test: Add test for filtering user by Role Id (#10095)

determined-ai · Oct 25, 2024 · 02fcc74 · 02fcc74
1 parent f97fb5a
commit 02fcc74
Showing 1 changed file with 58 additions and 0 deletions.
diff --git a/master/internal/api_user_intg_test.go b/master/internal/api_user_intg_test.go
@@ -29,6 +29,7 @@ import (
 	"github.com/determined-ai/determined/master/internal/job/jobservice"
 	"github.com/determined-ai/determined/master/internal/logpattern"
 	"github.com/determined-ai/determined/master/internal/mocks"
+	"github.com/determined-ai/determined/master/internal/rbac"
 	"github.com/determined-ai/determined/master/internal/rm"
 	"github.com/determined-ai/determined/master/internal/rm/rmevents"
 	"github.com/determined-ai/determined/master/internal/sproto"
@@ -38,6 +39,7 @@ import (
 	"github.com/determined-ai/determined/master/pkg/ptrs"
 	"github.com/determined-ai/determined/master/pkg/tasks"
 	"github.com/determined-ai/determined/proto/pkg/apiv1"
+	"github.com/determined-ai/determined/proto/pkg/rbacv1"
 	"github.com/determined-ai/determined/proto/pkg/userv1"
 )
 
@@ -925,6 +927,62 @@ func TestPostUserActivity(t *testing.T) {
 	require.Equal(t, 1, activityCount, ctx)
 }
 
+func TestFilterUserByRoleId(t *testing.T) {
+	api, _, ctx := setupAPITest(t, nil)
+	config.GetMasterConfig().Security.AuthZ = config.AuthZConfig{Type: "rbac"}
+	defer func() {
+		config.GetMasterConfig().Security.AuthZ = config.AuthZConfig{Type: "basic"}
+	}()
+	testRole := rbac.Role{
+		ID:   10002,
+		Name: uuid.New().String(),
+	}
+	_, err := db.Bun().NewInsert().Model(&testRole).Exec(ctx)
+	require.NoError(t, err, "failure creating role in setup")
+
+	user0 := model.User{Username: uuid.New().String()}
+	_, err = db.HackAddUser(context.TODO(), &user0)
+	require.NoError(t, err)
+	user1 := model.User{Username: uuid.New().String()}
+	_, err = db.HackAddUser(context.TODO(), &user1)
+	require.NoError(t, err)
+
+	err = rbac.AddRoleAssignments(ctx, nil,
+		[]*rbacv1.UserRoleAssignment{
+			{
+				UserId: int32(user0.ID),
+				RoleAssignment: &rbacv1.RoleAssignment{
+					Role: &rbacv1.Role{
+						RoleId: int32(testRole.ID),
+					},
+					ScopeWorkspaceId: nil,
+				},
+			},
+			{
+				UserId: int32(user1.ID),
+				RoleAssignment: &rbacv1.RoleAssignment{
+					Role: &rbacv1.Role{
+						RoleId: int32(testRole.ID),
+					},
+					ScopeWorkspaceId: ptrs.Ptr(int32(1)),
+				},
+			},
+		},
+	)
+	require.NoError(t, err, "error adding role assignment")
+	resp, err := api.GetUsers(ctx, &apiv1.GetUsersRequest{
+		RoleIdAssignedDirectlyToUser: []int32{int32(testRole.ID)},
+	})
+	require.NoError(t, err)
+	require.Len(t, resp.Users, 1)
+	require.Equal(t, int32(user0.ID), resp.Users[0].Id)
+
+	_, err = db.Bun().NewDelete().Table("roles").Where("id = ?", testRole.ID).Exec(ctx)
+	if err != nil {
+		t.Logf("Error cleaning up role")
+	}
+}
+
 func getActivityEntry(ctx context.Context, userID model.UserID, entityID int32) (int, error) {
 	return db.Bun().NewSelect().Model((*model.UserActivity)(nil)).Where("user_id = ?",
 		int32(userID)).Where("entity_id = ?", entityID).Count(ctx)