|
|
|
@ -348,7 +348,6 @@ func TestApi_setTeamPermission(t *testing.T) { |
|
|
|
|
recorder := setPermission(t, server, testOptions.Resource, tt.resourceID, tt.permission, "teams", assignTo) |
|
|
|
|
assert.Equal(t, tt.expectedStatus, recorder.Code) |
|
|
|
|
|
|
|
|
|
assert.Equal(t, tt.expectedStatus, recorder.Code) |
|
|
|
|
if tt.expectedStatus == http.StatusOK { |
|
|
|
|
permissions, _ := getPermission(t, server, testOptions.Resource, tt.resourceID) |
|
|
|
|
require.Len(t, permissions, 1) |
|
|
|
@ -433,7 +432,6 @@ func TestApi_setUserPermission(t *testing.T) { |
|
|
|
|
recorder := setPermission(t, server, testOptions.Resource, tt.resourceID, tt.permission, "users", strconv.Itoa(int(tt.userID))) |
|
|
|
|
assert.Equal(t, tt.expectedStatus, recorder.Code) |
|
|
|
|
|
|
|
|
|
assert.Equal(t, tt.expectedStatus, recorder.Code) |
|
|
|
|
if tt.expectedStatus == http.StatusOK { |
|
|
|
|
permissions, _ := getPermission(t, server, testOptions.Resource, tt.resourceID) |
|
|
|
|
require.Len(t, permissions, 1) |
|
|
|
@ -444,6 +442,98 @@ func TestApi_setUserPermission(t *testing.T) { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func TestApi_setUserPermissionForTeams(t *testing.T) { |
|
|
|
|
type setUserPermissionForTeamsTestCase struct { |
|
|
|
|
setUserPermissionTestCase |
|
|
|
|
teamCmd *team.CreateTeamCommand |
|
|
|
|
} |
|
|
|
|
tests := []setUserPermissionForTeamsTestCase{ |
|
|
|
|
{ |
|
|
|
|
setUserPermissionTestCase: setUserPermissionTestCase{ |
|
|
|
|
desc: "should set Member permission for user 1", |
|
|
|
|
userID: 1, |
|
|
|
|
expectedStatus: 200, |
|
|
|
|
permission: "Member", |
|
|
|
|
permissions: []accesscontrol.Permission{ |
|
|
|
|
{Action: "teams.permissions:read", Scope: accesscontrol.ScopeTeamsAll}, |
|
|
|
|
{Action: "teams.permissions:write", Scope: accesscontrol.ScopeTeamsAll}, |
|
|
|
|
{Action: accesscontrol.ActionOrgUsersRead, Scope: accesscontrol.ScopeUsersAll}, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
teamCmd: &team.CreateTeamCommand{ |
|
|
|
|
Name: "test", |
|
|
|
|
Email: "test@test.com", |
|
|
|
|
OrgID: 1, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
|
setUserPermissionTestCase: setUserPermissionTestCase{ |
|
|
|
|
desc: "should set Admin permission for user 1", |
|
|
|
|
userID: 1, |
|
|
|
|
expectedStatus: 200, |
|
|
|
|
permission: "Admin", |
|
|
|
|
permissions: []accesscontrol.Permission{ |
|
|
|
|
{Action: "teams.permissions:read", Scope: accesscontrol.ScopeTeamsAll}, |
|
|
|
|
{Action: "teams.permissions:write", Scope: accesscontrol.ScopeTeamsAll}, |
|
|
|
|
{Action: accesscontrol.ActionOrgUsersRead, Scope: accesscontrol.ScopeUsersAll}, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
teamCmd: &team.CreateTeamCommand{ |
|
|
|
|
Name: "test", |
|
|
|
|
Email: "test@test.com", |
|
|
|
|
OrgID: 1, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
{ |
|
|
|
|
setUserPermissionTestCase: setUserPermissionTestCase{ |
|
|
|
|
desc: "should return status 400 for a provisioned team", |
|
|
|
|
userID: 1, |
|
|
|
|
expectedStatus: 400, |
|
|
|
|
permission: "Member", |
|
|
|
|
permissions: []accesscontrol.Permission{ |
|
|
|
|
{Action: "teams.permissions:read", Scope: accesscontrol.ScopeTeamsAll}, |
|
|
|
|
{Action: "teams.permissions:write", Scope: accesscontrol.ScopeTeamsAll}, |
|
|
|
|
{Action: accesscontrol.ActionOrgUsersRead, Scope: accesscontrol.ScopeUsersAll}, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
teamCmd: &team.CreateTeamCommand{ |
|
|
|
|
Name: "test", |
|
|
|
|
Email: "test@test.com", |
|
|
|
|
OrgID: 1, |
|
|
|
|
IsProvisioned: true, |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
for _, tt := range tests { |
|
|
|
|
t.Run(tt.desc, func(t *testing.T) { |
|
|
|
|
service, usrSvc, teamSvc := setupTestEnvironment(t, testOptionsForTeams) |
|
|
|
|
server := setupTestServer(t, &user.SignedInUser{ |
|
|
|
|
OrgID: 1, |
|
|
|
|
Permissions: map[int64]map[string][]string{1: accesscontrol.GroupScopesByActionContext(context.Background(), tt.permissions)}, |
|
|
|
|
}, service) |
|
|
|
|
|
|
|
|
|
_, err := usrSvc.Create(context.Background(), &user.CreateUserCommand{Login: "test", OrgID: 1}) |
|
|
|
|
require.NoError(t, err) |
|
|
|
|
|
|
|
|
|
expectedTeam, err := teamSvc.CreateTeam(context.Background(), tt.teamCmd) |
|
|
|
|
require.NoError(t, err) |
|
|
|
|
|
|
|
|
|
resourceID := strconv.Itoa(int(expectedTeam.ID)) |
|
|
|
|
|
|
|
|
|
recorder := setPermission(t, server, testOptionsForTeams.Resource, resourceID, tt.permission, "users", strconv.Itoa(int(tt.userID))) |
|
|
|
|
assert.Equal(t, tt.expectedStatus, recorder.Code) |
|
|
|
|
|
|
|
|
|
if tt.expectedStatus == http.StatusOK { |
|
|
|
|
permissions, _ := getPermission(t, server, testOptionsForTeams.Resource, resourceID) |
|
|
|
|
require.Len(t, permissions, 1) |
|
|
|
|
assert.Equal(t, tt.permission, permissions[0].Permission) |
|
|
|
|
assert.Equal(t, tt.userID, permissions[0].UserID) |
|
|
|
|
} |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func setupTestServer(t *testing.T, user *user.SignedInUser, service *Service) *web.Mux { |
|
|
|
|
server := web.New() |
|
|
|
|
server.UseMiddleware(web.Renderer("views", "[[", "]]")) |
|
|
|
@ -484,6 +574,18 @@ var testOptions = Options{ |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var testOptionsForTeams = Options{ |
|
|
|
|
Resource: "teams", |
|
|
|
|
ResourceAttribute: "id", |
|
|
|
|
Assignments: Assignments{ |
|
|
|
|
Users: true, |
|
|
|
|
}, |
|
|
|
|
PermissionsToActions: map[string][]string{ |
|
|
|
|
"Member": {"teams:read"}, |
|
|
|
|
"Admin": {"teams:read", "teams:write", "teams:delete"}, |
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func getPermission(t *testing.T, server *web.Mux, resource, resourceID string) ([]resourcePermissionDTO, *httptest.ResponseRecorder) { |
|
|
|
|
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/api/access-control/%s/%s", resource, resourceID), nil) |
|
|
|
|
require.NoError(t, err) |
|
|
|
|