MCPcopy Index your code
hub / github.com/coder/coder / TestRenderPermissionsResolvesMe

Function TestRenderPermissionsResolvesMe

site/site_test.go:228–297  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

226}
227
228func TestRenderPermissionsResolvesMe(t *testing.T) {
229 t.Parallel()
230
231 // GIVEN: a site handler wired to a real RBAC authorizer and a
232 // template that renders only the SSR permissions JSON.
233 siteFS := fstest.MapFS{
234 "index.html": &fstest.MapFile{
235 Data: []byte("{{ .Permissions }}"),
236 },
237 }
238 db, _ := dbtestutil.NewDB(t)
239 authorizer := rbac.NewStrictCachingAuthorizer(prometheus.NewRegistry())
240
241 handler, err := site.New(&site.Options{
242 Telemetry: telemetry.NewNoop(),
243 Database: db,
244 SiteFS: siteFS,
245 Authorizer: authorizer,
246 })
247 require.NoError(t, err)
248
249 // GIVEN: a user with the agents-access role at the org level.
250 org := dbgen.Organization(t, db, database.Organization{})
251 userWithRole := dbgen.User(t, db, database.User{})
252 dbgen.OrganizationMember(t, db, database.OrganizationMember{
253 OrganizationID: org.ID,
254 UserID: userWithRole.ID,
255 Roles: []string{rbac.RoleAgentsAccess()},
256 })
257 _, tokenWithRole := dbgen.APIKey(t, db, database.APIKey{
258 UserID: userWithRole.ID,
259 ExpiresAt: time.Now().Add(time.Hour),
260 })
261
262 // WHEN: the user loads the page.
263 r := httptest.NewRequest("GET", "/", nil)
264 r.Header.Set(codersdk.SessionTokenHeader, tokenWithRole)
265 rw := httptest.NewRecorder()
266 handler.ServeHTTP(rw, r)
267 require.Equal(t, http.StatusOK, rw.Code)
268
269 // THEN: the SSR-rendered permissions include createChat = true
270 // because the agents-access role grants org-scoped chat create
271 // permission, and the any_org check picks it up.
272 var permsWithRole codersdk.AuthorizationResponse
273 err = json.Unmarshal([]byte(html.UnescapeString(rw.Body.String())), &permsWithRole)
274 require.NoError(t, err)
275 assert.True(t, permsWithRole["createChat"], "user with agents-access role should have createChat = true")
276
277 // GIVEN: a user without the agents-access role.
278 userWithoutRole := dbgen.User(t, db, database.User{})
279 _, tokenWithoutRole := dbgen.APIKey(t, db, database.APIKey{
280 UserID: userWithoutRole.ID,
281 ExpiresAt: time.Now().Add(time.Hour),
282 })
283
284 // WHEN: the user loads the page.
285 r = httptest.NewRequest("GET", "/", nil)

Callers

nothing calls this directly

Calls 15

NewDBFunction · 0.92
NewFunction · 0.92
NewNoopFunction · 0.92
OrganizationFunction · 0.92
UserFunction · 0.92
OrganizationMemberFunction · 0.92
RoleAgentsAccessFunction · 0.92
APIKeyFunction · 0.92
AddMethod · 0.65
SetMethod · 0.65
ServeHTTPMethod · 0.45

Tested by

no test coverage detected