graphql: Apply authorization on /_search endpoint

- AccessControlContext now resides in a separate package from where it can be imported, along with the contextKey that will be used to set and retrieve this context value. - AccessControlContext has a new field called Username, that will be of use for future implementations in graphQL resolvers. - GlobalSearch resolver now uses this context to filter repos available to the logged user. - moved logic for uploading images in tests so that it can be used in every package - tests were added for multiple request scenarios, when zot-server requires authz on specific repos - added tests with injected errors for extended coverage - added tests for status code error injection utilities Closes https://github.com/project-zot/zot/issues/615 Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2026-06-17 12:58:02 +08:00 · 2022-08-16 11:57:09 +03:00
parent 5450139ba1
commit 49e8167dbe
15 changed files with 763 additions and 165 deletions
@@ -59,6 +59,18 @@ func bar() error {
 	return nil
 }

+func baz() error {
+	if test.ErrStatusCode(0) != 0 {
+		return errCall1
+	}
+
+	if test.ErrStatusCode(0) != 0 {
+		return errCall2
+	}
+
+	return nil
+}
+
 func alwaysErr() error {
 	return errNotZero
 }
@@ -108,6 +120,22 @@ func TestInject(t *testing.T) {
 				So(errors.Is(err, errCall2), ShouldBeTrue)
 			})
 		})
+
+		Convey("Check ErrStatusCode", func() {
+			Convey("Without skipping", func() {
+				test.InjectFailure(0)   // inject a failure
+				err := baz()            // should be a failure
+				So(err, ShouldNotBeNil) // should be a failure
+				So(errors.Is(err, errCall1), ShouldBeTrue)
+			})
+
+			Convey("With skipping", func() {
+				test.InjectFailure(1) // inject a failure but skip first one
+				err := baz()          // should be a failure
+				So(errors.Is(err, errCall1), ShouldBeFalse)
+				So(errors.Is(err, errCall2), ShouldBeTrue)
+			})
+		})
 	})

 	Convey("Without injected failure", t, func(c C) {