github.com/mattermosttest/mattermost-server/v5@v5.0.0-20200917143240-9dfa12e121f9/app/permissions_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package app 5 6 import ( 7 "encoding/json" 8 "fmt" 9 "strings" 10 "testing" 11 12 "github.com/mattermost/mattermost-server/v5/model" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 type testWriter struct { 18 write func(p []byte) (int, error) 19 } 20 21 func (tw testWriter) Write(p []byte) (int, error) { 22 return tw.write(p) 23 } 24 25 func TestExportPermissions(t *testing.T) { 26 th := Setup(t) 27 defer th.TearDown() 28 29 var scheme *model.Scheme 30 var roles []*model.Role 31 withMigrationMarkedComplete(th, func() { 32 scheme, roles = th.CreateScheme() 33 }) 34 35 results := [][]byte{} 36 37 tw := testWriter{ 38 write: func(p []byte) (int, error) { 39 results = append(results, p) 40 return len(p), nil 41 }, 42 } 43 44 err := th.App.ExportPermissions(tw) 45 if err != nil { 46 t.Error(err) 47 } 48 49 if len(results) == 0 { 50 t.Error("Expected export to have returned something.") 51 } 52 53 firstResult := results[0] 54 55 var row map[string]interface{} 56 err = json.Unmarshal(firstResult, &row) 57 if err != nil { 58 t.Error(err) 59 } 60 61 getRoleByName := func(name string) string { 62 for _, role := range roles { 63 if role.Name == name { 64 return role.Name 65 } 66 } 67 return "" 68 } 69 70 expectations := map[string]func(str string) string{ 71 scheme.DisplayName: func(str string) string { return row["display_name"].(string) }, 72 scheme.Name: func(str string) string { return row["name"].(string) }, 73 scheme.Description: func(str string) string { return row["description"].(string) }, 74 scheme.Scope: func(str string) string { return row["scope"].(string) }, 75 scheme.DefaultTeamAdminRole: func(str string) string { return getRoleByName(str) }, 76 scheme.DefaultTeamUserRole: func(str string) string { return getRoleByName(str) }, 77 scheme.DefaultTeamGuestRole: func(str string) string { return getRoleByName(str) }, 78 scheme.DefaultChannelAdminRole: func(str string) string { return getRoleByName(str) }, 79 scheme.DefaultChannelUserRole: func(str string) string { return getRoleByName(str) }, 80 scheme.DefaultChannelGuestRole: func(str string) string { return getRoleByName(str) }, 81 } 82 83 for key, valF := range expectations { 84 expected := key 85 actual := valF(key) 86 if actual != expected { 87 t.Errorf("Expected %v but got %v.", expected, actual) 88 } 89 } 90 91 } 92 93 func TestImportPermissions(t *testing.T) { 94 th := Setup(t) 95 defer th.TearDown() 96 97 name := model.NewId() 98 displayName := model.NewId() 99 description := "my test description" 100 scope := model.SCHEME_SCOPE_CHANNEL 101 roleName1 := model.NewId() 102 roleName2 := model.NewId() 103 104 var results []*model.Scheme 105 var beforeCount int 106 withMigrationMarkedComplete(th, func() { 107 108 var appErr *model.AppError 109 results, appErr = th.App.GetSchemes(scope, 0, 100) 110 if appErr != nil { 111 panic(appErr) 112 } 113 beforeCount = len(results) 114 115 json := fmt.Sprintf(`{"display_name":"%v","name":"%v","description":"%v","scope":"%v","default_team_admin_role":"","default_team_user_role":"","default_channel_admin_role":"%v","default_channel_user_role":"%v","roles":[{"id":"yzfx3g9xjjfw8cqo6bpn33xr7o","name":"%v","display_name":"Channel Admin Role for Scheme my_scheme_1526475590","description":"","create_at":1526475589687,"update_at":1526475589687,"delete_at":0,"permissions":["manage_channel_roles"],"scheme_managed":true,"built_in":false},{"id":"a7s3cp4n33dfxbsrmyh9djao3a","name":"%v","display_name":"Channel User Role for Scheme