forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd_org_test.go
83 lines (65 loc) · 2.53 KB
/
add_org_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package users_test
import (
"github.com/Velocidex/ordereddict"
"github.com/sebdah/goldie"
acl_proto "www.velocidex.com/golang/velociraptor/acls/proto"
"www.velocidex.com/golang/velociraptor/json"
"www.velocidex.com/golang/velociraptor/users"
"www.velocidex.com/golang/velociraptor/vtesting/assert"
)
func (self *UserManagerTestSuite) TestAddUserToOrg() {
self.makeUsers()
golden := ordereddict.NewDict()
admin_policy := &acl_proto.ApiClientACL{
Roles: []string{"administrator"},
}
reader_policy := &acl_proto.ApiClientACL{
Roles: []string{"reader"},
}
// Can a simple user add themselves to another org?
err := users.AddUserToOrg(
self.Ctx, users.UseExistingUser,
"UserO1", "UserO1", []string{"O2"}, admin_policy)
assert.ErrorContains(self.T(), err, "PermissionDenied")
// Can an admin in O1 just add a user to O2?
err = users.AddUserToOrg(
self.Ctx, users.UseExistingUser,
"AdminO1", "UserO1", []string{"O2"}, admin_policy)
assert.ErrorContains(self.T(), err, "PermissionDenied")
// Can an OrgAdmin add a user from O1 to O2?
err = users.AddUserToOrg(
self.Ctx, users.UseExistingUser,
"OrgAdmin", "AdminO1", []string{"O2"}, admin_policy)
assert.NoError(self.T(), err)
user_record, err := users.GetUser(self.Ctx, "OrgAdmin", "AdminO1")
assert.NoError(self.T(), err)
golden.Set("AdminO1 belongs in O1 and O2", user_record)
// Now AdminO1 is an admin in both O1 and O2 so they can add the
// user there.
err = users.AddUserToOrg(
self.Ctx, users.UseExistingUser,
"AdminO1", "UserO1", []string{"O2"}, reader_policy)
assert.NoError(self.T(), err)
user_record, err = users.GetUser(self.Ctx, "OrgAdmin", "UserO1")
assert.NoError(self.T(), err)
golden.Set("UserO1 belongs in O1 and O2", user_record)
// Try to add an unknown user.
err = users.AddUserToOrg(
self.Ctx, users.UseExistingUser,
"OrgAdmin", "NoSuchUser", []string{"O2"}, admin_policy)
assert.ErrorContains(self.T(), err, "User not found")
// Request a new user record to be created.
err = users.AddUserToOrg(
self.Ctx, users.AddNewUser,
"AdminO2", "NoSuchUser", []string{"O2"}, reader_policy)
assert.NoError(self.T(), err)
user_record, err = users.GetUser(self.Ctx, "OrgAdmin", "NoSuchUser")
assert.NoError(self.T(), err)
golden.Set("New Users NoSuchUser", user_record)
// Try to create a reserved user
err = users.AddUserToOrg(
self.Ctx, users.AddNewUser,
"AdminO2", "VelociraptorServer", []string{"O2"}, reader_policy)
assert.ErrorContains(self.T(), err, "reserved")
goldie.Assert(self.T(), "TestAddUserToOrg", json.MustMarshalIndent(golden))
}