nolint:tparallel,paralleltest // It toggles the global chat ACL flag.
(t *testing.T)
| 210 | |
| 211 | //nolint:tparallel,paralleltest // It toggles the global chat ACL flag. |
| 212 | func TestUpdateChatACLByIDGuards(t *testing.T) { |
| 213 | ctx := dbauthz.As(context.Background(), rbac.Subject{ |
| 214 | ID: uuid.NewString(), |
| 215 | Scope: rbac.ScopeAll, |
| 216 | }) |
| 217 | arg := database.UpdateChatACLByIDParams{ |
| 218 | ID: uuid.New(), |
| 219 | UserACL: database.ChatACL{}, |
| 220 | GroupACL: database.ChatACL{}, |
| 221 | } |
| 222 | |
| 223 | t.Run("Disabled", func(t *testing.T) { //nolint:paralleltest // It toggles the global chat ACL flag. |
| 224 | rbac.SetChatACLDisabled(true) |
| 225 | t.Cleanup(func() { rbac.SetChatACLDisabled(false) }) |
| 226 | |
| 227 | ctrl := gomock.NewController(t) |
| 228 | db := dbmock.NewMockStore(ctrl) |
| 229 | db.EXPECT().Wrappers().Return([]string{}).AnyTimes() |
| 230 | |
| 231 | q := dbauthz.New(db, &coderdtest.FakeAuthorizer{}, slogtest.Make(t, nil), coderdtest.AccessControlStorePointer()) |
| 232 | err := q.UpdateChatACLByID(ctx, arg) |
| 233 | |
| 234 | require.Error(t, err) |
| 235 | require.True(t, dbauthz.IsNotAuthorizedError(err)) |
| 236 | require.ErrorContains(t, err, "chat sharing is disabled") |
| 237 | }) |
| 238 | |
| 239 | t.Run("SubChat", func(t *testing.T) { //nolint:paralleltest // It depends on the global chat ACL flag. |
| 240 | rbac.SetChatACLDisabled(false) |
| 241 | |
| 242 | ctrl := gomock.NewController(t) |
| 243 | db := dbmock.NewMockStore(ctrl) |
| 244 | db.EXPECT().Wrappers().Return([]string{}).AnyTimes() |
| 245 | db.EXPECT().GetChatByID(gomock.Any(), arg.ID).Return(database.Chat{ |
| 246 | ID: arg.ID, |
| 247 | RootChatID: uuid.NullUUID{UUID: uuid.New(), Valid: true}, |
| 248 | ParentChatID: uuid.NullUUID{UUID: uuid.New(), Valid: true}, |
| 249 | }, nil) |
| 250 | |
| 251 | q := dbauthz.New(db, &coderdtest.FakeAuthorizer{}, slogtest.Make(t, nil), coderdtest.AccessControlStorePointer()) |
| 252 | err := q.UpdateChatACLByID(ctx, arg) |
| 253 | |
| 254 | require.Error(t, err) |
| 255 | require.True(t, dbauthz.IsNotAuthorizedError(err)) |
| 256 | require.ErrorContains(t, err, "root chats") |
| 257 | }) |
| 258 | } |
| 259 | |
| 260 | // TestDBAuthzRecursive is a simple test to search for infinite recursion |
| 261 | // bugs. It isn't perfect, and only catches a subset of the possible bugs |
nothing calls this directly
no test coverage detected