Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0b23984

Browse files
EmyrkEmyrk
committed
Add unit test
1 parent 3fbbaa7 commit 0b23984

File tree

3 files changed

+51
-3
lines changed

3 files changed

+51
-3
lines changed

coderd/database/dbauthz/querier.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ func (q *querier) GetFileByHashAndCreator(ctx context.Context, arg database.GetF
9595
err = q.authorizeContext(ctx, rbac.ActionRead, file)
9696
if err != nil {
9797
// Check the user's access to the file's templates.
98-
if q.authorizeReadFile(ctx, file) != nil {
98+
if q.authorizeUpdateFileTemplate(ctx, file) != nil {
9999
return database.File{}, err
100100
}
101101
}
@@ -123,7 +123,7 @@ func (q *querier) GetFileByID(ctx context.Context, id uuid.UUID) (database.File,
123123
// independent of template permissions. This function checks if the user has
124124
// update access to any of the file's templates.
125125
func (q *querier) authorizeUpdateFileTemplate(ctx context.Context, file database.File) error {
126-
tpls, err := q.GetFileTemplates(AsSystemRestricted(ctx), file.ID)
126+
tpls, err := q.db.GetFileTemplates(ctx, file.ID)
127127
if err != nil {
128128
return err
129129
}

coderd/database/dbfake/databasefake.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -723,7 +723,7 @@ func (q *fakeQuerier) GetFileTemplates(_ context.Context, id uuid.UUID) ([]datab
723723
}
724724
}
725725

726-
return rows, sql.ErrNoRows
726+
return rows, nil
727727
}
728728

729729
func (q *fakeQuerier) GetUserByEmailOrUsername(_ context.Context, arg database.GetUserByEmailOrUsernameParams) (database.User, error) {

enterprise/coderd/templates_test.go

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -976,6 +976,54 @@ func TestUpdateTemplateACL(t *testing.T) {
976976
})
977977
}
978978

979+
func TestReadFileWithTemplateUpdate(t *testing.T) {
980+
t.Parallel()
981+
t.Run("HasTemplateUpdate", func(t *testing.T) {
982+
t.Parallel()
983+
ctx, cancel := testutil.Context(t)
984+
defer cancel()
985+
986+
// Upload a file
987+
client := coderdenttest.New(t, nil)
988+
first := coderdtest.CreateFirstUser(t, client)
989+
_ = coderdenttest.AddLicense(t, client, coderdenttest.LicenseOptions{
990+
Features: license.Features{
991+
codersdk.FeatureTemplateRBAC: 1,
992+
},
993+
})
994+
995+
resp, err := client.Upload(ctx, codersdk.ContentTypeTar, bytes.NewReader(make([]byte, 1024)))
996+
require.NoError(t, err)
997+
998+
// Make a new user
999+
member, memberData := coderdtest.CreateAnotherUser(t, client, first.OrganizationID)
1000+
1001+
// Try to download file, this should fail
1002+
_, _, err = member.Download(ctx, resp.ID)
1003+
require.Error(t, err, "no template yet")
1004+
1005+
// Make a new template version with the file
1006+
version := coderdtest.CreateTemplateVersion(t, client, first.OrganizationID, nil, func(request *codersdk.CreateTemplateVersionRequest) {
1007+
request.FileID = resp.ID
1008+
})
1009+
template := coderdtest.CreateTemplate(t, client, first.OrganizationID, version.ID)
1010+
1011+
// Not in acl yet
1012+
_, _, err = member.Download(ctx, resp.ID)
1013+
require.Error(t, err, "not in acl yet")
1014+
1015+
err = client.UpdateTemplateACL(ctx, template.ID, codersdk.UpdateTemplateACL{
1016+
UserPerms: map[string]codersdk.TemplateRole{
1017+
memberData.ID.String(): codersdk.TemplateRoleAdmin,
1018+
},
1019+
})
1020+
require.NoError(t, err)
1021+
1022+
_, _, err = member.Download(ctx, resp.ID)
1023+
require.NoError(t, err)
1024+
})
1025+
}
1026+
9791027
// TestTemplateAccess tests the rego -> sql conversion. We need to implement
9801028
// this test on at least 1 table type to ensure that the conversion is correct.
9811029
// The rbac tests only assert against static SQL queries.

0 commit comments

Comments
 (0)