Skip to content

Commit

Permalink
is: Add restriction test to organization registry
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicholaspcr
nicholaspcr committed Jul 7, 2023
1 parent 01e98bc commit d89a1a8
Showing 1 changed file with 50 additions and 0 deletions.
50 changes: 50 additions & 0 deletions pkg/identityserver/organization_registry_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,56 @@ func TestOrganizationsCRUD(t *testing.T) {
a.So(updated.Name, should.Equal, "Updated Name")
}

t.Run("Contact Info Restrictions", func(t *testing.T) { // nolint:paralleltest
a, ctx := test.New(t)

oldSetOtherAsContacts := is.config.CollaboratorRights.SetOthersAsContacts
t.Cleanup(func() { is.config.CollaboratorRights.SetOthersAsContacts = oldSetOtherAsContacts })
is.config.CollaboratorRights.SetOthersAsContacts = false

// Set usr-2 as collaborator to client.
oac := ttnpb.NewOrganizationAccessClient(cc)
oac.SetCollaborator(ctx, &ttnpb.SetOrganizationCollaboratorRequest{
OrganizationIds: created.GetIds(),
Collaborator: &ttnpb.Collaborator{
Ids: usr2.GetOrganizationOrUserIdentifiers(),
Rights: []ttnpb.Right{ttnpb.Right_RIGHT_ALL},
},
}, creds)

// Attempt to set another collaborator as administrative contact.
_, err := reg.Update(ctx, &ttnpb.UpdateOrganizationRequest{
Organization: &ttnpb.Organization{
Ids: created.GetIds(),
AdministrativeContact: usr2.GetOrganizationOrUserIdentifiers(),
},
FieldMask: ttnpb.FieldMask("administrative_contact"),
}, creds)
a.So(errors.IsPermissionDenied(err), should.BeTrue)

// Admin can bypass contact info restrictions.
_, err = reg.Update(ctx, &ttnpb.UpdateOrganizationRequest{
Organization: &ttnpb.Organization{
Ids: created.GetIds(),
AdministrativeContact: usr1.GetOrganizationOrUserIdentifiers(),
},
FieldMask: ttnpb.FieldMask("administrative_contact"),
}, adminCreds)
a.So(err, should.BeNil)

is.config.CollaboratorRights.SetOthersAsContacts = true

// Now usr-1 can set usr-2 as technical contact.
_, err = reg.Update(ctx, &ttnpb.UpdateOrganizationRequest{
Organization: &ttnpb.Organization{
Ids: created.GetIds(),
TechnicalContact: usr2.GetOrganizationOrUserIdentifiers(),
},
FieldMask: ttnpb.FieldMask("technical_contact"),
}, creds)
a.So(err, should.BeNil)
})

for _, collaborator := range []*ttnpb.OrganizationOrUserIdentifiers{nil, usr1.GetOrganizationOrUserIdentifiers()} {
list, err := reg.List(ctx, &ttnpb.ListOrganizationsRequest{
FieldMask: ttnpb.FieldMask("name"),
Expand Down

0 comments on commit d89a1a8

Please sign in to comment.