Skip to content

Commit fc755bf

Browse files
soneda-yuyasoneda-yuya
authored
feat(server): policy check query (#1760)
1 parent 3238549 commit fc755bf

File tree

12 files changed

+604
-24
lines changed

12 files changed

+604
-24
lines changed

server/e2e/common.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ import (
1919
"github.com/reearth/reearth/server/internal/infrastructure/fs"
2020
"github.com/reearth/reearth/server/internal/infrastructure/memory"
2121
"github.com/reearth/reearth/server/internal/infrastructure/mongo"
22+
"github.com/reearth/reearth/server/internal/infrastructure/policy"
2223
"github.com/reearth/reearth/server/internal/usecase/gateway"
2324
"github.com/reearth/reearth/server/internal/usecase/repo"
2425
"github.com/reearth/reearthx/account/accountinfrastructure/accountmongo"
@@ -89,11 +90,13 @@ func initRepos(t *testing.T, useMongo bool, seeder Seeder) (repos *repo.Containe
8990
func initGateway() *gateway.Container {
9091
if fr == nil {
9192
return &gateway.Container{
92-
File: lo.Must(fs.NewFile(afero.NewMemMapFs(), "https://example.com/")),
93+
File: lo.Must(fs.NewFile(afero.NewMemMapFs(), "https://example.com/")),
94+
PolicyChecker: policy.NewPermissiveChecker(),
9395
}
9496
}
9597
return &gateway.Container{
96-
File: *fr,
98+
File: *fr,
99+
PolicyChecker: policy.NewPermissiveChecker(),
97100
}
98101
}
99102

server/e2e/gql_workspace_policy_test.go

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
package e2e
2+
3+
import (
4+
"fmt"
5+
"testing"
6+
)
7+
8+
// go test -v -run TestWorkspacePolicyCheck ./e2e/...
9+
func TestWorkspacePolicyCheck(t *testing.T) {
10+
e, _ := StartGQLServerAndRepos(t, baseSeederUser)
11+
12+
// Test successful policy check for existing workspace
13+
res := Request(e, uId1.String(), GraphQLRequest{
14+
Query: fmt.Sprintf(`query {
15+
workspacePolicyCheck(input: {workspaceId: "%s"}) {
16+
workspaceId
17+
enableToCreatePrivateProject
18+
}
19+
}`, wId1),
20+
})
21+
22+
// Verify the response structure
23+
res.Path("$.data.workspacePolicyCheck.workspaceId").IsEqual(wId1.String())
24+
res.Path("$.data.workspacePolicyCheck.enableToCreatePrivateProject").IsBoolean()
25+
26+
// Test with non-existent workspace ID
27+
nonExistentWorkspaceId := "01H4XCVR7QZJN0Z8V9XN9N9N9N"
28+
res = Request(e, uId1.String(), GraphQLRequest{
29+
Query: fmt.Sprintf(`query {
30+
workspacePolicyCheck(input: {workspaceId: "%s"}) {
31+
workspaceId
32+
enableToCreatePrivateProject
33+
}
34+
}`, nonExistentWorkspaceId),
35+
})
36+
37+
// Should return error for non-existent workspace
38+
res.Path("$.errors[0].message").IsString()
39+
40+
// Test with invalid workspace ID format
41+
res = Request(e, uId1.String(), GraphQLRequest{
42+
Query: `query {
43+
workspacePolicyCheck(input: {workspaceId: "invalid-id"}) {
44+
workspaceId
45+
enableToCreatePrivateProject
46+
}
47+
}`,
48+
})
49+
50+
// Should return error for invalid ID format
51+
res.Path("$.errors[0].message").IsString()
52+
}
53+
54+
// Test policy check with different user permissions
55+
func TestWorkspacePolicyCheckPermissions(t *testing.T) {
56+
e, _ := StartGQLServerAndRepos(t, baseSeederUser)
57+
58+
// Test with workspace owner
59+
res := Request(e, uId1.String(), GraphQLRequest{
60+
Query: fmt.Sprintf(`query {
61+
workspacePolicyCheck(input: {workspaceId: "%s"}) {
62+
workspaceId
63+
enableToCreatePrivateProject
64+
}
65+
}`, wId1),
66+
})
67+
68+
res.Path("$.data.workspacePolicyCheck.workspaceId").IsEqual(wId1.String())
69+
res.Path("$.data.workspacePolicyCheck.enableToCreatePrivateProject").IsBoolean()
70+
res.Path("$.data.workspacePolicyCheck.enableToCreatePrivateProject").IsEqual(true)
71+
72+
// Test with different user (should still work if they have access to the workspace)
73+
res = Request(e, uId2.String(), GraphQLRequest{
74+
Query: fmt.Sprintf(`query {
75+
workspacePolicyCheck(input: {workspaceId: "%s"}) {
76+
workspaceId
77+
enableToCreatePrivateProject
78+
}
79+
}`, wId1),
80+
})
81+
82+
res.Path("$.data.workspacePolicyCheck.workspaceId").IsEqual(wId1.String())
83+
res.Path("$.data.workspacePolicyCheck.enableToCreatePrivateProject").IsBoolean()
84+
res.Path("$.data.workspacePolicyCheck.enableToCreatePrivateProject").IsEqual(true)
85+
}

server/gql/workspace.graphql

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,10 @@ input CreateWorkspaceInput {
6060
alias: String
6161
}
6262

63+
input PolicyCheckInput {
64+
workspaceId: ID!
65+
}
66+
6367
input UpdateWorkspaceInput {
6468
workspaceId: ID!
6569
name: String!
@@ -93,6 +97,11 @@ type CreateWorkspacePayload {
9397
workspace: Workspace!
9498
}
9599

100+
type PolicyCheckPayload {
101+
workspaceId: ID!
102+
enableToCreatePrivateProject: Boolean!
103+
}
104+
96105
type UpdateWorkspacePayload {
97106
workspace: Workspace!
98107
}
@@ -113,7 +122,9 @@ type DeleteWorkspacePayload {
113122
workspaceId: ID!
114123
}
115124

116-
#extend type Query{ }
125+
extend type Query {
126+
workspacePolicyCheck(input: PolicyCheckInput!): PolicyCheckPayload
127+
}
117128

118129
extend type Mutation {
119130
createWorkspace(input: CreateWorkspaceInput!): CreateWorkspacePayload

0 commit comments

Comments
 (0)