(t *testing.T)
| 15 | ) |
| 16 | |
| 17 | func TestAsAuthzSystem(t *testing.T) { |
| 18 | t.Parallel() |
| 19 | userActor := coderdtest.RandomRBACSubject() |
| 20 | |
| 21 | base := http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) { |
| 22 | actor, ok := dbauthz.ActorFromContext(r.Context()) |
| 23 | assert.True(t, ok, "actor should exist") |
| 24 | assert.True(t, userActor.Equal(actor), "actor should be the user actor") |
| 25 | }) |
| 26 | |
| 27 | mwSetUser := func(next http.Handler) http.Handler { |
| 28 | return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 29 | r = r.WithContext(dbauthz.As(r.Context(), userActor)) |
| 30 | next.ServeHTTP(rw, r) |
| 31 | }) |
| 32 | } |
| 33 | |
| 34 | mwAssertSystem := mwAssert(func(req *http.Request) { |
| 35 | actor, ok := dbauthz.ActorFromContext(req.Context()) |
| 36 | assert.True(t, ok, "actor should exist") |
| 37 | assert.False(t, userActor.Equal(actor), "systemActor should not be the user actor") |
| 38 | assert.Contains(t, actor.Roles.Names(), rbac.RoleIdentifier{Name: "system"}, "should have system role") |
| 39 | }) |
| 40 | |
| 41 | mwAssertUser := mwAssert(func(req *http.Request) { |
| 42 | actor, ok := dbauthz.ActorFromContext(req.Context()) |
| 43 | assert.True(t, ok, "actor should exist") |
| 44 | assert.True(t, userActor.Equal(actor), "should be the useractor") |
| 45 | }) |
| 46 | |
| 47 | mwAssertNoUser := mwAssert(func(req *http.Request) { |
| 48 | _, ok := dbauthz.ActorFromContext(req.Context()) |
| 49 | assert.False(t, ok, "actor should not exist") |
| 50 | }) |
| 51 | |
| 52 | // Request as the user actor |
| 53 | const pattern = "/" |
| 54 | req := httptest.NewRequest("GET", pattern, nil) |
| 55 | res := httptest.NewRecorder() |
| 56 | |
| 57 | handler := chi.NewRouter() |
| 58 | handler.Route(pattern, func(r chi.Router) { |
| 59 | r.Use( |
| 60 | // First assert there is no actor context |
| 61 | mwAssertNoUser, |
| 62 | httpmw.AsAuthzSystem( |
| 63 | // Assert the system actor |
| 64 | mwAssertSystem, |
| 65 | mwAssertSystem, |
| 66 | ), |
| 67 | // Assert no user present outside of the AsAuthzSystem chain |
| 68 | mwAssertNoUser, |
| 69 | // ---- |
| 70 | // Set to the user actor |
| 71 | mwSetUser, |
| 72 | // Assert the user actor |
| 73 | mwAssertUser, |
| 74 | httpmw.AsAuthzSystem( |
nothing calls this directly
no test coverage detected