NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commit0089e1d

committed

remove user data object, and just use a data object

1 parent1823973 commit0089e1dCopy full SHA for 0089e1d

File tree

12 files changed

+117

-104

lines changed

coderd
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - modelmethods.go
- debug.go
- deployment.go
- insights.go
- rbac
  - object_gen.go
- roles.go
- wsbuilder
  - wsbuilder.go
enterprise/coderd
- appearance.go
scripts/rbacgen
- main.go
- object.gotmpl

12 files changed

+117

-104

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 61 additions & 49 deletions

Large diffs are not rendered by default.

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 9 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -524,10 +524,10 @@ func (s *MethodTestSuite) TestLicense() {`
`524`	`524`	`Asserts(rbac.ResourceLicense,policy.ActionCreate)`
`525`	`525`	`}))`
`526`	`526`	`s.Run("UpsertLogoURL",s.Subtest(func(db database.Store,check*expects) {`
`527`		`-check.Args("value").Asserts(rbac.ResourceDeploymentValues,policy.ActionCreate)`
	`527`	`+check.Args("value").Asserts(rbac.ResourceDeploymentConfig,policy.ActionCreate)`
`528`	`528`	`}))`
`529`	`529`	`s.Run("UpsertNotificationBanners",s.Subtest(func(db database.Store,check*expects) {`
`530`		`-check.Args("value").Asserts(rbac.ResourceDeploymentValues,policy.ActionCreate)`
	`530`	`+check.Args("value").Asserts(rbac.ResourceDeploymentConfig,policy.ActionCreate)`
`531`	`531`	`}))`
`532`	`532`	`s.Run("GetLicenseByID",s.Subtest(func(db database.Store,check*expects) {`
`533`	`533`	`l,err:=db.InsertLicense(context.Background(), database.InsertLicenseParams{`
`@@ -1038,13 +1038,13 @@ func (s *MethodTestSuite) TestUser() {`
`1038`	`1038`	`u:=dbgen.User(s.T(),db, database.User{})`
`1039`	`1039`	`check.Args(database.UpdateUserHashedPasswordParams{`
`1040`	`1040`	`ID:u.ID,`
`1041`		`-}).Asserts(u.UserDataRBACObject(),policy.ActionUpdate).Returns()`
	`1041`	`+}).Asserts(u,policy.ActionUpdatePersonal).Returns()`
`1042`	`1042`	`}))`
`1043`	`1043`	`s.Run("UpdateUserQuietHoursSchedule",s.Subtest(func(db database.Store,check*expects) {`
`1044`	`1044`	`u:=dbgen.User(s.T(),db, database.User{})`
`1045`	`1045`	`check.Args(database.UpdateUserQuietHoursScheduleParams{`
`1046`	`1046`	`ID:u.ID,`
`1047`		`-}).Asserts(u.UserDataRBACObject(),policy.ActionUpdate)`
	`1047`	`+}).Asserts(u,policy.ActionUpdatePersonal)`
`1048`	`1048`	`}))`
`1049`	`1049`	`s.Run("UpdateUserLastSeenAt",s.Subtest(func(db database.Store,check*expects) {`
`1050`	`1050`	`u:=dbgen.User(s.T(),db, database.User{})`
`@@ -1061,7 +1061,7 @@ func (s *MethodTestSuite) TestUser() {`
`1061`	`1061`	`Email:u.Email,`
`1062`	`1062`	`Username:u.Username,`
`1063`	`1063`	`UpdatedAt:u.UpdatedAt,`
`1064`		`-}).Asserts(u.UserDataRBACObject(),policy.ActionUpdate).Returns(u)`
	`1064`	`+}).Asserts(u,policy.ActionUpdatePersonal).Returns(u)`
`1065`	`1065`	`}))`
`1066`	`1066`	`s.Run("GetUserWorkspaceBuildParameters",s.Subtest(func(db database.Store,check*expects) {`
`1067`	`1067`	`u:=dbgen.User(s.T(),db, database.User{})`
`@@ -1080,7 +1080,7 @@ func (s *MethodTestSuite) TestUser() {`
`1080`	`1080`	`ID:u.ID,`
`1081`	`1081`	`ThemePreference:u.ThemePreference,`
`1082`	`1082`	`UpdatedAt:u.UpdatedAt,`
`1083`		`-}).Asserts(u.UserDataRBACObject(),policy.ActionUpdate).Returns(u)`
	`1083`	`+}).Asserts(u,policy.ActionUpdatePersonal).Returns(u)`
`1084`	`1084`	`}))`
`1085`	`1085`	`s.Run("UpdateUserStatus",s.Subtest(func(db database.Store,check*expects) {`
`1086`	`1086`	`u:=dbgen.User(s.T(),db, database.User{})`
`@@ -1102,7 +1102,7 @@ func (s *MethodTestSuite) TestUser() {`
`1102`	`1102`	`u:=dbgen.User(s.T(),db, database.User{})`
`1103`	`1103`	`check.Args(database.InsertGitSSHKeyParams{`
`1104`	`1104`	`UserID:u.ID,`
`1105`		`-}).Asserts(rbac.ResourceUserData.WithID(u.ID).WithOwner(u.ID.String()),policy.ActionCreate)`
	`1105`	`+}).Asserts(rbac.ResourceUser.WithID(u.ID).WithOwner(u.ID.String()),policy.ActionUpdatePersonal)`
`1106`	`1106`	`}))`
`1107`	`1107`	`s.Run("UpdateGitSSHKey",s.Subtest(func(db database.Store,check*expects) {`
`1108`	`1108`	`key:=dbgen.GitSSHKey(s.T(),db, database.GitSSHKey{})`
`@@ -2204,13 +2204,13 @@ func (s *MethodTestSuite) TestSystemFunctions() {`
`2204`	`2204`	`check.Args().Asserts()`
`2205`	`2205`	`}))`
`2206`	`2206`	`s.Run("UpsertApplicationName",s.Subtest(func(db database.Store,check*expects) {`
`2207`		`-check.Args("").Asserts(rbac.ResourceDeploymentValues,policy.ActionCreate)`
	`2207`	`+check.Args("").Asserts(rbac.ResourceDeploymentConfig,policy.ActionCreate)`
`2208`	`2208`	`}))`
`2209`	`2209`	`s.Run("GetHealthSettings",s.Subtest(func(db database.Store,check*expects) {`
`2210`	`2210`	`check.Args().Asserts()`
`2211`	`2211`	`}))`
`2212`	`2212`	`s.Run("UpsertHealthSettings",s.Subtest(func(db database.Store,check*expects) {`
`2213`		`-check.Args("foo").Asserts(rbac.ResourceDeploymentValues,policy.ActionCreate)`
	`2213`	`+check.Args("foo").Asserts(rbac.ResourceDeploymentConfig,policy.ActionCreate)`
`2214`	`2214`	`}))`
`2215`	`2215`	`s.Run("GetDeploymentWorkspaceAgentStats",s.Subtest(func(db database.Store,check*expects) {`
`2216`	`2216`	`check.Args(time.Time{}).Asserts()`

