forked from baron/baron-sso
152 lines
4.5 KiB
Go
152 lines
4.5 KiB
Go
package handler
|
|
|
|
import (
|
|
"baron-sso-backend/internal/domain"
|
|
"baron-sso-backend/internal/testsupport"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/mock"
|
|
)
|
|
|
|
func TestTenantHandler_GetTenant_SuperAdmin(t *testing.T) {
|
|
if !testsupport.DockerAvailable() {
|
|
t.Skip("Docker provider is unavailable in this environment")
|
|
}
|
|
|
|
db := newTenantHandlerSeedDeleteDB(t)
|
|
if err := db.AutoMigrate(&domain.TenantDomain{}); err != nil {
|
|
t.Fatalf("failed to migrate tenant domains: %v", err)
|
|
}
|
|
|
|
// Create a test tenant in DB with a valid UUID
|
|
tenant := domain.Tenant{
|
|
ID: "00000000-0000-0000-0000-000000000010",
|
|
Name: "Super Admin Test Tenant",
|
|
Slug: "super-admin-test-tenant",
|
|
Type: domain.TenantTypeCompany,
|
|
Status: domain.TenantStatusActive,
|
|
}
|
|
if err := db.Create(&tenant).Error; err != nil {
|
|
t.Fatalf("failed to create tenant: %v", err)
|
|
}
|
|
|
|
app := fiber.New()
|
|
mockSvc := new(MockTenantService)
|
|
mockKeto := new(devMockKetoService)
|
|
|
|
h := &TenantHandler{
|
|
DB: db,
|
|
Service: mockSvc,
|
|
Keto: mockKeto,
|
|
}
|
|
|
|
// We'll simulate middleware setting "user_profile" for a Super Admin
|
|
app.Get("/tenants/:id", func(c *fiber.Ctx) error {
|
|
profile := &domain.UserProfileResponse{
|
|
ID: "user-super-admin-id",
|
|
Role: domain.RoleSuperAdmin,
|
|
}
|
|
c.Locals("user_profile", profile)
|
|
return h.GetTenant(c)
|
|
})
|
|
|
|
req := httptest.NewRequest("GET", "/tenants/00000000-0000-0000-0000-000000000010", nil)
|
|
resp, err := app.Test(req)
|
|
if err != nil {
|
|
t.Fatalf("request failed: %v", err)
|
|
}
|
|
|
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
|
|
|
var got tenantSummary
|
|
err = json.NewDecoder(resp.Body).Decode(&got)
|
|
if err != nil {
|
|
t.Fatalf("failed to decode response: %v", err)
|
|
}
|
|
|
|
assert.Equal(t, "00000000-0000-0000-0000-000000000010", got.ID)
|
|
assert.Equal(t, "Super Admin Test Tenant", got.Name)
|
|
assert.NotNil(t, got.UserPermissions)
|
|
assert.True(t, got.UserPermissions.View)
|
|
assert.True(t, got.UserPermissions.Manage)
|
|
assert.True(t, got.UserPermissions.ManageAdmins)
|
|
}
|
|
|
|
func TestTenantHandler_GetTenant_NormalUser(t *testing.T) {
|
|
if !testsupport.DockerAvailable() {
|
|
t.Skip("Docker provider is unavailable in this environment")
|
|
}
|
|
|
|
db := newTenantHandlerSeedDeleteDB(t)
|
|
if err := db.AutoMigrate(&domain.TenantDomain{}); err != nil {
|
|
t.Fatalf("failed to migrate tenant domains: %v", err)
|
|
}
|
|
|
|
// Create a test tenant in DB with a valid UUID
|
|
tenant := domain.Tenant{
|
|
ID: "00000000-0000-0000-0000-000000000020",
|
|
Name: "Normal User Test Tenant",
|
|
Slug: "normal-user-test-tenant",
|
|
Type: domain.TenantTypeCompany,
|
|
Status: domain.TenantStatusActive,
|
|
}
|
|
if err := db.Create(&tenant).Error; err != nil {
|
|
t.Fatalf("failed to create tenant: %v", err)
|
|
}
|
|
|
|
app := fiber.New()
|
|
mockSvc := new(MockTenantService)
|
|
mockKeto := new(devMockKetoService)
|
|
|
|
h := &TenantHandler{
|
|
DB: db,
|
|
Service: mockSvc,
|
|
Keto: mockKeto,
|
|
}
|
|
|
|
// Mock Keto response: allowed view/manage but not manage_admins
|
|
subject := "User:user-normal-id"
|
|
mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", "view").Return(true, nil)
|
|
mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", "manage").Return(true, nil)
|
|
mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", "manage_admins").Return(false, nil)
|
|
mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", mock.Anything).Return(false, nil).Maybe()
|
|
|
|
// We'll simulate middleware setting "user_profile" for a regular admin/user
|
|
app.Get("/tenants/:id", func(c *fiber.Ctx) error {
|
|
profile := &domain.UserProfileResponse{
|
|
ID: "user-normal-id",
|
|
Role: domain.RoleUser,
|
|
}
|
|
c.Locals("user_profile", profile)
|
|
return h.GetTenant(c)
|
|
})
|
|
|
|
req := httptest.NewRequest("GET", "/tenants/00000000-0000-0000-0000-000000000020", nil)
|
|
resp, err := app.Test(req)
|
|
if err != nil {
|
|
t.Fatalf("request failed: %v", err)
|
|
}
|
|
|
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
|
|
|
var got tenantSummary
|
|
err = json.NewDecoder(resp.Body).Decode(&got)
|
|
if err != nil {
|
|
t.Fatalf("failed to decode response: %v", err)
|
|
}
|
|
|
|
assert.Equal(t, "00000000-0000-0000-0000-000000000020", got.ID)
|
|
assert.Equal(t, "Normal User Test Tenant", got.Name)
|
|
assert.NotNil(t, got.UserPermissions)
|
|
assert.True(t, got.UserPermissions.View)
|
|
assert.True(t, got.UserPermissions.Manage)
|
|
assert.False(t, got.UserPermissions.ManageAdmins)
|
|
|
|
mockKeto.AssertExpectations(t)
|
|
}
|