empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
36b4c0df5d
fleet/server/service/global_policies_test.go
Tomas Touceda 36b4c0df5d
Allow team maintainers to read global policies and schedule (#2282) 
* Allow team maintainers to read global policies and schedules

* Update docs
2021-09-29 14:07:10 -03:00

85 lines
2.0 KiB
Go
Raw Blame History

package service
import (
"context"
"testing"
"github.com/fleetdm/fleet/v4/server/contexts/viewer"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/mock"
"github.com/fleetdm/fleet/v4/server/ptr"
)
func TestGlobalPoliciesAuth(t *testing.T) {
ds := new(mock.Store)
svc := newTestService(ds, nil, nil)
ds.NewGlobalPolicyFunc = func(ctx context.Context, queryID uint) (*fleet.Policy, error) {
return nil, nil
}
ds.ListGlobalPoliciesFunc = func(ctx context.Context) ([]*fleet.Policy, error) {
return nil, nil
}
ds.PolicyFunc = func(ctx context.Context, id uint) (*fleet.Policy, error) {
return nil, nil
}
ds.DeleteGlobalPoliciesFunc = func(ctx context.Context, ids []uint) ([]uint, error) {
return nil, nil
}
var testCases = []struct {
name string
user *fleet.User
shouldFailWrite bool
shouldFailRead bool
}{
{
"global admin",
&fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)},
false,
false,
},
{
"global maintainer",
&fleet.User{GlobalRole: ptr.String(fleet.RoleMaintainer)},
false,
false,
},
{
"global observer",
&fleet.User{GlobalRole: ptr.String(fleet.RoleObserver)},
true,
false,
},
{
"team maintainer",
&fleet.User{Teams: []fleet.UserTeam{{Team: fleet.Team{ID: 1}, Role: fleet.RoleMaintainer}}},
true,
false,
},
{
"team observer",
&fleet.User{Teams: []fleet.UserTeam{{Team: fleet.Team{ID: 1}, Role: fleet.RoleObserver}}},
true,
true,
},
}
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
ctx := viewer.NewContext(context.Background(), viewer.Viewer{User: tt.user})
_, err := svc.NewGlobalPolicy(ctx, 2)
checkAuthErr(t, tt.shouldFailWrite, err)
_, err = svc.ListGlobalPolicies(ctx)
checkAuthErr(t, tt.shouldFailRead, err)
_, err = svc.GetPolicyByIDQueries(ctx, 1)
checkAuthErr(t, tt.shouldFailRead, err)
_, err = svc.DeleteGlobalPolicies(ctx, []uint{1})
checkAuthErr(t, tt.shouldFailWrite, err)
})
}
}
Reference in New Issue View Git Blame Copy Permalink