root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 175 Packages Projects Releases Wiki Activity
grafana/pkg/api/annotations_test.go

550 lines
18 KiB
Go
Raw Normal View History

dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
package api
import (
Replace AddHandler with AddHandlerCtx in tests (#42585)
2021-12-01 22:43:31 +08:00
"context"
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
"fmt"
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
"io"
"net/http"
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
"testing"
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
"github.com/grafana/grafana/pkg/api/dtos"
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/api/routing"
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
"github.com/grafana/grafana/pkg/bus"
Chore: Avoid aliasing importing models in api package (#22492)
2020-03-04 19:57:20 +08:00
"github.com/grafana/grafana/pkg/models"
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
"github.com/grafana/grafana/pkg/services/accesscontrol"
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
"github.com/grafana/grafana/pkg/services/annotations"
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
"github.com/grafana/grafana/pkg/services/sqlstore"
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
)
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
func TestAnnotationsAPIEndpoint(t *testing.T) {
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
hs := setupSimpleHTTPServer(nil)
store := sqlstore.InitTestDB(t)
store.Cfg = hs.Cfg
hs.SQLStore = store
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Given an annotation without a dashboard ID", func(t *testing.T) {
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
cmd := dtos.PostAnnotationsCmd{
Annotations: use a single row to represent a region (#17673) * SQLite migrations * cleanup * migrate end times * switch to update with a query * real migration * anno migrations * remove old docs * set isRegion from time changes * use <> for is not * add comment and fix index decleration * single validation place * add test * fix test * add upgrading docs * use AnnotationEvent * fix import * remove regionId from typescript
2019-08-16 16:49:30 +08:00
Time: 1000,
Text: "annotation text",
Tags: []string{"tag1", "tag2"},
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
}
updateCmd := dtos.UpdateAnnotationsCmd{
Annotations: use a single row to represent a region (#17673) * SQLite migrations * cleanup * migrate end times * switch to update with a query * real migration * anno migrations * remove old docs * set isRegion from time changes * use <> for is not * add comment and fix index decleration * single validation place * add test * fix test * add upgrading docs * use AnnotationEvent * fix import * remove regionId from typescript
2019-08-16 16:49:30 +08:00
Time: 1000,
Text: "annotation text",
Tags: []string{"tag1", "tag2"},
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
}
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
patchCmd := dtos.PatchAnnotationsCmd{
Time: 1000,
Text: "annotation text",
Tags: []string{"tag1", "tag2"},
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("When user is an Org Viewer", func(t *testing.T) {
Chore: Avoid aliasing importing models in api package (#22492)
2020-03-04 19:57:20 +08:00
role := models.ROLE_VIEWER
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Should not be allowed to save an annotation", func(t *testing.T) {
postAnnotationScenario(t, "When calling POST on", "/api/annotations", "/api/annotations", role,
cmd, func(sc *scenarioContext) {
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
assert.Equal(t, 403, sc.resp.Code)
})
putAnnotationScenario(t, "When calling PUT on", "/api/annotations/1", "/api/annotations/:annotationId",
role, updateCmd, func(sc *scenarioContext) {
sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
assert.Equal(t, 403, sc.resp.Code)
})
patchAnnotationScenario(t, "When calling PATCH on", "/api/annotations/1",
"/api/annotations/:annotationId", role, patchCmd, func(sc *scenarioContext) {
sc.fakeReqWithParams("PATCH", sc.url, map[string]string{}).exec()
assert.Equal(t, 403, sc.resp.Code)
})
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
mock := mockstore.NewSQLStoreMock()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
loggedInUserScenarioWithRole(t, "When calling DELETE on", "DELETE", "/api/annotations/1",
"/api/annotations/:annotationId", role, func(sc *scenarioContext) {
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
sc.handlerFunc = hs.DeleteAnnotationByID
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
assert.Equal(t, 403, sc.resp.Code)
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
}, mock)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("When user is an Org Editor", func(t *testing.T) {
Chore: Avoid aliasing importing models in api package (#22492)
2020-03-04 19:57:20 +08:00
role := models.ROLE_EDITOR
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Should be able to save an annotation", func(t *testing.T) {
postAnnotationScenario(t, "When calling POST on", "/api/annotations", "/api/annotations", role,
cmd, func(sc *scenarioContext) {
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
assert.Equal(t, 200, sc.resp.Code)
})
putAnnotationScenario(t, "When calling PUT on", "/api/annotations/1", "/api/annotations/:annotationId", role, updateCmd, func(sc *scenarioContext) {
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
patchAnnotationScenario(t, "When calling PATCH on", "/api/annotations/1", "/api/annotations/:annotationId", role, patchCmd, func(sc *scenarioContext) {
