MCPcopy Index your code
hub / github.com/coder/coder / TestAuthorizeLevels

Function TestAuthorizeLevels

coderd/rbac/authz_internal_test.go:718–845  ·  view source on GitHub ↗

TestAuthorizeLevels ensures level overrides are acting appropriately

(t *testing.T)

Source from the content-addressed store, hash-verified

716
717// TestAuthorizeLevels ensures level overrides are acting appropriately
718func TestAuthorizeLevels(t *testing.T) {
719 t.Parallel()
720 defOrg := uuid.New()
721 unusedID := uuid.New()
722
723 user := Subject{
724 ID: "me",
725 Scope: must(ExpandScope(ScopeAll)),
726 Roles: Roles{
727 must(RoleByName(RoleOwner())),
728 {
729 Identifier: RoleIdentifier{Name: "org-deny:", OrganizationID: defOrg},
730 ByOrgID: map[string]OrgPermissions{
731 defOrg.String(): {
732 Org: []Permission{
733 {
734 Negate: true,
735 ResourceType: "*",
736 Action: "*",
737 },
738 },
739 Member: []Permission{},
740 },
741 },
742 },
743 {
744 Identifier: RoleIdentifier{Name: "user-deny-all"},
745 // List out deny permissions explicitly
746 User: []Permission{
747 {
748 Negate: true,
749 ResourceType: policy.WildcardSymbol,
750 Action: policy.WildcardSymbol,
751 },
752 },
753 },
754 },
755 }
756
757 testAuthorize(t, "AdminAlwaysAllow", user,
758 cases(func(c authTestCase) authTestCase {
759 c.actions = ResourceWorkspace.AvailableActions()
760 c.allow = true
761 return c
762 }, []authTestCase{
763 // Org + me
764 {resource: ResourceWorkspace.InOrg(defOrg).WithOwner(user.ID)},
765 {resource: ResourceWorkspace.InOrg(defOrg)},
766
767 {resource: ResourceWorkspace.WithOwner(user.ID)},
768
769 {resource: ResourceWorkspace.All()},
770
771 // Other org + me
772 {resource: ResourceWorkspace.InOrg(unusedID).WithOwner(user.ID)},
773 {resource: ResourceWorkspace.InOrg(unusedID)},
774
775 // Other org + other user

Callers

nothing calls this directly

Calls 14

OmitFunction · 0.92
ExpandScopeFunction · 0.85
RoleByNameFunction · 0.85
RoleOwnerFunction · 0.85
testAuthorizeFunction · 0.85
casesFunction · 0.85
ScopedRoleOrgAdminFunction · 0.85
AvailableActionsMethod · 0.80
WithOwnerMethod · 0.80
InOrgMethod · 0.80
AllMethod · 0.80
mustFunction · 0.70

Tested by

no test coverage detected