`‎coderd/database/modelmethods.go`

Lines changed: 3 additions & 39 deletions

Original file line number	Diff line number	Diff line change
`@@ -164,22 +164,6 @@ func (w Workspace) RBACObject() rbac.Object {`
`164`	`164`	`WithOwner(w.OwnerID.String())`
`165`	`165`	`}`
`166`	`166`
`167`		`-func (wWorkspace)WorkspaceBuildRBAC(transitionWorkspaceTransition) rbac.Object {`
`168`		`-// If a workspace is dormant it cannot be built.`
`169`		`-// However we need to allow stopping a workspace by a caller once a workspace`
`170`		`-// is locked (e.g. for autobuild). Additionally, if a user wants to delete`
`171`		`-// a locked workspace, they shouldn't have to have it unlocked first.`
`172`		`-ifw.DormantAt.Valid&&transition!=WorkspaceTransitionStop&&`
`173`		`-transition!=WorkspaceTransitionDelete {`
`174`		`-returnw.DormantRBAC()`
`175`		`-}`
`176`		`-`
`177`		`-returnrbac.ResourceWorkspaceBuild.`
`178`		`-WithID(w.ID).`
`179`		`-InOrg(w.OrganizationID).`
`180`		`-WithOwner(w.OwnerID.String())`
`181`		`-}`
`182`		`-`
`183`	`167`	`func (wWorkspace)DormantRBAC() rbac.Object {`
`184`	`168`	`returnrbac.ResourceWorkspaceDormant.`
`185`	`169`	`WithID(w.ID).`
`@@ -227,32 +211,17 @@ func (f File) RBACObject() rbac.Object {`
`227`	`211`	`}`
`228`	`212`
`229`	`213`	`// RBACObject returns the RBAC object for the site wide user resource.`
`230`		`-// If you are trying to get the RBAC object for the UserData, use`
`231`		`-// u.UserDataRBACObject() instead.`
`232`	`214`	`func (uUser)RBACObject() rbac.Object {`
`233`	`215`	`returnrbac.ResourceUserObject(u.ID)`
`234`	`216`	`}`
`235`	`217`
`236`		`-func (uUser)UserDataRBACObject() rbac.Object {`
`237`		`-returnrbac.ResourceUserData.WithID(u.ID).WithOwner(u.ID.String())`
`238`		`-}`
`239`		`-`
`240`		`-func (uUser)UserWorkspaceBuildParametersObject() rbac.Object {`
`241`		`-returnrbac.ResourceUserWorkspaceBuildParameters.WithID(u.ID).WithOwner(u.ID.String())`
`242`		`-}`
`243`		`-`
`244`	`218`	`func (uGetUsersRow)RBACObject() rbac.Object {`
`245`	`219`	`returnrbac.ResourceUserObject(u.ID)`
`246`	`220`	`}`
`247`	`221`
`248`		`-func (uGitSSHKey)RBACObject() rbac.Object {`
`249`		`-returnrbac.ResourceUserData.WithID(u.UserID).WithOwner(u.UserID.String())`
`250`		`-}`
`251`		`-`
`252`		`-func (uExternalAuthLink)RBACObject() rbac.Object {`
`253`		`-// I assume UserData is ok?`
`254`		`-returnrbac.ResourceUserData.WithID(u.UserID).WithOwner(u.UserID.String())`
`255`		`-}`
	`222`	`+func (uGitSSHKey)RBACObject() rbac.Object {returnrbac.ResourceUserObject(u.UserID) }`
	`223`	`+func (uExternalAuthLink)RBACObject() rbac.Object {returnrbac.ResourceUserObject(u.UserID) }`
	`224`	`+func (uUserLink)RBACObject() rbac.Object {returnrbac.ResourceUserObject(u.UserID) }`
`256`	`225`
`257`	`226`	`func (uExternalAuthLink)OAuthToken()*oauth2.Token {`
`258`	`227`	`return&oauth2.Token{`
`@@ -262,11 +231,6 @@ func (u ExternalAuthLink) OAuthToken() *oauth2.Token {`
`262`	`231`	`}`
`263`	`232`	`}`
`264`	`233`
`265`		`-func (uUserLink)RBACObject() rbac.Object {`
`266`		`-// I assume UserData is ok?`
`267`		`-returnrbac.ResourceUserData.WithOwner(u.UserID.String()).WithID(u.UserID)`
`268`		`-}`
`269`		`-`
`270`	`234`	`func (lLicense)RBACObject() rbac.Object {`
`271`	`235`	`returnrbac.ResourceLicense.WithIDString(strconv.FormatInt(int64(l.ID),10))`
`272`	`236`	`}`

