75a1846344
* Annotations: Honor dashboardUID on dashboardsWithVisibleAnnotations Signed-off-by: Maicon Costa <maiconscosta@gmail.com> --------- Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
110 lines
3.3 KiB
Go
110 lines
3.3 KiB
Go
package accesscontrol
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/infra/db"
|
|
"github.com/grafana/grafana/pkg/services/annotations"
|
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
|
"github.com/grafana/grafana/pkg/services/dashboards/dashboardaccess"
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
"github.com/grafana/grafana/pkg/services/search/model"
|
|
"github.com/grafana/grafana/pkg/services/sqlstore/permissions"
|
|
"github.com/grafana/grafana/pkg/services/sqlstore/searchstore"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/grafana/grafana/pkg/tests/testsuite"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/mock"
|
|
)
|
|
|
|
func TestMain(m *testing.M) {
|
|
testsuite.Run(m)
|
|
}
|
|
func TestDashboardsWithVisibleAnnotations(t *testing.T) {
|
|
store := db.InitTestDB(t)
|
|
|
|
user := &user.SignedInUser{
|
|
OrgID: 1,
|
|
}
|
|
|
|
// Create permission filters
|
|
p1 := permissions.NewAccessControlDashboardPermissionFilter(user, dashboardaccess.PERMISSION_VIEW, searchstore.TypeDashboard, featuremgmt.WithFeatures(), true, store.GetDialect())
|
|
p2 := searchstore.OrgFilter{OrgId: 1}
|
|
|
|
// If DashboardUID is provided, it should be added as a filter
|
|
p3 := searchstore.DashboardFilter{UIDs: []string{"uid1"}}
|
|
|
|
dashSvc := &dashboards.FakeDashboardService{}
|
|
|
|
// First call, without DashboardUID
|
|
queryNoDashboardUID := &dashboards.FindPersistedDashboardsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: user,
|
|
Type: "dash-db",
|
|
Limit: int64(100),
|
|
Page: int64(1),
|
|
Filters: []any{
|
|
p1,
|
|
p2,
|
|
},
|
|
}
|
|
dashSvc.On("SearchDashboards", mock.Anything, queryNoDashboardUID).Return(model.HitList{
|
|
&model.Hit{UID: "uid1", ID: 101},
|
|
&model.Hit{UID: "uid2", ID: 102},
|
|
}, nil)
|
|
|
|
// Second call, with DashboardUID filter
|
|
queryWithDashboardUID := &dashboards.FindPersistedDashboardsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: user,
|
|
Type: "dash-db",
|
|
Limit: int64(100),
|
|
Page: int64(1),
|
|
Filters: []any{
|
|
p1,
|
|
p2,
|
|
// This filter should be added on second call
|
|
p3,
|
|
},
|
|
DashboardUIDs: []string{"uid1"},
|
|
}
|
|
|
|
dashSvc.On("SearchDashboards", mock.Anything, queryWithDashboardUID).Return(model.HitList{
|
|
&model.Hit{UID: "uid1", ID: 101},
|
|
}, nil)
|
|
|
|
// Create auth service
|
|
authz := &AuthService{
|
|
db: store,
|
|
features: featuremgmt.WithFeatures(),
|
|
dashSvc: dashSvc,
|
|
searchDashboardsPageLimit: 100,
|
|
}
|
|
|
|
// First call without DashboardUID
|
|
result, err := authz.dashboardsWithVisibleAnnotations(context.Background(), annotations.ItemQuery{
|
|
SignedInUser: user,
|
|
OrgID: 1,
|
|
Page: 1,
|
|
})
|
|
assert.NoError(t, err)
|
|
// Should return two dashboards
|
|
assert.Equal(t, map[string]int64{"uid1": 101, "uid2": 102}, result)
|
|
// Ensure SearchDashboards was called with correct query
|
|
dashSvc.AssertCalled(t, "SearchDashboards", mock.Anything, queryNoDashboardUID)
|
|
|
|
// Second call with DashboardUID
|
|
result, err = authz.dashboardsWithVisibleAnnotations(context.Background(), annotations.ItemQuery{
|
|
SignedInUser: user,
|
|
OrgID: 1,
|
|
Page: 1,
|
|
DashboardUID: "uid1",
|
|
})
|
|
assert.NoError(t, err)
|
|
// Should only return one dashboard
|
|
assert.Equal(t, map[string]int64{"uid1": 101}, result)
|
|
// Ensure SearchDashboards was called with correct query (including DashboardUID filter)
|
|
dashSvc.AssertCalled(t, "SearchDashboards", mock.Anything, queryWithDashboardUID)
|
|
}
|