func (s *S) TestAddPermissionsToARoleSyncGitRepository(c *check.C) { _, err := permission.NewRole("test", "team") c.Assert(err, check.IsNil) user := &auth.User{Email: "*****@*****.**", Password: "******"} _, err = nativeScheme.Create(user) c.Assert(err, check.IsNil) err = user.AddRole("test", s.team.Name) c.Assert(err, check.IsNil) a := app.App{Name: "myapp", TeamOwner: s.team.Name} err = app.CreateApp(&a, s.user) c.Assert(err, check.IsNil) users, err := repositorytest.Granted("myapp") c.Assert(err, check.IsNil) c.Assert(users, check.DeepEquals, []string{s.user.Email}) rec := httptest.NewRecorder() b := bytes.NewBufferString(`permission=app.update&permission=app.deploy`) req, err := http.NewRequest("POST", "/roles/test/permissions", b) c.Assert(err, check.IsNil) token := userWithPermission(c, permission.Permission{ Scheme: permission.PermRoleUpdate, Context: permission.Context(permission.CtxGlobal, ""), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) server := RunServer(true) server.ServeHTTP(rec, req) c.Assert(rec.Code, check.Equals, http.StatusOK) users, err = repositorytest.Granted("myapp") c.Assert(err, check.IsNil) c.Assert(users, check.DeepEquals, []string{s.user.Email, user.Email}) }
func (s *S) BenchmarkAddPermissionToRoleWithoutDeploy(c *check.C) { s.benchmarkAddPermissionToRole(c, `permission=app.update&permission=app.read`) users, err := repositorytest.Granted("myapp") c.Assert(err, check.IsNil) sort.Strings(users) c.Assert(users, check.DeepEquals, []string{s.user.Email}) }
func (s *S) TestRemovePermissionsFromRoleSyncGitRepository(c *check.C) { r, err := permission.NewRole("test", "team") c.Assert(err, check.IsNil) defer permission.DestroyRole(r.Name) err = r.AddPermissions("app.deploy") c.Assert(err, check.IsNil) user := &auth.User{Email: "*****@*****.**", Password: "******"} _, err = nativeScheme.Create(user) c.Assert(err, check.IsNil) err = user.AddRole("test", s.team.Name) c.Assert(err, check.IsNil) a := app.App{Name: "myapp", TeamOwner: s.team.Name} err = app.CreateApp(&a, s.user) err = repository.Manager().GrantAccess(a.Name, user.Email) c.Assert(err, check.IsNil) rec := httptest.NewRecorder() req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.deploy", nil) c.Assert(err, check.IsNil) token := userWithPermission(c, permission.Permission{ Scheme: permission.PermRoleUpdate, Context: permission.Context(permission.CtxGlobal, ""), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) server := RunServer(true) server.ServeHTTP(rec, req) c.Assert(rec.Code, check.Equals, http.StatusOK) r, err = permission.FindRole("test") c.Assert(err, check.IsNil) c.Assert(r.SchemeNames, check.DeepEquals, []string{}) users, err := repositorytest.Granted(a.Name) c.Assert(err, check.IsNil) c.Assert(users, check.DeepEquals, []string{s.user.Email}) }
func (s *S) TestAssignRoleCheckGandalf(c *check.C) { role, err := permission.NewRole("test", "app", "") c.Assert(err, check.IsNil) err = role.AddPermissions("app.deploy") c.Assert(err, check.IsNil) emptyToken := customUserWithPermission(c, "user2") a := app.App{Name: "myapp", TeamOwner: s.team.Name} err = app.CreateApp(&a, s.user) c.Assert(err, check.IsNil) roleBody := bytes.NewBufferString(fmt.Sprintf("email=%s&context=myapp", emptyToken.GetUserName())) req, err := http.NewRequest("POST", "/roles/test/user", roleBody) c.Assert(err, check.IsNil) token := customUserWithPermission(c, "user1", permission.Permission{ Scheme: permission.PermRoleUpdateAssign, Context: permission.Context(permission.CtxGlobal, ""), }, permission.Permission{ Scheme: permission.PermAppDeploy, Context: permission.Context(permission.CtxApp, "myapp"), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) recorder := httptest.NewRecorder() server := RunServer(true) server.ServeHTTP(recorder, req) c.Assert(err, check.IsNil) c.Assert(recorder.Code, check.Equals, http.StatusOK) emptyUser, err := emptyToken.User() c.Assert(err, check.IsNil) users, err := repositorytest.Granted("myapp") c.Assert(err, check.IsNil) c.Assert(users, check.DeepEquals, []string{s.user.Email, emptyToken.GetUserName()}) c.Assert(emptyUser.Roles, check.HasLen, 1) }
func (s *S) BenchmarkAddPermissionToRoleWithDeploy(c *check.C) { userEmails := s.benchmarkAddPermissionToRole(c, `permission=app.update&permission=app.deploy`) users, err := repositorytest.Granted("myapp") c.Assert(err, check.IsNil) userEmails = append(userEmails, s.user.Email) sort.Strings(users) sort.Strings(userEmails) c.Assert(users, check.DeepEquals, userEmails) }
func (s *S) TestDissociateRoleCheckGandalf(c *check.C) { role, err := permission.NewRole("test", "app", "") c.Assert(err, check.IsNil) err = role.AddPermissions("app.deploy") c.Assert(err, check.IsNil) otherToken := customUserWithPermission(c, "user2") otherUser, err := otherToken.User() c.Assert(err, check.IsNil) a := app.App{Name: "myapp", TeamOwner: s.team.Name} err = app.CreateApp(&a, s.user) c.Assert(err, check.IsNil) err = otherUser.AddRole(role.Name, "myapp") c.Assert(err, check.IsNil) url := fmt.Sprintf("/roles/test/user/%s?context=myapp", otherToken.GetUserName()) req, err := http.NewRequest("DELETE", url, nil) c.Assert(err, check.IsNil) token := customUserWithPermission(c, "user1", permission.Permission{ Scheme: permission.PermRoleUpdateDissociate, Context: permission.Context(permission.CtxGlobal, ""), }, permission.Permission{ Scheme: permission.PermAppDeploy, Context: permission.Context(permission.CtxApp, "myapp"), }) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Authorization", "bearer "+token.GetValue()) recorder := httptest.NewRecorder() server := RunServer(true) server.ServeHTTP(recorder, req) c.Assert(err, check.IsNil) c.Assert(recorder.Code, check.Equals, http.StatusOK) otherUser, err = otherToken.User() c.Assert(err, check.IsNil) c.Assert(otherUser.Roles, check.HasLen, 0) users, err := repositorytest.Granted("myapp") c.Assert(err, check.IsNil) c.Assert(users, check.DeepEquals, []string{s.user.Email}) }