mirror of
https://github.com/grafana/grafana.git
synced 2025-02-10 15:45:43 -06:00
5eaaf9b9b7
* API: rewrite rbac tests for search * API: rewrite rbac tests for listing plugins * API: remove unused rbac test setup code
102 lines
3.0 KiB
Go
102 lines
3.0 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
"github.com/grafana/grafana/pkg/services/search/model"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/grafana/grafana/pkg/web/webtest"
|
|
)
|
|
|
|
func TestHTTPServer_Search(t *testing.T) {
|
|
type testCase struct {
|
|
desc string
|
|
includeMetadata bool
|
|
permissions []accesscontrol.Permission
|
|
expectedMetadata map[int64]map[string]struct{}
|
|
}
|
|
|
|
type withMeta struct {
|
|
model.Hit
|
|
AccessControl accesscontrol.Metadata `json:"accessControl,omitempty"`
|
|
}
|
|
|
|
tests := []testCase{
|
|
{
|
|
desc: "should attach metadata to response",
|
|
includeMetadata: true,
|
|
expectedMetadata: map[int64]map[string]struct{}{
|
|
1: {dashboards.ActionFoldersRead: {}},
|
|
2: {dashboards.ActionFoldersRead: {}, dashboards.ActionFoldersWrite: {}, dashboards.ActionDashboardsWrite: {}},
|
|
3: {dashboards.ActionDashboardsRead: {}, dashboards.ActionDashboardsWrite: {}},
|
|
},
|
|
permissions: []accesscontrol.Permission{
|
|
{Action: "folders:read", Scope: "folders:*"},
|
|
{Action: "folders:write", Scope: "folders:uid:folder2"},
|
|
{Action: "dashboards:read", Scope: "dashboards:*"},
|
|
{Action: "dashboards:write", Scope: "folders:uid:folder2"},
|
|
},
|
|
},
|
|
{
|
|
desc: "not attach metadata",
|
|
includeMetadata: false,
|
|
expectedMetadata: map[int64]map[string]struct{}{},
|
|
permissions: []accesscontrol.Permission{
|
|
{Action: "folders:read", Scope: "folders:*"},
|
|
{Action: "folders:write", Scope: "folders:uid:folder2"},
|
|
{Action: "dashboards:read", Scope: "dashboards:*"},
|
|
{Action: "dashboards:write", Scope: "folders:uid:folder2"},
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.desc, func(t *testing.T) {
|
|
server := SetupAPITestServer(t, func(hs *HTTPServer) {
|
|
hs.Cfg = setting.NewCfg()
|
|
hs.SearchService = &mockSearchService{ExpectedResult: model.HitList{
|
|
{ID: 1, UID: "folder1", Title: "folder1", Type: model.DashHitFolder},
|
|
{ID: 2, UID: "folder2", Title: "folder2", Type: model.DashHitFolder},
|
|
{ID: 3, UID: "dash3", Title: "dash3", FolderUID: "folder2", Type: model.DashHitDB},
|
|
}}
|
|
})
|
|
|
|
url := "/api/search"
|
|
if tt.includeMetadata {
|
|
url += "?accesscontrol=true"
|
|
}
|
|
|
|
res, err := server.Send(
|
|
webtest.RequestWithSignedInUser(
|
|
server.NewGetRequest(url), userWithPermissions(1, tt.permissions),
|
|
),
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
var result []withMeta
|
|
require.NoError(t, json.NewDecoder(res.Body).Decode(&result))
|
|
|
|
for _, r := range result {
|
|
if !tt.includeMetadata {
|
|
assert.Nil(t, r.AccessControl)
|
|
continue
|
|
}
|
|
|
|
assert.Len(t, r.AccessControl, len(tt.expectedMetadata[r.ID]))
|
|
for action := range r.AccessControl {
|
|
_, ok := tt.expectedMetadata[r.ID][action]
|
|
assert.True(t, ok)
|
|
}
|
|
}
|
|
|
|
require.NoError(t, res.Body.Close())
|
|
})
|
|
}
|
|
}
|