NotificationsYou must be signed in to change notification settings
Fork913
Star10k

Commit166467c

authored

fix: don't requireorganization_id in body when updating a custom role (#14102)

1 parente2cec45 commit166467cCopy full SHA for 166467c

File tree

11 files changed

+56

-58

lines changed

cli
- organizationroles.go
coderd
- roles.go
codersdk
- roles.go
enterprise
- cli
  - organizationmembers_test.go
  - templatecreate_test.go
- coderd
site/src/api
- typesGenerated.ts

11 files changed

+56

-58

lines changed

`‎cli/organizationroles.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -203,7 +203,7 @@ func (r RootCmd) editOrganizationRole(orgContext OrganizationContext) *serpent`
`203`	`203`	`// Do not actually post`
`204`	`204`	`updated=customRole`
`205`	`205`	`}else {`
`206`		`-updated,err=client.PatchOrganizationRole(ctx,org.ID,customRole)`
	`206`	`+updated,err=client.PatchOrganizationRole(ctx,customRole)`
`207`	`207`	`iferr!=nil {`
`208`	`208`	`returnxerrors.Errorf("patch role: %w",err)`
`209`	`209`	`}`

`‎coderd/roles.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,12 +20,12 @@ import (`
`20`	`20`	`// roles. Ideally only included in the enterprise package, but the routes are`
`21`	`21`	`// intermixed with AGPL endpoints.`
`22`	`22`	`typeCustomRoleHandlerinterface {`
`23`		`-PatchOrganizationRole(ctx context.Context,rw http.ResponseWriter,r*http.Request,orgID uuid.UUID,role codersdk.Role) (codersdk.Role,bool)`
	`23`	`+PatchOrganizationRole(ctx context.Context,rw http.ResponseWriter,r*http.Request,orgID uuid.UUID,role codersdk.PatchRoleRequest) (codersdk.Role,bool)`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`typeagplCustomRoleHandlerstruct{}`
`27`	`27`
`28`		`-func (agplCustomRoleHandler)PatchOrganizationRole(ctx context.Context,rw http.ResponseWriter,_*http.Request,_ uuid.UUID,_ codersdk.Role) (codersdk.Role,bool) {`
	`28`	`+func (agplCustomRoleHandler)PatchOrganizationRole(ctx context.Context,rw http.ResponseWriter,_*http.Request,_ uuid.UUID,_ codersdk.PatchRoleRequest) (codersdk.Role,bool) {`
`29`	`29`	`httpapi.Write(ctx,rw,http.StatusForbidden, codersdk.Response{`
`30`	`30`	`Message:"Creating and updating custom roles is an Enterprise feature. Contact sales!",`
`31`	`31`	`})`
`@@ -49,7 +49,7 @@ func (api API) patchOrgRoles(rw http.ResponseWriter, r http.Request) {`
`49`	`49`	`organization=httpmw.OrganizationParam(r)`
`50`	`50`	`)`
`51`	`51`
`52`		`-varreq codersdk.Role`
	`52`	`+varreq codersdk.PatchRoleRequest`
`53`	`53`	`if!httpapi.Read(ctx,rw,r,&req) {`
`54`	`54`	`return`
`55`	`55`	`}`

`‎codersdk/roles.go`

Lines changed: 23 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ type Permission struct {`
`50`	`50`	ActionRBACAction`json:"action"`
`51`	`51`	`}`
`52`	`52`
`53`		`-// Role is a longer form of SlimRoleused to edit custom roles.`
	`53`	`+// Role is a longer form of SlimRolethat includes permissions details.`
`54`	`54`	`typeRolestruct {`
`55`	`55`	Namestring`json:"name" table:"name,default_sort" validate:"username"`
`56`	`56`	OrganizationIDstring`json:"organization_id,omitempty" table:"organization_id" format:"uuid"`
`@@ -61,6 +61,16 @@ type Role struct {`
`61`	`61`	UserPermissions []Permission`json:"user_permissions" table:"user_permissions"`
`62`	`62`	`}`
`63`	`63`
	`64`	`+// PatchRoleRequest is used to edit custom roles.`
	`65`	`+typePatchRoleRequeststruct {`
	`66`	+Namestring`json:"name" table:"name,default_sort" validate:"username"`
	`67`	+DisplayNamestring`json:"display_name" table:"display_name"`
	`68`	+SitePermissions []Permission`json:"site_permissions" table:"site_permissions"`
	`69`	`+// OrganizationPermissions are specific to the organization the role belongs to.`
	`70`	+OrganizationPermissions []Permission`json:"organization_permissions" table:"organization_permissions"`
	`71`	+UserPermissions []Permission`json:"user_permissions" table:"user_permissions"`
	`72`	`+}`
	`73`	`+`
`64`	`74`	`// FullName returns the role name scoped to the organization ID. This is useful if`
`65`	`75`	`// printing a set of roles from different scopes, as duplicated names across multiple`
`66`	`76`	`// scopes will become unique.`
`@@ -73,18 +83,26 @@ func (r Role) FullName() string {`
`73`	`83`	`}`
`74`	`84`
`75`	`85`	`// PatchOrganizationRole will upsert a custom organization role`
`76`		`-func (c*Client)PatchOrganizationRole(ctx context.Context,organizationID uuid.UUID,reqRole) (Role,error) {`
	`86`	`+func (c*Client)PatchOrganizationRole(ctx context.Context,roleRole) (Role,error) {`
	`87`	`+req:=PatchRoleRequest{`
	`88`	`+Name:role.Name,`
	`89`	`+DisplayName:role.DisplayName,`
	`90`	`+SitePermissions:role.SitePermissions,`
	`91`	`+OrganizationPermissions:role.OrganizationPermissions,`
	`92`	`+UserPermissions:role.UserPermissions,`
	`93`	`+}`
	`94`	`+`
`77`	`95`	`res,err:=c.Request(ctx,http.MethodPatch,`
`78`		`-fmt.Sprintf("/api/v2/organizations/%s/members/roles",organizationID.String()),req)`
	`96`	`+fmt.Sprintf("/api/v2/organizations/%s/members/roles",role.OrganizationID),req)`
`79`	`97`	`iferr!=nil {`
`80`	`98`	`returnRole{},err`
`81`	`99`	`}`
`82`	`100`	`deferres.Body.Close()`
`83`	`101`	`ifres.StatusCode!=http.StatusOK {`
`84`	`102`	`returnRole{},ReadBodyAsError(res)`
`85`	`103`	`}`
`86`		`-varroleRole`
`87`		`-returnrole,json.NewDecoder(res.Body).Decode(&role)`
	`104`	`+varrRole`
	`105`	`+returnr,json.NewDecoder(res.Body).Decode(&r)`
`88`	`106`	`}`
`89`	`107`
`90`	`108`	`// ListSiteRoles lists all assignable site wide roles.`

