test: add unit test to verify group permission behavior #14223
Conversation
| ownerCtx := dbauthz.As(context.Background(), rbac.Subject{ | ||
| ID: "owner", | ||
| Roles: rbac.Roles(must(rbac.RoleIdentifiers{rbac.RoleOwner()}.Expand())), | ||
| Groups: []string{}, | ||
| Scope: rbac.ExpandableScope(rbac.ScopeAll), | ||
| }) |
There was a problem hiding this comment.
nit: it's unfortunate to need to copy this role instead of referencing the OG owner
There was a problem hiding this comment.
Yea, I needed the original owner role for setup. Given the pattern of the tabled tests, it felt weird to not fully define the role in the table again
|
|
||
| for _, tc := range testCases { | ||
| tc := tc | ||
| t.Run(tc.Name, func(t *testing.T) { |
There was a problem hiding this comment.
fun idea: you could actually just generate the name here from ${tc.Subject.ID}_ReadGroup${tc.ReadGroup}_ReadMembers${tc.ReadMembers}
There was a problem hiding this comment.
Unfortunately if I do that, the Goland table test runner no longer works.
It looks like I can use %s format directives, but %t breaks it. And the goland feature allows me to select just 1 to run 🤷♂️
| Scope: rbac.ExpandableScope(rbac.ScopeAll), | ||
| }) | ||
|
|
||
| org := dbgen.Organization(t, db, database.Organization{}) |
There was a problem hiding this comment.
I threw in a different org admin. We don't actually need another org in the db for the authz test.
Co-authored-by: Cian Johnston <cian@coder.com>
Only running with in memory db as there is no advantage to using posgres, and it would just take longer.