opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-20 16:02:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
grafana/pkg/services/authn/authnimpl/sync/permission_sync_test.go
Misi 6543259a7d Auth: Add SyncPermissions post auth hook (#64205) 
* Add SyncPermissionsFromDB post auth hook

* Delete FromDB prefix

* Align tests

* Fixes

* Change SyncPermissionsHook prio
2023-03-08 13:35:54 +01:00

82 lines
2.5 KiB
Go
Raw Blame History

package sync
import (
"context"
"testing"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/services/accesscontrol"
acmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/user"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestPermissionsSync_SyncPermission(t *testing.T) {
type testCase struct {
name string
identity *authn.Identity
rbacDisabled bool
expectedPermissions []accesscontrol.Permission
}
testCases := []testCase{
{
name: "enriches the identity successfully when SyncPermissions is true",
identity: &authn.Identity{ID: "user:2", OrgID: 1, ClientParams: authn.ClientParams{SyncPermissions: true}},
rbacDisabled: false,
expectedPermissions: []accesscontrol.Permission{
{Action: accesscontrol.ActionUsersRead},
},
},
{
name: "does not load the permissions when SyncPermissions is false",
identity: &authn.Identity{ID: "user:2", OrgID: 1, ClientParams: authn.ClientParams{SyncPermissions: true}},
rbacDisabled: false,
expectedPermissions: []accesscontrol.Permission{
{Action: accesscontrol.ActionUsersRead},
},
},
{
name: "does not load the permissions when RBAC is disabled",
rbacDisabled: true,
identity: &authn.Identity{ID: "user:2", OrgID: 1, ClientParams: authn.ClientParams{SyncPermissions: true}},
expectedPermissions: []accesscontrol.Permission{},
},
}
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
s := setupTestEnv(tt.rbacDisabled)
err := s.SyncPermissionsHook(context.Background(), tt.identity, &authn.Request{})
require.NoError(t, err)
if !tt.rbacDisabled {
assert.Equal(t, 1, len(tt.identity.Permissions))
assert.Equal(t, accesscontrol.GroupScopesByAction(tt.expectedPermissions), tt.identity.Permissions[tt.identity.OrgID])
} else {
assert.Equal(t, 0, len(tt.identity.Permissions))
}
})
}
}
func setupTestEnv(rbacDisabled bool) *PermissionsSync {
acMock := &acmock.Mock{
IsDisabledFunc: func() bool {
return rbacDisabled
},
GetUserPermissionsFunc: func(ctx context.Context, siu *user.SignedInUser, o accesscontrol.Options) ([]accesscontrol.Permission, error) {
return []accesscontrol.Permission{
{Action: accesscontrol.ActionUsersRead},
}, nil
},
}
s := &PermissionsSync{
ac: acMock,
log: log.NewNopLogger(),
}
return s
}
Reference in New Issue View Git Blame Copy Permalink