This is an automated email from the ASF dual-hosted git repository.
zehnder pushed a commit to branch 3944-improve-permission-handling
in repository https://gitbox.apache.org/repos/asf/streampipes.git
The following commit(s) were added to
refs/heads/3944-improve-permission-handling by this push:
new d89ff4b887 refactor(#3944): Add permission tests for pipelines
d89ff4b887 is described below
commit d89ff4b887133a46f6b92af27c31a1abf61dc485
Author: Philipp Zehnder <[email protected]>
AuthorDate: Thu Nov 20 11:58:24 2025 +0100
refactor(#3944): Add permission tests for pipelines
---
ui/cypress/support/utils/pipeline/PipelineUtils.ts | 2 +-
ui/cypress/support/utils/user/PermissionUtils.ts | 8 +
...t.spec.ts => testAddAssetOnResourceCreation.ts} | 2 +-
.../userManagement/testUserRoleConnect.spec.ts | 5 +-
.../userManagement/testUserRolePipeline.spec.ts | 166 +++++++++++++++------
.../object-permission-dialog.component.html | 4 +
6 files changed, 134 insertions(+), 53 deletions(-)
diff --git a/ui/cypress/support/utils/pipeline/PipelineUtils.ts
b/ui/cypress/support/utils/pipeline/PipelineUtils.ts
index b57656d4d4..7d90bde728 100644
--- a/ui/cypress/support/utils/pipeline/PipelineUtils.ts
+++ b/ui/cypress/support/utils/pipeline/PipelineUtils.ts
@@ -227,7 +227,7 @@ export class PipelineUtils {
// The wait is needed because the default value is the
no-table-entries element.
// It must be waited till the data is loaded. Once a better
solution is found, this can be removed.
cy.wait(1000);
- cy.dataCy('no-table-entries').should('be.visible');
+ cy.dataCy('no-table-entries').should('have.length', 2);
} else {
PipelineBtns.statusPipeline().should('have.length', amount);
}
diff --git a/ui/cypress/support/utils/user/PermissionUtils.ts
b/ui/cypress/support/utils/user/PermissionUtils.ts
index 56e07517b4..4365eed24f 100644
--- a/ui/cypress/support/utils/user/PermissionUtils.ts
+++ b/ui/cypress/support/utils/user/PermissionUtils.ts
@@ -47,6 +47,14 @@ export class PermissionUtils {
PermissionUtils.save();
}
+ public static authorizeGroup(resourceName: string, groupName: string) {
+ PermissionUtils.openManagePermissions(resourceName);
+ cy.dataCy('authorized-group').type(groupName);
+ cy.get(`[data-cy="group-option-${groupName}"]`).click();
+
+ PermissionUtils.save();
+ }
+
public static save() {
cy.dataCy('sp-manage-permissions-save').click();
}
diff --git a/ui/cypress/tests/userManagement/testUserRoleAsset.spec.ts
b/ui/cypress/tests/userManagement/testAddAssetOnResourceCreation.ts
similarity index 98%
rename from ui/cypress/tests/userManagement/testUserRoleAsset.spec.ts
rename to ui/cypress/tests/userManagement/testAddAssetOnResourceCreation.ts
index ece8fba06d..a27908b732 100644
--- a/ui/cypress/tests/userManagement/testUserRoleAsset.spec.ts
+++ b/ui/cypress/tests/userManagement/testAddAssetOnResourceCreation.ts
@@ -27,7 +27,7 @@ import { DataExplorerUtils } from
'../../support/utils/dataExplorer/DataExplorer
import { DataExplorerBtns } from
'../../support/utils/dataExplorer/DataExplorerBtns';
import { ConnectBtns } from '../../support/utils/connect/ConnectBtns';
-describe('Test User Roles for Pipelines', () => {
+describe('Test that resources can be added to assets on creation', () => {
let newUser;
beforeEach('Setup Test', () => {
cy.initStreamPipesTest();
diff --git a/ui/cypress/tests/userManagement/testUserRoleConnect.spec.ts
b/ui/cypress/tests/userManagement/testUserRoleConnect.spec.ts
index dd0d008f49..c3b5d585b3 100644
--- a/ui/cypress/tests/userManagement/testUserRoleConnect.spec.ts
+++ b/ui/cypress/tests/userManagement/testUserRoleConnect.spec.ts
@@ -127,12 +127,13 @@ describe('Test User Roles for Connect', () => {
UserRole.ROLE_CONNECT_ADMIN,
);
UserUtils.addGroupToUser('connect_admin_group', user2.name);
- // Add group to user2
// set up
UserUtils.switchUser(user1);
ConnectUtils.addMachineDataSimulator(adapterName);
+ PermissionUtils.authorizeGroup(adapterName, 'connect_admin_group');
+
// check admin
UserUtils.switchUser(UserUtils.adminUser);
