccessControlPermissions(acmock *accesscontrolmock.Mock, perms []accessc
 		}
 }

+func userWithPermissions(orgID int64, permissions []accesscontrol.Permission) *user.SignedInUser {
+	return &user.SignedInUser{OrgID: orgID, Permissions: map[int64]map[string][]string{orgID: accesscontrol.GroupScopesByAction(permissions)}}
+}
+
 // setInitCtxSignedInUser sets a copy of the user in initCtx
 func setInitCtxSignedInUser(initCtx *models.ReqContext, user user.SignedInUser) {
 	initCtx.IsSignedIn = true
@@ -348,7 +353,7 @@ func setupSimpleHTTPServer(features *featuremgmt.FeatureManager) *HTTPServer {
 		Cfg:             cfg,
 		Features:        features,
 		License:         &licensing.OSSLicensingService{},
-		AccessControl:   accesscontrolmock.New().WithDisabled(),
+		AccessControl:   acimpl.ProvideAccessControl(cfg),
 		annotationsRepo: annotationstest.NewFakeAnnotationsRepo(),
 	}
 }
@@ -367,7 +372,6 @@ func setupHTTPServerWithCfgDb(
 	store sqlstore.Store, features *featuremgmt.FeatureManager, options ...APITestServerOption,
 ) accessControlScenarioContext {
 	t.Helper()
-
 	license := &licensing.OSSLicensingService{}
 	routeRegister := routing.NewRouteRegister()
 	teamService := teamimpl.ProvideService(db, cfg)
@@ -491,10 +495,9 @@ func SetupAPITestServer(t *testing.T, opts ...APITestServerOption) *webtest.Serv

 	hs := &HTTPServer{
 		RouteRegister:      routing.NewRouteRegister(),
-		Cfg:                setting.NewCfg(),
 		License:            &licensing.OSSLicensingService{},
-		AccessControl:      accesscontrolmock.New().WithDisabled(),
 		Features:           featuremgmt.WithFeatures(),
+		QuotaService:       quotatest.NewQuotaServiceFake(),
 		searchUsersService: &searchusers.OSSService{},
 	}

@@ -502,6 +505,15 @@ func SetupAPITestServer(t *testing.T, opts ...APITestServerOption) *webtest.Serv
 		opt(hs)
 	}

+	if hs.Cfg == nil {
+		hs.Cfg = setting.NewCfg()
+		hs.Cfg.RBACEnabled = false
+	}
+
+	if hs.AccessControl == nil {
+		hs.AccessControl = acimpl.ProvideAccessControl(hs.Cfg)
+	}
+
 	hs.registerRoutes()
 	s := webtest.NewServer(t, hs.RouteRegister)
 	return s