my_scheme_1526475590","description":"","create_at":1526475589688,"update_at":1526475589688,"delete_at":0,"permissions":["read_channel","add_reaction","remove_reaction","manage_public_channel_members","upload_file","get_public_link","create_post","use_slash_commands","manage_private_channel_members","delete_post","edit_post"],"scheme_managed":true,"built_in":false}]}`, displayName, name, description, scope, roleName1, roleName2, roleName1, roleName2) 116 r := strings.NewReader(json) 117 118 err := th.App.ImportPermissions(r) 119 if err != nil { 120 t.Error(err) 121 } 122 results, appErr = th.App.GetSchemes(scope, 0, 100) 123 if appErr != nil { 124 panic(appErr) 125 } 126 127 }) 128 129 actual := len(results) 130 expected := beforeCount + 1 131 if actual != expected { 132 t.Errorf("Expected %v roles but got %v.", expected, actual) 133 } 134 135 newScheme := results[0] 136 137 channelAdminRole, appErr := th.App.GetRoleByName(newScheme.DefaultChannelAdminRole) 138 if appErr != nil { 139 t.Error(appErr) 140 } 141 142 channelUserRole, appErr := th.App.GetRoleByName(newScheme.DefaultChannelUserRole) 143 if appErr != nil { 144 t.Error(appErr) 145 } 146 147 channelGuestRole, appErr := th.App.GetRoleByName(newScheme.DefaultChannelGuestRole) 148 if appErr != nil { 149 t.Error(appErr) 150 } 151 152 expectations := map[string]string{ 153 newScheme.DisplayName: displayName, 154 newScheme.Name: name, 155 newScheme.Description: description, 156 newScheme.Scope: scope, 157 newScheme.DefaultTeamAdminRole: "", 158 newScheme.DefaultTeamUserRole: "", 159 newScheme.DefaultTeamGuestRole: "", 160 channelAdminRole.Name: newScheme.DefaultChannelAdminRole, 161 channelUserRole.Name: newScheme.DefaultChannelUserRole, 162 channelGuestRole.Name: newScheme.DefaultChannelGuestRole, 163 } 164 165 for actual, expected := range expectations { 166 if actual != expected { 167 t.Errorf("Expected %v but got %v.", expected, actual) 168 } 169 } 170 171 } 172 173 func TestImportPermissions_idempotentScheme(t *testing.T) { 174 th := Setup(t) 175 defer th.TearDown() 176 177 name := model.NewId() 178 displayName := model.NewId() 179 description := "my test description" 180 scope := model.SCHEME_SCOPE_CHANNEL 181 roleName1 := model.NewId() 182 roleName2 := model.NewId() 183 184 json := fmt.Sprintf(`{"display_name":"%v","name":"%v","description":"%v","scope":"%v","default_team_admin_role":"","default_team_user_role":"","default_channel_admin_role":"%v","default_channel_user_role":"%v","roles":[{"id":"yzfx3g9xjjfw8cqo6bpn33xr7o","name":"%v","display_name":"Channel Admin Role for Scheme my_scheme_1526475590","description":"","create_at":1526475589687,"update_at":1526475589687,"delete_at":0,"permissions":["manage_channel_roles"],"scheme_managed":true,"built_in":false},{"id":"a7s3cp4n33dfxbsrmyh9djao3a","name":"%v","display_name":"Channel User Role for Scheme my_scheme_1526475590","description":"","create_at":1526475589688,"update_at":1526475589688,"delete_at":0,"permissions":["read_channel","add_reaction","remove_reaction","manage_public_channel_members","upload_file","get_public_link","create_post","use_slash_commands","manage_private_channel_members","delete_post","edit_post"],"scheme_managed":true,"built_in":false}]}`, displayName, name, description, scope, roleName1, roleName2, roleName1, roleName2) 185 jsonl := strings.Repeat(json+"\n", 4) 186 r := strings.NewReader(jsonl) 187 188 var results []*model.Scheme 189 var expected int 190 withMigrationMarkedComplete(th, func() { 191 var appErr *model.AppError 192 results, appErr = th.App.GetSchemes(model.SCHEME_SCOPE_CHANNEL, 0, 100) 193 if appErr != nil { 194 panic(appErr) 195 } 196 expected = len(results) 197 198 err := th.App.ImportPermissions(r) 199 if err == nil { 200 t.Error(err) 201 } 202 203 results, appErr = th.App.GetSchemes(model.SCHEME_SCOPE_CHANNEL, 0, 100) 204 if appErr != nil { 