IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

MESA: Allow using synced permissions (#71377)

Browse Source 
* wip

* cover authorize in org behavior

* revert export

* fix org tests

* change permissions nit
This commit is contained in:
Jo
2023-07-12 12:28:04 +02:00
committed by GitHub
parent c63638189c
commit e56b2cae00
4 changed files with 212 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/org_test.go
View File

@@ -253,7 +253,7 @@ func TestAPIEndpoint_GetOrg(t *testing.T) {
hs.accesscontrolService = &actest.FakeService{ExpectedPermissions: tt.permissions}
})
verify := func(path string) {
req := webtest.RequestWithSignedInUser(server.NewGetRequest(path), userWithPermissions(2, nil))
req := webtest.RequestWithSignedInUser(server.NewGetRequest(path), userWithPermissions(2, tt.permissions))
res, err := server.Send(req)
require.NoError(t, err)
assert.Equal(t, tt.expectedCode, res.StatusCode)

11
pkg/api/quota_test.go
View File

@@ -10,6 +10,7 @@ import (
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/services/user/usertest"
"github.com/grafana/grafana/pkg/setting"
@@ -62,6 +63,7 @@ func TestAPIEndpoint_GetOrgQuotas(t *testing.T) {
cfg.Quota.Enabled = true
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = cfg
hs.accesscontrolService = &actest.FakeService{ExpectedPermissions: []accesscontrol.Permission{}}
hs.userService = &usertest.FakeUserService{
ExpectedSignedInUser: &user.SignedInUser{OrgID: 2},
}
@@ -77,7 +79,7 @@ func TestAPIEndpoint_GetOrgQuotas(t *testing.T) {
t.Run("AccessControl prevents viewing another org quotas with correct permissions in another org", func(t *testing.T) {
// Set correct permissions in org 1 and empty permissions in org 2
user := userWithPermissions(1, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsQuotasRead}})
user.Permissions[2] = map[string][]string{}
user.Permissions[2] = nil
req := webtest.RequestWithSignedInUser(server.NewGetRequest(fmt.Sprintf(getOrgsQuotasURL, 2)), user)
res, err := server.Send(req)
require.NoError(t, err)
@@ -107,8 +109,10 @@ func TestAPIEndpoint_PutOrgQuotas(t *testing.T) {
Org: 5,
},
}
fakeACService := &actest.FakeService{}
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = cfg
hs.accesscontrolService = fakeACService
hs.userService = &usertest.FakeUserService{
ExpectedSignedInUser: &user.SignedInUser{OrgID: 2},
}
@@ -118,6 +122,7 @@ func TestAPIEndpoint_PutOrgQuotas(t *testing.T) {
t.Run("AccessControl allows updating another org quotas with correct permissions", func(t *testing.T) {
user := userWithPermissions(2, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsQuotasWrite}})
user.OrgID = 1
fakeACService.ExpectedPermissions = []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsQuotasWrite}}
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, fmt.Sprintf(putOrgsQuotasURL, 2, "org_user"), input), user)
response, err := server.SendJSON(req)
require.NoError(t, err)
@@ -128,7 +133,8 @@ func TestAPIEndpoint_PutOrgQuotas(t *testing.T) {
input = strings.NewReader(testUpdateOrgQuotaCmd)
t.Run("AccessControl prevents updating another org quotas with correct permissions in another org", func(t *testing.T) {
user := userWithPermissions(1, []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsQuotasWrite}})
user.Permissions[2] = map[string][]string{}
user.Permissions[2] = nil
fakeACService.ExpectedPermissions = []accesscontrol.Permission{}
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, fmt.Sprintf(putOrgsQuotasURL, 2, "org_user"), input), user)
response, err := server.SendJSON(req)
require.NoError(t, err)
@@ -139,6 +145,7 @@ func TestAPIEndpoint_PutOrgQuotas(t *testing.T) {
input = strings.NewReader(testUpdateOrgQuotaCmd)
t.Run("AccessControl prevents updating another org quotas with incorrect permissions", func(t *testing.T) {
user := userWithPermissions(2, []accesscontrol.Permission{{Action: "orgs:invalid"}})
fakeACService.ExpectedPermissions = []accesscontrol.Permission{}
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, fmt.Sprintf(putOrgsQuotasURL, 2, "org_user"), input), user)
response, err := server.SendJSON(req)
require.NoError(t, err)