fix: add additional permission tests to user v2 query endpoints (#7382)

Add additional permission integration tests to the user v2 query endpoints including some fixes to correctly check the permissions after the data is known which you want to query.
2025-08-11 09:57:37 +00:00 · 2024-03-08 09:37:23 +01:00
parent 6df4b1b2c2
commit 9f72fc63ac
5 changed files with 451 additions and 15 deletions
--- a/internal/api/grpc/user/v2/query_integration_test.go
+++ b/internal/api/grpc/user/v2/query_integration_test.go
@@ -5,10 +5,11 @@ package user_test
 import (
 	"context"
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"testing"
 	"time"

+	"github.com/stretchr/testify/assert"
+
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -151,6 +152,158 @@ func TestServer_GetUserByID(t *testing.T) {
 	}
 }

+func TestServer_GetUserByID_Permission(t *testing.T) {
+	timeNow := time.Now().UTC()
+	newOrgOwnerEmail := fmt.Sprintf("%d@permission.get.com", timeNow.UnixNano())
+	newOrg := Tester.CreateOrganization(IamCTX, fmt.Sprintf("GetHuman%d", time.Now().UnixNano()), newOrgOwnerEmail)
+	newUserID := newOrg.CreatedAdmins[0].GetUserId()
+	type args struct {
+		ctx context.Context
+		req *user.GetUserByIDRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.GetUserByIDResponse
+		wantErr bool
+	}{
+		{
+			name: "System, ok",
+			args: args{
+				SystemCTX,
+				&user.GetUserByIDRequest{
+					Organization: &object.Organization{
+						Org: &object.Organization_OrgId{
+							OrgId: newOrg.GetOrganizationId(),
+						},
+					},
+					UserId: newUserID,
+				},
+			},
+			want: &user.GetUserByIDResponse{
+				User: &user.User{
+					State:              user.UserState_USER_STATE_ACTIVE,
+					Username:           "",
+					LoginNames:         nil,
+					PreferredLoginName: "",
+					Type: &user.User_Human{
+						Human: &user.HumanUser{
+							Profile: &user.HumanProfile{
+								GivenName:         "firstname",
+								FamilyName:        "lastname",
+								NickName:          gu.Ptr(""),
+								DisplayName:       gu.Ptr("firstname lastname"),
+								PreferredLanguage: gu.Ptr("und"),
+								Gender:            user.Gender_GENDER_UNSPECIFIED.Enum(),
+								AvatarUrl:         "",
+							},
+							Email: &user.HumanEmail{
+								Email: newOrgOwnerEmail,
+							},
+							Phone: &user.HumanPhone{},
+						},
+					},
+				},
+				Details: &object.Details{
+					ChangeDate:    timestamppb.New(timeNow),
+					ResourceOwner: newOrg.GetOrganizationId(),
+				},
+			},
+		},
+		{
+			name: "Instance, ok",
+			args: args{
+				IamCTX,
+				&user.GetUserByIDRequest{
+					Organization: &object.Organization{
+						Org: &object.Organization_OrgId{
+							OrgId: newOrg.GetOrganizationId(),
+						},
+					},
+					UserId: newUserID,
+				},
+			},
+			want: &user.GetUserByIDResponse{
+				User: &user.User{
+					State:              user.UserState_USER_STATE_ACTIVE,
+					Username:           "",
+					LoginNames:         nil,
+					PreferredLoginName: "",
+					Type: &user.User_Human{
+						Human: &user.HumanUser{
+							Profile: &user.HumanProfile{
+								GivenName:         "firstname",
+								FamilyName:        "lastname",
+								NickName:          gu.Ptr(""),
+								DisplayName:       gu.Ptr("firstname lastname"),
+								PreferredLanguage: gu.Ptr("und"),
+								Gender:            user.Gender_GENDER_UNSPECIFIED.Enum(),
+								AvatarUrl:         "",
+							},
+							Email: &user.HumanEmail{
+								Email: newOrgOwnerEmail,
+							},
+							Phone: &user.HumanPhone{},
+						},
+					},
+				},
+				Details: &object.Details{
+					ChangeDate:    timestamppb.New(timeNow),
+					ResourceOwner: newOrg.GetOrganizationId(),
+				},
+			},
+		},
+		{
+			name: "Org, error",
+			args: args{
+				CTX,
+				&user.GetUserByIDRequest{
+					Organization: &object.Organization{
+						Org: &object.Organization_OrgId{
+							OrgId: newOrg.GetOrganizationId(),
+						},
+					},
+					UserId: newUserID,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "User, error",
+			args: args{
+				UserCTX,
+				&user.GetUserByIDRequest{
+					Organization: &object.Organization{
+						Org: &object.Organization_OrgId{
+							OrgId: newOrg.GetOrganizationId(),
+						},
+					},
+					UserId: newUserID,
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.GetUserByID(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				tt.want.User.UserId = tt.args.req.GetUserId()
+				tt.want.User.Username = newOrgOwnerEmail
+				tt.want.User.PreferredLoginName = newOrgOwnerEmail
+				tt.want.User.LoginNames = []string{newOrgOwnerEmail}
+				if human := tt.want.User.GetHuman(); human != nil {
+					human.Email.Email = newOrgOwnerEmail
+				}
+				assert.Equal(t, tt.want.User, got.User)
+			}
+		})
+	}
+}
+
 type userAttr struct {
 	UserID   string
 	Username string