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
sc.fakeReqWithParams("PATCH", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
})
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
mock := mockstore.NewSQLStoreMock()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
loggedInUserScenarioWithRole(t, "When calling DELETE on", "DELETE", "/api/annotations/1",
"/api/annotations/:annotationId", role, func(sc *scenarioContext) {
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
sc.handlerFunc = hs.DeleteAnnotationByID
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
assert.Equal(t, 200, sc.resp.Code)
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
}, mock)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
})
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Given an annotation with a dashboard ID and the dashboard does not have an ACL", func(t *testing.T) {
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
cmd := dtos.PostAnnotationsCmd{
Time: 1000,
Text: "annotation text",
Tags: []string{"tag1", "tag2"},
DashboardId: 1,
PanelId: 1,
}
updateCmd := dtos.UpdateAnnotationsCmd{
Annotations: use a single row to represent a region (#17673) * SQLite migrations * cleanup * migrate end times * switch to update with a query * real migration * anno migrations * remove old docs * set isRegion from time changes * use <> for is not * add comment and fix index decleration * single validation place * add test * fix test * add upgrading docs * use AnnotationEvent * fix import * remove regionId from typescript
2019-08-16 16:49:30 +08:00
Time: 1000,
Text: "annotation text",
Tags: []string{"tag1", "tag2"},
Id: 1,
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
}
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
patchCmd := dtos.PatchAnnotationsCmd{
Time: 8000,
Text: "annotation text 50",
Tags: []string{"foo", "bar"},
Id: 1,
}
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
deleteCmd := dtos.DeleteAnnotationsCmd{
DashboardId: 1,
PanelId: 1,
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("When user is an Org Viewer", func(t *testing.T) {
Chore: Avoid aliasing importing models in api package (#22492)
2020-03-04 19:57:20 +08:00
role := models.ROLE_VIEWER
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Should not be allowed to save an annotation", func(t *testing.T) {
postAnnotationScenario(t, "When calling POST on", "/api/annotations", "/api/annotations", role, cmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 403, sc.resp.Code)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
putAnnotationScenario(t, "When calling PUT on", "/api/annotations/1", "/api/annotations/:annotationId", role, updateCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 403, sc.resp.Code)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
patchAnnotationScenario(t, "When calling PATCH on", "/api/annotations/1", "/api/annotations/:annotationId", role, patchCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
sc.fakeReqWithParams("PATCH", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 403, sc.resp.Code)
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
})
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
mock := mockstore.NewSQLStoreMock()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
loggedInUserScenarioWithRole(t, "When calling DELETE on", "DELETE", "/api/annotations/1",
"/api/annotations/:annotationId", role, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
sc.handlerFunc = hs.DeleteAnnotationByID
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
assert.Equal(t, 403, sc.resp.Code)
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
}, mock)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("When user is an Org Editor", func(t *testing.T) {
Chore: Avoid aliasing importing models in api package (#22492)
2020-03-04 19:57:20 +08:00
role := models.ROLE_EDITOR
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Should be able to save an annotation", func(t *testing.T) {
postAnnotationScenario(t, "When calling POST on", "/api/annotations", "/api/annotations", role, cmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
putAnnotationScenario(t, "When calling PUT on", "/api/annotations/1", "/api/annotations/:annotationId", role, updateCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
patchAnnotationScenario(t, "When calling PATCH on", "/api/annotations/1", "/api/annotations/:annotationId", role, patchCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
sc.fakeReqWithParams("PATCH", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
})
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
mock := mockstore.NewSQLStoreMock()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
loggedInUserScenarioWithRole(t, "When calling DELETE on", "DELETE", "/api/annotations/1",
"/api/annotations/:annotationId", role, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
sc.handlerFunc = hs.DeleteAnnotationByID
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.fakeReqWithParams("DELETE", sc.url, map[string]string{}).exec()
assert.Equal(t, 200, sc.resp.Code)
Remove bus from quota, preferences, plugins, user_token (#44762) * Remove bus from quota, preferences, plugins, user_token * Bind sqlstore.Store to *sqlstore.SQLStore * Fix test * Fix sqlstore wire injection, dependency
2022-02-03 16:20:20 +08:00
}, mock)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
})
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("When user is an Admin", func(t *testing.T) {
Chore: Avoid aliasing importing models in api package (#22492)
