Skip to content

Commit 52835d5

Browse files
EmyrkEmyrk
committed
chore: rolestore to handle custom org roles
1 parent 520d32e commit 52835d5

File tree

8 files changed

+69
-11
lines changed

8 files changed

+69
-11
lines changed

cli/organizationroles_test.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"github.com/coder/coder/v2/coderd/coderdtest"
1212
"github.com/coder/coder/v2/coderd/database"
1313
"github.com/coder/coder/v2/coderd/database/dbgen"
14+
"github.com/coder/coder/v2/coderd/rbac"
1415
"github.com/coder/coder/v2/testutil"
1516
)
1617

@@ -20,8 +21,9 @@ func TestShowOrganizationRoles(t *testing.T) {
2021
t.Run("OK", func(t *testing.T) {
2122
t.Parallel()
2223

23-
client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{})
24-
owner := coderdtest.CreateFirstUser(t, client)
24+
ownerClient, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{})
25+
owner := coderdtest.CreateFirstUser(t, ownerClient)
26+
client, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleUserAdmin())
2527

2628
const expectedRole = "test-role"
2729
dbgen.CustomRole(t, db, database.CustomRole{
@@ -36,7 +38,6 @@ func TestShowOrganizationRoles(t *testing.T) {
3638
},
3739
})
3840

39-
// Requires an owner
4041
ctx := testutil.Context(t, testutil.WaitMedium)
4142
inv, root := clitest.New(t, "organization", "roles", "show")
4243
clitest.SetupConfig(t, client, root)

coderd/database/dbmem/dbmem.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1187,7 +1187,11 @@ func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesPar
11871187
role := role
11881188
if len(arg.LookupRoles) > 0 {
11891189
if !slices.ContainsFunc(arg.LookupRoles, func(s string) bool {
1190-
return strings.EqualFold(s, role.Name)
1190+
roleName := rbac.RoleName(role.Name, "")
1191+
if role.OrganizationID.UUID != uuid.Nil {
1192+
roleName = rbac.RoleName(role.Name, role.OrganizationID.UUID.String())
1193+
}
1194+
return strings.EqualFold(s, roleName)
11911195
}) {
11921196
continue
11931197
}

coderd/database/queries.sql.go

Lines changed: 6 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/roles.sql

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,13 @@ FROM
55
custom_roles
66
WHERE
77
true
8-
-- Lookup roles filter
8+
-- Lookup roles filter expects the role names to be in the rbac package
9+
-- format. Eg: name[:<organization_id>]
910
AND CASE WHEN array_length(@lookup_roles :: text[], 1) > 0 THEN
10-
-- Case insensitive
11-
name ILIKE ANY(@lookup_roles :: text [])
11+
-- Case insensitive lookup with org_id appended (if non-null).
12+
-- This will return just the name if org_id is null. It'll append
13+
-- the org_id if not null
14+
concat(name, NULLIF(concat(':', organization_id), ':')) ILIKE ANY(@lookup_roles :: text [])
1215
ELSE true
1316
END
1417
-- Org scoping filter, to only fetch site wide roles

coderd/rbac/rolestore/rolestore.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,
7676
dbroles, err := db.CustomRoles(ctx, database.CustomRolesParams{
7777
LookupRoles: lookup,
7878
ExcludeOrgRoles: false,
79+
OrganizationID: uuid.Nil,
7980
})
8081
if err != nil {
8182
return nil, xerrors.Errorf("fetch custom roles: %w", err)

coderd/rbac/rolestore/rolestore_test.go

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
package rolestore_test
2+
3+
import (
4+
"testing"
5+
6+
"github.com/google/uuid"
7+
"github.com/stretchr/testify/require"
8+
9+
"github.com/coder/coder/v2/coderd/database"
10+
"github.com/coder/coder/v2/coderd/database/dbgen"
11+
"github.com/coder/coder/v2/coderd/database/dbmem"
12+
"github.com/coder/coder/v2/coderd/rbac"
13+
"github.com/coder/coder/v2/coderd/rbac/rolestore"
14+
"github.com/coder/coder/v2/testutil"
15+
)
16+
17+
func TestExpandCustomRoleRoles(t *testing.T) {
18+
t.Parallel()
19+
20+
db := dbmem.New()
21+
22+
org := dbgen.Organization(t, db, database.Organization{})
23+
24+
const roleName = "test-role"
25+
dbgen.CustomRole(t, db, database.CustomRole{
26+
Name: roleName,
27+
DisplayName: "",
28+
SitePermissions: nil,
29+
OrgPermissions: nil,
30+
UserPermissions: nil,
31+
OrganizationID: uuid.NullUUID{
32+
UUID: org.ID,
33+
Valid: true,
34+
},
35+
})
36+
37+
ctx := testutil.Context(t, testutil.WaitShort)
38+
roles, err := rolestore.Expand(ctx, db, []string{rbac.RoleName(roleName, org.ID.String())})
39+
require.NoError(t, err)
40+
require.Len(t, roles, 1, "role found")
41+
}

coderd/roles.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ package coderd
33
import (
44
"net/http"
55

6+
"github.com/google/uuid"
7+
68
"github.com/coder/coder/v2/coderd/database"
79
"github.com/coder/coder/v2/coderd/database/db2sdk"
810
"github.com/coder/coder/v2/coderd/httpmw"
@@ -32,9 +34,10 @@ func (api *API) AssignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
3234
}
3335

3436
dbCustomRoles, err := api.Database.CustomRoles(ctx, database.CustomRolesParams{
37+
LookupRoles: nil,
3538
// Only site wide custom roles to be included
3639
ExcludeOrgRoles: true,
37-
LookupRoles: nil,
40+
OrganizationID: uuid.Nil,
3841
})
3942
if err != nil {
4043
httpapi.InternalServerError(rw, err)

coderd/roles_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,8 @@ func TestListCustomRoles(t *testing.T) {
164164
t.Parallel()
165165

166166
t.Run("Organizations", func(t *testing.T) {
167+
t.Parallel()
168+
167169
client, db := coderdtest.NewWithDatabase(t, nil)
168170
owner := coderdtest.CreateFirstUser(t, client)
169171

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy