mirror of
https://github.com/grafana/grafana.git
synced 2025-08-02 01:15:46 +08:00
267 lines
9.6 KiB
Go
267 lines
9.6 KiB
Go
package api
|
|
|
|
import (
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/go-macaron/session"
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/components/simplejson"
|
|
"github.com/grafana/grafana/pkg/middleware"
|
|
m "github.com/grafana/grafana/pkg/models"
|
|
macaron "gopkg.in/macaron.v1"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
)
|
|
|
|
func TestDashboardAclApiEndpoint(t *testing.T) {
|
|
Convey("Given a dashboard acl", t, func() {
|
|
mockResult := []*m.DashboardAclInfoDTO{
|
|
{Id: 1, OrgId: 1, DashboardId: 1, UserId: 2, Permission: m.PERMISSION_VIEW},
|
|
{Id: 2, OrgId: 1, DashboardId: 1, UserId: 3, Permission: m.PERMISSION_EDIT},
|
|
{Id: 3, OrgId: 1, DashboardId: 1, UserId: 4, Permission: m.PERMISSION_ADMIN},
|
|
{Id: 4, OrgId: 1, DashboardId: 1, TeamId: 1, Permission: m.PERMISSION_VIEW},
|
|
{Id: 5, OrgId: 1, DashboardId: 1, TeamId: 2, Permission: m.PERMISSION_ADMIN},
|
|
}
|
|
dtoRes := transformDashboardAclsToDTOs(mockResult)
|
|
|
|
bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
|
|
query.Result = dtoRes
|
|
return nil
|
|
})
|
|
|
|
bus.AddHandler("test", func(query *m.GetDashboardAclInfoListQuery) error {
|
|
query.Result = mockResult
|
|
return nil
|
|
})
|
|
|
|
teamResp := []*m.Team{}
|
|
bus.AddHandler("test", func(query *m.GetTeamsByUserQuery) error {
|
|
query.Result = teamResp
|
|
return nil
|
|
})
|
|
|
|
Convey("When user is org admin", func() {
|
|
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardsId/acl", m.ROLE_ADMIN, func(sc *scenarioContext) {
|
|
Convey("Should be able to access ACL", func() {
|
|
sc.handlerFunc = GetDashboardAclList
|
|
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
|
|
respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
|
|
So(err, ShouldBeNil)
|
|
So(len(respJSON.MustArray()), ShouldEqual, 5)
|
|
So(respJSON.GetIndex(0).Get("userId").MustInt(), ShouldEqual, 2)
|
|
So(respJSON.GetIndex(0).Get("permission").MustInt(), ShouldEqual, m.PERMISSION_VIEW)
|
|
})
|
|
})
|
|
})
|
|
|
|
Convey("When user is editor and has admin permission in the ACL", func() {
|
|
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardId/acl", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 6, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_ADMIN})
|
|
|
|
Convey("Should be able to access ACL", func() {
|
|
sc.handlerFunc = GetDashboardAclList
|
|
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardId/acl/:aclId", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 6, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_ADMIN})
|
|
|
|
bus.AddHandler("test3", func(cmd *m.RemoveDashboardAclCommand) error {
|
|
return nil
|
|
})
|
|
|
|
Convey("Should be able to delete permission", func() {
|
|
sc.handlerFunc = DeleteDashboardAcl
|
|
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/6", "/api/dashboards/id/:dashboardId/acl/:aclId", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 6, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_ADMIN})
|
|
|
|
bus.AddHandler("test3", func(cmd *m.RemoveDashboardAclCommand) error {
|
|
return nil
|
|
})
|
|
|
|
Convey("Should not be able to delete their own Admin permission", func() {
|
|
sc.handlerFunc = DeleteDashboardAcl
|
|
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 403)
|
|
})
|
|
})
|
|
|
|
Convey("Should not be able to downgrade their own Admin permission", func() {
|
|
cmd := dtos.UpdateDashboardAclCommand{
|
|
Items: []dtos.DashboardAclUpdateItem{
|
|
{UserId: TestUserID, Permission: m.PERMISSION_EDIT},
|
|
},
|
|
}
|
|
|
|
postAclScenario("When calling POST on", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardId/acl", m.ROLE_EDITOR, cmd, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 6, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_ADMIN})
|
|
|
|
CallPostAcl(sc)
|
|
So(sc.resp.Code, ShouldEqual, 403)
|
|
})
|
|
})
|
|
|
|
Convey("Should be able to update permissions", func() {
|
|
cmd := dtos.UpdateDashboardAclCommand{
|
|
Items: []dtos.DashboardAclUpdateItem{
|
|
{UserId: TestUserID, Permission: m.PERMISSION_ADMIN},
|
|
{UserId: 2, Permission: m.PERMISSION_EDIT},
|
|
},
|
|
}
|
|
|
|