validateAdapterIsVisible();
@@ -140,7 +141,7 @@ describe('Test User Roles for Connect', () => {
// check other users
UserUtils.switchUser(user2);
- ConnectUtils.checkAmountOfAdapters(0);
+ ConnectUtils.checkAmountOfAdapters(1);
});
function validateAdapterIsVisible() {
diff --git a/ui/cypress/tests/userManagement/testUserRolePipeline.spec.ts
b/ui/cypress/tests/userManagement/testUserRolePipeline.spec.ts
index 67024c4ee4..be104523d0 100644
--- a/ui/cypress/tests/userManagement/testUserRolePipeline.spec.ts
+++ b/ui/cypress/tests/userManagement/testUserRolePipeline.spec.ts
@@ -22,87 +22,155 @@ import { ConnectUtils } from
'../../support/utils/connect/ConnectUtils';
import { PipelineUtils } from '../../support/utils/pipeline/PipelineUtils';
import { PermissionUtils } from '../../support/utils/user/PermissionUtils';
import { PipelineBtns } from '../../support/utils/pipeline/PipelineBtns';
-import { NavigationUtils } from
'../../support/utils/navigation/NavigationUtils';
+import { User } from '../../support/model/User';
describe('Test User Roles for Pipelines', () => {
+ const pipelineName = 'Persist simulator';
+ let pipelineUser1: User;
+ let pipelineAdmin1: User;
+ let pipelineAdmin2: User;
+
beforeEach('Setup Test', () => {
cy.initStreamPipesTest();
- // Create a machine data simulator with a sample pipeline for the tests
- ConnectUtils.addMachineDataSimulator('simulator', true);
- });
- it('Pipeline admin should not see pipelines of other users', () => {
- const newUser = UserUtils.createUser(
- 'user',
+ pipelineUser1 = UserUtils.createUser(
+ 'pipelineUser1',
+ UserRole.ROLE_PIPELINE_USER,
+ );
+
+ pipelineAdmin1 = UserUtils.createUser(
+ 'pipelineAdmin1',
+ UserRole.ROLE_CONNECT_ADMIN,
+ UserRole.ROLE_PIPELINE_ADMIN,
+ );
+
+ pipelineAdmin2 = UserUtils.createUser(
+ 'pipelineAdmin2',
UserRole.ROLE_PIPELINE_ADMIN,
);
+ });
- // Login as user and check if pipeline is visible to user
- UserUtils.switchUser(newUser);
+ it('Pipeline is not shared with other users', () => {
+ UserUtils.switchUser(pipelineAdmin1);
+ ConnectUtils.addMachineDataSimulator('simulator', true);
- NavigationUtils.validateActiveModules([
- NavigationUtils.PIPELINES,
- NavigationUtils.CONFIGURATION,
- ]);
+ assertPipelineIsVisibleAndEditableCanChangePermissions(
+ UserUtils.adminUser,
+ );
- PipelineUtils.goToPipelines();
- PipelineUtils.checkAmountOfPipelinesPipeline(0);
+ assertPipelineIsNotVisible(pipelineUser1);
+
+ UserUtils.switchUser(pipelineUser1);
+
+ assertPipelineIsNotVisible(pipelineAdmin2);
});
- it('Pipeline admin should see public pipelines of other users', () => {
- const newUser = UserUtils.createUser(
- 'user',
- UserRole.ROLE_PIPELINE_ADMIN,
- );
+ it('Make pipeline public', () => {
+ UserUtils.switchUser(pipelineAdmin1);
+ ConnectUtils.addMachineDataSimulator('simulator', true);
- // Add new authorized user to pipeline
PipelineUtils.goToPipelines();
- PermissionUtils.markElementAsPublic('Persist simulator');
+ PermissionUtils.markElementAsPublic(pipelineName);
- // Login as user and check if pipeline is visible to user
- UserUtils.switchUser(newUser);
+ assertPipelineIsVisibleAndEditableCanChangePermissions(
+ UserUtils.adminUser,
+ );
- PipelineUtils.goToPipelines();
- PipelineUtils.checkAmountOfPipelinesPipeline(1);
- });
+ assertPipelineIsVisibleButNotEditable(pipelineUser1);
- it(' Pipeline admin should see shared pipelines of other users', () => {
- const newUser = UserUtils.createUser(
- 'user',
- UserRole.ROLE_PIPELINE_ADMIN,
+ assertPipelineIsVisibleAndEditableCannotChangePermissions(
+ pipelineAdmin2,
);
+ });
+
+ it('Share pipeline with other user and change ownership', () => {
+ UserUtils.switchUser(pipelineAdmin1);
+ ConnectUtils.addMachineDataSimulator('simulator', true);
- // Add new authorized user to pipeline
PipelineUtils.goToPipelines();
- PermissionUtils.markElementAsPublic('Persist simulator');
- PermissionUtils.authorizeUser('Persist simulator', newUser.email);
+ PermissionUtils.authorizeUser(pipelineName, pipelineAdmin2.email);
