IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
7f8daa0eae
grafana/pkg/services/accesscontrol/database/database_test.go
Karl Persson c3ca2d214d
Access control: Refactor managed permission system to create api and frontend components (#42540) 
* Refactor resource permissions
* Add frondend components for resource permissions

Co-authored-by: kay delaney <45561153+kaydelaney@users.noreply.github.com>
Co-authored-by: Alex Khomenko <Clarity-89@users.noreply.github.com>
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2021-12-20 09:52:24 +01:00

133 lines
3.6 KiB
Go
Raw Blame History

package database
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/sqlstore"
)
type getUserPermissionsTestCase struct {
desc string
orgID int64
role string
userPermissions []string
teamPermissions []string
builtinPermissions []string
expected int
}
func TestAccessControlStore_GetUserPermissions(t *testing.T) {
tests := []getUserPermissionsTestCase{
{
desc: "should successfully get user, team and builtin permissions",
orgID: 1,
role: "Admin",
userPermissions: []string{"1", "2", "10"},
teamPermissions: []string{"100", "2"},
builtinPermissions: []string{"5", "6"},
expected: 7,
},
{
desc: "Should not get admin roles",
orgID: 1,
role: "Viewer",
userPermissions: []string{"1", "2", "10"},
teamPermissions: []string{"100", "2"},
builtinPermissions: []string{"5", "6"},
expected: 5,
},
{
desc: "Should work without org role",
orgID: 1,
role: "",
userPermissions: []string{"1", "2", "10"},
teamPermissions: []string{"100", "2"},
builtinPermissions: []string{"5", "6"},
expected: 5,
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
store, sql := setupTestEnv(t)
user, team := createUserAndTeam(t, sql, tt.orgID)
for _, id := range tt.userPermissions {
_, err := store.SetUserResourcePermission(context.Background(), tt.orgID, user.Id, accesscontrol.SetResourcePermissionCommand{
Actions: []string{"dashboards:read"},
Resource: "dashboards",
ResourceID: id,
})
require.NoError(t, err)
}
for _, id := range tt.teamPermissions {
_, err := store.SetTeamResourcePermission(context.Background(), tt.orgID, team.Id, accesscontrol.SetResourcePermissionCommand{
Actions: []string{"dashboards:read"},
Resource: "dashboards",
ResourceID: id,
})
require.NoError(t, err)
}
for _, id := range tt.builtinPermissions {
_, err := store.SetBuiltInResourcePermission(context.Background(), tt.orgID, "Admin", accesscontrol.SetResourcePermissionCommand{
Actions: []string{"dashboards:read"},
Resource: "dashboards",
ResourceID: id,
})
require.NoError(t, err)
}
var roles []string
role := models.RoleType(tt.role)
if role.IsValid() {
roles = append(roles, string(role))
for _, c := range role.Children() {
roles = append(roles, string(c))
}
}
permissions, err := store.GetUserPermissions(context.Background(), accesscontrol.GetUserPermissionsQuery{
OrgID: tt.orgID,
UserID: user.Id,
Roles: roles,
})
require.NoError(t, err)
assert.Len(t, permissions, tt.expected)
})
}
}
func createUserAndTeam(t *testing.T, sql *sqlstore.SQLStore, orgID int64) (*models.User, models.Team) {
t.Helper()
user, err := sql.CreateUser(context.Background(), models.CreateUserCommand{
Login: "user",
OrgId: orgID,
})
require.NoError(t, err)
team, err := sql.CreateTeam("team", "", orgID)
require.NoError(t, err)
err = sql.AddTeamMember(user.Id, orgID, team.Id, false, models.PERMISSION_VIEW)
require.NoError(t, err)
return user, team
}
func setupTestEnv(t testing.TB) (*AccessControlStore, *sqlstore.SQLStore) {
store := sqlstore.InitTestDB(t)
return ProvideService(store), store
}
Reference in New Issue View Git Blame Copy Permalink