IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
eba38625eb780f4abbe90df2ae71302382a4966d
mattermost/app/role_test.go
Jesús Espino f5eab1271b Removing all FakeApp usages (#14174) 
* Removing some other fake apps

* More FakeApp removed

* Removing entirely FakeApp

* Fixing some tests

* Fixing get Cluster id from get plugin status

* Fixing failing tests

* Fixing tests

* Fixing test initialization for web

* Fixing InitServer for server tests

* Fixing InitServer for server tests

* Reverting go.sum and go.mod

* Removing unneded HTMLTemplates function in App layer

* Moving back some functions to its old place to easy the review

* Moving back some functions to its old place to easy the review

* Using the last struct2interface version

* Generating store layers

* Fixing merge problems

* Addressing PR comments

* Small fix

* Fixing app tests build

* Fixing tests

* fixing tests

* Fix tests

* Fixing tests

* Fixing tests

* Fixing tests

* Moving license to server struct

* Adding some fixes to the test compilation

* Fixing cluster and some jobs initialization

* Fixing some license tests compilation problems

* Fixing recursive cache invalidation

* Regenerating app layers

* Fix test compilation

Co-authored-by: mattermod <mattermod@users.noreply.github.com>
2020-06-12 13:43:50 +02:00

218 lines
7.0 KiB
Go
Raw Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package app
import (
"encoding/csv"
"io/ioutil"
"os"
"strconv"
"strings"
"testing"
"github.com/mattermost/mattermost-server/v5/model"
"github.com/mattermost/mattermost-server/v5/utils"
"github.com/stretchr/testify/require"
)
type permissionInheritanceTestData struct {
channelRole *model.Role
permission *model.Permission
shouldHavePermission bool
channel *model.Channel
higherScopedRole *model.Role
truthTableRow []string
}
func TestGetRolesByNames(t *testing.T) {
testPermissionInheritance(t, func(t *testing.T, th *TestHelper, testData permissionInheritanceTestData) {
actualRoles, err := th.App.GetRolesByNames([]string{testData.channelRole.Name})
require.Nil(t, err)
require.Len(t, actualRoles, 1)
actualRole := actualRoles[0]
require.NotNil(t, actualRole)
require.Equal(t, testData.channelRole.Name, actualRole.Name)
require.Equal(t, testData.shouldHavePermission, utils.StringInSlice(testData.permission.Id, actualRole.Permissions))
})
}
func TestGetRoleByName(t *testing.T) {
testPermissionInheritance(t, func(t *testing.T, th *TestHelper, testData permissionInheritanceTestData) {
actualRole, err := th.App.GetRoleByName(testData.channelRole.Name)
require.Nil(t, err)
require.NotNil(t, actualRole)
require.Equal(t, testData.channelRole.Name, actualRole.Name)
require.Equal(t, testData.shouldHavePermission, utils.StringInSlice(testData.permission.Id, actualRole.Permissions), "row: %+v", testData.truthTableRow)
})
}
// testPermissionInheritance tests 48 combinations of scheme, permission, role data.
func testPermissionInheritance(t *testing.T, testCallback func(t *testing.T, th *TestHelper, testData permissionInheritanceTestData)) {
th := Setup(t).InitBasic()
defer th.TearDown()
th.App.Srv().SetLicense(model.NewTestLicense(""))
th.App.SetPhase2PermissionsMigrationStatus(true)
permissionsDefault := []string{
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
}
// Defer resetting the system scheme permissions
systemSchemeRoles, err := th.App.GetRolesByNames([]string{
model.CHANNEL_GUEST_ROLE_ID,
model.CHANNEL_USER_ROLE_ID,
model.CHANNEL_ADMIN_ROLE_ID,
})
require.Nil(t, err)
require.Len(t, systemSchemeRoles, 3)
// defer resetting the system role permissions
for _, systemRole := range systemSchemeRoles {
defer th.App.PatchRole(systemRole, &model.RolePatch{
Permissions: &systemRole.Permissions,
})
}
// Make a channel scheme, clear its permissions
channelScheme, err := th.App.CreateScheme(&model.Scheme{
Name: model.NewId(),
DisplayName: model.NewId(),
Scope: model.SCHEME_SCOPE_CHANNEL,
})
require.Nil(t, err)
