mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
eb9ef34272
* Add checker and update the resource filter function for new search * Add tests for checker * small fixes * handle location for panels correctly * clean up checker code and extend the tests for it * more fixes, but tests don't quite work yet * a small change to return error * cleanup * more simplification * fix tests * correct wrong argument ordering & use constant * Apply suggestions from code review Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com> * import * check general folder from permission checker function * handle root folder aka general folder properly * update tests * clean up * lint * add fix from main Co-authored-by: Karl Persson <kalle.persson@grafana.com> Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>
112 lines
2.8 KiB
Go
112 lines
2.8 KiB
Go
package accesscontrol
|
|
|
|
import (
|
|
"strconv"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
type testData struct {
|
|
uid string
|
|
folderUid string
|
|
}
|
|
|
|
func (d testData) Scopes() []string {
|
|
return []string{
|
|
"dashboards:uid:" + d.uid,
|
|
"folders:uid:" + d.folderUid,
|
|
}
|
|
}
|
|
|
|
func generateTestData() []testData {
|
|
var data []testData
|
|
for i := 1; i < 100; i++ {
|
|
data = append(data, testData{
|
|
uid: strconv.Itoa(i),
|
|
folderUid: strconv.Itoa(i + 100),
|
|
})
|
|
}
|
|
return data
|
|
}
|
|
|
|
func Test_Checker(t *testing.T) {
|
|
data := generateTestData()
|
|
type testCase struct {
|
|
desc string
|
|
user *user.SignedInUser
|
|
expectedLen int
|
|
}
|
|
tests := []testCase{
|
|
{
|
|
desc: "should pass for every entity with dashboard wildcard scope",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:*"}}},
|
|
},
|
|
expectedLen: len(data),
|
|
},
|
|
{
|
|
desc: "should pass for every entity with folder wildcard scope",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"folders:*"}}},
|
|
},
|
|
expectedLen: len(data),
|
|
},
|
|
{
|
|
desc: "should only pass for for 3 scopes",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:uid:4", "dashboards:uid:50", "dashboards:uid:99"}}},
|
|
},
|
|
expectedLen: 3,
|
|
},
|
|
{
|
|
desc: "should only pass 4 with secondary supported scope",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"folders:uid:104", "folders:uid:150", "folders:uid:154", "folders:uid:199"}}},
|
|
},
|
|
expectedLen: 4,
|
|
},
|
|
{
|
|
desc: "should only pass 4 with some dashboard and some folder scopes",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:uid:1", "dashboards:uid:2", "folders:uid:154", "folders:uid:199"}}},
|
|
},
|
|
expectedLen: 4,
|
|
},
|
|
{
|
|
desc: "should only pass 2 with overlapping dashboard and folder scopes",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:uid:101", "dashboards:uid:2", "folders:uid:101", "folders:uid:102"}}},
|
|
},
|
|
expectedLen: 2,
|
|
},
|
|
{
|
|
desc: "should pass none for missing action",
|
|
user: &user.SignedInUser{
|
|
OrgID: 1,
|
|
Permissions: map[int64]map[string][]string{1: {}},
|
|
},
|
|
expectedLen: 0,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.desc, func(t *testing.T) {
|
|
check := Checker(tt.user, "dashboards:read")
|
|
numPasses := 0
|
|
for _, d := range data {
|
|
if ok := check(d.Scopes()...); ok {
|
|
numPasses++
|
|
}
|
|
}
|
|
assert.Equal(t, tt.expectedLen, numPasses)
|
|
})
|
|
}
|
|
}
|