| 15 | ) |
| 16 | |
| 17 | func TestCollectionRulesDefault(t *testing.T) { |
| 18 | hub, _ := beszelTests.NewTestHub(t.TempDir()) |
| 19 | defer hub.Cleanup() |
| 20 | |
| 21 | const isUserMatchesUser = `@request.auth.id != "" && user = @request.auth.id` |
| 22 | |
| 23 | const isUserInUsers = `@request.auth.id != "" && users.id ?= @request.auth.id` |
| 24 | const isUserInUsersNotReadonly = `@request.auth.id != "" && users.id ?= @request.auth.id && @request.auth.role != "readonly"` |
| 25 | |
| 26 | const isUserInSystemUsers = `@request.auth.id != "" && system.users.id ?= @request.auth.id` |
| 27 | const isUserInSystemUsersNotReadonly = `@request.auth.id != "" && system.users.id ?= @request.auth.id && @request.auth.role != "readonly"` |
| 28 | |
| 29 | // users collection |
| 30 | usersCollection, err := hub.FindCollectionByNameOrId("users") |
| 31 | assert.NoError(t, err, "Failed to find users collection") |
| 32 | assert.True(t, usersCollection.PasswordAuth.Enabled) |
| 33 | assert.Equal(t, usersCollection.PasswordAuth.IdentityFields, []string{"email"}) |
| 34 | assert.Nil(t, usersCollection.CreateRule) |
| 35 | assert.False(t, usersCollection.MFA.Enabled) |
| 36 | |
| 37 | // superusers collection |
| 38 | superusersCollection, err := hub.FindCollectionByNameOrId(core.CollectionNameSuperusers) |
| 39 | assert.NoError(t, err, "Failed to find superusers collection") |
| 40 | assert.True(t, superusersCollection.PasswordAuth.Enabled) |
| 41 | assert.Equal(t, superusersCollection.PasswordAuth.IdentityFields, []string{"email"}) |
| 42 | assert.Nil(t, superusersCollection.CreateRule) |
| 43 | assert.False(t, superusersCollection.MFA.Enabled) |
| 44 | |
| 45 | // alerts collection |
| 46 | alertsCollection, err := hub.FindCollectionByNameOrId("alerts") |
| 47 | require.NoError(t, err, "Failed to find alerts collection") |
| 48 | assert.Equal(t, isUserMatchesUser, *alertsCollection.ListRule) |
| 49 | assert.Nil(t, alertsCollection.ViewRule) |
| 50 | assert.Equal(t, isUserMatchesUser, *alertsCollection.CreateRule) |
| 51 | assert.Equal(t, isUserMatchesUser, *alertsCollection.UpdateRule) |
| 52 | assert.Equal(t, isUserMatchesUser, *alertsCollection.DeleteRule) |
| 53 | |
| 54 | // alerts_history collection |
| 55 | alertsHistoryCollection, err := hub.FindCollectionByNameOrId("alerts_history") |
| 56 | require.NoError(t, err, "Failed to find alerts_history collection") |
| 57 | assert.Equal(t, isUserMatchesUser, *alertsHistoryCollection.ListRule) |
| 58 | assert.Nil(t, alertsHistoryCollection.ViewRule) |
| 59 | assert.Nil(t, alertsHistoryCollection.CreateRule) |
| 60 | assert.Nil(t, alertsHistoryCollection.UpdateRule) |
| 61 | assert.Equal(t, isUserMatchesUser, *alertsHistoryCollection.DeleteRule) |
| 62 | |
| 63 | // containers collection |
| 64 | containersCollection, err := hub.FindCollectionByNameOrId("containers") |
| 65 | require.NoError(t, err, "Failed to find containers collection") |
| 66 | assert.Equal(t, isUserInSystemUsers, *containersCollection.ListRule) |
| 67 | assert.Nil(t, containersCollection.ViewRule) |
| 68 | assert.Nil(t, containersCollection.CreateRule) |
| 69 | assert.Nil(t, containersCollection.UpdateRule) |
| 70 | assert.Nil(t, containersCollection.DeleteRule) |
| 71 | |
| 72 | // container_stats collection |
| 73 | containerStatsCollection, err := hub.FindCollectionByNameOrId("container_stats") |
| 74 | require.NoError(t, err, "Failed to find container_stats collection") |