2020-03-04 19:57:20 +08:00
role := models.ROLE_ADMIN
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
t.Run("Should be able to do anything", func(t *testing.T) {
postAnnotationScenario(t, "When calling POST on", "/api/annotations", "/api/annotations", role, cmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
putAnnotationScenario(t, "When calling PUT on", "/api/annotations/1", "/api/annotations/:annotationId", role, updateCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
sc.fakeReqWithParams("PUT", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
})
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
patchAnnotationScenario(t, "When calling PATCH on", "/api/annotations/1", "/api/annotations/:annotationId", role, patchCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
sc.fakeReqWithParams("PATCH", sc.url, map[string]string{}).exec()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
assert.Equal(t, 200, sc.resp.Code)
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
})
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
deleteAnnotationsScenario(t, "When calling POST on", "/api/annotations/mass-delete",
"/api/annotations/mass-delete", role, deleteCmd, func(sc *scenarioContext) {
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
setUpACL()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
assert.Equal(t, 200, sc.resp.Code)
})
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
})
})
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
}
type fakeAnnotationsRepo struct {
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
annotations map[int64]annotations.ItemDTO
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
}
func (repo *fakeAnnotationsRepo) Delete(params *annotations.DeleteParams) error {
return nil
}
func (repo *fakeAnnotationsRepo) Save(item *annotations.Item) error {
item.Id = 1
return nil
}
func (repo *fakeAnnotationsRepo) Update(item *annotations.Item) error {
return nil
}
func (repo *fakeAnnotationsRepo) Find(query *annotations.ItemQuery) ([]*annotations.ItemDTO, error) {
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
if annotation, has := repo.annotations[query.AnnotationId]; has {
return []*annotations.ItemDTO{&annotation}, nil
}
fix gofmt warning
2017-12-21 15:34:57 +08:00
annotations := []*annotations.ItemDTO{{Id: 1}}
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
return annotations, nil
}
Annotations: Adds tags endpoint (#36199) * Annotations: Adds tags endpoint * Chore: fixes sql statement * Refactor: adds count to the api * Chore: changes after PR comments * Refactor: changes after PR comments
2021-06-30 19:42:54 +08:00
func (repo *fakeAnnotationsRepo) FindTags(query *annotations.TagsQuery) (annotations.FindTagsResult, error) {
result := annotations.FindTagsResult{
Tags: []*annotations.TagsDTO{},
}
return result, nil
}
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
var fakeAnnoRepo *fakeAnnotationsRepo
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
func postAnnotationScenario(t *testing.T, desc string, url string, routePattern string, role models.RoleType,
cmd dtos.PostAnnotationsCmd, fn scenarioFunc) {
t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) {
t.Cleanup(bus.ClearBusHandlers)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
hs := setupSimpleHTTPServer(nil)
store := sqlstore.InitTestDB(t)
store.Cfg = hs.Cfg
hs.SQLStore = store
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc := setupScenarioContext(t, url)
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
sc.defaultHandler = routing.Wrap(func(c *models.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
c.Req.Body = mockRequestBody(cmd)
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 20:44:38 +08:00
c.Req.Header.Add("Content-Type", "application/json")
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.context = c
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.context.UserId = testUserID
sc.context.OrgId = testOrgID
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.context.OrgRole = role
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
return hs.PostAnnotation(c)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
sc.m.Post(routePattern, sc.defaultHandler)
fn(sc)
})
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
func putAnnotationScenario(t *testing.T, desc string, url string, routePattern string, role models.RoleType,
cmd dtos.UpdateAnnotationsCmd, fn scenarioFunc) {
t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) {
t.Cleanup(bus.ClearBusHandlers)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
hs := setupSimpleHTTPServer(nil)
store := sqlstore.InitTestDB(t)
store.Cfg = hs.Cfg
hs.SQLStore = store
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc := setupScenarioContext(t, url)
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
sc.defaultHandler = routing.Wrap(func(c *models.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
c.Req.Body = mockRequestBody(cmd)
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 20:44:38 +08:00
c.Req.Header.Add("Content-Type", "application/json")
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.context = c
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.context.UserId = testUserID
sc.context.OrgId = testOrgID
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
sc.context.OrgRole = role
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
return hs.UpdateAnnotation(c)
dashfolders: permissions for saving annotations ref #10275 Use folder permissions instead of hard coded permissions on the annotations routes.
