Ieva
ded90fa28d
* implement perm check with direct db access * add tests * more tests * Update pkg/services/authz/rbac/service.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update pkg/services/authz/rbac/service.go Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * allow fetching permissions for a user who is not a member of the org * linting * fix typo --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
98 lines
2.1 KiB
Go
98 lines
2.1 KiB
Go
package store
|
|
|
|
import (
|
|
"testing"
|
|
"text/template"
|
|
|
|
"github.com/grafana/grafana/pkg/storage/legacysql"
|
|
"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate"
|
|
"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate/mocks"
|
|
)
|
|
|
|
func TestIdentityQueries(t *testing.T) {
|
|
// prefix tables with grafana
|
|
nodb := &legacysql.LegacyDatabaseHelper{
|
|
Table: func(n string) string {
|
|
return "grafana." + n
|
|
},
|
|
}
|
|
|
|
getIdentifiers := func(q *UserIdentifierQuery) sqltemplate.SQLTemplate {
|
|
v := newGetUserIdentifiers(nodb, q)
|
|
v.SQLTemplate = mocks.NewTestingSQLTemplate()
|
|
return &v
|
|
}
|
|
|
|
getBasicRoles := func(q *BasicRoleQuery) sqltemplate.SQLTemplate {
|
|
v := newGetBasicRoles(nodb, q)
|
|
v.SQLTemplate = mocks.NewTestingSQLTemplate()
|
|
return &v
|
|
}
|
|
|
|
getPermissions := func(q *PermissionsQuery) sqltemplate.SQLTemplate {
|
|
v := newGetPermissions(nodb, q)
|
|
v.SQLTemplate = mocks.NewTestingSQLTemplate()
|
|
return &v
|
|
}
|
|
|
|
mocks.CheckQuerySnapshots(t, mocks.TemplateTestSetup{
|
|
RootDir: "testdata",
|
|
Templates: map[*template.Template][]mocks.TemplateTestCase{
|
|
sqlUserIdentifiers: {
|
|
{
|
|
Name: "id_specified",
|
|
Data: getIdentifiers(&UserIdentifierQuery{
|
|
UserID: 1,
|
|
}),
|
|
},
|
|
{
|
|
Name: "uid_specified",
|
|
Data: getIdentifiers(&UserIdentifierQuery{
|
|
UserUID: "some_uid",
|
|
}),
|
|
},
|
|
},
|
|
sqlQueryBasicRoles: {
|
|
{
|
|
Name: "basic_roles",
|
|
Data: getBasicRoles(&BasicRoleQuery{
|
|
UserID: 1,
|
|
OrgID: 1,
|
|
}),
|
|
},
|
|
},
|
|
sqlUserPerms: {
|
|
{
|
|
Name: "viewer_user",
|
|
Data: getPermissions(&PermissionsQuery{
|
|
UserID: 1,
|
|
OrgID: 1,
|
|
Action: "folders:read",
|
|
Role: "Viewer",
|
|
}),
|
|
},
|
|
{
|
|
Name: "admin_user",
|
|
Data: getPermissions(&PermissionsQuery{
|
|
UserID: 1,
|
|
OrgID: 1,
|
|
Action: "folders:read",
|
|
Role: "Admin",
|
|
IsServerAdmin: true,
|
|
}),
|
|
},
|
|
{
|
|
Name: "user_with_teams",
|
|
Data: getPermissions(&PermissionsQuery{
|
|
UserID: 1,
|
|
OrgID: 1,
|
|
Action: "folders:read",
|
|
Role: "None",
|
|
TeamIDs: []int64{1, 2},
|
|
}),
|
|
},
|
|
},
|
|
},
|
|
})
|
|
}
|