`‎coderd/debug.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ func (api API) deploymentHealthSettings(rw http.ResponseWriter, r http.Request`
`194`	`194`	`func (apiAPI)putDeploymentHealthSettings(rw http.ResponseWriter,rhttp.Request) {`
`195`	`195`	`ctx:=r.Context()`
`196`	`196`
`197`		`-if!api.Authorize(r,policy.ActionUpdate,rbac.ResourceDeploymentValues) {`
	`197`	`+if!api.Authorize(r,policy.ActionUpdate,rbac.ResourceDeploymentConfig) {`
`198`	`198`	`httpapi.Write(ctx,rw,http.StatusForbidden, codersdk.Response{`
`199`	`199`	`Message:"Insufficient permissions to update health settings.",`
`200`	`200`	`})`

`‎coderd/deployment.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ import (`
`17`	`17`	`// @Success 200 {object} codersdk.DeploymentConfig`
`18`	`18`	`// @Router /deployment/config [get]`
`19`	`19`	`func (apiAPI)deploymentValues(rw http.ResponseWriter,rhttp.Request) {`
`20`		`-if!api.Authorize(r,policy.ActionRead,rbac.ResourceDeploymentValues) {`
	`20`	`+if!api.Authorize(r,policy.ActionRead,rbac.ResourceDeploymentConfig) {`
`21`	`21`	`httpapi.Forbidden(rw)`
`22`	`22`	`return`
`23`	`23`	`}`

`‎coderd/insights.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ const insightsTimeLayout = time.RFC3339`
`33`	`33`	`// @Success 200 {object} codersdk.DAUsResponse`
`34`	`34`	`// @Router /insights/daus [get]`
`35`	`35`	`func (apiAPI)deploymentDAUs(rw http.ResponseWriter,rhttp.Request) {`
`36`		`-if!api.Authorize(r,policy.ActionRead,rbac.ResourceDeploymentValues) {`
	`36`	`+if!api.Authorize(r,policy.ActionRead,rbac.ResourceDeploymentConfig) {`
`37`	`37`	`httpapi.Forbidden(rw)`
`38`	`38`	`return`
`39`	`39`	`}`