2017-12-21 07:52:21 +08:00
})
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
sc.m.Put(routePattern, sc.defaultHandler)
fn(sc)
})
}
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
func patchAnnotationScenario(t *testing.T, desc string, url string, routePattern string, role models.RoleType, cmd dtos.PatchAnnotationsCmd, fn scenarioFunc) {
t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) {
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
defer bus.ClearBusHandlers()
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
hs := setupSimpleHTTPServer(nil)
store := sqlstore.InitTestDB(t)
store.Cfg = hs.Cfg
hs.SQLStore = store
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc := setupScenarioContext(t, url)
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
sc.defaultHandler = routing.Wrap(func(c *models.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
c.Req.Body = mockRequestBody(cmd)
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 20:44:38 +08:00
c.Req.Header.Add("Content-Type", "application/json")
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
sc.context = c
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.context.UserId = testUserID
sc.context.OrgId = testOrgID
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
sc.context.OrgRole = role
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
return hs.PatchAnnotation(c)
Added PATCH verb end point for annotation op Added new PATCH verb annotation endpoint Removed unwanted fmt Added test cases for PATCH verb annotation endpoint Fixed formatting issue Check arr len before proceeding Updated doc to include PATCH verb annotation endpt
2019-01-27 19:49:22 +08:00
})
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
sc.m.Patch(routePattern, sc.defaultHandler)
fn(sc)
})
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
func deleteAnnotationsScenario(t *testing.T, desc string, url string, routePattern string, role models.RoleType,
cmd dtos.DeleteAnnotationsCmd, fn scenarioFunc) {
t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) {
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
defer bus.ClearBusHandlers()
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
hs := setupSimpleHTTPServer(nil)
store := sqlstore.InitTestDB(t)
store.Cfg = hs.Cfg
hs.SQLStore = store
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc := setupScenarioContext(t, url)
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 21:43:20 +08:00
sc.defaultHandler = routing.Wrap(func(c *models.ReqContext) response.Response {
Chore: Refactor api handlers to use web.Bind (#42199) * Chore: Refactor api handlers to use web.Bind * fix comments * fix comment * trying to fix most of the tests and force routing.Wrap type check * fix library panels tests * fix frontend logging tests * allow passing nil as a response to skip writing * return nil instead of the response * rewrite login handler function types * remove handlerFuncCtx * make linter happy * remove old bindings from the libraryelements * restore comments
2021-11-29 17:18:01 +08:00
c.Req.Body = mockRequestBody(cmd)
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
2022-02-09 20:44:38 +08:00
c.Req.Header.Add("Content-Type", "application/json")
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
sc.context = c
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 16:52:38 +08:00
sc.context.UserId = testUserID
sc.context.OrgId = testOrgID
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
sc.context.OrgRole = role
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
return hs.DeleteAnnotations(c)
Light improve of massive delete annotation api (#12390) * fix delete annotations * fix self assignment * add right unit test using admin role
2018-06-25 19:58:49 +08:00
})
fakeAnnoRepo = &fakeAnnotationsRepo{}
annotations.SetRepository(fakeAnnoRepo)
sc.m.Post(routePattern, sc.defaultHandler)
fn(sc)
})
}
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
func TestAPI_Annotations_AccessControl(t *testing.T) {
sc := setupHTTPServer(t, true, true)
setInitCtxSignedInEditor(sc.initCtx)
_, err := sc.db.CreateOrgWithMember("TestOrg", testUserID)
require.NoError(t, err)
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
repo := annotations.GetRepository()
localAnnotation := annotations.Item{
OrgId: sc.initCtx.OrgId,
DashboardId: 1,
}
globalAnnotation := annotations.Item{
