Skip to content

Commit 086ce69

Browse files
EmyrkEmyrk
committed
feat: add hidden enterprise cmd command to list roles
This includes custom roles, and has a json ouput option for more granular permissions
1 parent 92c5dfa commit 086ce69

File tree

23 files changed

+309
-61
lines changed

23 files changed

+309
-61
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -835,11 +835,12 @@ func (q *querier) CleanTailnetTunnels(ctx context.Context) error {
835835
return q.db.CleanTailnetTunnels(ctx)
836836
}
837837

838-
func (q *querier) CustomRolesByName(ctx context.Context, lookupRoles []string) ([]database.CustomRole, error) {
838+
// TODO: Handle org scoped lookups
839+
func (q *querier) CustomRoles(ctx context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
839840
if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceAssignRole); err != nil {
840841
return nil, err
841842
}
842-
return q.db.CustomRolesByName(ctx, lookupRoles)
843+
return q.db.CustomRoles(ctx, arg)
843844
}
844845

845846
func (q *querier) DeleteAPIKeyByID(ctx context.Context, id string) error {

coderd/database/dbauthz/dbauthz_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1167,8 +1167,8 @@ func (s *MethodTestSuite) TestUser() {
11671167
b := dbgen.User(s.T(), db, database.User{})
11681168
check.Args().Asserts(rbac.ResourceSystem, policy.ActionRead).Returns(slice.New(a.ID, b.ID))
11691169
}))
1170-
s.Run("CustomRolesByName", s.Subtest(func(db database.Store, check *expects) {
1171-
check.Args([]string{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
1170+
s.Run("CustomRoles", s.Subtest(func(db database.Store, check *expects) {
1171+
check.Args(database.CustomRolesParams{}).Asserts(rbac.ResourceAssignRole, policy.ActionRead).Returns([]database.CustomRole{})
11721172
}))
11731173
s.Run("Blank/UpsertCustomRole", s.Subtest(func(db database.Store, check *expects) {
11741174
// Blank is no perms in the role

coderd/database/dbmem/dbmem.go

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1174,18 +1174,26 @@ func (*FakeQuerier) CleanTailnetTunnels(context.Context) error {
11741174
return ErrUnimplemented
11751175
}
11761176

1177-
func (q *FakeQuerier) CustomRolesByName(_ context.Context, lookupRoles []string) ([]database.CustomRole, error) {
1177+
func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesParams) ([]database.CustomRole, error) {
11781178
q.mutex.Lock()
11791179
defer q.mutex.Unlock()
11801180

11811181
found := make([]database.CustomRole, 0)
11821182
for _, role := range q.data.customRoles {
1183-
if slices.ContainsFunc(lookupRoles, func(s string) bool {
1184-
return strings.EqualFold(s, role.Name)
1185-
}) {
1186-
role := role
1187-
found = append(found, role)
1183+
if len(arg.LookupRoles) > 0 {
1184+
if !slices.ContainsFunc(arg.LookupRoles, func(s string) bool {
1185+
return strings.EqualFold(s, role.Name)
1186+
}) {
1187+
continue
1188+
}
11881189
}
1190+
1191+
if arg.ExcludeOrgRoles && role.OrganizationID.Valid {
1192+
continue
1193+
}
1194+
1195+
role := role
1196+
found = append(found, role)
11891197
}
11901198

11911199
return found, nil

coderd/database/dbmetrics/dbmetrics.go

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dbmock/dbmock.go

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dump.sql

Lines changed: 4 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000210_custom_role_orgs.down.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
ALTER TABLE custom_roles
2+
-- This column is nullable, meaning no organization scope
3+
DROP COLUMN organization_id;

coderd/database/migrations/000210_custom_role_orgs.up.sql

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
ALTER TABLE custom_roles
2+
-- This column is nullable, meaning no organization scope
3+
ADD COLUMN organization_id uuid;
4+
5+
COMMENT ON COLUMN custom_roles.organization_id IS 'Roles can optionally be scoped to an organization'

coderd/database/models.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/querier.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy