mirror of
https://github.com/grafana/grafana.git
synced 2025-02-12 00:25:46 -06:00
701f6d5436
* UserService: update callers to use the UserService instead of calling sqlstore directly There is one major change hiding in this PR. UserService.Delete originally called a number of services to delete user-related records. I moved everything except the actual call to the user table, and moved those into the API. This was done to avoid dependencies cycles; many of our services depend on the user service, so the user service itself should have as few dependencies as possible.
126 lines
4.5 KiB
Go
126 lines
4.5 KiB
Go
package searchV2
|
|
|
|
import (
|
|
"context"
|
|
_ "embed"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
|
"github.com/grafana/grafana-plugin-sdk-go/data"
|
|
"github.com/grafana/grafana-plugin-sdk-go/experimental"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/grafana/grafana/pkg/infra/tracing"
|
|
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
"github.com/grafana/grafana/pkg/services/datasources"
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
var (
|
|
//go:embed testdata/search_response_frame.json
|
|
exampleListFrameJSON string
|
|
|
|
orgId = int64(1)
|
|
permissionsWithScopeAll = map[string][]string{
|
|
datasources.ActionIDRead: {datasources.ScopeAll},
|
|
datasources.ActionDelete: {datasources.ScopeAll},
|
|
ac.ActionDatasourcesExplore: {datasources.ScopeAll},
|
|
datasources.ActionQuery: {datasources.ScopeAll},
|
|
datasources.ActionRead: {datasources.ScopeAll},
|
|
datasources.ActionWrite: {datasources.ScopeAll},
|
|
datasources.ActionPermissionsRead: {datasources.ScopeAll},
|
|
datasources.ActionPermissionsWrite: {datasources.ScopeAll},
|
|
|
|
dashboards.ActionFoldersCreate: {dashboards.ScopeFoldersAll},
|
|
dashboards.ActionFoldersRead: {dashboards.ScopeFoldersAll},
|
|
dashboards.ActionFoldersWrite: {dashboards.ScopeFoldersAll},
|
|
dashboards.ActionFoldersDelete: {dashboards.ScopeFoldersAll},
|
|
dashboards.ActionFoldersPermissionsRead: {dashboards.ScopeFoldersAll},
|
|
dashboards.ActionFoldersPermissionsWrite: {dashboards.ScopeFoldersAll},
|
|
|
|
dashboards.ActionDashboardsCreate: {dashboards.ScopeDashboardsAll},
|
|
dashboards.ActionDashboardsRead: {dashboards.ScopeDashboardsAll},
|
|
dashboards.ActionDashboardsWrite: {dashboards.ScopeDashboardsAll},
|
|
dashboards.ActionDashboardsDelete: {dashboards.ScopeDashboardsAll},
|
|
dashboards.ActionDashboardsPermissionsRead: {dashboards.ScopeDashboardsAll},
|
|
dashboards.ActionDashboardsPermissionsWrite: {dashboards.ScopeDashboardsAll},
|
|
}
|
|
permissionsWithUidScopes = map[string][]string{
|
|
datasources.ActionIDRead: {},
|
|
datasources.ActionDelete: {},
|
|
ac.ActionDatasourcesExplore: {},
|
|
datasources.ActionQuery: {},
|
|
datasources.ActionRead: {
|
|
datasources.ScopeProvider.GetResourceScopeUID("datasource-2"),
|
|
datasources.ScopeProvider.GetResourceScopeUID("datasource-3"),
|
|
},
|
|
datasources.ActionWrite: {},
|
|
datasources.ActionPermissionsRead: {},
|
|
datasources.ActionPermissionsWrite: {},
|
|
|
|
dashboards.ActionFoldersCreate: {},
|
|
dashboards.ActionFoldersRead: {
|
|
dashboards.ScopeFoldersProvider.GetResourceScopeUID("ujaM1h6nz"),
|
|
},
|
|
dashboards.ActionFoldersWrite: {},
|
|
dashboards.ActionFoldersDelete: {},
|
|
dashboards.ActionFoldersPermissionsRead: {},
|
|
dashboards.ActionFoldersPermissionsWrite: {},
|
|
|
|
dashboards.ActionDashboardsCreate: {},
|
|
dashboards.ActionDashboardsRead: {},
|
|
dashboards.ActionDashboardsWrite: {
|
|
dashboards.ScopeDashboardsProvider.GetResourceScopeUID("7MeksYbmk"),
|
|
},
|
|
dashboards.ActionDashboardsDelete: {},
|
|
dashboards.ActionDashboardsPermissionsRead: {},
|
|
dashboards.ActionDashboardsPermissionsWrite: {},
|
|
}
|
|
)
|
|
|
|
func service(t *testing.T) *StandardSearchService {
|
|
service, ok := ProvideService(&setting.Cfg{Search: setting.SearchSettings{}},
|
|
nil, nil, accesscontrolmock.New(), tracing.InitializeTracerForTest(), featuremgmt.WithFeatures(),
|
|
nil, nil).(*StandardSearchService)
|
|
require.True(t, ok)
|
|
return service
|
|
}
|
|
|
|
func TestAllowedActionsForPermissionsWithScopeAll(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
permissions map[string][]string
|
|
}{
|
|
{
|
|
name: "scope_all",
|
|
permissions: permissionsWithScopeAll,
|
|
},
|
|
{
|
|
name: "scope_uids",
|
|
permissions: permissionsWithUidScopes,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
frame := &data.Frame{}
|
|
err := frame.UnmarshalJSON([]byte(exampleListFrameJSON))
|
|
require.NoError(t, err)
|
|
|
|
err = service(t).addAllowedActionsField(context.Background(), orgId, &user.SignedInUser{
|
|
Permissions: map[int64]map[string][]string{
|
|
orgId: tt.permissions,
|
|
},
|
|
}, &backend.DataResponse{
|
|
Frames: []*data.Frame{frame},
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
experimental.CheckGoldenJSONFrame(t, "testdata", fmt.Sprintf("allowed_actions_%s.golden", tt.name), frame, true)
|
|
}
|
|
}
|