grafana/pkg/api/search_test.go

package api

import (
	"context"
	"encoding/json"
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/grafana/grafana/pkg/services/accesscontrol"
	"github.com/grafana/grafana/pkg/services/dashboards"
	"github.com/grafana/grafana/pkg/services/search/model"
	"github.com/grafana/grafana/pkg/services/user"
)

func TestHTTPServer_Search(t *testing.T) {
	sc := setupHTTPServer(t, true)
	sc.initCtx.IsSignedIn = true
	sc.initCtx.SignedInUser = &user.SignedInUser{}

	sc.hs.SearchService = &mockSearchService{
		ExpectedResult: model.HitList{
			{ID: 1, UID: "folder1", Title: "folder1", Type: model.DashHitFolder},
			{ID: 2, UID: "folder2", Title: "folder2", Type: model.DashHitFolder},
			{ID: 3, UID: "dash3", Title: "dash3", FolderUID: "folder2", Type: model.DashHitDB},
		},
	}

	sc.acmock.GetUserPermissionsFunc = func(ctx context.Context, user *user.SignedInUser, options accesscontrol.Options) ([]accesscontrol.Permission, error) {
		return []accesscontrol.Permission{
			{Action: "folders:read", Scope: "folders:*"},
			{Action: "folders:write", Scope: "folders:uid:folder2"},
			{Action: "dashboards:read", Scope: "dashboards:*"},
			{Action: "dashboards:write", Scope: "folders:uid:folder2"},
		}, nil
	}

	type withMeta struct {
		model.Hit
		AccessControl accesscontrol.Metadata `json:"accessControl,omitempty"`
	}

	t.Run("should attach access control metadata to response", func(t *testing.T) {
		recorder := callAPI(sc.server, http.MethodGet, "/api/search?accesscontrol=true", nil, t)
		assert.Equal(t, http.StatusOK, recorder.Code)
		var result []withMeta
		require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &result))

		for _, r := range result {
			if r.ID == 1 {
				assert.Len(t, r.AccessControl, 1)
				assert.True(t, r.AccessControl[dashboards.ActionFoldersRead])
			} else if r.ID == 2 {
				assert.Len(t, r.AccessControl, 3)
				assert.True(t, r.AccessControl[dashboards.ActionFoldersRead])
				assert.True(t, r.AccessControl[dashboards.ActionFoldersWrite])
				assert.True(t, r.AccessControl[dashboards.ActionDashboardsWrite])
			} else if r.ID == 3 {
				assert.Len(t, r.AccessControl, 2)
				assert.True(t, r.AccessControl[dashboards.ActionDashboardsRead])
				assert.True(t, r.AccessControl[dashboards.ActionDashboardsWrite])
			}
		}
	})

	t.Run("should not attach access control metadata to response", func(t *testing.T) {
		recorder := callAPI(sc.server, http.MethodGet, "/api/search", nil, t)
		assert.Equal(t, http.StatusOK, recorder.Code)
		var result []withMeta
		require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &result))

		for _, r := range result {
			assert.Len(t, r.AccessControl, 0)
		}
	})
}
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00			`package api`

			`import (`
			`"context"`
			`"encoding/json"`
			`"net/http"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`

			`"github.com/grafana/grafana/pkg/services/accesscontrol"`
			`"github.com/grafana/grafana/pkg/services/dashboards"`
Chore: Move search model from models package to search service (#62215) * Chore: Move search model from models package to search service * Remove unused imports * Cleanup after merge 2023-01-30 22:17:53 +08:00			`"github.com/grafana/grafana/pkg/services/search/model"`
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2 2022-08-10 17:56:48 +08:00			`"github.com/grafana/grafana/pkg/services/user"`
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00			`)`

			`func TestHTTPServer_Search(t *testing.T) {`
RBAC: Enable rbac when creating new settings (#53531) * Settings: Set RBACEnabled to true by default * Remove accessControlEnabledFlag and explicitly set to false when needed * Disable rbac for tests 2022-08-11 21:37:31 +08:00			`sc := setupHTTPServer(t, true)`
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00			`sc.initCtx.IsSignedIn = true`
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2 2022-08-10 17:56:48 +08:00			`sc.initCtx.SignedInUser = &user.SignedInUser{}`
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00
			`sc.hs.SearchService = &mockSearchService{`
Chore: Move search model from models package to search service (#62215) * Chore: Move search model from models package to search service * Remove unused imports * Cleanup after merge 2023-01-30 22:17:53 +08:00			`ExpectedResult: model.HitList{`
			`{ID: 1, UID: "folder1", Title: "folder1", Type: model.DashHitFolder},`
			`{ID: 2, UID: "folder2", Title: "folder2", Type: model.DashHitFolder},`
			`{ID: 3, UID: "dash3", Title: "dash3", FolderUID: "folder2", Type: model.DashHitDB},`
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00			`},`
			`}`

Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2 2022-08-10 17:56:48 +08:00			`sc.acmock.GetUserPermissionsFunc = func(ctx context.Context, user *user.SignedInUser, options accesscontrol.Options) ([]accesscontrol.Permission, error) {`
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions 2022-06-14 16:17:48 +08:00			`return []accesscontrol.Permission{`
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00			`{Action: "folders:read", Scope: "folders:*"},`
			`{Action: "folders:write", Scope: "folders:uid:folder2"},`
			`{Action: "dashboards:read", Scope: "dashboards:*"},`
			`{Action: "dashboards:write", Scope: "folders:uid:folder2"},`
			`}, nil`
			`}`

			`type withMeta struct {`
Chore: Move search model from models package to search service (#62215) * Chore: Move search model from models package to search service * Remove unused imports * Cleanup after merge 2023-01-30 22:17:53 +08:00			`model.Hit`
AccessControl: Add metadata to search result (#48879) * Add access control metadata to search hits if access control query string is passed 2022-05-17 21:51:44 +08:00			AccessControl accesscontrol.Metadata `json:"accessControl,omitempty"`
			`}`

			`t.Run("should attach access control metadata to response", func(t *testing.T) {`
			`recorder := callAPI(sc.server, http.MethodGet, "/api/search?accesscontrol=true", nil, t)`
			`assert.Equal(t, http.StatusOK, recorder.Code)`
			`var result []withMeta`
			`require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &result))`

			`for _, r := range result {`
			`if r.ID == 1 {`
			`assert.Len(t, r.AccessControl, 1)`
			`assert.True(t, r.AccessControl[dashboards.ActionFoldersRead])`
			`} else if r.ID == 2 {`
			`assert.Len(t, r.AccessControl, 3)`
			`assert.True(t, r.AccessControl[dashboards.ActionFoldersRead])`
			`assert.True(t, r.AccessControl[dashboards.ActionFoldersWrite])`
			`assert.True(t, r.AccessControl[dashboards.ActionDashboardsWrite])`
			`} else if r.ID == 3 {`
			`assert.Len(t, r.AccessControl, 2)`
			`assert.True(t, r.AccessControl[dashboards.ActionDashboardsRead])`
			`assert.True(t, r.AccessControl[dashboards.ActionDashboardsWrite])`
			`}`
			`}`
			`})`

			`t.Run("should not attach access control metadata to response", func(t *testing.T) {`
			`recorder := callAPI(sc.server, http.MethodGet, "/api/search", nil, t)`
			`assert.Equal(t, http.StatusOK, recorder.Code)`
			`var result []withMeta`
			`require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &result))`

			`for _, r := range result {`
			`assert.Len(t, r.AccessControl, 0)`
			`}`
			`})`
			`}`