apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40582 Commits
5917 Branches
582 Tags
1.7 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 3bda112c5f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3bda112c5f'
${ noResults }
grafana/pkg/services/accesscontrol/accesscontrol_test.go

124 lines
3.2 KiB
Raw Blame History

package accesscontrol
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestReduce(t *testing.T) {
tests := []struct {
name string
ps []Permission
want map[string][]string
}{
{
name: "no permission",
ps: []Permission{},
want: map[string][]string{},
},
{
name: "scopeless permissions",
ps: []Permission{{Action: "orgs:read"}},
want: map[string][]string{"orgs:read": nil},
},
{ // edge case that should not exist
name: "mixed scope and scopeless permissions",
ps: []Permission{
{Action: "resources:read", Scope: "resources:id:1"},
{Action: "resources:read"},
},
want: map[string][]string{"resources:read": {"resources:id:1"}},
},
{
name: "specific permission",
ps: []Permission{
{Action: "teams:read", Scope: "teams:id:1"},
{Action: "teams:read", Scope: "teams:id:2"},
{Action: "teams:write", Scope: "teams:id:1"},
},
want: map[string][]string{
"teams:read": {"teams:id:1", "teams:id:2"},
"teams:write": {"teams:id:1"},
},
},
{
name: "specific permissions with repeated scope",
ps: []Permission{
{Action: "teams:read", Scope: "teams:id:1"},
{Action: "teams:read", Scope: "teams:id:2"},
{Action: "teams:read", Scope: "teams:id:1"},
},
want: map[string][]string{
"teams:read": {"teams:id:1", "teams:id:2"},
},
},
{
name: "wildcard permission",
ps: []Permission{
{Action: "teams:read", Scope: "teams:id:1"},
{Action: "teams:read", Scope: "teams:id:2"},
{Action: "teams:read", Scope: "teams:id:*"},
{Action: "teams:write", Scope: "teams:id:1"},
},
want: map[string][]string{
"teams:read": {"teams:id:*"},
"teams:write": {"teams:id:1"},
},
},
{
name: "mixed wildcard and scoped permission",
ps: []Permission{
{Action: "dashboards:read", Scope: "dashboards:*"},
{Action: "dashboards:read", Scope: "folders:uid:1"},
},
want: map[string][]string{
"dashboards:read": {"dashboards:*", "folders:uid:1"},
},
},
{
name: "different wildcard permission",
ps: []Permission{
{Action: "dashboards:read", Scope: "dashboards:uid:*"},
{Action: "dashboards:read", Scope: "dashboards:*"},
{Action: "dashboards:read", Scope: "folders:uid:*"},
{Action: "dashboards:read", Scope: "folders:*"},
},
want: map[string][]string{
"dashboards:read": {"dashboards:*", "folders:*"},
},
},
{
name: "root wildcard permission",
ps: []Permission{
{Action: "dashboards:read", Scope: "*"},
{Action: "dashboards:read", Scope: "dashboards:*"},
{Action: "dashboards:read", Scope: "folders:*"},
},
want: map[string][]string{
"dashboards:read": {"*"},
},
},
{
name: "non-wilcard scopes with * in them",
ps: []Permission{
{Action: "dashboards:read", Scope: "dashboards:uid:123"},
{Action: "dashboards:read", Scope: "dashboards:uid:1*"},
},
want: map[string][]string{
"dashboards:read": {"dashboards:uid:123", "dashboards:uid:1*"},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := Reduce(tt.ps)
require.Len(t, got, len(tt.want))
for action, scopes := range got {
want, ok := tt.want[action]
require.True(t, ok)
require.ElementsMatch(t, scopes, want)
}
})
}
}