Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(e2e): teamAdmin permission tests #2230

Merged
merged 18 commits into from
Sep 29, 2023
Merged

Conversation

DafyddLlyr
Copy link
Contributor

@DafyddLlyr DafyddLlyr commented Sep 21, 2023

  • Add test cases for the teamAdmin role for all tables not covered by introspection tests
  • Fix permissions on operations table (ShareDB does the writing to this as admin currently, but I thought it worthwhile to correctly model Hasura)
  • Resolves CVE-2023-26144 for e2e/api tests, API & Editor by bumping planx-core
    • e2e/ui to follow - aiming to use planx-core here for teardown instead of the more manual graphql-request approach

✅ Regression test run against this branch - https://github.com/theopensystemslab/planx-new/actions/runs/6338450886

@github-actions
Copy link

github-actions bot commented Sep 21, 2023

Removed vultr server and associated DNS entries

@github-actions
Copy link

github-actions bot commented Sep 22, 2023

🤖 Hasura Change Summary compared a subset of table metadata including permissions:

Updated Tables (1)

  • public.operations permissions:

    insert select update delete
    platformAdmin /
    teamEditor / /
    14 added column permissions
    insert select update
    platformAdmin ➕ actor_id
    ➕ created_at
    ➕ data
    ➕ flow_id
    ➕ id
    ➕ updated_at
    ➕ version
    teamEditor

@DafyddLlyr DafyddLlyr requested a review from a team September 22, 2023 09:25
@DafyddLlyr DafyddLlyr marked this pull request as ready for review September 22, 2023 09:25
@DafyddLlyr DafyddLlyr force-pushed the dp/teamAdmin-e2e-queries branch from 65422b3 to cae9bcd Compare September 26, 2023 10:35
@DafyddLlyr DafyddLlyr force-pushed the dp/cucumber-permissions-test branch from f456bcb to 794d305 Compare September 27, 2023 10:43
Base automatically changed from dp/cucumber-permissions-test to main September 27, 2023 11:38
@DafyddLlyr DafyddLlyr force-pushed the dp/teamAdmin-e2e-queries branch 2 times, most recently from f4e0330 to 2df8311 Compare September 27, 2023 15:26
Copy link
Member

@jessicamcinchak jessicamcinchak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks for figuring this one out!

Left a few minor questions, but no blockers.


error?: Error = undefined;
activeUser!: TestUser;
result: any[] | Record<"returning", any[]> | null = null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Personally, would love to turn off the type warnings for unexpected any to make PRs a bit less noisy - I think we can trust each other to catch actually-unnecessary ones in code reviews ?

slug: "team-1-flow",
});

const user2Id = await createUser({ email: "[email protected]" });
const teamId2 = await createTeam({ name: "E2E Team 2", slug: "e2e-team2" });
Copy link
Member

@jessicamcinchak jessicamcinchak Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

double checking i understand this: in overall setup, we create two users who are by default not a platform admin and they also do not have roles on either teamId1 or teamId2? then later in individual test suites, you're creating & cleaning up team memberships and toggling permissions?

i'm wondering a bit if it'd be clearer to setup more explicitly with something like e2e-platform-admin@.. etc rather than vague user-1, user-2 etc? definitely not a showstopper though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I appreciate this is an unclear point - team1 and team2 are quite vague/meaningless names but I needed something to differentiate (I was also considering red/blue or something to make it slightly more distinct).

The intention is that there are -

  • Two teams
  • One TeamEditor of each team
  • We test that teamEditor1 can access team1 resources
  • We test that teamEditor2 cannot access team1 resources

I'll add comments to explicitly explain the setup here 👍

@@ -24,26 +28,27 @@ export const cleanup = async () => {
};

export const setup = async () => {
const user1Id = await createUser({ email: "[email protected]" });
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think helen & mel previously reported an annoying issue where e2e test emails using the @opensystemslab.io domain were causing bounced errors in the enquiries inbox? can we use a harmless @example.com or something instead?

@DafyddLlyr DafyddLlyr merged commit 3f6e2b4 into main Sep 29, 2023
12 checks passed
@DafyddLlyr DafyddLlyr deleted the dp/teamAdmin-e2e-queries branch September 29, 2023 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants