nolint:paralleltest // This test verifies a process-wide RBAC kill switch.
(t *testing.T)
| 404 | |
| 405 | //nolint:paralleltest // This test verifies a process-wide RBAC kill switch. |
| 406 | func TestChatSharingDisabled(t *testing.T) { |
| 407 | previous := rbac.ChatACLDisabled() |
| 408 | rbac.SetChatACLDisabled(false) |
| 409 | rbac.ReloadBuiltinRoles(nil) |
| 410 | t.Cleanup(func() { |
| 411 | rbac.ReloadBuiltinRoles(nil) |
| 412 | rbac.SetChatACLDisabled(previous) |
| 413 | }) |
| 414 | |
| 415 | ctx := testutil.Context(t, testutil.WaitLong) |
| 416 | values := chatDeploymentValues(t) |
| 417 | values.DisableChatSharing = true |
| 418 | store, pubsub := dbtestutil.NewDB(t) |
| 419 | client := newChatClient(t, func(opts *coderdtest.Options) { |
| 420 | opts.DeploymentValues = values |
| 421 | opts.Database = store |
| 422 | opts.Pubsub = pubsub |
| 423 | }) |
| 424 | firstUser := coderdtest.CreateFirstUser(t, client.Client) |
| 425 | modelConfig := createChatModelConfig(t, client) |
| 426 | viewerClient, viewer := coderdtest.CreateAnotherUser(t, client.Client, firstUser.OrganizationID, rbac.ScopedRoleAgentsAccess(firstUser.OrganizationID)) |
| 427 | viewerClientExp := codersdk.NewExperimentalClient(viewerClient) |
| 428 | |
| 429 | chat := dbgen.Chat(t, store, database.Chat{ |
| 430 | OrganizationID: firstUser.OrganizationID, |
| 431 | OwnerID: firstUser.UserID, |
| 432 | LastModelConfigID: modelConfig.ID, |
| 433 | Title: "disabled sharing", |
| 434 | }) |
| 435 | err := store.UpdateChatACLByID(ctx, database.UpdateChatACLByIDParams{ |
| 436 | ID: chat.ID, |
| 437 | UserACL: database.ChatACL{ |
| 438 | viewer.ID.String(): database.ChatACLEntry{Permissions: []policy.Action{policy.ActionRead}}, |
| 439 | }, |
| 440 | GroupACL: database.ChatACL{}, |
| 441 | }) |
| 442 | require.NoError(t, err) |
| 443 | |
| 444 | _, err = viewerClientExp.GetChat(ctx, chat.ID) |
| 445 | requireSDKError(t, err, http.StatusNotFound) |
| 446 | |
| 447 | _, err = client.GetChatACL(ctx, chat.ID) |
| 448 | sdkErr := requireSDKError(t, err, http.StatusForbidden) |
| 449 | require.Equal(t, "Chat sharing is disabled for this deployment.", sdkErr.Message) |
| 450 | |
| 451 | err = client.UpdateChatACL(ctx, chat.ID, codersdk.UpdateChatACL{ |
| 452 | UserRoles: map[string]codersdk.ChatRole{ |
| 453 | viewer.ID.String(): codersdk.ChatRoleRead, |
| 454 | }, |
| 455 | }) |
| 456 | requireSDKError(t, err, http.StatusForbidden) |
| 457 | |
| 458 | ownerChats, err := client.ListChats(ctx, nil) |
| 459 | require.NoError(t, err) |
| 460 | require.Equal(t, map[uuid.UUID]struct{}{chat.ID: {}}, chatIDSet(ownerChats)) |
| 461 | |
| 462 | viewerChats, err := viewerClientExp.ListChats(ctx, nil) |
| 463 | require.NoError(t, err) |
nothing calls this directly
no test coverage detected