From eb924ec842bc8f86ba6a881307d545417a6df512 Mon Sep 17 00:00:00 2001
From: Lenin Alevski <alevsk.8772@gmail.com>
Date: Mon, 31 Jan 2022 14:00:33 -0600
Subject: [PATCH] testscafe test for upload file button on bucket (#1491)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>

Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
---
 .../permissions/bucketWritePrefixOnly.ts      | 61 +++++++++++++++++++
 .../policies/bucketWritePrefixOnlyPolicy.json | 25 ++++++++
 portal-ui/tests/scripts/permissions.sh        | 17 +++++-
 portal-ui/tests/utils/functions.ts            |  4 ++
 portal-ui/tests/utils/roles.ts                | 11 ++++
 5 files changed, 116 insertions(+), 2 deletions(-)
 create mode 100644 portal-ui/tests/permissions/bucketWritePrefixOnly.ts
 create mode 100644 portal-ui/tests/policies/bucketWritePrefixOnlyPolicy.json

diff --git a/portal-ui/tests/permissions/bucketWritePrefixOnly.ts b/portal-ui/tests/permissions/bucketWritePrefixOnly.ts
new file mode 100644
index 000000000..501d3a37e
--- /dev/null
+++ b/portal-ui/tests/permissions/bucketWritePrefixOnly.ts
@@ -0,0 +1,61 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import * as elements from "../utils/elements";
+import { Selector } from "testcafe";
+
+fixture("For user with Bucket Write to specific prefix permissions").page(
+  "http://localhost:9090"
+);
+
+test
+  .before(async (t) => {})(
+    "Upload File button is disable and Upload Folder button is enabled on bucket root path",
+    async (t) => {
+      const uploadButton = elements.uploadButton;
+      await t
+        .useRole(roles.bucketWritePrefixOnly)
+        .navigateTo("http://localhost:9090/buckets/testcafe/browse")
+        .click(uploadButton)
+        .expect(Selector("li").withText("Upload File").hasClass("Mui-disabled"))
+        .ok()
+        .expect(
+          Selector("li").withText("Upload Folder").hasClass("Mui-disabled")
+        )
+        .notOk();
+    }
+  )
+  .after(async (t) => {});
+
+test
+  .before(async (t) => {})(
+    "Upload File and Folder buttons are enabled on bucket prefix path",
+    async (t) => {
+      const uploadButton = elements.uploadButton;
+      await t
+        .useRole(roles.bucketWritePrefixOnly)
+        .navigateTo("http://localhost:9090/buckets/testcafe/browse/d3JpdGU=/")
+        .click(uploadButton)
+        .expect(Selector("li").withText("Upload File").hasClass("Mui-disabled"))
+        .notOk()
+        .expect(
+          Selector("li").withText("Upload Folder").hasClass("Mui-disabled")
+        )
+        .notOk();
+    }
+  )
+  .after(async (t) => {});
diff --git a/portal-ui/tests/policies/bucketWritePrefixOnlyPolicy.json b/portal-ui/tests/policies/bucketWritePrefixOnlyPolicy.json
new file mode 100644
index 000000000..b8a681371
--- /dev/null
+++ b/portal-ui/tests/policies/bucketWritePrefixOnlyPolicy.json
@@ -0,0 +1,25 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": ["s3:ListBucket","s3:GetBucketLocation"],
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::testcafe"]
+    },
+    {
+      "Action": ["s3:ListBucket","s3:GetObject"],
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::testcafe/*"]
+    },
+    {
+      "Action": [
+        "s3:ListBucket",
+        "s3:GetObject",
+        "s3:PutObject",
+        "s3:DeleteObject"
+      ],
+      "Effect": "Allow",
+      "Resource": ["arn:aws:s3:::testcafe/write/*"]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/portal-ui/tests/scripts/permissions.sh b/portal-ui/tests/scripts/permissions.sh
index 266f03d63..7b9e784e3 100644
--- a/portal-ui/tests/scripts/permissions.sh
+++ b/portal-ui/tests/scripts/permissions.sh
@@ -23,6 +23,7 @@ create_policies() {
   mc admin policy add minio trace-$TIMESTAMP portal-ui/tests/policies/trace.json
   mc admin policy add minio users-$TIMESTAMP portal-ui/tests/policies/users.json
   mc admin policy add minio watch-$TIMESTAMP portal-ui/tests/policies/watch.json
+  mc admin policy add minio bucketwriteprefixonlypolicy-$TIMESTAMP portal-ui/tests/policies/bucketWritePrefixOnlyPolicy.json
 }
 
