shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e94de0bdabcaeed735d468bb6d279d06f8b8b2d1
coder/coderd/rbac/scopes_catalog_internal_test.go
T
ケイラ caeff49aba chore: refactor roles to support multiple permission sets scoped by org id (#20186) 
In preparation for adding the "member" permission level, which will also
be grouped by org ID, do a bit of a refactor to make room for it and the
existing "org" level to live in the same `map`
2025-10-09 11:08:34 -06:00

68 lines
2.0 KiB
Go
Raw Blame History

package rbac
import (
"sort"
"strings"
"testing"
"github.com/stretchr/testify/require"
)
func TestExternalScopeNames(t *testing.T) {
t.Parallel()
names := ExternalScopeNames()
require.NotEmpty(t, names)
// Ensure sorted ascending
sorted := append([]string(nil), names...)
sort.Strings(sorted)
require.Equal(t, sorted, names)
// Ensure each entry expands to site-only
for _, name := range names {
// Skip `all` and `application_connect` since they do not
// expand into a low level scope.
// They are handled differently.
if name == string(ScopeAll) || name == string(ScopeApplicationConnect) {
continue
}
// Composite coder:* scopes expand to one or more site permissions.
if strings.HasPrefix(name, "coder:") {
s, err := ScopeName(name).Expand()
require.NoErrorf(t, err, "catalog entry should expand: %s", name)
require.NotEmpty(t, s.Site)
expected, ok := CompositeSitePermissions(ScopeName(name))
require.Truef(t, ok, "expected composite scope definition: %s", name)
require.ElementsMatchf(t, expected, s.Site, "unexpected expanded permissions for %s", name)
require.Empty(t, s.ByOrgID)
require.Empty(t, s.User)
continue
}
// Low-level scopes must parse to a single permission.
res, act, ok := parseLowLevelScope(ScopeName(name))
require.Truef(t, ok, "catalog entry should parse: %s", name)
s, err := ScopeName(name).Expand()
require.NoErrorf(t, err, "catalog entry should expand: %s", name)
require.Len(t, s.Site, 1)
require.Equal(t, res, s.Site[0].ResourceType)
require.Equal(t, act, s.Site[0].Action)
require.Empty(t, s.ByOrgID)
require.Empty(t, s.User)
}
}
func TestIsExternalScope(t *testing.T) {
t.Parallel()
require.True(t, IsExternalScope("workspace:read"))
require.True(t, IsExternalScope("template:use"))
require.True(t, IsExternalScope("workspace:*"))
require.True(t, IsExternalScope("coder:workspaces.create"))
require.False(t, IsExternalScope("debug_info:read")) // internal-only
require.False(t, IsExternalScope("unknown:read"))
}
Reference in New Issue View Git Blame Copy Permalink