synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-06 15:41:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
26e85b0bbc0601f0050443ebf9dc7efefe032e5d
coder/coderd/rbac/example_test.go
Steven Masley 35211e2190 feat: Add user roles, but do not yet enforce them (#1200) 
* chore: Rework roles to be expandable by name alone
2022-04-29 09:04:19 -05:00

65 lines
2.0 KiB
Go
Raw Blame History

package rbac_test
import (
"context"
"testing"
"github.com/google/uuid"
"github.com/stretchr/testify/require"
"github.com/coder/coder/coderd/rbac"
)
// TestExample gives some examples on how to use the authz library.
// This serves to test syntax more than functionality.
func TestExample(t *testing.T) {
t.Parallel()
ctx := context.Background()
authorizer, err := rbac.NewAuthorizer()
require.NoError(t, err)
defaultOrg := uuid.New()
// user will become an authn object, and can even be a database.User if it
// fulfills the interface. Until then, use a placeholder.
user := subject{
UserID: "alice",
Roles: []rbac.Role{
must(rbac.RoleByName(rbac.RoleMember())),
must(rbac.RoleByName(rbac.RoleOrgAdmin(defaultOrg))),
},
}
//nolint:paralleltest
t.Run("ReadAllWorkspaces", func(t *testing.T) {
// To read all workspaces on the site
err := authorizer.Authorize(ctx, user.UserID, user.Roles, rbac.ActionRead, rbac.ResourceWorkspace.All())
var _ = err
require.Error(t, err, "this user cannot read all workspaces")
})
//nolint:paralleltest
t.Run("ReadOrgWorkspaces", func(t *testing.T) {
// To read all workspaces on the org 'default'
err := authorizer.Authorize(ctx, user.UserID, user.Roles, rbac.ActionRead, rbac.ResourceWorkspace.InOrg(defaultOrg))
require.NoError(t, err, "this user can read all org workspaces in 'default'")
})
//nolint:paralleltest
t.Run("ReadMyWorkspace", func(t *testing.T) {
// Note 'database.Workspace' could fulfill the object interface and be passed in directly
err := authorizer.Authorize(ctx, user.UserID, user.Roles, rbac.ActionRead, rbac.ResourceWorkspace.InOrg(defaultOrg).WithOwner(user.UserID))
require.NoError(t, err, "this user can their workspace")
err = authorizer.Authorize(ctx, user.UserID, user.Roles, rbac.ActionRead, rbac.ResourceWorkspace.InOrg(defaultOrg).WithOwner(user.UserID).WithID("1234"))
require.NoError(t, err, "this user can read workspace '1234'")
})
}
func must[T any](value T, err error) T {
if err != nil {
panic(err)
}
return value
}
Reference in New Issue View Git Blame Copy Permalink