MCPcopy Index your code
hub / github.com/coder/coder / TestAsChatd

Function TestAsChatd

coderd/database/dbauthz/dbauthz_test.go:6899–6958  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

6897}
6898
6899func TestAsChatd(t *testing.T) {
6900 t.Parallel()
6901
6902 ctx := dbauthz.AsChatd(context.Background())
6903 actor, ok := dbauthz.ActorFromContext(ctx)
6904 require.True(t, ok, "actor must be present")
6905
6906 auth := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
6907
6908 t.Run("AllowedActions", func(t *testing.T) {
6909 t.Parallel()
6910
6911 // Chat CRUD.
6912 for _, action := range []policy.Action{
6913 policy.ActionCreate, policy.ActionRead,
6914 policy.ActionUpdate, policy.ActionDelete,
6915 } {
6916 err := auth.Authorize(ctx, actor, action, rbac.ResourceChat)
6917 require.NoError(t, err, "chat %s should be allowed", action)
6918 }
6919
6920 // Workspace read + update (update needed for ActivityBumpWorkspace).
6921 for _, action := range []policy.Action{
6922 policy.ActionRead, policy.ActionUpdate,
6923 } {
6924 err := auth.Authorize(ctx, actor, action, rbac.ResourceWorkspace)
6925 require.NoError(t, err, "workspace %s should be allowed", action)
6926 }
6927
6928 // DeploymentConfig reads are allowed, but writes are not.
6929 err := auth.Authorize(ctx, actor, policy.ActionRead, rbac.ResourceDeploymentConfig)
6930 require.NoError(t, err, "deployment config read should be allowed")
6931 err = auth.Authorize(ctx, actor, policy.ActionUpdate, rbac.ResourceDeploymentConfig)
6932 require.Error(t, err, "deployment config update should not be allowed")
6933
6934 // User read_personal (needed for GetUserChatCustomPrompt).
6935 err = auth.Authorize(ctx, actor, policy.ActionReadPersonal, rbac.ResourceUser)
6936 require.NoError(t, err, "user read_personal should be allowed")
6937 })
6938
6939 t.Run("DeniedActions", func(t *testing.T) {
6940 t.Parallel()
6941
6942 // Cannot delete workspaces.
6943 err := auth.Authorize(ctx, actor, policy.ActionDelete, rbac.ResourceWorkspace)
6944 require.Error(t, err, "workspace delete should be denied")
6945
6946 // Cannot access users.
6947 err = auth.Authorize(ctx, actor, policy.ActionRead, rbac.ResourceUser)
6948 require.Error(t, err, "user read should be denied")
6949
6950 // Cannot access API keys.
6951 err = auth.Authorize(ctx, actor, policy.ActionRead, rbac.ResourceApiKey)
6952 require.Error(t, err, "api key read should be denied")
6953
6954 // Cannot access provisioner daemons.
6955 err = auth.Authorize(ctx, actor, policy.ActionRead, rbac.ResourceProvisionerDaemon)
6956 require.Error(t, err, "provisioner daemon read should be denied")

Callers

nothing calls this directly

Calls 6

AsChatdFunction · 0.92
ActorFromContextFunction · 0.92
RunMethod · 0.65
AuthorizeMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected