apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55721 Commits
5948 Branches
591 Tags
1.7 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 0cce224adb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0cce224adb'
${ noResults }
grafana/pkg/services/accesscontrol/checker_test.go

112 lines
2.8 KiB
Raw Blame History

package accesscontrol
import (
"strconv"
"testing"
"github.com/stretchr/testify/assert"
"github.com/grafana/grafana/pkg/services/user"
)
type testData struct {
uid string
folderUid string
}
func (d testData) Scopes() []string {
return []string{
"dashboards:uid:" + d.uid,
"folders:uid:" + d.folderUid,
}
}
func generateTestData() []testData {
var data []testData
for i := 1; i < 100; i++ {
data = append(data, testData{
uid: strconv.Itoa(i),
folderUid: strconv.Itoa(i + 100),
})
}
return data
}
func Test_Checker(t *testing.T) {
data := generateTestData()
type testCase struct {
desc string
user *user.SignedInUser
expectedLen int
}
tests := []testCase{
{
desc: "should pass for every entity with dashboard wildcard scope",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:*"}}},
},
expectedLen: len(data),
},
{
desc: "should pass for every entity with folder wildcard scope",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"folders:*"}}},
},
expectedLen: len(data),
},
{
desc: "should only pass for for 3 scopes",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:uid:4", "dashboards:uid:50", "dashboards:uid:99"}}},
},
expectedLen: 3,
},
{
desc: "should only pass 4 with secondary supported scope",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"folders:uid:104", "folders:uid:150", "folders:uid:154", "folders:uid:199"}}},
},
expectedLen: 4,
},
{
desc: "should only pass 4 with some dashboard and some folder scopes",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:uid:1", "dashboards:uid:2", "folders:uid:154", "folders:uid:199"}}},
},
expectedLen: 4,
},
{
desc: "should only pass 2 with overlapping dashboard and folder scopes",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {"dashboards:read": {"dashboards:uid:101", "dashboards:uid:2", "folders:uid:101", "folders:uid:102"}}},
},
expectedLen: 2,
},
{
desc: "should pass none for missing action",
user: &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{1: {}},
},
expectedLen: 0,
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
check := Checker(tt.user, "dashboards:read")
numPasses := 0
for _, d := range data {
if ok := check(d.Scopes()...); ok {
numPasses++
}
}
assert.Equal(t, tt.expectedLen, numPasses)
})
}
}