f3267e2458
* Fixing delete/undelete boards * Adding permissions checks for undelete board and undelete block * Fixing server-lint * Handling permissions for deleted boards * Fixing linter errors * Fixing tests * Update server/services/store/sqlstore/board.go Co-authored-by: Doug Lauder <wiggin77@warpmail.net> * Fixing error message Co-authored-by: Mattermod <mattermod@users.noreply.github.com> Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
222 lines
6.1 KiB
Go
222 lines
6.1 KiB
Go
//go:generate mockgen --build_flags=--mod=mod -destination=mocks/mockpluginapi.go -package mocks github.com/mattermost/mattermost-server/v6/plugin API
|
|
package mmpermissions
|
|
|
|
import (
|
|
"database/sql"
|
|
"testing"
|
|
|
|
"github.com/mattermost/focalboard/server/model"
|
|
|
|
mmModel "github.com/mattermost/mattermost-server/v6/model"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
const (
|
|
testTeamID = "team-id"
|
|
testBoardID = "board-id"
|
|
testUserID = "user-id"
|
|
)
|
|
|
|
func TestHasPermissionsToTeam(t *testing.T) {
|
|
th := SetupTestHelper(t)
|
|
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
|
assert.False(t, th.permissions.HasPermissionToTeam("", testTeamID, model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToTeam(testUserID, "", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToTeam(testUserID, testTeamID, nil))
|
|
})
|
|
|
|
t.Run("should authorize if the plugin API does", func(t *testing.T) {
|
|
userID := testUserID
|
|
teamID := testTeamID
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(true).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToTeam(userID, teamID, model.PermissionViewTeam)
|
|
assert.True(t, hasPermission)
|
|
})
|
|
|
|
t.Run("should not authorize if the plugin API doesn't", func(t *testing.T) {
|
|
userID := testUserID
|
|
teamID := testTeamID
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(false).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToTeam(userID, teamID, model.PermissionViewTeam)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
}
|
|
|
|
// test case for user removed.
|
|
func TestHasPermissionToBoard(t *testing.T) {
|
|
th := SetupTestHelper(t)
|
|
|
|
t.Run("empty input should always unauthorize", func(t *testing.T) {
|
|
assert.False(t, th.permissions.HasPermissionToBoard("", testBoardID, model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToBoard(testUserID, "", model.PermissionManageBoardCards))
|
|
assert.False(t, th.permissions.HasPermissionToBoard(testUserID, testBoardID, nil))
|
|
})
|
|
|
|
userID := testUserID
|
|
boardID := testBoardID
|
|
teamID := testTeamID
|
|
|
|
t.Run("nonexistent member", func(t *testing.T) {
|
|
th.store.EXPECT().
|
|
GetBoard(boardID).
|
|
Return(&model.Board{ID: boardID, TeamID: teamID}, nil).
|
|
Times(1)
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(true).
|
|
Times(1)
|
|
|
|
th.store.EXPECT().
|
|
GetMemberForBoard(boardID, userID).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardCards)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
|
|
t.Run("nonexistent board", func(t *testing.T) {
|
|
th.store.EXPECT().
|
|
GetBoard(boardID).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
th.store.EXPECT().
|
|
GetBoardHistory(boardID, model.QueryBoardHistoryOptions{Limit: 1, Descending: true}).
|
|
Return(nil, sql.ErrNoRows).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardCards)
|
|
assert.False(t, hasPermission)
|
|
})
|
|
|
|
t.Run("user that has been removed from the team", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeAdmin: true,
|
|
}
|
|
|
|
th.store.EXPECT().
|
|
GetBoard(boardID).
|
|
Return(&model.Board{ID: boardID, TeamID: teamID}, nil).
|
|
Times(1)
|
|
|
|
th.api.EXPECT().
|
|
HasPermissionToTeam(userID, teamID, model.PermissionViewTeam).
|
|
Return(true).
|
|
Times(1)
|
|
|
|
th.store.EXPECT().
|
|
GetMemberForBoard(member.BoardID, member.UserID).
|
|
Return(member, nil).
|
|
Times(1)
|
|
|
|
hasPermission := th.permissions.HasPermissionToBoard(member.UserID, member.BoardID, model.PermissionViewBoard)
|
|
assert.True(t, hasPermission)
|
|
})
|
|
|
|
t.Run("board admin", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeAdmin: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{}
|
|
|
|
th.checkBoardPermissions("admin", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board editor", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeEditor: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionViewBoard,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
}
|
|
|
|
th.checkBoardPermissions("editor", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board commenter", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeCommenter: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("commenter", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
|
|
t.Run("board viewer", func(t *testing.T) {
|
|
member := &model.BoardMember{
|
|
UserID: userID,
|
|
BoardID: boardID,
|
|
SchemeViewer: true,
|
|
}
|
|
|
|
hasPermissionTo := []*mmModel.Permission{
|
|
model.PermissionViewBoard,
|
|
}
|
|
|
|
hasNotPermissionTo := []*mmModel.Permission{
|
|
model.PermissionManageBoardType,
|
|
model.PermissionDeleteBoard,
|
|
model.PermissionManageBoardRoles,
|
|
model.PermissionShareBoard,
|
|
model.PermissionManageBoardCards,
|
|
model.PermissionManageBoardProperties,
|
|
}
|
|
|
|
th.checkBoardPermissions("viewer", member, teamID, hasPermissionTo, hasNotPermissionTo)
|
|
})
|
|
}
|