Skip to content

Commit 5e3f858

Browse files
committed
more testing
1 parent e368606 commit 5e3f858

File tree

1 file changed

+84
-0
lines changed

1 file changed

+84
-0
lines changed
Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
package acl_test
2+
3+
import (
4+
"testing"
5+
6+
"github.com/coder/coder/v2/coderd"
7+
"github.com/coder/coder/v2/coderd/database"
8+
"github.com/coder/coder/v2/coderd/database/dbgen"
9+
"github.com/coder/coder/v2/coderd/database/dbtestutil"
10+
"github.com/coder/coder/v2/coderd/rbac/acl"
11+
"github.com/coder/coder/v2/codersdk"
12+
"github.com/coder/coder/v2/testutil"
13+
"github.com/google/uuid"
14+
"github.com/stretchr/testify/require"
15+
)
16+
17+
func TestOK(t *testing.T) {
18+
db, _ := dbtestutil.NewDB(t, dbtestutil.WithTimezone("UTC"))
19+
o := dbgen.Organization(t, db, database.Organization{})
20+
g := dbgen.Group(t, db, database.Group{OrganizationID: o.ID})
21+
u := dbgen.User(t, db, database.User{})
22+
ctx := testutil.Context(t, testutil.WaitShort)
23+
24+
update := codersdk.UpdateWorkspaceACL{
25+
UserRoles: map[string]codersdk.WorkspaceRole{
26+
u.ID.String(): codersdk.WorkspaceRoleAdmin,
27+
// An unknown ID is allowed if and only if the specified role is either
28+
// codersdk.WorkspaceRoleDeleted or codersdk.TemplateRoleDeleted.
29+
uuid.NewString(): codersdk.WorkspaceRoleDeleted,
30+
},
31+
GroupRoles: map[string]codersdk.WorkspaceRole{
32+
g.ID.String(): codersdk.WorkspaceRoleAdmin,
33+
// An unknown ID is allowed if and only if the specified role is either
34+
// codersdk.WorkspaceRoleDeleted or codersdk.TemplateRoleDeleted.
35+
uuid.NewString(): codersdk.WorkspaceRoleDeleted,
36+
},
37+
}
38+
errors := acl.Validate(ctx, db, coderd.WorkspaceACLUpdateValidator(update))
39+
require.Empty(t, errors)
40+
}
41+
42+
func TestDeniesUnknownIDs(t *testing.T) {
43+
db, _ := dbtestutil.NewDB(t, dbtestutil.WithTimezone("UTC"))
44+
ctx := testutil.Context(t, testutil.WaitShort)
45+
46+
update := codersdk.UpdateWorkspaceACL{
47+
UserRoles: map[string]codersdk.WorkspaceRole{
48+
uuid.NewString(): codersdk.WorkspaceRoleAdmin,
49+
},
50+
GroupRoles: map[string]codersdk.WorkspaceRole{
51+
uuid.NewString(): codersdk.WorkspaceRoleAdmin,
52+
},
53+
}
54+
errors := acl.Validate(ctx, db, coderd.WorkspaceACLUpdateValidator(update))
55+
require.Len(t, errors, 2)
56+
require.Equal(t, errors[0].Field, "group_roles")
57+
require.ErrorContains(t, errors[0], "does not exist")
58+
require.Equal(t, errors[1].Field, "user_roles")
59+
require.ErrorContains(t, errors[1], "does not exist")
60+
}
61+
62+
func TestDeniesUnknownRolesAndInvalidIDs(t *testing.T) {
63+
db, _ := dbtestutil.NewDB(t, dbtestutil.WithTimezone("UTC"))
64+
ctx := testutil.Context(t, testutil.WaitShort)
65+
66+
update := codersdk.UpdateWorkspaceACL{
67+
UserRoles: map[string]codersdk.WorkspaceRole{
68+
"Quifrey": "level 5",
69+
},
70+
GroupRoles: map[string]codersdk.WorkspaceRole{
71+
"apprentices": "level 2",
72+
},
73+
}
74+
errors := acl.Validate(ctx, db, coderd.WorkspaceACLUpdateValidator(update))
75+
require.Len(t, errors, 4)
76+
require.Equal(t, errors[0].Field, "group_roles")
77+
require.ErrorContains(t, errors[0], "role \"level 2\" is not a valid workspace role")
78+
require.Equal(t, errors[1].Field, "group_roles")
79+
require.ErrorContains(t, errors[1], "not a valid UUID")
80+
require.Equal(t, errors[2].Field, "user_roles")
81+
require.ErrorContains(t, errors[2], "role \"level 5\" is not a valid workspace role")
82+
require.Equal(t, errors[3].Field, "user_roles")
83+
require.ErrorContains(t, errors[3], "not a valid UUID")
84+
}

0 commit comments

Comments
 (0)