|
|
|
|
@ -28,6 +28,10 @@ func (repo *fakeDashboardRepo) SaveDashboard(json *dashboards.SaveDashboardItem) |
|
|
|
|
|
|
|
|
|
var fakeRepo *fakeDashboardRepo |
|
|
|
|
|
|
|
|
|
// This tests two main scenarios. If a user has access to execute an action on a dashboard:
|
|
|
|
|
// 1. and the dashboard is in a folder which does not have an acl
|
|
|
|
|
// 2. and the dashboard is in a folder which does have an acl
|
|
|
|
|
|
|
|
|
|
func TestDashboardApiEndpoint(t *testing.T) { |
|
|
|
|
Convey("Given a dashboard with a parent folder which does not have an acl", t, func() { |
|
|
|
|
fakeDash := m.NewDashboard("Child dash") |
|
|
|
|
@ -66,6 +70,10 @@ func TestDashboardApiEndpoint(t *testing.T) { |
|
|
|
|
}), |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// This tests two scenarios:
|
|
|
|
|
// 1. user is an org viewer
|
|
|
|
|
// 2. user is an org editor
|
|
|
|
|
|
|
|
|
|
Convey("When user is an Org Viewer", func() { |
|
|
|
|
role := m.ROLE_VIEWER |
|
|
|
|
|
|
|
|
|
@ -196,6 +204,14 @@ func TestDashboardApiEndpoint(t *testing.T) { |
|
|
|
|
}), |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// This tests six scenarios:
|
|
|
|
|
// 1. user is an org viewer AND has no permissions for this dashboard
|
|
|
|
|
// 2. user is an org editor AND has no permissions for this dashboard
|
|
|
|
|
// 3. user is an org viewer AND has been granted edit permission for the dashboard
|
|
|
|
|
// 4. user is an org viewer AND all viewers have edit permission for this dashboard
|
|
|
|
|
// 5. user is an org viewer AND has been granted an admin permission
|
|
|
|
|
// 6. user is an org editor AND has been granted a view permission
|
|
|
|
|
|
|
|
|
|
Convey("When user is an Org Viewer and has no permissions for this dashboard", func() { |
|
|
|
|
role := m.ROLE_VIEWER |
|
|
|
|
|
|
|
|
|
|
Daniel Lee
7 years ago