MCPcopy Index your code
hub / github.com/coder/coder / TestChatSharingPermissions

Function TestChatSharingPermissions

coderd/rbac/roles_test.go:119–168  ·  view source on GitHub ↗

nolint:tparallel,paralleltest

(t *testing.T)

Source from the content-addressed store, hash-verified

117
118//nolint:tparallel,paralleltest
119func TestChatSharingPermissions(t *testing.T) {
120 target := rbac.Permission{
121 Negate: true,
122 ResourceType: rbac.ResourceChat.Type,
123 Action: policy.ActionShare,
124 }
125 orgID := uuid.New()
126 userID := uuid.NewString()
127 resource := rbac.ResourceChat.WithID(uuid.New()).InOrg(orgID).WithOwner(userID)
128
129 authorizeAgentsAccessUser := func(t *testing.T) error {
130 t.Helper()
131
132 memberRole, err := rbac.RoleByName(rbac.RoleMember())
133 require.NoError(t, err)
134 agentsRole, err := rbac.RoleByName(rbac.ScopedRoleAgentsAccess(orgID))
135 require.NoError(t, err)
136
137 auth := rbac.NewStrictAuthorizer(prometheus.NewRegistry())
138 return auth.Authorize(context.Background(), rbac.Subject{
139 ID: userID,
140 Roles: rbac.Roles{memberRole, agentsRole},
141 Scope: rbac.ScopeAll,
142 }, policy.ActionShare, resource)
143 }
144
145 t.Run("Default", func(t *testing.T) {
146 rbac.ReloadBuiltinRoles(nil)
147 t.Cleanup(func() { rbac.ReloadBuiltinRoles(nil) })
148
149 memberRole, err := rbac.RoleByName(rbac.RoleMember())
150 require.NoError(t, err)
151 assert.False(t, permissionGranted(memberRole.Site, target))
152 require.NoError(t, authorizeAgentsAccessUser(t))
153 })
154
155 t.Run("Disabled", func(t *testing.T) {
156 rbac.ReloadBuiltinRoles(&rbac.RoleOptions{
157 NoChatSharing: true,
158 })
159 t.Cleanup(func() { rbac.ReloadBuiltinRoles(nil) })
160
161 memberRole, err := rbac.RoleByName(rbac.RoleMember())
162 require.NoError(t, err)
163 assert.True(t, permissionGranted(memberRole.Site, target))
164
165 err = authorizeAgentsAccessUser(t)
166 require.ErrorAs(t, err, &rbac.UnauthorizedError{})
167 })
168}
169
170//nolint:tparallel,paralleltest
171func TestOwnerExec(t *testing.T) {

Callers

nothing calls this directly

Calls 14

RoleByNameFunction · 0.92
RoleMemberFunction · 0.92
ScopedRoleAgentsAccessFunction · 0.92
NewStrictAuthorizerFunction · 0.92
ReloadBuiltinRolesFunction · 0.92
permissionGrantedFunction · 0.85
WithOwnerMethod · 0.80
InOrgMethod · 0.80
NewMethod · 0.65
HelperMethod · 0.65
AuthorizeMethod · 0.65
RunMethod · 0.65

Tested by

no test coverage detected