- // Login as user and check if pipeline is visible to user
- UserUtils.switchUser(newUser);
+ assertPipelineIsVisibleAndEditableCanChangePermissions(
+ UserUtils.adminUser,
+ );
+
+ assertPipelineIsVisibleAndEditableCannotChangePermissions(
+ pipelineAdmin2,
+ );
+
+ assertPipelineIsNotVisible(pipelineUser1);
+ UserUtils.switchUser(pipelineAdmin1);
PipelineUtils.goToPipelines();
- PipelineUtils.checkAmountOfPipelinesPipeline(1);
+ PermissionUtils.changeOwnership(pipelineName, pipelineAdmin2.email);
+
+ assertPipelineIsNotVisible(pipelineAdmin1);
+
+ assertPipelineIsVisibleAndEditableCanChangePermissions(
+ UserUtils.adminUser,
+ );
+
+ assertPipelineIsVisibleAndEditableCanChangePermissions(pipelineAdmin2);
+
+ assertPipelineIsNotVisible(pipelineUser1);
});
- it(' Pipeline user should see shared pipelines of other users but not be
able to edit them', () => {
- const newUser = UserUtils.createUser(
- 'user',
- UserRole.ROLE_PIPELINE_USER,
+ it('Pipeline is shared with group for user 2', () => {
+ UserUtils.createGroup(
+ 'pipeline_admin_group',
+ UserRole.ROLE_PIPELINE_ADMIN,
);
+ UserUtils.addGroupToUser('pipeline_admin_group', pipelineAdmin2.name);
+
+ // set up
+ UserUtils.switchUser(pipelineAdmin1);
+ ConnectUtils.addMachineDataSimulator('simulator', true);
- // Add new authorized user to pipeline
PipelineUtils.goToPipelines();
- // PermissionUtils.markElementAsPublic();
- PermissionUtils.authorizeUser('Persist simulator', newUser.email);
+ PermissionUtils.authorizeGroup(pipelineName, 'pipeline_admin_group');
- // Login as user and check if pipeline is visible to user
- UserUtils.switchUser(newUser);
+ assertPipelineIsVisibleAndEditableCanChangePermissions(
+ UserUtils.adminUser,
+ );
+
+ assertPipelineIsNotVisible(pipelineUser1);
+ assertPipelineIsVisibleAndEditableCannotChangePermissions(
+ pipelineAdmin2,
+ );
+ });
+
+ function assertPipelineIsVisibleAndEditableCanChangePermissions(
+ user: User,
+ ) {
+ UserUtils.switchUser(user);
+ PipelineUtils.goToPipelines();
+ PipelineUtils.checkAmountOfPipelinesPipeline(1);
+ PipelineBtns.stopPipeline().should('not.be.disabled');
+ PermissionUtils.validateUserCanChangePermissions(pipelineName);
+ }
+
+ function assertPipelineIsVisibleAndEditableCannotChangePermissions(
+ user: User,
+ ) {
+ UserUtils.switchUser(user);
PipelineUtils.goToPipelines();
PipelineUtils.checkAmountOfPipelinesPipeline(1);
+ PipelineBtns.stopPipeline().should('not.be.disabled');
+ PermissionUtils.validateUserCanNotChangePermissions(pipelineName);
+ }
- // A pipeline user should not be able to stop the pipeline or delete it
- PipelineBtns.deletePipeline().should('not.exist');
+ function assertPipelineIsVisibleButNotEditable(user: User) {
+ UserUtils.switchUser(user);
+ PipelineUtils.goToPipelines();
+ PipelineUtils.checkAmountOfPipelinesPipeline(1);
PipelineBtns.stopPipeline().should('be.disabled');
- });
+ PermissionUtils.validateUserCanNotChangePermissions(pipelineName);
+ }
+
+ function assertPipelineIsNotVisible(user: User) {
+ UserUtils.switchUser(user);
+ PipelineUtils.goToPipelines();
+ PipelineUtils.checkAmountOfPipelinesPipeline(0);
+ }
});
diff --git
a/ui/projects/streampipes/shared-ui/src/lib/dialog/object-permission-dialog/object-permission-dialog.component.html
b/ui/projects/streampipes/shared-ui/src/lib/dialog/object-permission-dialog/object-permission-dialog.component.html
index 15353f20ed..069e4044a4 100644
---
a/ui/projects/streampipes/shared-ui/src/lib/dialog/object-permission-dialog/object-permission-dialog.component.html
+++
b/ui/projects/streampipes/shared-ui/src/lib/dialog/object-permission-dialog/object-permission-dialog.component.html
@@ -152,6 +152,7 @@
<input
matInput
[placeholder]="'Add' | translate"
+ data-cy="authorized-group"
#groupInput
[formControl]="groupCtrl"
[matAutocomplete]="groupAuto"
@@ -169,6 +170,9 @@
(optionSelected)="groupSelected($event)"
>
<mat-option
+ [attr.data-cy]="
+ 'group-option-' + group.groupName
+ "
*ngFor="
let group of filteredGroups$ |
async
"
