Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
fleet/server/contexts/viewer/viewer_test.go
Victor Lyuboslavsky 913a5904c8
Move NewActivity to activity bounded context (#39521) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38536 

This PR moves all logic to create new activities to activity bounded
context.
The old service and ActivityModule methods are not facades that route to
the new activity bounded context. The facades will be removed in a
subsequent PR.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added webhook support for activity events with configurable endpoint
and enable/disable settings.
* Enhanced automation-initiated activity creation without requiring a
user context.
* Improved activity service architecture with centralized creation and
management.

* **Improvements**
* Refactored activity creation to use a dedicated service layer for
better separation of concerns.
* Added support for host-specific and automation-originated activities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-25 14:11:03 -06:00

192 lines
6.6 KiB
Go
Raw Blame History

package viewer
import (
"context"
"testing"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
var (
// Weird states
nilViewer = Viewer{}
noSessionViewer = Viewer{
User: &fleet.User{
ID: 41,
Name: "No Session",
},
}
// Regular users
userViewer = Viewer{
User: &fleet.User{
ID: 45,
Name: "Regular User",
},
Session: &fleet.Session{
ID: 4,
UserID: 45,
},
}
needsPasswordResetUserViewer = Viewer{
User: &fleet.User{
ID: 47,
Name: "Regular User Needs Password Reset",
AdminForcedPasswordReset: true,
},
Session: &fleet.Session{
ID: 6,
UserID: 47,
},
}
// Admin users
adminViewer = Viewer{
User: &fleet.User{
ID: 42,
Name: "The Admin",
},
Session: &fleet.Session{
ID: 1,
UserID: 42,
},
}
needsPasswordResetAdminViewer = Viewer{
User: &fleet.User{
ID: 44,
Name: "The Admin Requires Password Reset",
AdminForcedPasswordReset: true,
},
Session: &fleet.Session{
ID: 3,
UserID: 44,
},
}
)
func TestContext(t *testing.T) {
ctx := NewContext(context.Background(), userViewer)
v, ok := FromContext(ctx)
assert.True(t, ok)
assert.Equal(t, userViewer, v)
}
func TestIsUserID(t *testing.T) {
assert.True(t, adminViewer.IsUserID(42))
assert.False(t, adminViewer.IsUserID(7))
assert.True(t, userViewer.IsUserID(45))
}
func TestIsLoggedIn(t *testing.T) {
assert.Equal(t, false, nilViewer.IsLoggedIn())
assert.Equal(t, false, noSessionViewer.IsLoggedIn())
assert.Equal(t, true, userViewer.IsLoggedIn())
assert.Equal(t, true, needsPasswordResetUserViewer.IsLoggedIn())
assert.Equal(t, true, adminViewer.IsLoggedIn())
assert.Equal(t, true, needsPasswordResetAdminViewer.IsLoggedIn())
}
func TestCanPerformActions(t *testing.T) {
assert.Equal(t, false, nilViewer.CanPerformActions())
assert.Equal(t, false, noSessionViewer.CanPerformActions())
assert.Equal(t, true, userViewer.CanPerformActions())
assert.Equal(t, false, needsPasswordResetUserViewer.CanPerformActions())
assert.Equal(t, true, adminViewer.CanPerformActions())
assert.Equal(t, false, needsPasswordResetAdminViewer.CanPerformActions())
}
// TODO update these tests
// func TestCanPerformAdminActions(t *testing.T) {
// assert.Equal(t, false, nilViewer.CanPerformAdminActions())
// assert.Equal(t, false, noSessionViewer.CanPerformAdminActions())
// assert.Equal(t, false, userViewer.CanPerformAdminActions())
// assert.Equal(t, false, disabledUserViewer.CanPerformAdminActions())
// assert.Equal(t, false, needsPasswordResetUserViewer.CanPerformAdminActions())
// assert.Equal(t, true, adminViewer.CanPerformAdminActions())
// assert.Equal(t, false, disabledAdminViewer.CanPerformAdminActions())
// assert.Equal(t, false, needsPasswordResetAdminViewer.CanPerformAdminActions())
// }
// func TestCanPerformReadActionOnUser(t *testing.T) {
// assert.Equal(t, false, nilViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, false, noSessionViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, true, userViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, true, userViewer.CanPerformReadActionOnUser(userViewer.User.ID))
// assert.Equal(t, false, disabledUserViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, false, disabledUserViewer.CanPerformReadActionOnUser(disabledUserViewer.User.ID))
// assert.Equal(t, false, needsPasswordResetUserViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, true, needsPasswordResetUserViewer.CanPerformReadActionOnUser(needsPasswordResetUserViewer.User.ID))
// assert.Equal(t, true, adminViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, true, adminViewer.CanPerformReadActionOnUser(adminViewer.User.ID))
// assert.Equal(t, false, disabledAdminViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, false, disabledAdminViewer.CanPerformReadActionOnUser(disabledAdminViewer.User.ID))
// assert.Equal(t, false, needsPasswordResetAdminViewer.CanPerformReadActionOnUser(1))
// assert.Equal(t, true, needsPasswordResetAdminViewer.CanPerformReadActionOnUser(needsPasswordResetAdminViewer.User.ID))
// }
// func TestCanPerformWriteActionOnUser(t *testing.T) {
// assert.Equal(t, false, nilViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, false, noSessionViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, false, userViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, true, userViewer.CanPerformWriteActionOnUser(userViewer.User.ID))
// assert.Equal(t, false, disabledUserViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, false, disabledUserViewer.CanPerformWriteActionOnUser(disabledUserViewer.User.ID))
// assert.Equal(t, false, needsPasswordResetUserViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, true, needsPasswordResetUserViewer.CanPerformWriteActionOnUser(needsPasswordResetUserViewer.User.ID))
// assert.Equal(t, true, adminViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, true, adminViewer.CanPerformWriteActionOnUser(adminViewer.User.ID))
// assert.Equal(t, false, disabledAdminViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, false, disabledAdminViewer.CanPerformWriteActionOnUser(disabledAdminViewer.User.ID))
// assert.Equal(t, false, needsPasswordResetAdminViewer.CanPerformWriteActionOnUser(1))
// assert.Equal(t, true, needsPasswordResetAdminViewer.CanPerformWriteActionOnUser(needsPasswordResetAdminViewer.User.ID))
// }
func TestMaskEmail(t *testing.T) {
cases := []struct {
name string
email string
expected string
}{
{"standard email", "john.doe@example.com", "j***@example.com"},
{"single char local", "j@example.com", "j***@example.com"},
{"subdomain", "user@mail.example.com", "u***@mail.example.com"},
{"empty string", "", "***"},
{"no at sign", "invalid", "***"},
{"empty local part", "@example.com", "***"},
{"only at sign", "@", "***"},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
result := maskEmail(tc.email)
assert.Equal(t, tc.expected, result)
})
}
}
func TestNewSystemContext(t *testing.T) {
ctx := NewSystemContext(t.Context())
v, ok := FromContext(ctx)
require.True(t, ok, "viewer should be present in context")
require.NotNil(t, v.User, "user should be present in viewer")
// Verify the system user has the expected properties
assert.Equal(t, systemUserName, v.User.Name, "system user name should match ActivityAutomationAuthor")
require.NotNil(t, v.User.GlobalRole, "system user should have a global role")
assert.Equal(t, fleet.RoleAdmin, *v.User.GlobalRole, "system user should have admin role")
}
Reference in a new issue View git blame Copy permalink