defer th.App.DeleteScheme(channelScheme.Id)
team := th.CreateTeam()
defer th.App.PermanentDeleteTeamId(team.Id)
// Make a channel
channel := th.CreateChannel(team)
defer th.App.PermanentDeleteChannel(channel)
// Set the channel scheme
channel.SchemeId = &channelScheme.Id
channel, err = th.App.UpdateChannelScheme(channel)
require.Nil(t, err)
// Get the truth table from CSV
file, e := os.Open("tests/channel-role-has-permission.csv")
require.Nil(t, e)
defer file.Close()
b, e := ioutil.ReadAll(file)
require.Nil(t, e)
r := csv.NewReader(strings.NewReader(string(b)))
records, e := r.ReadAll()
require.Nil(t, e)
test := func(higherScopedGuest, higherScopedUser, higherScopedAdmin string) {
for _, roleNameUnderTest := range []string{higherScopedGuest, higherScopedUser, higherScopedAdmin} {
for i, row := range records {
// skip csv header
if i == 0 {
continue
}
higherSchemeHasPermission, e := strconv.ParseBool(row[0])
require.Nil(t, e)
permissionIsModerated, e := strconv.ParseBool(row[1])
require.Nil(t, e)
channelSchemeHasPermission, e := strconv.ParseBool(row[2])
require.Nil(t, e)
channelRoleIsChannelAdmin, e := strconv.ParseBool(row[3])
require.Nil(t, e)
shouldHavePermission, e := strconv.ParseBool(row[4])
require.Nil(t, e)
// skip some invalid combinations because of the outer loop iterating all 3 channel roles
if (channelRoleIsChannelAdmin && roleNameUnderTest != higherScopedAdmin) || (!channelRoleIsChannelAdmin && roleNameUnderTest == higherScopedAdmin) {
continue
}
// select the permission to test (moderated or non-moderated)
var permission *model.Permission
if permissionIsModerated {
permission = model.PERMISSION_CREATE_POST // moderated
} else {
permission = model.PERMISSION_READ_CHANNEL // non-moderated
}
// add or remove the permission from the higher-scoped scheme
higherScopedRole, testErr := th.App.GetRoleByName(roleNameUnderTest)
require.Nil(t, testErr)
var higherScopedPermissions []string
if higherSchemeHasPermission {
higherScopedPermissions = []string{permission.Id}
} else {
higherScopedPermissions = permissionsDefault
}
higherScopedRole, testErr = th.App.PatchRole(higherScopedRole, &model.RolePatch{Permissions: &higherScopedPermissions})
require.Nil(t, testErr)
// get channel role
var channelRoleName string
switch roleNameUnderTest {
case higherScopedGuest:
channelRoleName = channelScheme.DefaultChannelGuestRole
case higherScopedUser:
channelRoleName = channelScheme.DefaultChannelUserRole
case higherScopedAdmin:
channelRoleName = channelScheme.DefaultChannelAdminRole
}
channelRole, testErr := th.App.GetRoleByName(channelRoleName)
require.Nil(t, testErr)
// add or remove the permission from the channel scheme
var channelSchemePermissions []string
if channelSchemeHasPermission {
channelSchemePermissions = []string{permission.Id}
} else {
channelSchemePermissions = permissionsDefault
}
channelRole, testErr = th.App.PatchRole(channelRole, &model.RolePatch{Permissions: &channelSchemePermissions})
require.Nil(t, testErr)
testCallback(t, th, permissionInheritanceTestData{
channelRole: channelRole,
permission: permission,
shouldHavePermission: shouldHavePermission,
channel: channel,
higherScopedRole: higherScopedRole,
truthTableRow: row,
})
}
}
}
// test 24 combinations where the higher-scoped scheme is the SYSTEM scheme
test(model.CHANNEL_GUEST_ROLE_ID, model.CHANNEL_USER_ROLE_ID, model.CHANNEL_ADMIN_ROLE_ID)
// create a team scheme
teamScheme, err := th.App.CreateScheme(&model.Scheme{
Name: model.NewId(),
DisplayName: model.NewId(),
Scope: model.SCHEME_SCOPE_TEAM,
})
require.Nil(t, err)
defer th.App.DeleteScheme(teamScheme.Id)
// assign the scheme to the team
team.SchemeId = &teamScheme.Id
team, err = th.App.UpdateTeamScheme(team)
require.Nil(t, err)
// test 24 combinations where the higher-scoped scheme is a TEAM scheme
test(teamScheme.DefaultChannelGuestRole, teamScheme.DefaultChannelUserRole, teamScheme.DefaultChannelAdminRole)
}
Reference in New Issue View Git Blame Copy Permalink