Add more unit testing

Emyrk · Emyrk · commit 0e3fc298169b · 2022-04-28T16:49:59.000-05:00
diff --git a/coderd/rbac/builtin_internal_test.go b/coderd/rbac/builtin_internal_test.go
@@ -0,0 +1,55 @@
+package rbac
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/google/uuid"
+)
+
+func TestRoleByName(t *testing.T) {
+	t.Parallel()
+
+	t.Run("BuiltIns", func(t *testing.T) {
+		t.Parallel()
+		testCases := []struct {
+			Role Role
+		}{
+			{Role: builtInRoles[admin]("")},
+			{Role: builtInRoles[member]("")},
+			{Role: builtInRoles[auditor]("")},
+
+			{Role: builtInRoles[orgAdmin](uuid.New().String())},
+			{Role: builtInRoles[orgAdmin](uuid.New().String())},
+			{Role: builtInRoles[orgAdmin](uuid.New().String())},
+
+			{Role: builtInRoles[orgMember](uuid.New().String())},
+			{Role: builtInRoles[orgMember](uuid.New().String())},
+			{Role: builtInRoles[orgMember](uuid.New().String())},
+		}
+
+		for _, c := range testCases {
+			c := c
+			t.Run(c.Role.Name, func(t *testing.T) {
+				role, err := RoleByName(c.Role.Name)
+				require.NoError(t, err, "role exists")
+				require.Equal(t, c.Role, role)
+			})
+		}
+	})
+
+	// nolint:paralleltest
+	t.Run("Errors", func(t *testing.T) {
+		var err error
+
+		_, err = RoleByName("")
+		require.Error(t, err, "empty role")
+
+		_, err = RoleByName("too:many:colons")
+		require.Error(t, err, "too many colons")
+
+		_, err = RoleByName(orgMember)
+		require.Error(t, err, "expect orgID")
+	})
+}
diff --git a/coderd/rbac/builtin_test.go b/coderd/rbac/builtin_test.go
@@ -0,0 +1,62 @@
+package rbac_test
+
+import (
+	"testing"
+
+	"github.com/google/uuid"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/coderd/rbac"
+)
+
+func TestIsOrgRole(t *testing.T) {
+	t.Parallel()
+	randomUUID := uuid.New()
+
+	testCases := []struct {
+		RoleName string
+		OrgRole  bool
+		OrgID    string
+	}{
+		// Not org roles
+		{RoleName: rbac.RoleAdmin()},
+		{RoleName: rbac.RoleMember()},
+		{RoleName: "auditor"},
+
+		{
+			RoleName: "a:bad:role",
+			OrgRole:  false,
+		},
+		{
+			RoleName: "",
+			OrgRole:  false,
+		},
+
+		// Org roles
+		{
+			RoleName: rbac.RoleOrgAdmin(randomUUID),
+			OrgRole:  true,
+			OrgID:    randomUUID.String(),
+		},
+		{
+			RoleName: rbac.RoleOrgMember(randomUUID),
+			OrgRole:  true,
+			OrgID:    randomUUID.String(),
+		},
+		{
+			RoleName: "test:example",
+			OrgRole:  true,
+			OrgID:    "example",
+		},
+	}
+
+	// nolint:paralleltest
+	for _, c := range testCases {
+		t.Run(c.RoleName, func(t *testing.T) {
+			orgID, ok := rbac.IsOrgRole(c.RoleName)
+			require.Equal(t, c.OrgRole, ok, "match expected org role")
+			require.Equal(t, c.OrgID, orgID, "match expected org id")
+		})
+	}
+}
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -292,23 +292,39 @@ func TestGrantRoles(t *testing.T) {
 	t.Run("UpdateIncorrectRoles", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
-		client := coderdtest.New(t, nil)
-		first := coderdtest.CreateFirstUser(t, client)
+		admin := coderdtest.New(t, nil)
+		first := coderdtest.CreateFirstUser(t, admin)
+		member := coderdtest.CreateAnotherUser(t, admin, first.OrganizationID)
 
-		_, err := client.UpdateUserRoles(ctx, codersdk.Me, codersdk.UpdateRoles{
+		_, err := admin.UpdateUserRoles(ctx, codersdk.Me, codersdk.UpdateRoles{
 			Roles: []string{rbac.RoleOrgMember(first.OrganizationID)},
 		})
 		require.Error(t, err, "org role in site")
 
-		_, err = client.UpdateOrganizationMemberRoles(ctx, first.OrganizationID, codersdk.Me, codersdk.UpdateRoles{
+		_, err = admin.UpdateUserRoles(ctx, uuid.New(), codersdk.UpdateRoles{
+			Roles: []string{rbac.RoleOrgMember(first.OrganizationID)},
+		})
+		require.Error(t, err, "user does not exist")
+
+		_, err = admin.UpdateOrganizationMemberRoles(ctx, first.OrganizationID, codersdk.Me, codersdk.UpdateRoles{
 			Roles: []string{rbac.RoleMember()},
 		})
 		require.Error(t, err, "site role in org")
 
-		_, err = client.UpdateOrganizationMemberRoles(ctx, uuid.New(), codersdk.Me, codersdk.UpdateRoles{
+		_, err = admin.UpdateOrganizationMemberRoles(ctx, uuid.New(), codersdk.Me, codersdk.UpdateRoles{
 			Roles: []string{rbac.RoleMember()},
 		})
 		require.Error(t, err, "role in org without membership")
+
+		_, err = member.UpdateUserRoles(ctx, first.UserID, codersdk.UpdateRoles{
+			Roles: []string{rbac.RoleMember()},
+		})
+		require.Error(t, err, "member cannot change other's roles")
+
+		_, err = member.UpdateOrganizationMemberRoles(ctx, first.OrganizationID, first.UserID, codersdk.UpdateRoles{
+			Roles: []string{rbac.RoleMember()},
+		})
+		require.Error(t, err, "member cannot change other's org roles")
 	})
 
 	t.Run("FirstUserRoles", func(t *testing.T) {
