VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/zddc/internal/handler/profileprojects_test.go
ZDDC b80b11c99f feat: project creation gated by cascade ActionCreate, not hardcoded admin 
The /.profile/projects endpoint previously refused anyone without
hasAnyAdminScope. Now it runs the standard decider with ActionCreate
on the parent directory — super-admins still pass via the
IsActiveAdmin bypass branch, and anyone the root .zddc grants `c`
to (e.g. `*@example.com: c`) can self-service a project without
needing an existing admin grant.

Other changes in this commit:

- The new project's .zddc is seeded with the creator's email in
  admins: when the request body doesn't supply one — they become
  subtree admin of their own project at birth. .zddc edits in
  deeper subfolders flow through their authority; strict-ancestor
  rule still prevents them from editing /<project>/.zddc itself.

- AccessView gains can_create_project, computed by the same decider
  call the endpoint uses — UI and server agree on visibility with
  no daylight.

- Profile page splits the subtree-admin template from the create-
  project template so the latter mounts on can_create_project,
  independent of has_any_admin_scope. Non-admin grantees see the
  form; admins keep seeing both.

- Lock-in tests cover the five interesting cases: cascade-granted
  user succeeds and becomes subtree admin; stranger gets 404;
  elevated super-admin auto-defaults admins; explicit admins list
  wins over the default; duplicate-name 409.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 10:25:19 -05:00

121 lines
4.4 KiB
Go
Raw Blame History

package handler
import (
"bytes"
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"testing"
"codeberg.org/VARASYS/ZDDC/zddc/internal/config"
"codeberg.org/VARASYS/ZDDC/zddc/internal/zddc"
)
// projectCreateFixture lays out a deployment whose root .zddc grants
// `c` (create) to `*@example.com` so non-admin members can spin up
// projects, with `admin@example.com` as the super-admin escape hatch.
func projectCreateFixture(t *testing.T) (config.Config, string) {
t.Helper()
root := t.TempDir()
mustWriteHelper(t, filepath.Join(root, ".zddc"),
"admins:\n - admin@example.com\n"+
"acl:\n permissions:\n \"*@example.com\": c\n")
zddc.InvalidateCache(root)
return config.Config{Root: root, EmailHeader: "X-Auth-Request-Email", MaxWriteBytes: 64 * 1024}, root
}
func doProjectCreate(cfg config.Config, email string, elevated bool, body []byte) *httptest.ResponseRecorder {
req := httptest.NewRequest(http.MethodPost, "/.profile/projects", bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
ctx := context.WithValue(req.Context(), EmailKey, email)
ctx = context.WithValue(ctx, ElevatedKey, elevated)
req = req.WithContext(ctx)
rec := httptest.NewRecorder()
serveProfileProjectsCreate(cfg, rec, req)
return rec
}
// Non-admin user holds `c` at root via cascade — succeeds, becomes
// subtree admin of the new project.
func TestProjectCreate_CascadeGrantedUserBecomesSubtreeAdmin(t *testing.T) {
cfg, root := projectCreateFixture(t)
body, _ := json.Marshal(map[string]any{"parent": "/", "name": "Project-1", "title": "My project"})
rec := doProjectCreate(cfg, "alice@example.com", false, body)
if rec.Code != http.StatusCreated {
t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String())
}
zddc.InvalidateCache(root)
// Verify the new project .zddc names alice as admin.
zf, err := zddc.ParseFile(filepath.Join(root, "Project-1", ".zddc"))
if err != nil {
t.Fatalf("read new .zddc: %v", err)
}
if len(zf.Admins) != 1 || zf.Admins[0] != "alice@example.com" {
t.Errorf("Admins=%v, want [alice@example.com]", zf.Admins)
}
if zf.Title != "My project" {
t.Errorf("Title=%q, want %q", zf.Title, "My project")
}
}
// User with no grant at root — 404 (existence-hidden).
func TestProjectCreate_UnauthenticatedUserDenied(t *testing.T) {
cfg, _ := projectCreateFixture(t)
body, _ := json.Marshal(map[string]any{"parent": "/", "name": "ShouldFail"})
rec := doProjectCreate(cfg, "stranger@other.org", false, body)
if rec.Code != http.StatusNotFound {
t.Errorf("status=%d, want 404", rec.Code)
}
}
// Super-admin elevated — succeeds via decider's IsActiveAdmin bypass,
// not via explicit ACL grant. Admins default to creator email.
func TestProjectCreate_ElevatedSuperAdminWithDefaultAdmins(t *testing.T) {
cfg, root := projectCreateFixture(t)
body, _ := json.Marshal(map[string]any{"parent": "/", "name": "AdminProj"})
rec := doProjectCreate(cfg, "admin@example.com", true, body)
if rec.Code != http.StatusCreated {
t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String())
}
zddc.InvalidateCache(root)
zf, _ := zddc.ParseFile(filepath.Join(root, "AdminProj", ".zddc"))
if len(zf.Admins) != 1 || zf.Admins[0] != "admin@example.com" {
t.Errorf("default Admins=%v, want [admin@example.com]", zf.Admins)
}
}
// Caller passes explicit admins list — used instead of auto-defaulting.
func TestProjectCreate_ExplicitAdminsListWins(t *testing.T) {
cfg, root := projectCreateFixture(t)
body, _ := json.Marshal(map[string]any{
"parent": "/",
"name": "TeamProj",
"admins": []string{"alice@example.com", "bob@example.com"},
})
rec := doProjectCreate(cfg, "alice@example.com", false, body)
if rec.Code != http.StatusCreated {
t.Fatalf("status=%d body=%s", rec.Code, rec.Body.String())
}
zddc.InvalidateCache(root)
zf, _ := zddc.ParseFile(filepath.Join(root, "TeamProj", ".zddc"))
if len(zf.Admins) != 2 {
t.Errorf("Admins=%v, want 2 entries", zf.Admins)
}
}
// Re-creating an existing project name fails 409 — duplicate detection
// runs before the admin seed write.
func TestProjectCreate_DuplicateNameRejected(t *testing.T) {
cfg, root := projectCreateFixture(t)
if err := os.MkdirAll(filepath.Join(root, "Existing"), 0o755); err != nil {
t.Fatal(err)
}
body, _ := json.Marshal(map[string]any{"parent": "/", "name": "Existing"})
rec := doProjectCreate(cfg, "alice@example.com", false, body)
if rec.Code != http.StatusConflict {
t.Errorf("status=%d, want 409", rec.Code)
}
}
Reference in a new issue View git blame Copy permalink