mirror of
https://github.com/mattermost/focalboard.git
synced 2025-01-23 18:34:02 +02:00
098868387e
* initial implementation of SysAdmin/TeamAdmin feature * fix adminBadge tests * updating tests * more fixes for unit tests * lint fixes * update snapshots * update cypress test for call change * add additional unit tests * update test for lint errors * fix reviews implement tests * fix for merge, reset dialog before redirection * remove unused test code * fix more tests * fix swagger doc for missing parameters --------- Co-authored-by: Mattermost Build <build@mattermost.com>
173 lines
4.9 KiB
Go
173 lines
4.9 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package localpermissions
|
|
|
|
import (
|
|
"database/sql"
|
|
"testing"
|
|
|
|
"github.com/mattermost/focalboard/server/model"
|
|
|
|
mmModel "github.com/mattermost/mattermost-server/v6/model"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestHasPermissionToTeam(t *testing.T) {
|
|
th := SetupTestHelper(t)
|
|
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
|
assert.False(t, th.permissions.HasPermissionToTeam("", "team-id", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToTeam("user-id", "", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToTeam("user-id", "team-id", nil))
|
|
})
|
|
|
|
t.Run("all users have all permissions on teams", func(t *testing.T) {
|
|
hasPermission := th.permissions.HasPermissionToTeam("user-id", "team-id", model.PermissionManageBoardCards)
|
|
assert.True(t, hasPermission)
|
|
})
|
|
|
|
t.Run("no users have PermissionManageTeam on teams", func(t *testing.T) {
|
|
hasPermission := th.permissions.HasPermissionToTeam("user-id", "team-id", model.PermissionManageTeam)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
}
|
|
|
|
func TestHasPermissionToBoard(t *testing.T) {
|
|
th := SetupTestHelper(t)
|
|
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
|
assert.False(t, th.permissions.HasPermissionToBoard("", "board-id", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToBoard("user-id", "", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToBoard("user-id", "board-id", nil))
|
|
})
|
|
|
|
t.Run("nonexistent user", func(t *testing.T) {
|
|
userID := "user-id"
|
|
boardID := "board-id"
|
|
|
|
th.store.EXPECT().
|
|
GetMemberForBoard(boardID, userID).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardCards)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
|
|
t.Run("board admin", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: "user-id",
|
|
BoardID: "board-id",
|
|
SchemeAdmin: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{}
|
|
|
|
th.checkBoardPermissions("admin", member, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board editor", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: "user-id",
|
|
BoardID: "board-id",
|
|
SchemeEditor: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
}
|
|
|
|
th.checkBoardPermissions("editor", member, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board commenter", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: "user-id",
|
|
BoardID: "board-id",
|
|
SchemeCommenter: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("commenter", member, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board viewer", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: "user-id",
|
|
BoardID: "board-id",
|
|
SchemeViewer: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("viewer", member, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("Manage Team Permission ", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: "user-id",
|
|
BoardID: "board-id",
|
|
SchemeViewer: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("viewer", member, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
}
|