public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

RBAC: search v1 permission filter part 1 - cleanup & updating tests (#71913)

Browse Source 
* update tests and remove some AC disabled checks

* remove test for old permission filter builder
This commit is contained in:
Ieva
2023-07-19 11:37:27 +02:00
committed by GitHub
parent 3a50d7ea84
commit 25c4292a5f
8 changed files with 172 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/services/publicdashboards/database/database_test.go
+13 -57
View File
@@ -4,13 +4,13 @@ import (
"context"
"fmt"
"strings"
"testing"
"time"
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/accesscontrol/actest"
"github.com/grafana/grafana/pkg/services/dashboards"
dashboardsDB "github.com/grafana/grafana/pkg/services/dashboards/database"
"github.com/grafana/grafana/pkg/services/featuremgmt"
@@ -85,11 +85,12 @@ func TestIntegrationListPublicDashboard(t *testing.T) {
{Action: dashboards.ActionDashboardsRead, Scope: fmt.Sprintf("dashboards:uid:%s", cDash.UID)},
}
err := insertPermissions(sqlStore, orgId, "viewer", permissions)
require.NoError(t, err)
usr := &user.SignedInUser{UserID: 1, OrgID: orgId, Permissions: map[int64]map[string][]string{orgId: accesscontrol.GroupScopesByAction(permissions)}}
actest.AddUserPermissionToDB(t, sqlStore, usr)
query := &PublicDashboardListQuery{
User: &user.SignedInUser{UserID: 1, OrgID: orgId, Permissions: map[int64]map[string][]string{orgId: accesscontrol.GroupScopesByAction(permissions)}},
User: usr,
OrgID: orgId,
Page: 1,
Limit: 50,
@@ -113,11 +114,12 @@ func TestIntegrationListPublicDashboard(t *testing.T) {
{Action: dashboards.ActionDashboardsRead, Scope: fmt.Sprintf("dashboards:uid:%s", cDash.UID)},
}
err := insertPermissions(sqlStore, orgId, "viewer", permissions)
require.NoError(t, err)
usr := &user.SignedInUser{UserID: 1, OrgID: orgId, Permissions: map[int64]map[string][]string{orgId: accesscontrol.GroupScopesByAction(permissions)}}
actest.AddUserPermissionToDB(t, sqlStore, usr)
query := &PublicDashboardListQuery{
User: &user.SignedInUser{UserID: 1, OrgID: orgId, Permissions: map[int64]map[string][]string{orgId: accesscontrol.GroupScopesByAction(permissions)}},
User: usr,
OrgID: orgId,
Page: 1,
Limit: 50,
@@ -140,11 +142,12 @@ func TestIntegrationListPublicDashboard(t *testing.T) {
{Action: dashboards.ActionDashboardsRead, Scope: "dashboards:uid:another-dashboard-2-uid"},
}
err := insertPermissions(sqlStore, orgId, "viewer", permissions)
require.NoError(t, err)
usr := &user.SignedInUser{UserID: 1, OrgID: orgId, Permissions: map[int64]map[string][]string{orgId: accesscontrol.GroupScopesByAction(permissions)}}
actest.AddUserPermissionToDB(t, sqlStore, usr)
query := &PublicDashboardListQuery{
User: &user.SignedInUser{UserID: 1, OrgID: orgId, Permissions: map[int64]map[string][]string{orgId: accesscontrol.GroupScopesByAction(permissions)}},
User: usr,
OrgID: orgId,
Page: 1,
Limit: 50,
@@ -917,50 +920,3 @@ func insertPublicDashboard(t *testing.T, publicdashboardStore *PublicDashboardSt
return pubdash
}
func insertPermissions(sqlStore *sqlstore.SQLStore, orgId int64, role string, permissions []accesscontrol.Permission) error {
return sqlStore.WithDbSession(context.Background(), func(sess *sqlstore.DBSession) error {
newRole := &accesscontrol.Role{
OrgID: orgId,
UID: fmt.Sprintf("basic_%s", role),
Name: fmt.Sprintf("basic:%s", role),
Updated: time.Now(),
Created: time.Now(),
}
_, err := sess.Insert(newRole)
if err != nil {
return err
}
_, err = sess.Insert(accesscontrol.BuiltinRole{
OrgID: orgId,
RoleID: newRole.ID,
Role: strings.ToUpper(role[:1]) + role[1:],
Created: time.Now(),
Updated: time.Now(),
})
if err != nil {
return err
}
for i := range permissions {
permissions[i].RoleID = newRole.ID
permissions[i].Created = time.Now()
permissions[i].Updated = time.Now()
}
_, err = sess.InsertMulti(&permissions)
if err != nil {
return err
}
_, err = sess.Insert(accesscontrol.UserRole{
OrgID: orgId,
RoleID: newRole.ID,
UserID: 1,
Created: time.Now(),
})
return err
})
}