RBAC: Rewrite search and plugin list rbac test (#63483)

* API: rewrite rbac tests for search

* API: rewrite rbac tests for listing plugins

* API: remove unused rbac test setup code

pkg/api/plugins_test.go

@@ -15,6 +15,7 @@ import (
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	"github.com/prometheus/client_golang/prometheus"
 	dto "github.com/prometheus/client_model/go"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/grafana/grafana/pkg/api/dtos"
@@ -586,56 +587,45 @@ func Test_PluginsList_AccessControl(t *testing.T) {
 	}
 
 	type testCase struct {
+		desc            string
+		permissions     []ac.Permission
 		expectedCode    int
-		role            org.RoleType
-		isGrafanaAdmin  bool
 		expectedPlugins []string
-		filters         map[string]string
 	}
 	tcs := []testCase{
-		{expectedCode: http.StatusOK, role: org.RoleViewer, expectedPlugins: []string{"mysql"}},
-		{expectedCode: http.StatusOK, role: org.RoleViewer, isGrafanaAdmin: true, expectedPlugins: []string{"mysql", "test-app"}},
-		{expectedCode: http.StatusOK, role: org.RoleAdmin, expectedPlugins: []string{"mysql", "test-app"}},
-	}
-
-	testName := func(tc testCase) string {
-		return fmt.Sprintf("List request returns %d when role: %s, isGrafanaAdmin: %t, filters: %v",
-			tc.expectedCode, tc.role, tc.isGrafanaAdmin, tc.filters)
-	}
-
-	testUser := func(role org.RoleType, isGrafanaAdmin bool) user.SignedInUser {
-		return user.SignedInUser{
-			UserID:         2,
-			OrgID:          2,
-			OrgName:        "TestOrg2",
-			OrgRole:        role,
-			Login:          "testUser",
-			Name:           "testUser",
-			Email:          "testUser@example.org",
-			OrgCount:       1,
-			IsGrafanaAdmin: isGrafanaAdmin,
-			IsAnonymous:    false,
-		}
+		{
+			desc:            "should only be able to list core plugins",
+			permissions:     []ac.Permission{},
+			expectedCode:    http.StatusOK,
+			expectedPlugins: []string{"mysql"},
+		},
+		{
+			desc:            "should be able to list core plugins and plugins user has permission to",
+			permissions:     []ac.Permission{{Action: plugins.ActionWrite, Scope: "plugins:id:test-app"}},
+			expectedCode:    http.StatusOK,
+			expectedPlugins: []string{"mysql", "test-app"},
+		},
 	}
 
 	for _, tc := range tcs {
-		sc := setupHTTPServer(t, true)
-		sc.hs.PluginSettings = &pluginSettings
-		sc.hs.pluginStore = pluginStore
-		sc.hs.pluginsUpdateChecker = updatechecker.ProvidePluginsService(sc.hs.Cfg, pluginStore)
-		setInitCtxSignedInUser(sc.initCtx, testUser(tc.role, tc.isGrafanaAdmin))
+		t.Run(tc.desc, func(t *testing.T) {
+			server := SetupAPITestServer(t, func(hs *HTTPServer) {
+				hs.Cfg = setting.NewCfg()
+				hs.PluginSettings = &pluginSettings
+				hs.pluginStore = pluginStore
+				hs.pluginsUpdateChecker = updatechecker.ProvidePluginsService(hs.Cfg, pluginStore)
+			})
 
-		t.Run(testName(tc), func(t *testing.T) {
-			response := callAPI(sc.server, http.MethodGet, "/api/plugins/", nil, t)
-			require.Equal(t, tc.expectedCode, response.Code)
-
-			var res dtos.PluginList
-			err := json.NewDecoder(response.Body).Decode(&res)
+			res, err := server.Send(webtest.RequestWithSignedInUser(server.NewGetRequest("/api/plugins"), userWithPermissions(1, tc.permissions)))
 			require.NoError(t, err)
-			require.Len(t, res, len(tc.expectedPlugins))
-			for _, plugin := range res {
+			var result dtos.PluginList
+			require.NoError(t, json.NewDecoder(res.Body).Decode(&result))
+			require.Len(t, result, len(tc.expectedPlugins))
+			for _, plugin := range result {
 				require.Contains(t, tc.expectedPlugins, plugin.Id)
 			}
+			assert.Equal(t, tc.expectedCode, res.StatusCode)
+			require.NoError(t, res.Body.Close())
 		})
 	}
 }