(t *testing.T)
| 3001 | } |
| 3002 | |
| 3003 | func TestGetAuthorizationUserRolesImpliedOrgRole(t *testing.T) { |
| 3004 | t.Parallel() |
| 3005 | |
| 3006 | db, _ := dbtestutil.NewDB(t) |
| 3007 | org := dbgen.Organization(t, db, database.Organization{}) |
| 3008 | |
| 3009 | regularUser := dbgen.User(t, db, database.User{}) |
| 3010 | saUser := dbgen.User(t, db, database.User{IsServiceAccount: true}) |
| 3011 | |
| 3012 | dbgen.OrganizationMember(t, db, database.OrganizationMember{ |
| 3013 | OrganizationID: org.ID, |
| 3014 | UserID: regularUser.ID, |
| 3015 | }) |
| 3016 | dbgen.OrganizationMember(t, db, database.OrganizationMember{ |
| 3017 | OrganizationID: org.ID, |
| 3018 | UserID: saUser.ID, |
| 3019 | }) |
| 3020 | |
| 3021 | ctx := testutil.Context(t, testutil.WaitShort) |
| 3022 | |
| 3023 | wantMember := rbac.RoleOrgMember() + ":" + org.ID.String() |
| 3024 | wantSA := rbac.RoleOrgServiceAccount() + ":" + org.ID.String() |
| 3025 | |
| 3026 | // Regular users get the implied organization-member role. |
| 3027 | regularRoles, err := db.GetAuthorizationUserRoles(ctx, regularUser.ID) |
| 3028 | require.NoError(t, err) |
| 3029 | require.Contains(t, regularRoles.Roles, wantMember) |
| 3030 | require.NotContains(t, regularRoles.Roles, wantSA) |
| 3031 | |
| 3032 | // Service accounts get the implied organization-service-account role. |
| 3033 | saRoles, err := db.GetAuthorizationUserRoles(ctx, saUser.ID) |
| 3034 | require.NoError(t, err) |
| 3035 | require.Contains(t, saRoles.Roles, wantSA) |
| 3036 | require.NotContains(t, saRoles.Roles, wantMember) |
| 3037 | } |
| 3038 | |
| 3039 | func TestUpdateOrganizationWorkspaceSharingSettings(t *testing.T) { |
| 3040 | t.Parallel() |
nothing calls this directly
no test coverage detected