mirror of
https://github.com/mattermost/focalboard.git
synced 2024-12-24 13:43:12 +02:00
098868387e
* initial implementation of SysAdmin/TeamAdmin feature * fix adminBadge tests * updating tests * more fixes for unit tests * lint fixes * update snapshots * update cypress test for call change * add additional unit tests * update test for lint errors * fix reviews implement tests * fix for merge, reset dialog before redirection * remove unused test code * fix more tests * fix swagger doc for missing parameters --------- Co-authored-by: Mattermost Build <build@mattermost.com>
244 lines
6.6 KiB
Go
244 lines
6.6 KiB
Go
//go:generate mockgen -destination=mocks/mockpluginapi.go -package mocks github.com/mattermost/mattermost-server/v6/plugin API
|
|
package mmpermissions
|
|
|
|
import (
|
|
"database/sql"
|
|
"testing"
|
|
|
|
"github.com/mattermost/focalboard/server/model"
|
|
|
|
mmModel "github.com/mattermost/mattermost-server/v6/model"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
const (
|
|
testTeamID = "team-id"
|
|
testBoardID = "board-id"
|
|
testUserID = "user-id"
|
|
)
|
|
|
|
func TestHasPermissionsToTeam(t *testing.T) {
|
|
th := SetupTestHelper(t)
|
|
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
|
assert.False(t, th.permissions.HasPermissionToTeam("", testTeamID, model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToTeam(testUserID, "", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToTeam(testUserID, testTeamID, nil))
|
|
})
|
|
|
|
t.Run("should authorize if the plugin API does", func(t *testing.T) {
|
|
userID := testUserID
|
|
teamID := testTeamID
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(true).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToTeam(userID, teamID, model.PermissionViewTeam)
|
|
assert.True(t, hasPermission)
|
|
})
|
|
|
|
t.Run("should not authorize if the plugin API doesn't", func(t *testing.T) {
|
|
userID := testUserID
|
|
teamID := testTeamID
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(false).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToTeam(userID, teamID, model.PermissionViewTeam)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
}
|
|
|
|
// test case for user removed.
|
|
func TestHasPermissionToBoard(t *testing.T) {
|
|
th := SetupTestHelper(t)
|
|
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
|
assert.False(t, th.permissions.HasPermissionToBoard("", testBoardID, model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToBoard(testUserID, "", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToBoard(testUserID, testBoardID, nil))
|
|
})
|
|
|
|
userID := testUserID
|
|
boardID := testBoardID
|
|
teamID := testTeamID
|
|
|
|
t.Run("nonexistent member", func(t *testing.T) {
|
|
th.store.EXPECT().
|
|
GetBoard(boardID).
|
|
Return(&model.Board{ID: boardID, TeamID: teamID}, nil).
|
|
Times(1)
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(true).
|
|
Times(1)
|
|
|
|
th.store.EXPECT().
|
|
GetMemberForBoard(boardID, userID).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardCards)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
|
|
t.Run("nonexistent board", func(t *testing.T) {
|
|
th.store.EXPECT().
|
|
GetBoard(boardID).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
th.store.EXPECT().
|
|
GetBoardHistory(boardID, model.QueryBoardHistoryOptions{Limit: 1, Descending: true}).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardCards)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
|
|
t.Run("user that has been removed from the team", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeAdmin: true,
|
|
}
|
|
|
|
th.store.EXPECT().
|
|
GetBoard(boardID).
|
|
Return(&model.Board{ID: boardID, TeamID: teamID}, nil).
|
|
Times(1)
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(true).
|
|
Times(1)
|
|
|
|
th.store.EXPECT().
|
|
GetMemberForBoard(member.BoardID, member.UserID).
|
|
Return(member, nil).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(member.UserID, member.BoardID, model.PermissionViewBoard)
|
|
assert.True(t, hasPermission)
|
|
})
|
|
|
|
t.Run("board admin", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeAdmin: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{}
|
|
|
|
th.checkBoardPermissions("admin", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board editor", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeEditor: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
}
|
|
|
|
th.checkBoardPermissions("editor", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board commenter", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeCommenter: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("commenter", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board viewer", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeViewer: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("viewer", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("elevate board viewer permissions", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeViewer: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{}
|
|
th.checkBoardPermissions("elevated-admin", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
}
|