205 panic(appErr) 206 } 207 }) 208 actual := len(results) 209 210 if expected != actual { 211 t.Errorf("Expected count to be %v but got %v", expected, actual) 212 } 213 214 } 215 216 func TestImportPermissions_schemeDeletedOnRoleFailure(t *testing.T) { 217 th := Setup(t) 218 defer th.TearDown() 219 220 name := model.NewId() 221 displayName := model.NewId() 222 description := "my test description" 223 scope := "invalid scope" 224 roleName1 := model.NewId() 225 roleName2 := model.NewId() 226 227 jsonl := fmt.Sprintf(`{"display_name":"%v","name":"%v","description":"%v","scope":"%v","default_team_admin_role":"","default_team_user_role":"","default_channel_admin_role":"%v","default_channel_user_role":"%v","roles":[{"id":"yzfx3g9xjjfw8cqo6bpn33xr7o","name":"%v","display_name":"Channel Admin Role for Scheme my_scheme_1526475590","description":"","create_at":1526475589687,"update_at":1526475589687,"delete_at":0,"permissions":["manage_channel_roles"],"scheme_managed":true,"built_in":false},{"id":"a7s3cp4n33dfxbsrmyh9djao3a","name":"%v","display_name":"Channel User Role for Scheme my_scheme_1526475590","description":"","create_at":1526475589688,"update_at":1526475589688,"delete_at":0,"permissions":["read_channel","add_reaction","remove_reaction","manage_public_channel_members","upload_file","get_public_link","create_post","use_slash_commands","manage_private_channel_members","delete_post","edit_post"],"scheme_managed":true,"built_in":false}]}`, displayName, name, description, scope, roleName1, roleName2, roleName1, roleName2) 228 r := strings.NewReader(jsonl) 229 230 var results []*model.Scheme 231 var expected int 232 withMigrationMarkedComplete(th, func() { 233 var appErr *model.AppError 234 results, appErr = th.App.GetSchemes(model.SCHEME_SCOPE_CHANNEL, 0, 100) 235 if appErr != nil { 236 panic(appErr) 237 } 238 expected = len(results) 239 240 err := th.App.ImportPermissions(r) 241 if err == nil { 242 t.Error(err) 243 } 244 245 results, appErr = th.App.GetSchemes(model.SCHEME_SCOPE_CHANNEL, 0, 100) 246 if appErr != nil { 247 panic(appErr) 248 } 249 }) 250 actual := len(results) 251 252 if expected != actual { 253 t.Errorf("Expected count to be %v but got %v", expected, actual) 254 } 255 256 } 257 258 func TestMigration(t *testing.T) { 259 th := Setup(t) 260 defer th.TearDown() 261 262 role, err := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 263 require.Nil(t, err) 264 assert.Contains(t, role.Permissions, model.PERMISSION_CREATE_EMOJIS.Id) 265 assert.Contains(t, role.Permissions, model.PERMISSION_DELETE_EMOJIS.Id) 266 assert.Contains(t, role.Permissions, model.PERMISSION_DELETE_OTHERS_EMOJIS.Id) 267 assert.Contains(t, role.Permissions, model.PERMISSION_USE_GROUP_MENTIONS.Id) 268 269 th.App.ResetPermissionsSystem() 270 271 role, err = th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 272 require.Nil(t, err) 273 assert.Contains(t, role.Permissions, model.PERMISSION_CREATE_EMOJIS.Id) 274 assert.Contains(t, role.Permissions, model.PERMISSION_DELETE_EMOJIS.Id) 275 assert.Contains(t, role.Permissions, model.PERMISSION_DELETE_OTHERS_EMOJIS.Id) 276 assert.Contains(t, role.Permissions, model.PERMISSION_USE_GROUP_MENTIONS.Id) 277 } 278 279 func withMigrationMarkedComplete(th *TestHelper, f func()) { 280 // Mark the migration as done. 281 th.App.Srv().Store.System().PermanentDeleteByName(model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2) 282 th.App.Srv().Store.System().Save(&model.System{Name: model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2, Value: "true"}) 283 // Un-mark the migration at the end of the test. 284 defer func() { 285 th.App.Srv().Store.System().PermanentDeleteByName(model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2) 286 }() 287 f() 288 }