Skip to content

Commit a043f92

Browse files
ssncferreirassncferreira
committed
fix: role permissions tests
1 parent 2ba15c5 commit a043f92

File tree

2 files changed

+44
-35
lines changed

2 files changed

+44
-35
lines changed

coderd/database/dbauthz/dbauthz.go

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -530,9 +530,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {
530530
// running the insertFunc. The insertFunc is expected to return the object that
531531
// was inserted.
532532
func insert[
533-
ObjectType any,
534-
ArgumentType any,
535-
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
533+
ObjectType any,
534+
ArgumentType any,
535+
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
536536
](
537537
logger slog.Logger,
538538
authorizer rbac.Authorizer,
@@ -543,9 +543,9 @@ Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
543543
}
544544

545545
func insertWithAction[
546-
ObjectType any,
547-
ArgumentType any,
548-
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
546+
ObjectType any,
547+
ArgumentType any,
548+
Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
549549
](
550550
logger slog.Logger,
551551
authorizer rbac.Authorizer,
@@ -572,10 +572,10 @@ Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
572572
}
573573

574574
func deleteQ[
575-
ObjectType rbac.Objecter,
576-
ArgumentType any,
577-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
578-
Delete func(ctx context.Context, arg ArgumentType) error,
575+
ObjectType rbac.Objecter,
576+
ArgumentType any,
577+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
578+
Delete func(ctx context.Context, arg ArgumentType) error,
579579
](
580580
logger slog.Logger,
581581
authorizer rbac.Authorizer,
@@ -587,10 +587,10 @@ Delete func(ctx context.Context, arg ArgumentType) error,
587587
}
588588

589589
func updateWithReturn[
590-
ObjectType rbac.Objecter,
591-
ArgumentType any,
592-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
593-
UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
590+
ObjectType rbac.Objecter,
591+
ArgumentType any,
592+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
593+
UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
594594
](
595595
logger slog.Logger,
596596
authorizer rbac.Authorizer,
@@ -601,10 +601,10 @@ UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
601601
}
602602

603603
func update[
604-
ObjectType rbac.Objecter,
605-
ArgumentType any,
606-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
607-
Exec func(ctx context.Context, arg ArgumentType) error,
604+
ObjectType rbac.Objecter,
605+
ArgumentType any,
606+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
607+
Exec func(ctx context.Context, arg ArgumentType) error,
608608
](
609609
logger slog.Logger,
610610
authorizer rbac.Authorizer,
@@ -622,9 +622,9 @@ Exec func(ctx context.Context, arg ArgumentType) error,
622622
// user cannot read the resource. This is because the resource details are
623623
// required to run a proper authorization check.
624624
func fetchWithAction[
625-
ArgumentType any,
626-
ObjectType rbac.Objecter,
627-
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
625+
ArgumentType any,
626+
ObjectType rbac.Objecter,
627+
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
628628
](
629629
logger slog.Logger,
630630
authorizer rbac.Authorizer,
@@ -655,9 +655,9 @@ DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
655655
}
656656

657657
func fetch[
658-
ArgumentType any,
659-
ObjectType rbac.Objecter,
660-
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
658+
ArgumentType any,
659+
ObjectType rbac.Objecter,
660+
DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
661661
](
662662
logger slog.Logger,
663663
authorizer rbac.Authorizer,
@@ -670,10 +670,10 @@ DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
670670
// from SQL 'exec' functions which only return an error.
671671
// See fetchAndQuery for more information.
672672
func fetchAndExec[
673-
ObjectType rbac.Objecter,
674-
ArgumentType any,
675-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
676-
Exec func(ctx context.Context, arg ArgumentType) error,
673+
ObjectType rbac.Objecter,
674+
ArgumentType any,
675+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
676+
Exec func(ctx context.Context, arg ArgumentType) error,
677677
](
678678
logger slog.Logger,
679679
authorizer rbac.Authorizer,
@@ -696,10 +696,10 @@ Exec func(ctx context.Context, arg ArgumentType) error,
696696
// **before** the query runs. The returns from the fetch are only used to
697697
// assert rbac. The final return of this function comes from the Query function.
698698
func fetchAndQuery[
699-
ObjectType rbac.Objecter,
700-
ArgumentType any,
701-
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
702-
Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
699+
ObjectType rbac.Objecter,
700+
ArgumentType any,
701+
Fetch func(ctx context.Context, arg ArgumentType) (ObjectType, error),
702+
Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
703703
](
704704
logger slog.Logger,
705705
authorizer rbac.Authorizer,
@@ -733,9 +733,9 @@ Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
733733
// fetchWithPostFilter is like fetch, but works with lists of objects.
734734
// SQL filters are much more optimal.
735735
func fetchWithPostFilter[
736-
ArgumentType any,
737-
ObjectType rbac.Objecter,
738-
DatabaseFunc func(ctx context.Context, arg ArgumentType) ([]ObjectType, error),
736+
ArgumentType any,
737+
ObjectType rbac.Objecter,
738+
DatabaseFunc func(ctx context.Context, arg ArgumentType) ([]ObjectType, error),
739739
](
740740
authorizer rbac.Authorizer,
741741
action policy.Action,

coderd/rbac/roles_test.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -496,6 +496,15 @@ func TestRolePermissions(t *testing.T) {
496496
false: {setOtherOrg, userAdmin, templateAdmin, memberMe, orgTemplateAdmin, orgUserAdmin, orgAuditor},
497497
},
498498
},
499+
{
500+
Name: "PrebuiltWorkspace",
501+
Actions: []policy.Action{policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
502+
Resource: rbac.ResourcePrebuiltWorkspace.WithID(uuid.New()).InOrg(orgID).WithOwner(memberMe.Actor.ID),
503+
AuthorizeMap: map[bool][]hasAuthSubjects{
504+
true: {owner, orgAdmin, orgMemberMe, templateAdmin, orgTemplateAdmin},
505+
false: {setOtherOrg, userAdmin, memberMe, orgUserAdmin, orgAuditor},
506+
},
507+
},
499508
// Some admin style resources
500509
{
501510
Name: "Licenses",

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy