MCPcopy Index your code
hub / github.com/coder/coder / TestCheckPermissions

Function TestCheckPermissions

coderd/authorize_test.go:16–140  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

14)
15
16func TestCheckPermissions(t *testing.T) {
17 t.Parallel()
18
19 ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
20 t.Cleanup(cancel)
21
22 adminClient := coderdtest.New(t, &coderdtest.Options{
23 IncludeProvisionerDaemon: true,
24 })
25 // Create adminClient, member, and org adminClient
26 adminUser := coderdtest.CreateFirstUser(t, adminClient)
27 memberClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID)
28 memberUser, err := memberClient.User(ctx, codersdk.Me)
29 require.NoError(t, err)
30 orgAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, adminUser.OrganizationID, rbac.ScopedRoleOrgAdmin(adminUser.OrganizationID))
31 orgAdminUser, err := orgAdminClient.User(ctx, codersdk.Me)
32 require.NoError(t, err)
33
34 version := coderdtest.CreateTemplateVersion(t, adminClient, adminUser.OrganizationID, nil)
35 coderdtest.AwaitTemplateVersionJobCompleted(t, adminClient, version.ID)
36 template := coderdtest.CreateTemplate(t, adminClient, adminUser.OrganizationID, version.ID)
37
38 // With admin, member, and org admin
39 const (
40 readAllUsers = "read-all-users"
41 readOrgWorkspaces = "read-org-workspaces"
42 readMyself = "read-myself"
43 readOwnWorkspaces = "read-own-workspaces"
44 updateSpecificTemplate = "update-specific-template"
45 )
46 params := map[string]codersdk.AuthorizationCheck{
47 readAllUsers: {
48 Object: codersdk.AuthorizationObject{
49 ResourceType: codersdk.ResourceUser,
50 },
51 Action: "read",
52 },
53 readOrgWorkspaces: {
54 Object: codersdk.AuthorizationObject{
55 ResourceType: codersdk.ResourceWorkspace,
56 OrganizationID: adminUser.OrganizationID.String(),
57 },
58 Action: "read",
59 },
60 readMyself: {
61 Object: codersdk.AuthorizationObject{
62 ResourceType: codersdk.ResourceUser,
63 OwnerID: "me",
64 },
65 Action: "read",
66 },
67 readOwnWorkspaces: {
68 Object: codersdk.AuthorizationObject{
69 ResourceType: codersdk.ResourceWorkspace,
70 OrganizationID: adminUser.OrganizationID.String(),
71 OwnerID: "me",
72 },
73 Action: "read",

Callers

nothing calls this directly

Calls 13

NewFunction · 0.92
CreateFirstUserFunction · 0.92
CreateAnotherUserFunction · 0.92
ScopedRoleOrgAdminFunction · 0.92
CreateTemplateVersionFunction · 0.92
CreateTemplateFunction · 0.92
AuthCheckMethod · 0.80
CleanupMethod · 0.65
UserMethod · 0.65
RunMethod · 0.65
StringMethod · 0.45

Tested by

no test coverage detected