mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
52 lines
1.6 KiB
Go
52 lines
1.6 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/fleetdm/fleet/v4/server/authz"
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
"github.com/fleetdm/fleet/v4/server/mock"
|
|
"github.com/fleetdm/fleet/v4/server/test"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestListActivities(t *testing.T) {
|
|
ds := new(mock.Store)
|
|
svc, ctx := newTestService(t, ds, nil, nil)
|
|
|
|
globalUsers := []*fleet.User{test.UserAdmin, test.UserMaintainer, test.UserObserver}
|
|
teamUsers := []*fleet.User{test.UserTeamAdminTeam1, test.UserTeamMaintainerTeam1, test.UserTeamObserverTeam1}
|
|
|
|
ds.ListActivitiesFunc = func(ctx context.Context, opts fleet.ListOptions) ([]*fleet.Activity, error) {
|
|
return []*fleet.Activity{
|
|
{ID: 1},
|
|
{ID: 2},
|
|
}, nil
|
|
}
|
|
|
|
// any global user can read activities
|
|
for _, u := range globalUsers {
|
|
activities, err := svc.ListActivities(test.UserContext(ctx, u), fleet.ListOptions{})
|
|
require.NoError(t, err)
|
|
require.Len(t, activities, 2)
|
|
}
|
|
|
|
// team users cannot read activities
|
|
for _, u := range teamUsers {
|
|
_, err := svc.ListActivities(test.UserContext(ctx, u), fleet.ListOptions{})
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), authz.ForbiddenErrorMessage)
|
|
}
|
|
|
|
// user with no roles cannot read activities
|
|
_, err := svc.ListActivities(test.UserContext(ctx, test.UserNoRoles), fleet.ListOptions{})
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), authz.ForbiddenErrorMessage)
|
|
|
|
// no user in context
|
|
_, err = svc.ListActivities(ctx, fleet.ListOptions{})
|
|
require.Error(t, err)
|
|
require.Contains(t, err.Error(), authz.ForbiddenErrorMessage)
|
|
}
|