dashboard/app: test existing code

google · Oct 15, 2024 · a845537 · a845537
1 parent 084d817
commit a845537
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 14 deletions.
diff --git a/dashboard/app/access.go b/dashboard/app/access.go
@@ -46,9 +46,6 @@ func checkAccessLevel(c context.Context, r *http.Request, level AccessLevel) err
 	return ErrAccess
 }
 
-// AuthDomain is broken in AppEngine tests.
-var isBrokenAuthDomainInTest = false
-
 func emailInAuthDomains(email string, authDomains []string) bool {
 	for _, authDomain := range authDomains {
 		if strings.HasSuffix(email, authDomain) {
@@ -59,7 +56,7 @@ func emailInAuthDomains(email string, authDomains []string) bool {
 	return false
 }
 
-func currentUser(c context.Context, r *http.Request) *user.User {
+func currentUser(c context.Context) *user.User {
 	u := user.Current(c)
 	if u != nil {
 		return u
@@ -78,23 +75,29 @@ func currentUser(c context.Context, r *http.Request) *user.User {
 // OAuth2 token is expected to be present in "Authorization" header.
 // Example: "Authorization: Bearer $(gcloud auth print-access-token)".
 func accessLevel(c context.Context, r *http.Request) AccessLevel {
-	if user.IsAdmin(c) {
-		switch r.FormValue("access") {
+	return userAccessLevel(currentUser(c), r.FormValue("access"), getConfig(c))
+
+}
+// AuthDomain is broken in AppEngine tests.
+var trustedAuthDomain = "gmail.com"
+
+func userAccessLevel(u *user.User, wantAccess string, config *GlobalConfig) AccessLevel {
+	if u == nil {
+		return AccessPublic
+	}
+	if u.Admin {
+		switch wantAccess {
 		case "public":
 			return AccessPublic
 		case "user":
 			return AccessUser
 		}
 		return AccessAdmin
 	}
-	u := currentUser(c, r)
-	if u == nil ||
-		// Devappserver does not pass AuthDomain.
-		u.AuthDomain != "gmail.com" && !isBrokenAuthDomainInTest ||
-		!emailInAuthDomains(u.Email, getConfig(c).AuthDomains) {
-		return AccessPublic
+	if u.AuthDomain == trustedAuthDomain &&	emailInAuthDomains(u.Email, config.AuthDomains) {
+		return AccessUser
 	}
-	return AccessUser
+	return AccessPublic
 }
 
 func checkTextAccess(c context.Context, r *http.Request, tag string, id int64) (*Bug, *Crash, error) {

diff --git a/dashboard/app/access_test.go b/dashboard/app/access_test.go
@@ -429,3 +429,7 @@ func TestAccess(t *testing.T) {
 		}
 	}
 }
+
+func TestUserAccessLevel(t *testing.T) {
+	assert.Equal(t, AccessAdmin, userAccessLevel(&user.User{Admin: true}, "", nil))
+}
diff --git a/dashboard/app/app_test.go b/dashboard/app/app_test.go
@@ -31,7 +31,7 @@ func init() {
 	os.Setenv("GAE_MODULE_VERSION", "1")
 	os.Setenv("GAE_MINOR_VERSION", "1")
 
-	isBrokenAuthDomainInTest = true
+	trustedAuthDomain = "" // Devappserver environment value is "", prod value is "gmail.com".
 	obsoleteWhatWontBeFixBisected = true
 	notifyAboutUnsuccessfulBisections = true
 	ensureConfigImmutability = true