(t *testing.T)
| 341 | } |
| 342 | |
| 343 | func TestUserSkillAuthorization(t *testing.T) { |
| 344 | t.Parallel() |
| 345 | |
| 346 | adminClient := coderdtest.New(t, nil) |
| 347 | firstUser := coderdtest.CreateFirstUser(t, adminClient) |
| 348 | ownerClient, ownerUser := coderdtest.CreateAnotherUser(t, adminClient, firstUser.OrganizationID) |
| 349 | otherClient, _ := coderdtest.CreateAnotherUser(t, adminClient, firstUser.OrganizationID) |
| 350 | userAdminClient, _ := coderdtest.CreateAnotherUser(t, adminClient, firstUser.OrganizationID, rbac.RoleUserAdmin()) |
| 351 | admin := codersdk.NewExperimentalClient(adminClient) |
| 352 | owner := codersdk.NewExperimentalClient(ownerClient) |
| 353 | other := codersdk.NewExperimentalClient(otherClient) |
| 354 | userAdmin := codersdk.NewExperimentalClient(userAdminClient) |
| 355 | ctx := testutil.Context(t, testutil.WaitMedium) |
| 356 | targetUser := ownerUser.Username |
| 357 | |
| 358 | _, err := owner.CreateUserSkill(ctx, codersdk.Me, codersdk.CreateUserSkillRequest{ |
| 359 | Content: userSkillMarkdown("auth-skill", "Auth", "Body."), |
| 360 | }) |
| 361 | require.NoError(t, err) |
| 362 | |
| 363 | _, err = other.UserSkills(ctx, targetUser) |
| 364 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 365 | _, err = other.UserSkillByName(ctx, targetUser, "auth-skill") |
| 366 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 367 | _, err = other.CreateUserSkill(ctx, targetUser, codersdk.CreateUserSkillRequest{ |
| 368 | Content: userSkillMarkdown("denied-create", "Denied", "Body."), |
| 369 | }) |
| 370 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 371 | _, err = other.UpdateUserSkill(ctx, targetUser, "auth-skill", codersdk.UpdateUserSkillRequest{ |
| 372 | Content: userSkillMarkdown("auth-skill", "Denied", "Body."), |
| 373 | }) |
| 374 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 375 | err = other.DeleteUserSkill(ctx, targetUser, "auth-skill") |
| 376 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 377 | |
| 378 | _, err = userAdmin.UserSkills(ctx, targetUser) |
| 379 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 380 | _, err = userAdmin.UserSkillByName(ctx, targetUser, "auth-skill") |
| 381 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 382 | _, err = userAdmin.CreateUserSkill(ctx, targetUser, codersdk.CreateUserSkillRequest{ |
| 383 | Content: userSkillMarkdown("denied-admin-create", "Denied", "Body."), |
| 384 | }) |
| 385 | requireSDKErrorStatus(t, err, http.StatusForbidden) |
| 386 | _, err = userAdmin.UpdateUserSkill(ctx, targetUser, "auth-skill", codersdk.UpdateUserSkillRequest{ |
| 387 | Content: userSkillMarkdown("auth-skill", "Denied", "Body."), |
| 388 | }) |
| 389 | requireSDKErrorStatus(t, err, http.StatusForbidden) |
| 390 | err = userAdmin.DeleteUserSkill(ctx, targetUser, "auth-skill") |
| 391 | requireSDKErrorStatus(t, err, http.StatusNotFound) |
| 392 | |
| 393 | _, err = admin.CreateUserSkill(ctx, targetUser, codersdk.CreateUserSkillRequest{ |
| 394 | Content: userSkillMarkdown("admin-created", "Admin create", "Created by admin."), |
| 395 | }) |
| 396 | requireSDKErrorStatus(t, err, http.StatusForbidden) |
| 397 | |
| 398 | list, err := admin.UserSkills(ctx, targetUser) |
| 399 | require.NoError(t, err) |
| 400 | require.Len(t, list, 1) |
nothing calls this directly
no test coverage detected