postAclScenario("When calling POST on", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardId/acl", m.ROLE_EDITOR, cmd, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 6, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_ADMIN})
|
|
|
|
CallPostAcl(sc)
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
Convey("When user is a member of a team in the ACL with admin permission", func() {
|
|
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardsId/acl/:aclId", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
teamResp = append(teamResp, &m.Team{Id: 2, OrgId: 1, Name: "UG2"})
|
|
|
|
bus.AddHandler("test3", func(cmd *m.RemoveDashboardAclCommand) error {
|
|
return nil
|
|
})
|
|
|
|
Convey("Should be able to delete permission", func() {
|
|
sc.handlerFunc = DeleteDashboardAcl
|
|
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
Convey("When user is editor and has edit permission in the ACL", func() {
|
|
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardId/acl", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_EDIT})
|
|
|
|
Convey("Should not be able to access ACL", func() {
|
|
sc.handlerFunc = GetDashboardAclList
|
|
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 403)
|
|
})
|
|
})
|
|
|
|
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/1", "/api/dashboards/id/:dashboardId/acl/:aclId", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_EDIT})
|
|
|
|
bus.AddHandler("test3", func(cmd *m.RemoveDashboardAclCommand) error {
|
|
return nil
|
|
})
|
|
|
|
Convey("Should be not be able to delete permission", func() {
|
|
sc.handlerFunc = DeleteDashboardAcl
|
|
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 403)
|
|
})
|
|
})
|
|
})
|
|
|
|
Convey("When user is editor and not in the ACL", func() {
|
|
loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/dashboards/id/1/acl", "/api/dashboards/id/:dashboardsId/acl", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
|
|
Convey("Should not be able to access ACL", func() {
|
|
sc.handlerFunc = GetDashboardAclList
|
|
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 403)
|
|
})
|
|
})
|
|
|
|
loggedInUserScenarioWithRole("When calling DELETE on", "DELETE", "/api/dashboards/id/1/acl/user/1", "/api/dashboards/id/:dashboardsId/acl/user/:userId", m.ROLE_EDITOR, func(sc *scenarioContext) {
|
|
mockResult = append(mockResult, &m.DashboardAclInfoDTO{Id: 1, OrgId: 1, DashboardId: 1, UserId: 1, Permission: m.PERMISSION_VIEW})
|
|
bus.AddHandler("test3", func(cmd *m.RemoveDashboardAclCommand) error {
|
|
return nil
|
|
})
|
|
|
|
Convey("Should be not be able to delete permission", func() {
|
|
sc.handlerFunc = DeleteDashboardAcl
|
|
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 403)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
}
|
|
|
|
func transformDashboardAclsToDTOs(acls []*m.DashboardAclInfoDTO) []*m.DashboardAclInfoDTO {
|
|
dtos := make([]*m.DashboardAclInfoDTO, 0)
|
|
|
|
for _, acl := range acls {
|
|
dto := &m.DashboardAclInfoDTO{
|
|
Id: acl.Id,
|
|
OrgId: acl.OrgId,
|
|
DashboardId: acl.DashboardId,
|
|
Permission: acl.Permission,
|
|
UserId: acl.UserId,
|
|
TeamId: acl.TeamId,
|
|
}
|
|
dtos = append(dtos, dto)
|
|
}
|
|
|
|
return dtos
|
|
}
|
|
|
|
func CallPostAcl(sc *scenarioContext) {
|
|
bus.AddHandler("test", func(cmd *m.UpdateDashboardAclCommand) error {
|
|
return nil
|
|
})
|
|
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
}
|
|
|
|
func postAclScenario(desc string, url string, routePattern string, role m.RoleType, cmd dtos.UpdateDashboardAclCommand, fn scenarioFunc) {
|
|
Convey(desc+" "+url, func() {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
sc := &scenarioContext{
|
|
url: url,
|
|
}
|
|
viewsPath, _ := filepath.Abs("../../public/views")
|
|
|
|
sc.m = macaron.New()
|
|
sc.m.Use(macaron.Renderer(macaron.RenderOptions{
|
|
Directory: viewsPath,
|
|
Delims: macaron.Delims{Left: "[[", Right: "]]"},
|
|
}))
|
|
|
|
sc.m.Use(middleware.GetContextHandler())
|
|
sc.m.Use(middleware.Sessioner(&session.Options{}))
|
|
|
|
sc.defaultHandler = wrap(func(c *middleware.Context) Response {
|
|
sc.context = c
|
|
sc.context.UserId = TestUserID
|
|
sc.context.OrgId = TestOrgID
|
|
sc.context.OrgRole = role
|
|
|
|
return UpdateDashboardAcl(c, cmd)
|
|
})
|
|
|
|
sc.m.Post(routePattern, sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|