`‎coderd/rbac/object_gen.go`

Lines changed: 20 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/roles.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ import (`
`23`	`23`	`func (apiAPI)assignableSiteRoles(rw http.ResponseWriter,rhttp.Request) {`
`24`	`24`	`ctx:=r.Context()`
`25`	`25`	`actorRoles:=httpmw.UserAuthorization(r)`
`26`		`-if!api.Authorize(r,policy.ActionRead,rbac.ResourceRoleAssignment) {`
	`26`	`+if!api.Authorize(r,policy.ActionRead,rbac.ResourceDeploymentConfig) {`
`27`	`27`	`httpapi.Forbidden(rw)`
`28`	`28`	`return`
`29`	`29`	`}`
`@@ -47,7 +47,7 @@ func (api API) assignableOrgRoles(rw http.ResponseWriter, r http.Request) {`
`47`	`47`	`organization:=httpmw.OrganizationParam(r)`
`48`	`48`	`actorRoles:=httpmw.UserAuthorization(r)`
`49`	`49`
`50`		`-if!api.Authorize(r,policy.ActionRead,rbac.ResourceOrgRoleAssignment.InOrg(organization.ID)) {`
	`50`	`+if!api.Authorize(r,policy.ActionRead,rbac.ResourceDeploymentConfig.InOrg(organization.ID)) {`
`51`	`51`	`httpapi.ResourceNotFound(rw)`
`52`	`52`	`return`
`53`	`53`	`}`

`‎coderd/wsbuilder/wsbuilder.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -665,7 +665,7 @@ func (b *Builder) authorize(authFunc func(action policy.Action, object rbac.Obje`
`665`	`665`	`}`
`666`	`666`	`}`
`667`	`667`
`668`		`-ifb.logLevel!=""&&!authFunc(policy.ActionRead,rbac.ResourceDeploymentValues) {`
	`668`	`+ifb.logLevel!=""&&!authFunc(policy.ActionRead,rbac.ResourceDeploymentConfig) {`
`669`	`669`	`returnBuildError{`
`670`	`670`	`http.StatusBadRequest,`
`671`	`671`	`"Workspace builds with a custom log level are restricted to administrators only.",`

`‎enterprise/coderd/appearance.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ func validateHexColor(color string) error {`
`137`	`137`	`func (apiAPI)putAppearance(rw http.ResponseWriter,rhttp.Request) {`
`138`	`138`	`ctx:=r.Context()`
`139`	`139`
`140`		`-if!api.Authorize(r,policy.ActionUpdate,rbac.ResourceDeploymentValues) {`
	`140`	`+if!api.Authorize(r,policy.ActionUpdate,rbac.ResourceDeploymentConfig) {`
`141`	`141`	`httpapi.Write(ctx,rw,http.StatusForbidden, codersdk.Response{`
`142`	`142`	`Message:"Insufficient permissions to update appearance",`
`143`	`143`	`})`

`‎scripts/rbacgen/main.go`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -121,6 +121,13 @@ func generate(ctx context.Context) ([]byte, error) {`
`121`	`121`	`tpl,err:=template.New("object.gotmpl").Funcs(template.FuncMap{`
`122`	`122`	`"capitalize":capitalize,`
`123`	`123`	`"pascalCaseName":pascalCaseName[string],`
	`124`	`+"actionsList":func() []string {`
	`125`	`+tmp:=make([]string,0)`
	`126`	`+for_,actionEnum:=rangeactionMap {`
	`127`	`+tmp=append(tmp,actionEnum)`
	`128`	`+}`
	`129`	`+returntmp`
	`130`	`+},`
`124`	`131`	`"actionEnum":func(action policy.Action)string {`
`125`	`132`	`x++`
`126`	`133`	`v,ok:=actionMap[string(action)]`

`‎scripts/rbacgen/object.gotmpl`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
`1`	`1`	`// Code generated by rbacgen/main.go. DO NOT EDIT.`
`2`	`2`	`package rbac`
`3`	`3`
	`4`	`+import "github.com/coder/coder/v2/coderd/rbac/policy"`
	`5`	`+`
`4`	`6`	`// Objecter returns the RBAC object for itself.`
`5`	`7`	`type Objecter interface {`
`6`	`8`	`RBACObject() Object`
`@@ -27,3 +29,11 @@ func AllResources() []Objecter {`
`27`	`29`	`{{- end }}`
`28`	`30`	`}`
`29`	`31`	`}`
	`32`	`+`
	`33`	`+func AllActions() []policy.Action {`
	`34`	`+return []policy.Action {`
	`35`	`+{{- range $element := actionsList }}`
	`36`	`+policy.{{ $element }},`
	`37`	`+{{- end }}`
	`38`	`+}`
	`39`	`+}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0089e1d

File tree

12 files changed

12 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/modelmethods.go`

`‎coderd/debug.go`

`‎coderd/deployment.go`

`‎coderd/insights.go`

`‎coderd/rbac/object_gen.go`

`‎coderd/roles.go`

`‎coderd/wsbuilder/wsbuilder.go`

`‎enterprise/coderd/appearance.go`

`‎scripts/rbacgen/main.go`

`‎scripts/rbacgen/object.gotmpl`

0 commit comments