OrgId: sc.initCtx.OrgId,
}
err = repo.Save(&localAnnotation)
require.NoError(t, err)
err = repo.Save(&globalAnnotation)
require.NoError(t, err)
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
type args struct {
permissions []*accesscontrol.Permission
url string
body io.Reader
method string
}
tests := []struct {
name string
args args
want int
}{
{
name: "AccessControl getting annotations with correct permissions is allowed",
args: args{
permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsRead, Scope: accesscontrol.ScopeAnnotationsAll}},
url: "/api/annotations",
method: http.MethodGet,
},
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
want: http.StatusOK,
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
},
{
name: "AccessControl getting annotations without permissions is forbidden",
args: args{
permissions: []*accesscontrol.Permission{},
url: "/api/annotations",
method: http.MethodGet,
},
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
want: http.StatusForbidden,
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
},
{
name: "AccessControl getting tags for annotations with correct permissions is allowed",
args: args{
permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsTagsRead, Scope: accesscontrol.ScopeAnnotationsTagsAll}},
url: "/api/annotations/tags",
method: http.MethodGet,
},
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
want: http.StatusOK,
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
},
{
name: "AccessControl getting tags for annotations without correct permissions is forbidden",
args: args{
permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsTagsRead}},
url: "/api/annotations/tags",
method: http.MethodGet,
},
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
want: http.StatusForbidden,
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
setAccessControlPermissions(sc.acmock, tt.args.permissions, sc.initCtx.OrgId)
r := callAPI(sc.server, tt.args.method, tt.args.url, tt.args.body, t)
assert.Equalf(t, tt.want, r.Code, "Annotations API(%v)", tt.args.url)
})
}
}
Access control: FGAC for annotation updates (#46462) * proposal * PR feedback * fix canSave bug * update scope naming * linting * linting Co-authored-by: Ezequiel Victorero <ezequiel.victorero@grafana.com>
2022-03-19 00:33:21 +08:00
func TestService_AnnotationTypeScopeResolver(t *testing.T) {
type testCaseResolver struct {
desc string
given string
want string
wantErr error
}
testCases := []testCaseResolver{
{
desc: "correctly resolves local annotations",
given: "annotations:id:1",
want: accesscontrol.ScopeAnnotationsTypeLocal,
wantErr: nil,
},
{
desc: "correctly resolves global annotations",
given: "annotations:id:2",
want: accesscontrol.ScopeAnnotationsTypeGlobal,
wantErr: nil,
},
{
desc: "invalid annotation ID",
given: "annotations:id:123abc",
want: "",
wantErr: accesscontrol.ErrInvalidScope,
},
{
desc: "malformed scope",
given: "annotations:1",
want: "",
wantErr: accesscontrol.ErrInvalidScope,
},
}
localAnnotation := annotations.ItemDTO{Id: 1, DashboardId: 1}
globalAnnotation := annotations.ItemDTO{Id: 2}
fakeAnnoRepo = &fakeAnnotationsRepo{
annotations: map[int64]annotations.ItemDTO{1: localAnnotation, 2: globalAnnotation},
}
annotations.SetRepository(fakeAnnoRepo)
prefix, resolver := AnnotationTypeScopeResolver()
require.Equal(t, "annotations:id:", prefix)
for _, tc := range testCases {
t.Run(tc.desc, func(t *testing.T) {
resolved, err := resolver(context.Background(), 1, tc.given)
if tc.wantErr != nil {
require.Error(t, err)
require.Equal(t, tc.wantErr, err)
} else {
require.NoError(t, err)
require.Equal(t, tc.want, resolved)
}
})
}
}
Access control: adding FGAC to annotation GET endpoints and fixed roles (#45102) * Access control: adding FGAC to annotation GET endpoints and fixed roles Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2022-02-12 02:43:29 +08:00
func setUpACL() {
viewerRole := models.ROLE_VIEWER
editorRole := models.ROLE_EDITOR
aclMockResp := []*models.DashboardAclInfoDTO{
{Role: &viewerRole, Permission: models.PERMISSION_VIEW},
{Role: &editorRole, Permission: models.PERMISSION_EDIT},
}
bus.AddHandler("test", func(ctx context.Context, query *models.GetDashboardAclInfoListQuery) error {
query.Result = aclMockResp
return nil
})
bus.AddHandler("test", func(ctx context.Context, query *models.GetTeamsByUserQuery) error {
query.Result = []*models.TeamDTO{}
return nil
})
}