Add two-user RBAC test

swadeley · swadeley · commit e87404557006 · 2025-04-29T21:56:12.000+01:00
diff --git a/tests/Integration/twouserRBACTest.spec.ts b/tests/Integration/twouserRBACTest.spec.ts
@@ -0,0 +1,76 @@
+import { expect, test } from "@playwright/test";
+import { navigateToRepositories } from "../UI/helpers/navHelpers";
+import { switchToUser, logInWithUsernameAndPassword } from "../helpers/loginHelpers";
+import { randomName, randomUrl } from '../UI/helpers/repoHelpers';
+import { closePopupsIfExist, getRowByNameOrUrl } from '../UI/helpers/helpers';
+import { deleteAllRepos } from '../UI/helpers/deleteRepositories';
+
+const repoNamePrefix = 'Repo-RBAC';
+
+// Function to generate and cache the repo name
+const getRepoName = (() => {
+  let name = null;
+  return () => {
+    if (!name) {
+      name = `${repoNamePrefix}-${randomName()}`;
+    }
+    return name;
+  };
+})();
+
+const url = randomUrl();
+
+test.describe("Run as first user", { tag: "@admin" }, async () => {
+  test("Login as user 1", async ({ page }) => {
+    await test.step('Navigate to the repository page', async () => {
+      await switchToUser(page, process.env.USER1USERNAME!);
+      await navigateToRepositories(page);
+      await closePopupsIfExist(page);
+    });
+    await test.step('Delete any test repos that exist', async () => {
+      // await deleteAllRepos(page, `&search=${repoNamePrefix}`);
+    });
+    await test.step('Create a repository', async () => {
+      await page.getByRole('button', { name: 'Add repositories' }).first().click();
+      await expect(page.getByRole('dialog', { name: 'Add custom repositories' })).toBeVisible();
+
+      // Use getRepoName() to get the consistent repo name
+      await page.getByLabel('Name').fill(getRepoName());
+      await page.getByLabel('Introspect only').click();
+      await page.getByLabel('URL').fill(url);
+      await page.getByRole('button', { name: 'Save', exact: true }).click();
+    });
+    await test.step('Read the repo', async () => {
+      const row = await getRowByNameOrUrl(page, getRepoName());
+      await expect(row.getByText('Valid')).toBeVisible();
+      await row.getByLabel('Kebab toggle').click();
+      await row.getByRole('menuitem', { name: 'Edit' }).click();
+      await expect(page.getByRole('dialog', { name: 'Edit custom repository' })).toBeVisible();
+      await expect(page.getByPlaceholder('Enter name', { exact: true })).toHaveValue(getRepoName());
+      await expect(page.getByPlaceholder('https://', { exact: true })).toHaveValue(url);
+    });
+    await test.step('Update the repository', async () => {
+      await page.getByPlaceholder('Enter name', { exact: true }).fill(`${getRepoName()}-Edited`);
+      await page.getByRole('button', { name: 'Save changes', exact: true }).click();
+    });
+  });
+});
+
+test.describe("Run as second user", { tag: "@read-only" }, async () => {
+  test("Login as user 2", async ({ page }) => {
+    await test.step('Navigate to the repository page', async () => {
+      await switchToUser(page, process.env.RO_USER_USERNAME!);
+      await navigateToRepositories(page);
+      await closePopupsIfExist(page);
+    });
+    await test.step('Read the repo', async () => {
+      // Use getRepoName() to get the same repo name
+      const row = await getRowByNameOrUrl(page, getRepoName());
+      await expect(row.getByText('Valid')).toBeVisible({ timeout: 60000 });
+      await row.getByLabel('Kebab toggle').click();
+      await row.getByRole('menuitem', { name: 'Edit' }).click();
+      await expect(page.getByText('You do not have the required permissions to perform this action')).toBeVisible();
+      await expect(page.getByRole('dialog', { name: 'Edit custom repository' })).not.toBeVisible();
+    });
+  });
+});
