apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47836 Commits
5948 Branches
591 Tags
1.7 GiB
 
 
 
 
 
 
Tag: Branch: Tree: d888358a95
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd888358a95'
${ noResults }
grafana/pkg/api/org_test.go

273 lines
8.7 KiB
Raw Blame History

package api
import (
"net/http"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/services/org/orgtest"
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/services/user/usertest"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/web/webtest"
)
func TestAPIEndpoint_GetCurrentOrg(t *testing.T) {
type testCase struct {
desc string
expectedCode int
permission []accesscontrol.Permission
}
tests := []testCase{
{
desc: "should be able to view current org with correct permission",
expectedCode: http.StatusOK,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsRead}},
},
{
desc: "should not be able to view current org without correct permission",
expectedCode: http.StatusForbidden,
permission: []accesscontrol.Permission{},
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.orgService = &orgtest.FakeOrgService{ExpectedOrg: &org.Org{}}
})
req := webtest.RequestWithSignedInUser(server.NewGetRequest("/api/org/"), userWithPermissions(1, tt.permission))
res, err := server.Send(req)
require.NoError(t, err)
assert.Equal(t, tt.expectedCode, res.StatusCode)
require.NoError(t, res.Body.Close())
})
}
}
func TestAPIEndpoint_UpdateOrg(t *testing.T) {
type testCase struct {
desc string
path string
body string
targetOrgID int64
permission []accesscontrol.Permission
expectedCode int
}
tests := []testCase{
{
desc: "should be able to update current org with correct permissions",
path: "/api/org",
body: `{"name": "test"}`,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsWrite}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to update current org without correct permissions",
path: "/api/org",
body: `{"name": "test"}`,
permission: []accesscontrol.Permission{},
expectedCode: http.StatusForbidden,
},
{
desc: "should be able to update address of current org with correct permissions",
path: "/api/org/address",
body: `{}`,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsWrite}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to update address of current org without correct permissions",
path: "/api/org/address",
body: `{}`,
permission: []accesscontrol.Permission{},
expectedCode: http.StatusForbidden,
},
{
desc: "should be able to update target org with correct permissions",
path: "/api/orgs/1",
body: `{"name": "test"}`,
targetOrgID: 1,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsWrite}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to update target org without correct permissions",
path: "/api/orgs/2",
targetOrgID: 2,
body: `{"name": "test"}`,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsWrite}},
expectedCode: http.StatusForbidden,
},
{
desc: "should be able to update address of target org with correct permissions",
path: "/api/orgs/1/address",
body: `{}`,
targetOrgID: 1,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsWrite}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to update address of target org without correct permissions",
path: "/api/orgs/2/address",
body: `{}`,
targetOrgID: 2,
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsWrite}},
expectedCode: http.StatusForbidden,
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.orgService = &orgtest.FakeOrgService{ExpectedOrg: &org.Org{}}
hs.userService = &usertest.FakeUserService{
ExpectedSignedInUser: &user.SignedInUser{OrgID: tt.targetOrgID},
}
hs.accesscontrolService = actest.FakeService{}
})
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodPut, tt.path, strings.NewReader(tt.body)), userWithPermissions(1, tt.permission))
res, err := server.SendJSON(req)
require.NoError(t, err)
assert.Equal(t, tt.expectedCode, res.StatusCode)
require.NoError(t, res.Body.Close())
})
}
}
func TestAPIEndpoint_CreateOrgs(t *testing.T) {
type testCase struct {
desc string
permission []accesscontrol.Permission
expectedCode int
}
tests := []testCase{
{
desc: "should be able to create org with correct permission",
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsCreate}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to create org without correct permission",
permission: []accesscontrol.Permission{},
expectedCode: http.StatusForbidden,
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.orgService = &orgtest.FakeOrgService{ExpectedOrg: &org.Org{}}
hs.accesscontrolService = actest.FakeService{}
hs.userService = &usertest.FakeUserService{
ExpectedSignedInUser: &user.SignedInUser{UserID: 1, OrgID: 0},
}
})
req := webtest.RequestWithSignedInUser(server.NewPostRequest("/api/orgs", strings.NewReader(`{"name": "test"}`)), authedUserWithPermissions(1, 0, tt.permission))
res, err := server.SendJSON(req)
require.NoError(t, err)
assert.Equal(t, tt.expectedCode, res.StatusCode)
require.NoError(t, res.Body.Close())
})
}
}
func TestAPIEndpoint_DeleteOrgs(t *testing.T) {
type testCase struct {
desc string
permission []accesscontrol.Permission
expectedCode int
}
tests := []testCase{
{
desc: "should be able to delete org with correct permission",
permission: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsDelete}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to delete org without correct permission",
permission: []accesscontrol.Permission{},
expectedCode: http.StatusForbidden,
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.orgService = &orgtest.FakeOrgService{ExpectedOrg: &org.Org{}}
hs.userService = &usertest.FakeUserService{ExpectedSignedInUser: &user.SignedInUser{OrgID: 1}}
hs.accesscontrolService = actest.FakeService{ExpectedPermissions: tt.permission}
})
req := webtest.RequestWithSignedInUser(server.NewRequest(http.MethodDelete, "/api/orgs/1", nil), userWithPermissions(2, nil))
res, err := server.Send(req)
require.NoError(t, err)
assert.Equal(t, tt.expectedCode, res.StatusCode)
require.NoError(t, res.Body.Close())
})
}
}
func TestAPIEndpoint_GetOrg(t *testing.T) {
type testCase struct {
desc string
permissions []accesscontrol.Permission
expectedCode int
}
tests := []testCase{
{
desc: "should be able to fetch org with correct permissions",
permissions: []accesscontrol.Permission{{Action: accesscontrol.ActionOrgsRead}},
expectedCode: http.StatusOK,
},
{
desc: "should not be able to fetch org without correct permissions",
expectedCode: http.StatusForbidden,
},
}
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.orgService = &orgtest.FakeOrgService{ExpectedOrg: &org.Org{}}
hs.userService = &usertest.FakeUserService{ExpectedSignedInUser: &user.SignedInUser{OrgID: 1}}
hs.accesscontrolService = &actest.FakeService{ExpectedPermissions: tt.permissions}
})
verify := func(path string) {
req := webtest.RequestWithSignedInUser(server.NewGetRequest(path), authedUserWithPermissions(1, 1, tt.permissions))
res, err := server.Send(req)
require.NoError(t, err)
assert.Equal(t, tt.expectedCode, res.StatusCode)
if tt.expectedCode != res.StatusCode {
t.Log("Failed on path", path)
}
require.NoError(t, res.Body.Close())
}
// search orgs
verify("/api/orgs")
// fetch by id
verify("/api/orgs/1")
// fetch by name
verify("/api/orgs/name/test")
})
}
}