Skip to content

Commit

Permalink
Revert "feat(api): new permission system (#5674)"
Browse files Browse the repository at this point in the history 
This reverts commit ff60d04.
  • Loading branch information
@kamilkisiela
kamilkisiela authored Nov 7, 2024
1 parent 580d349 commit 15c4918
Show file tree
Hide file tree
Showing 79 changed files with 2,034 additions and 2,664 deletions.
34 changes: 34 additions & 0 deletions integration-tests/testkit/schema-policy.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,40 @@
import { RuleInstanceSeverityLevel, SchemaPolicyInput } from 'testkit/gql/graphql';
import { graphql } from './gql';

export const TargetCalculatedPolicy = graphql(`
query TargetCalculatedPolicy($selector: TargetSelectorInput!) {
target(selector: $selector) {
id
schemaPolicy {
mergedRules {
...SchemaPolicyRuleInstanceFields
}
projectPolicy {
id
rules {
...SchemaPolicyRuleInstanceFields
}
}
organizationPolicy {
id
allowOverrides
rules {
...SchemaPolicyRuleInstanceFields
}
}
}
}
}
fragment SchemaPolicyRuleInstanceFields on SchemaPolicyRuleInstance {
rule {
id
}
severity
configuration
}
`);

export const OrganizationAndProjectsWithSchemaPolicy = graphql(`
query OrganizationAndProjectsWithSchemaPolicy($organization: String!) {
organization(selector: { organizationSlug: $organization }) {
Expand Down
29 changes: 13 additions & 16 deletions integration-tests/testkit/seed.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -495,6 +495,19 @@ export function initSeed() {
secret,
);
},

async updateSchemaVersionStatus(versionId: string, valid: boolean) {
return await updateSchemaVersionStatus(
{
organizationSlug: organization.slug,
projectSlug: project.slug,
targetSlug: target.slug,
valid,
versionId,
},
secret,
).then(r => r.expectNoGraphQLErrors());
},
async publishSchema(options: {
sdl: string;
headerName?: 'x-api-token' | 'authorization';
Expand Down Expand Up @@ -695,22 +708,6 @@ export function initSeed() {

return result.target?.schemaVersions.edges.map(edge => edge.node);
},
async updateSchemaVersionStatus(
versionId: string,
valid: boolean,
ttarget: TargetOverwrite = target,
) {
return await updateSchemaVersionStatus(
{
organizationSlug: organization.slug,
projectSlug: project.slug,
targetSlug: ttarget.slug,
valid,
versionId,
},
ownerToken,
).then(r => r.expectNoGraphQLErrors());
},
};
},
async inviteAndJoinMember(inviteToken: string = ownerToken) {
Expand Down
2 changes: 1 addition & 1 deletion integration-tests/tests/api/artifacts-cdn.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -662,7 +662,7 @@ describe('CDN token', () => {
expect(deleteResult).toEqual(
expect.arrayContaining([
expect.objectContaining({
message: `No access (reason: "Missing permission for performing 'cdnAccessToken:delete' on resource")`,
message: `No access (reason: "Missing target:settings permission")`,
}),
]),
);
Expand Down
6 changes: 3 additions & 3 deletions integration-tests/tests/api/collections/document-collections.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ describe('Document Collections', () => {
).rejects.toEqual(
expect.objectContaining({
message: expect.stringContaining(
`No access (reason: "Missing permission for performing 'laboratory:createCollection' on resource")`,
`No access (reason: "Missing target:registry:write permission")`,
),
}),
);
Expand Down Expand Up @@ -172,7 +172,7 @@ describe('Document Collections', () => {
).rejects.toEqual(
expect.objectContaining({
message: expect.stringContaining(
`No access (reason: "Missing permission for performing 'laboratory:modifyCollection' on resource")`,
'No access (reason: "Missing target:registry:write permission")',
),
}),
);
Expand Down Expand Up @@ -202,7 +202,7 @@ describe('Document Collections', () => {
).rejects.toEqual(
expect.objectContaining({
message: expect.stringContaining(
`No access (reason: "Missing permission for performing 'laboratory:deleteCollection' on resource")`,
`No access (reason: "Missing target:registry:write permission")`,
),
}),
);
Expand Down
6 changes: 3 additions & 3 deletions integration-tests/tests/api/oidc-integrations/crud.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ describe('create', () => {
expect(errors).toEqual(
expect.arrayContaining([
expect.objectContaining({
message: `No access (reason: "Missing permission for performing 'oidc:modify' on resource")`,
message: `No access (reason: "Missing organization:integrations permission")`,
}),
]),
);
Expand Down Expand Up @@ -545,7 +545,7 @@ describe('delete', () => {
expect(errors).toEqual(
expect.arrayContaining([
expect.objectContaining({
message: `No access (reason: "Missing permission for performing 'oidc:modify' on resource")`,
message: `No access (reason: "Missing organization:integrations permission")`,
}),
]),
);
Expand Down Expand Up @@ -742,7 +742,7 @@ describe('update', () => {
expect(errors).toEqual(
expect.arrayContaining([
expect.objectContaining({
message: `No access (reason: "Missing permission for performing 'oidc:modify' on resource")`,
message: `No access (reason: "Missing organization:integrations permission")`,
}),
]),
);
Expand Down
70 changes: 70 additions & 0 deletions integration-tests/tests/api/policy/policy-access.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,76 @@ import { execute } from '../../../testkit/graphql';
import { initSeed } from '../../../testkit/seed';

describe('Policy Access', () => {
describe('Target', () => {
const query = graphql(`
query TargetSchemaPolicyAccess($selector: TargetSelectorInput!) {
target(selector: $selector) {
schemaPolicy {
mergedRules {
severity
}
}
}
}
`);

test.concurrent(
'should successfully fetch Target.schemaPolicy if the user has access to SETTINGS',
async ({ expect }) => {
const { createOrg } = await initSeed().createOwner();
const { organization, createProject, inviteAndJoinMember } = await createOrg();
const { project, target } = await createProject(ProjectType.Single);
const adminRole = organization.memberRoles.find(r => r.name === 'Admin');

if (!adminRole) {
throw new Error('Admin role not found');
}

const { member, memberToken, assignMemberRole } = await inviteAndJoinMember();
await assignMemberRole({
roleId: adminRole.id,
userId: member.user.id,
});

const result = await execute({
document: query,
variables: {
selector: {
organizationSlug: organization.slug,
projectSlug: project.slug,
targetSlug: target.slug,
},
},
authToken: memberToken,
}).then(r => r.expectNoGraphQLErrors());

expect(result.target?.schemaPolicy?.mergedRules).not.toBeNull();
},
);

test.concurrent(
'should fail to fetch Target.schemaPolicy if the user lacks access to SETTINGS',
async ({ expect }) => {
const { createOrg } = await initSeed().createOwner();
const { organization, createProject, inviteAndJoinMember } = await createOrg();
const { project, target } = await createProject(ProjectType.Single);
const { memberToken } = await inviteAndJoinMember();

await execute({
document: query,
variables: {
selector: {
organizationSlug: organization.slug,
projectSlug: project.slug,
targetSlug: target.slug,
},
},
authToken: memberToken,
}).then(r => r.expectGraphQLErrors());
},
);
});

describe('Project', () => {
const query = graphql(`
query ProjectSchemaPolicyAccess($selector: ProjectSelectorInput!) {
Expand Down
Loading

0 comments on commit 15c4918

Please sign in to comment.