(t *testing.T)
| 156 | } |
| 157 | |
| 158 | func TestChatFilesAllowLinkedChatReads(t *testing.T) { |
| 159 | t.Parallel() |
| 160 | |
| 161 | ctx := dbauthz.As(context.Background(), rbac.Subject{ |
| 162 | ID: uuid.NewString(), |
| 163 | Scope: rbac.ScopeAll, |
| 164 | }) |
| 165 | authorizer := &coderdtest.FakeAuthorizer{ |
| 166 | ConditionalReturn: func(_ context.Context, _ rbac.Subject, action policy.Action, object rbac.Object) error { |
| 167 | if action == policy.ActionRead && object.Type == rbac.ResourceChat.Type { |
| 168 | return xerrors.New("direct file auth denied") |
| 169 | } |
| 170 | return nil |
| 171 | }, |
| 172 | } |
| 173 | |
| 174 | t.Run("GetChatFileByID", func(t *testing.T) { |
| 175 | t.Parallel() |
| 176 | |
| 177 | ctrl := gomock.NewController(t) |
| 178 | db := dbmock.NewMockStore(ctrl) |
| 179 | file := testutil.Fake(t, gofakeit.New(0), database.ChatFile{}) |
| 180 | |
| 181 | db.EXPECT().Wrappers().Return([]string{}).AnyTimes() |
| 182 | db.EXPECT().GetChatFileByID(gomock.Any(), file.ID).Return(file, nil) |
| 183 | db.EXPECT().GetAuthorizedChatsByChatFileID(gomock.Any(), file.ID, gomock.Any()).Return([]database.Chat{{ID: uuid.New()}}, nil) |
| 184 | |
| 185 | q := dbauthz.New(db, authorizer, slogtest.Make(t, nil), coderdtest.AccessControlStorePointer()) |
| 186 | got, err := q.GetChatFileByID(ctx, file.ID) |
| 187 | |
| 188 | require.NoError(t, err) |
| 189 | require.Equal(t, file, got) |
| 190 | }) |
| 191 | |
| 192 | t.Run("GetChatFilesByIDs", func(t *testing.T) { |
| 193 | t.Parallel() |
| 194 | |
| 195 | ctrl := gomock.NewController(t) |
| 196 | db := dbmock.NewMockStore(ctrl) |
| 197 | file := testutil.Fake(t, gofakeit.New(0), database.ChatFile{}) |
| 198 | |
| 199 | db.EXPECT().Wrappers().Return([]string{}).AnyTimes() |
| 200 | db.EXPECT().GetChatFilesByIDs(gomock.Any(), []uuid.UUID{file.ID}).Return([]database.ChatFile{file}, nil) |
| 201 | db.EXPECT().GetAuthorizedChatsByChatFileID(gomock.Any(), file.ID, gomock.Any()).Return([]database.Chat{{ID: uuid.New()}}, nil) |
| 202 | |
| 203 | q := dbauthz.New(db, authorizer, slogtest.Make(t, nil), coderdtest.AccessControlStorePointer()) |
| 204 | got, err := q.GetChatFilesByIDs(ctx, []uuid.UUID{file.ID}) |
| 205 | |
| 206 | require.NoError(t, err) |
| 207 | require.Equal(t, []database.ChatFile{file}, got) |
| 208 | }) |
| 209 | } |
| 210 | |
| 211 | //nolint:tparallel,paralleltest // It toggles the global chat ACL flag. |
| 212 | func TestUpdateChatACLByIDGuards(t *testing.T) { |
nothing calls this directly
no test coverage detected