mirror of
https://github.com/grafana/grafana.git
synced 2024-12-02 05:29:42 -06:00
104 lines
2.4 KiB
Go
104 lines
2.4 KiB
Go
package evaluator
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
|
)
|
|
|
|
func TestExtractPermission(t *testing.T) {
|
|
const targetPermission = "permissions:create"
|
|
userPermissions := []*accesscontrol.Permission{
|
|
{
|
|
Action: "permissions:create",
|
|
Scope: "teams:*/permissions:*",
|
|
},
|
|
{
|
|
Action: "permissions:remove",
|
|
Scope: "permissions:*",
|
|
},
|
|
}
|
|
expectedScopes := map[string]struct{}{
|
|
"teams:*/permissions:*": {},
|
|
}
|
|
ok, scopes := extractScopes(userPermissions, targetPermission)
|
|
assert.True(t, ok)
|
|
assert.Equal(t, expectedScopes, scopes)
|
|
}
|
|
|
|
func TestEvaluatePermissions(t *testing.T) {
|
|
tests := []struct {
|
|
Name string
|
|
HasScopes map[string]struct{}
|
|
NeedAnyScope []string
|
|
Valid bool
|
|
}{
|
|
{
|
|
Name: "Base",
|
|
HasScopes: map[string]struct{}{},
|
|
NeedAnyScope: []string{},
|
|
Valid: true,
|
|
},
|
|
{
|
|
Name: "No expected scope always returns true",
|
|
HasScopes: map[string]struct{}{
|
|
"teams:*/permissions:*": {},
|
|
"users:*": {},
|
|
"permissions:delegate": {},
|
|
},
|
|
NeedAnyScope: []string{},
|
|
Valid: true,
|
|
},
|
|
{
|
|
Name: "Single scope from list",
|
|
HasScopes: map[string]struct{}{
|
|
"teams:1/permissions:delegate": {},
|
|
},
|
|
NeedAnyScope: []string{"teams:1/permissions:delegate"},
|
|
Valid: true,
|
|
},
|
|
{
|
|
Name: "Single scope from glob list",
|
|
HasScopes: map[string]struct{}{
|
|
"teams:*/permissions:*": {},
|
|
"users:*": {},
|
|
"permissions:delegate": {},
|
|
},
|
|
NeedAnyScope: []string{"teams:1/permissions:delegate"},
|
|
Valid: true,
|
|
},
|
|
{
|
|
Name: "Either of two scopes from glob list",
|
|
HasScopes: map[string]struct{}{
|
|
"teams:*/permissions:*": {},
|
|
"users:*": {},
|
|
"permissions:delegate": {},
|
|
},
|
|
NeedAnyScope: []string{"global:admin", "permissions:delegate"},
|
|
Valid: true,
|
|
},
|
|
{
|
|
Name: "No match found",
|
|
HasScopes: map[string]struct{}{
|
|
"teams:*/permissions:*": {},
|
|
"users:*": {},
|
|
"permissions:delegate": {},
|
|
},
|
|
NeedAnyScope: []string{"teams1/permissions:delegate"},
|
|
Valid: false,
|
|
},
|
|
}
|
|
|
|
for _, tc := range tests {
|
|
tc := tc
|
|
t.Run(tc.Name, func(t *testing.T) {
|
|
ok, err := evaluateScope(tc.HasScopes, tc.NeedAnyScope...)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, tc.Valid, ok)
|
|
})
|
|
}
|
|
}
|