(t *testing.T)
| 3198 | } |
| 3199 | |
| 3200 | func TestAuthorizedAuditLogs(t *testing.T) { |
| 3201 | t.Parallel() |
| 3202 | |
| 3203 | var allLogs []database.AuditLog |
| 3204 | db, _ := dbtestutil.NewDB(t) |
| 3205 | authz := rbac.NewAuthorizer(prometheus.NewRegistry()) |
| 3206 | db = dbauthz.New(db, authz, slogtest.Make(t, &slogtest.Options{}), coderdtest.AccessControlStorePointer()) |
| 3207 | |
| 3208 | siteWideIDs := []uuid.UUID{uuid.New(), uuid.New()} |
| 3209 | for _, id := range siteWideIDs { |
| 3210 | allLogs = append(allLogs, dbgen.AuditLog(t, db, database.AuditLog{ |
| 3211 | ID: id, |
| 3212 | OrganizationID: uuid.Nil, |
| 3213 | })) |
| 3214 | } |
| 3215 | |
| 3216 | // This map is a simple way to insert a given number of organizations |
| 3217 | // and audit logs for each organization. |
| 3218 | // map[orgID][]AuditLogID |
| 3219 | orgAuditLogs := map[uuid.UUID][]uuid.UUID{ |
| 3220 | uuid.New(): {uuid.New(), uuid.New()}, |
| 3221 | uuid.New(): {uuid.New(), uuid.New()}, |
| 3222 | } |
| 3223 | orgIDs := make([]uuid.UUID, 0, len(orgAuditLogs)) |
| 3224 | for orgID := range orgAuditLogs { |
| 3225 | orgIDs = append(orgIDs, orgID) |
| 3226 | } |
| 3227 | for orgID, ids := range orgAuditLogs { |
| 3228 | dbgen.Organization(t, db, database.Organization{ |
| 3229 | ID: orgID, |
| 3230 | }) |
| 3231 | for _, id := range ids { |
| 3232 | allLogs = append(allLogs, dbgen.AuditLog(t, db, database.AuditLog{ |
| 3233 | ID: id, |
| 3234 | OrganizationID: orgID, |
| 3235 | })) |
| 3236 | } |
| 3237 | } |
| 3238 | |
| 3239 | // Now fetch all the logs |
| 3240 | auditorRole, err := rbac.RoleByName(rbac.RoleAuditor()) |
| 3241 | require.NoError(t, err) |
| 3242 | |
| 3243 | memberRole, err := rbac.RoleByName(rbac.RoleMember()) |
| 3244 | require.NoError(t, err) |
| 3245 | |
| 3246 | orgAuditorRoles := func(t *testing.T, orgID uuid.UUID) rbac.Role { |
| 3247 | t.Helper() |
| 3248 | |
| 3249 | role, err := rbac.RoleByName(rbac.ScopedRoleOrgAuditor(orgID)) |
| 3250 | require.NoError(t, err) |
| 3251 | return role |
| 3252 | } |
| 3253 | |
| 3254 | t.Run("NoAccess", func(t *testing.T) { |
| 3255 | t.Parallel() |
| 3256 | ctx := testutil.Context(t, testutil.WaitShort) |
| 3257 |
nothing calls this directly
no test coverage detected