mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Search: Allowed actions (#52529)
This commit is contained in:
Artur Wierzbicki
GitHub
119
pkg/services/searchV2/allowed_actions_test.go
Normal file
119
pkg/services/searchV2/allowed_actions_test.go
Normal file
@@ -0,0 +1,119 @@
|
||||
package searchV2
|
||||
|
||||
import (
|
||||
"context"
|
||||
_ "embed"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
||||
"github.com/grafana/grafana-plugin-sdk-go/data"
|
||||
"github.com/grafana/grafana-plugin-sdk-go/experimental"
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
||||
"github.com/grafana/grafana/pkg/services/dashboards"
|
||||
"github.com/grafana/grafana/pkg/services/datasources"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
var (
|
||||
//go:embed testdata/search_response_frame.json
|
||||
exampleListFrameJSON string
|
||||
|
||||
orgId = int64(1)
|
||||
permissionsWithScopeAll = map[string][]string{
|
||||
datasources.ActionIDRead: {datasources.ScopeAll},
|
||||
datasources.ActionDelete: {datasources.ScopeAll},
|
||||
ac.ActionDatasourcesExplore: {datasources.ScopeAll},
|
||||
datasources.ActionQuery: {datasources.ScopeAll},
|
||||
datasources.ActionRead: {datasources.ScopeAll},
|
||||
datasources.ActionWrite: {datasources.ScopeAll},
|
||||
datasources.ActionPermissionsRead: {datasources.ScopeAll},
|
||||
datasources.ActionPermissionsWrite: {datasources.ScopeAll},
|
||||
|
||||
dashboards.ActionFoldersCreate: {dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionFoldersRead: {dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionFoldersWrite: {dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionFoldersDelete: {dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionFoldersPermissionsRead: {dashboards.ScopeFoldersAll},
|
||||
dashboards.ActionFoldersPermissionsWrite: {dashboards.ScopeFoldersAll},
|
||||
|
||||
dashboards.ActionDashboardsCreate: {dashboards.ScopeDashboardsAll},
|
||||
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll},
|
||||
dashboards.ActionDashboardsWrite: {dashboards.ScopeDashboardsAll},
|
||||
dashboards.ActionDashboardsDelete: {dashboards.ScopeDashboardsAll},
|
||||
dashboards.ActionDashboardsPermissionsRead: {dashboards.ScopeDashboardsAll},
|
||||
dashboards.ActionDashboardsPermissionsWrite: {dashboards.ScopeDashboardsAll},
|
||||
}
|
||||
permissionsWithUidScopes = map[string][]string{
|
||||
datasources.ActionIDRead: {},
|
||||
datasources.ActionDelete: {},
|
||||
ac.ActionDatasourcesExplore: {},
|
||||
datasources.ActionQuery: {},
|
||||
datasources.ActionRead: {
|
||||
datasources.ScopeProvider.GetResourceScopeUID("datasource-2"),
|
||||
datasources.ScopeProvider.GetResourceScopeUID("datasource-3"),
|
||||
},
|
||||
datasources.ActionWrite: {},
|
||||
datasources.ActionPermissionsRead: {},
|
||||
datasources.ActionPermissionsWrite: {},
|
||||
|
||||
dashboards.ActionFoldersCreate: {},
|
||||
dashboards.ActionFoldersRead: {
|
||||
dashboards.ScopeFoldersProvider.GetResourceScopeUID("ujaM1h6nz"),
|
||||
},
|
||||
dashboards.ActionFoldersWrite: {},
|
||||
dashboards.ActionFoldersDelete: {},
|
||||
dashboards.ActionFoldersPermissionsRead: {},
|
||||
dashboards.ActionFoldersPermissionsWrite: {},
|
||||
|
||||
dashboards.ActionDashboardsCreate: {},
|
||||
dashboards.ActionDashboardsRead: {},
|
||||
dashboards.ActionDashboardsWrite: {
|
||||
dashboards.ScopeDashboardsProvider.GetResourceScopeUID("7MeksYbmk"),
|
||||
},
|
||||
dashboards.ActionDashboardsDelete: {},
|
||||
dashboards.ActionDashboardsPermissionsRead: {},
|
||||
dashboards.ActionDashboardsPermissionsWrite: {},
|
||||
}
|
||||
)
|
||||
|
||||
func service(t *testing.T) *StandardSearchService {
|
||||
service, ok := ProvideService(nil, nil, nil, accesscontrolmock.New()).(*StandardSearchService)
|
||||
require.True(t, ok)
|
||||
return service
|
||||
}
|
||||
|
||||
func TestAllowedActionsForPermissionsWithScopeAll(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
permissions map[string][]string
|
||||
}{
|
||||
{
|
||||
name: "scope_all",
|
||||
permissions: permissionsWithScopeAll,
|
||||
},
|
||||
{
|
||||
name: "scope_uids",
|
||||
permissions: permissionsWithUidScopes,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
frame := &data.Frame{}
|
||||
err := frame.UnmarshalJSON([]byte(exampleListFrameJSON))
|
||||
require.NoError(t, err)
|
||||
|
||||
err = service(t).addAllowedActionsField(context.Background(), orgId, &models.SignedInUser{
|
||||
Permissions: map[int64]map[string][]string{
|
||||
orgId: tt.permissions,
|
||||
},
|
||||
}, &backend.DataResponse{
|
||||
Frames: []*data.Frame{frame},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
experimental.CheckGoldenJSONFrame(t, "testdata", fmt.Sprintf("allowed_actions_%s.golden", tt.name), frame, true)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user