Local permissions test (#2839)

* Upgrade npm in build-ubuntu * npm i -S moment * Don't upgrade npm * macos-latest on build-mac * Update dev-release.yml * Add local permissions tests * local_permissions_test with standard store * UserID tokens, duplicate check toTeam permissions * cleanup * cleanup * Fix server lint * Update TestLocalPermissionsRegister
2022-04-19 10:00:52 -07:00 · 2022-04-19 10:00:52 -07:00 · 3c7fd72dcf
commit 3c7fd72dcf
parent 74053655b6
5 changed files with 2487 additions and 261 deletions
--- a/server/api/api.go
+++ b/server/api/api.go
@ -2905,6 +2905,11 @@ func (a *API) handleDuplicateBoard(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if toTeam != "" && !a.permissions.HasPermissionToTeam(userID, toTeam, model.PermissionViewTeam) {
+		a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to team"})
+		return
+	}
+
 	if board.IsTemplate && board.Type == model.BoardTypeOpen {
 		if board.TeamID != model.GlobalTeamID && !a.permissions.HasPermissionToTeam(userID, board.TeamID, model.PermissionViewTeam) {
 			a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to board"})
--- a/server/client/client.go
+++ b/server/client/client.go
@ -410,6 +410,14 @@ func (c *Client) GetMe() (*model.User, *Response) {
 	return me, BuildResponse(r)
 }

+func (c *Client) GetUserID() string {
+	me, _ := c.GetMe()
+	if me == nil {
+		return ""
+	}
+	return me.ID
+}
+
 func (c *Client) GetUserRoute(id string) string {
 	return fmt.Sprintf("/users/%s", id)
 }
--- a/server/integrationtests/clienttestlib.go
+++ b/server/integrationtests/clienttestlib.go
@ -40,6 +40,16 @@ const (
 	userAdmin        string = "admin"
 )

+var (
+	userAnonID         = userAnon
+	userNoTeamMemberID = userNoTeamMember
+	userTeamMemberID   = userTeamMember
+	userViewerID       = userViewer
+	userCommenterID    = userCommenter
+	userEditorID       = userEditor
+	userAdminID        = userAdmin
+)
+
 type LicenseType int

 const (
@ -197,6 +207,43 @@ func newTestServerPluginMode() *server.Server {
 	return srv
 }

+func newTestServerLocalMode() *server.Server {
+	cfg, err := getTestConfig()
+	if err != nil {
+		panic(err)
+	}
+	cfg.EnablePublicSharedBoards = true
+
+	logger, _ := mlog.NewLogger()
+	if err = logger.Configure("", cfg.LoggingCfgJSON, nil); err != nil {
+		panic(err)
+	}
+
+	db, err := server.NewStore(cfg, logger)
+	if err != nil {
+		panic(err)
+	}
+
+	permissionsService := localpermissions.New(db, logger)
+
+	params := server.Params{
+		Cfg:                cfg,
+		DBStore:            db,
+		Logger:             logger,
+		PermissionsService: permissionsService,
+	}
+
+	srv, err := server.New(params)
+	if err != nil {
+		panic(err)
+	}
+
+	// Reduce password has strength for unit tests to dramatically speed up account creation and login
+	auth.PasswordHashStrength = 4
+
+	return srv
+}
+
 func SetupTestHelperWithToken(t *testing.T) *TestHelper {
 	sessionToken := "TESTTOKEN"
 	th := &TestHelper{T: t}
@ -217,6 +264,13 @@ func SetupTestHelperPluginMode(t *testing.T) *TestHelper {
 	return th
 }

+func SetupTestHelperLocalMode(t *testing.T) *TestHelper {
+	th := &TestHelper{T: t}
+	th.Server = newTestServerLocalMode()
+	th.Start()
+	return th
+}
+
 func SetupTestHelperWithLicense(t *testing.T, licenseType LicenseType) *TestHelper {
 	th := &TestHelper{T: t}
 	th.Server = newTestServerWithLicense("", licenseType)
--- a/server/integrationtests/local_permissions_test.go
+++ b/server/integrationtests/local_permissions_test.go
--- a/server/integrationtests/permissions_test.go
+++ b/server/integrationtests/permissions_test.go