 create_users() {
@@ -41,6 +42,11 @@ create_users() {
   mc admin user add minio trace-$TIMESTAMP trace1234
   mc admin user add minio users-$TIMESTAMP users1234
   mc admin user add minio watch-$TIMESTAMP watch1234
+  mc admin user add minio bucketwriteprefixonlypolicy-$TIMESTAMP bucketwriteprefixonlypolicy
+}
+
+create_buckets() {
+  mc mb minio/testcafe && mc cp ./portal-ui/tests/uploads/test.txt minio/testcafe/write/test.txt
 }
 
 assign_policies() {
@@ -59,6 +65,7 @@ assign_policies() {
   mc admin policy set minio trace-$TIMESTAMP user=trace-$TIMESTAMP
   mc admin policy set minio users-$TIMESTAMP user=users-$TIMESTAMP
   mc admin policy set minio watch-$TIMESTAMP user=watch-$TIMESTAMP
+  mc admin policy set minio bucketwriteprefixonlypolicy-$TIMESTAMP user=bucketwriteprefixonlypolicy-$TIMESTAMP
 }
 
 remove_users() {
@@ -77,6 +84,7 @@ remove_users() {
   mc admin user remove minio trace-$TIMESTAMP
   mc admin user remove minio users-$TIMESTAMP
   mc admin user remove minio watch-$TIMESTAMP
+  mc admin user remove minio bucketwriteprefixonlypolicy-$TIMESTAMP
 }
 
 remove_policies() {
@@ -95,13 +103,17 @@ remove_policies() {
   mc admin policy remove minio trace-$TIMESTAMP
   mc admin policy remove minio users-$TIMESTAMP
   mc admin policy remove minio watch-$TIMESTAMP
+  mc admin policy remove minio bucketwriteprefixonlypolicy-$TIMESTAMP
+}
+
+remove_buckets() {
+  mc rm minio/testcafe/write/test.txt && mc rm minio/testcafe
 }
 
 cleanup() {
   remove_users
   remove_policies
-  pkill console
-  kill -9 `lsof -i:5005 -t`
+  remove_buckets
 }
 
 __init__() {
@@ -117,6 +129,7 @@ __init__() {
   create_policies
   create_users
   assign_policies
+  create_buckets
 }
 
 main() {
diff --git a/portal-ui/tests/utils/functions.ts b/portal-ui/tests/utils/functions.ts
index 8beccc6ec..41f2f2524 100644
--- a/portal-ui/tests/utils/functions.ts
+++ b/portal-ui/tests/utils/functions.ts
@@ -67,6 +67,10 @@ export const testBucketBrowseButtonFor = (modifier) => {
     .withText("Browse");
 };
 
+export const uploadFilesButton = () => {
+  return Selector("button").withText("Upload Files");
+};
+
 export const cleanUpBucketAndUploads = (t, modifier) => {
   const bucket = `${constants.TEST_BUCKET_NAME}-${modifier}`;
 
diff --git a/portal-ui/tests/utils/roles.ts b/portal-ui/tests/utils/roles.ts
index bcf0b62ad..11e5b2450 100644
--- a/portal-ui/tests/utils/roles.ts
+++ b/portal-ui/tests/utils/roles.ts
@@ -53,6 +53,17 @@ export const bucketWrite = Role(
   { preserveUrl: true }
 );
 
+export const bucketWritePrefixOnly = Role(
+  loginUrl,
+  async (t) => {
+    await t
+      .typeText("#accessKey", "bucketwriteprefixonlypolicy-" + unixTimestamp)
+      .typeText("#secretKey", "bucketwriteprefixonlypolicy")
+      .click(submitButton);
+  },
+  { preserveUrl: true }
+);
+
 export const dashboard = Role(
   loginUrl,
   async (t) => {