145 lines
4 KiB
Go
145 lines
4 KiB
Go
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
||
|
|
// See LICENSE.txt for license information.
|
||
|
|
|
||
|
|
package localpermissions
|
||
|
|
|
||
|
|
import (
|
||
|
|
"database/sql"
|
||
|
|
"testing"
|
||
|
|
|
||
|
|
"github.com/mattermost/focalboard/server/model"
|
||
|
|
|
||
|
|
mmModel "github.com/mattermost/mattermost-server/v6/model"
|
||
|
|
|
||
|
|
"github.com/stretchr/testify/assert"
|
||
|
|
)
|
||
|
|
|
||
|
|
func TestHasPermissionToTeam(t *testing.T) {
|
||
|
|
th := SetupTestHelper(t)
|
||
|
|
|
||
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
||
|
|
assert.False(t, th.permissions.HasPermissionToTeam("", "team-id", model.PermissionManageBoardCards))
|
||
|
|
assert.False(t, th.permissions.HasPermissionToTeam("user-id", "", model.PermissionManageBoardCards))
|
||
|
|
assert.False(t, th.permissions.HasPermissionToTeam("user-id", "team-id", nil))
|
||
|
|
})
|
||
|
|
|
||
|
|
t.Run("all users have all permissions on teams", func(t *testing.T) {
|
||
|
|
hasPermission := th.permissions.HasPermissionToTeam("user-id", "team-id", model.PermissionManageBoardCards)
|
||
|
|
assert.True(t, hasPermission)
|
||
|
|
})
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestHasPermissionToBoard(t *testing.T) {
|
||
|
|
th := SetupTestHelper(t)
|
||
|
|
|
||
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
||
|
|
assert.False(t, th.permissions.HasPermissionToBoard("", "board-id", model.PermissionManageBoardCards))
|
||
|
|
assert.False(t, th.permissions.HasPermissionToBoard("user-id", "", model.PermissionManageBoardCards))
|
||
|
|
assert.False(t, th.permissions.HasPermissionToBoard("user-id", "board-id", nil))
|
||
|
|
})
|
||
|
|
|
||
|
|
t.Run("nonexistent user", func(t *testing.T) {
|
||
|
|
userID := "user-id"
|
||
|
|
boardID := "board-id"
|
||
|
|
|
||
|
|
th.store.EXPECT().
|
||
|
|
GetMemberForBoard(boardID, userID).
|
||
|
|
Return(nil, sql.ErrNoRows).
|
||
|
|
Times(1)
|
||
|
|
|
||
|
|
hasPermission := th.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardCards)
|
||
|
|
assert.False(t, hasPermission)
|
||
|
|
})
|
||
|
|
|
||
|
|
t.Run("board admin", func(t *testing.T) {
|
||
|
|
member := &model.BoardMember{
|
||
|
|
UserID: "user-id",
|
||
|
|
BoardID: "board-id",
|
||
|
|
SchemeAdmin: true,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionManageBoardType,
|
||
|
|
model.PermissionDeleteBoard,
|
||
|
|
model.PermissionManageBoardRoles,
|
||
|
|
model.PermissionShareBoard,
|
||
|
|
model.PermissionManageBoardCards,
|
||
|
|
model.PermissionViewBoard,
|
||
|
|
model.PermissionManageBoardProperties,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasNotPermissionTo := []*mmModel.Permission{}
|
||
|
|
|
||
|
|
th.checkBoardPermissions("admin", member, hasPermissionTo, hasNotPermissionTo)
|
||
|
|
})
|
||
|
|
|
||
|
|
t.Run("board editor", func(t *testing.T) {
|
||
|
|
member := &model.BoardMember{
|
||
|
|
UserID: "user-id",
|
||
|
|
BoardID: "board-id",
|
||
|
|
SchemeEditor: true,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionManageBoardCards,
|
||
|
|
model.PermissionViewBoard,
|
||
|
|
model.PermissionManageBoardProperties,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionManageBoardType,
|
||
|
|
model.PermissionDeleteBoard,
|
||
|
|
model.PermissionManageBoardRoles,
|
||
|
|
model.PermissionShareBoard,
|
||
|
|
}
|
||
|
|
|
||
|
|
th.checkBoardPermissions("editor", member, hasPermissionTo, hasNotPermissionTo)
|
||
|
|
})
|
||
|
|
|
||
|
|
t.Run("board commenter", func(t *testing.T) {
|
||
|
|
member := &model.BoardMember{
|
||
|
|
UserID: "user-id",
|
||
|
|
BoardID: "board-id",
|
||
|
|
SchemeCommenter: true,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionViewBoard,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionManageBoardType,
|
||
|
|
model.PermissionDeleteBoard,
|
||
|
|
model.PermissionManageBoardRoles,
|
||
|
|
model.PermissionShareBoard,
|
||
|
|
model.PermissionManageBoardCards,
|
||
|
|
model.PermissionManageBoardProperties,
|
||
|
|
}
|
||
|
|
|
||
|
|
th.checkBoardPermissions("commenter", member, hasPermissionTo, hasNotPermissionTo)
|
||
|
|
})
|
||
|
|
|
||
|
|
t.Run("board viewer", func(t *testing.T) {
|
||
|
|
member := &model.BoardMember{
|
||
|
|
UserID: "user-id",
|
||
|
|
BoardID: "board-id",
|
||
|
|
SchemeViewer: true,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionViewBoard,
|
||
|
|
}
|
||
|
|
|
||
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
||
|
|
model.PermissionManageBoardType,
|
||
|
|
model.PermissionDeleteBoard,
|
||
|
|
model.PermissionManageBoardRoles,
|
||
|
|
model.PermissionShareBoard,
|
||
|
|
model.PermissionManageBoardCards,
|
||
|
|
model.PermissionManageBoardProperties,
|
||
|
|
}
|
||
|
|
|
||
|
|
th.checkBoardPermissions("viewer", member, hasPermissionTo, hasNotPermissionTo)
|
||
|
|
})
|
||
|
|
}
|