IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-23 01:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity
db0f36e766
grafana/pkg/api/search_test.go
Karl Persson 34be8f28b9
AccessControl: Add metadata to search result (#48879) 
* Add access control metadata to search hits if access control query string is passed
2022-05-17 15:51:44 +02:00

78 lines
2.6 KiB
Go
Raw Blame History

package api
import (
"context"
"encoding/json"
"net/http"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/dashboards"
)
func TestHTTPServer_Search(t *testing.T) {
sc := setupHTTPServer(t, true, true)
sc.initCtx.IsSignedIn = true
sc.initCtx.SignedInUser = &models.SignedInUser{}
sc.hs.SearchService = &mockSearchService{
ExpectedResult: models.HitList{
{ID: 1, UID: "folder1", Title: "folder1", Type: models.DashHitFolder},
{ID: 2, UID: "folder2", Title: "folder2", Type: models.DashHitFolder},
{ID: 3, UID: "dash3", Title: "dash3", FolderUID: "folder2", Type: models.DashHitDB},
},
}
sc.acmock.GetUserPermissionsFunc = func(ctx context.Context, user *models.SignedInUser, options accesscontrol.Options) ([]*accesscontrol.Permission, error) {
return []*accesscontrol.Permission{
{Action: "folders:read", Scope: "folders:*"},
{Action: "folders:write", Scope: "folders:uid:folder2"},
{Action: "dashboards:read", Scope: "dashboards:*"},
{Action: "dashboards:write", Scope: "folders:uid:folder2"},
}, nil
}
type withMeta struct {
models.Hit
AccessControl accesscontrol.Metadata `json:"accessControl,omitempty"`
}
t.Run("should attach access control metadata to response", func(t *testing.T) {
recorder := callAPI(sc.server, http.MethodGet, "/api/search?accesscontrol=true", nil, t)
assert.Equal(t, http.StatusOK, recorder.Code)
var result []withMeta
require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &result))
for _, r := range result {
if r.ID == 1 {
assert.Len(t, r.AccessControl, 1)
assert.True(t, r.AccessControl[dashboards.ActionFoldersRead])
} else if r.ID == 2 {
assert.Len(t, r.AccessControl, 3)
assert.True(t, r.AccessControl[dashboards.ActionFoldersRead])
assert.True(t, r.AccessControl[dashboards.ActionFoldersWrite])
assert.True(t, r.AccessControl[dashboards.ActionDashboardsWrite])
} else if r.ID == 3 {
assert.Len(t, r.AccessControl, 2)
assert.True(t, r.AccessControl[dashboards.ActionDashboardsRead])
assert.True(t, r.AccessControl[dashboards.ActionDashboardsWrite])
}
}
})
t.Run("should not attach access control metadata to response", func(t *testing.T) {
recorder := callAPI(sc.server, http.MethodGet, "/api/search", nil, t)
assert.Equal(t, http.StatusOK, recorder.Code)
var result []withMeta
require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &result))
for _, r := range result {
assert.Len(t, r.AccessControl, 0)
}
})
}
Reference in New Issue View Git Blame Copy Permalink