`‎enterprise/cli/organizationmembers_test.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ func TestEnterpriseListOrganizationMembers(t *testing.T) {`
`36`	`36`
`37`	`37`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`38`	`38`	`//nolint:gocritic // only owners can patch roles`
`39`		`-customRole,err:=ownerClient.PatchOrganizationRole(ctx,owner.OrganizationID,codersdk.Role{`
	`39`	`+customRole,err:=ownerClient.PatchOrganizationRole(ctx, codersdk.Role{`
`40`	`40`	`Name:"custom",`
`41`	`41`	`OrganizationID:owner.OrganizationID.String(),`
`42`	`42`	`DisplayName:"Custom Role",`
`@@ -89,7 +89,7 @@ func TestAssignOrganizationMemberRole(t *testing.T) {`
`89`	`89`
`90`	`90`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`91`	`91`	`// nolint:gocritic // requires owner role to create`
`92`		`-customRole,err:=ownerClient.PatchOrganizationRole(ctx,owner.OrganizationID,codersdk.Role{`
	`92`	`+customRole,err:=ownerClient.PatchOrganizationRole(ctx, codersdk.Role{`
`93`	`93`	`Name:"custom-role",`
`94`	`94`	`OrganizationID:owner.OrganizationID.String(),`
`95`	`95`	`DisplayName:"Custom Role",`

`‎enterprise/cli/templatecreate_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ func TestTemplateCreate(t *testing.T) {`
`168`	`168`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`169`	`169`
`170`	`170`	`//nolint:gocritic // owner required to make custom roles`
`171`		`-orgTemplateAdminRole,err:=ownerClient.PatchOrganizationRole(ctx,secondOrg.ID,codersdk.Role{`
	`171`	`+orgTemplateAdminRole,err:=ownerClient.PatchOrganizationRole(ctx, codersdk.Role{`
`172`	`172`	`Name:"org-template-admin",`
`173`	`173`	`OrganizationID:secondOrg.ID.String(),`
`174`	`174`	`OrganizationPermissions:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{`

`‎enterprise/coderd/roles.go`

Lines changed: 1 addition & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ type enterpriseCustomRoleHandler struct {`
`21`	`21`	`Enabledbool`
`22`	`22`	`}`
`23`	`23`
`24`		`-func (henterpriseCustomRoleHandler)PatchOrganizationRole(ctx context.Context,rw http.ResponseWriter,r*http.Request,orgID uuid.UUID,role codersdk.Role) (codersdk.Role,bool) {`
	`24`	`+func (henterpriseCustomRoleHandler)PatchOrganizationRole(ctx context.Context,rw http.ResponseWriter,r*http.Request,orgID uuid.UUID,role codersdk.PatchRoleRequest) (codersdk.Role,bool) {`
`25`	`25`	`if!h.Enabled {`
`26`	`26`	`httpapi.Write(ctx,rw,http.StatusForbidden, codersdk.Response{`
`27`	`27`	`Message:"Custom roles are not enabled",`
`@@ -77,14 +77,6 @@ func (h enterpriseCustomRoleHandler) PatchOrganizationRole(ctx context.Context,`
`77`	`77`	`return codersdk.Role{},false`
`78`	`78`	`}`
`79`	`79`
`80`		`-ifrole.OrganizationID!=orgID.String() {`
`81`		`-httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
`82`		`-Message:"Invalid request, organization in role and url must match",`
`83`		`-Detail:fmt.Sprintf("role organization=%q does not match URL=%q",role.OrganizationID,orgID.String()),`
`84`		`-})`
`85`		`-return codersdk.Role{},false`
`86`		`-}`
`87`		`-`
`88`	`80`	`originalRoles,err:=db.CustomRoles(ctx, database.CustomRolesParams{`
`89`	`81`	`LookupRoles: []database.NameOrganizationPair{`
`90`	`82`	`{`

`‎enterprise/coderd/roles_test.go`

Lines changed: 13 additions & 34 deletions

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`57`	`57`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`58`	`58`
`59`	`59`	`//nolint:gocritic // owner is required for this`
`60`		`-role,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,templateAdminCustom(first.OrganizationID))`
	`60`	`+role,err:=owner.PatchOrganizationRole(ctx,templateAdminCustom(first.OrganizationID))`
`61`	`61`	`require.NoError(t,err,"upsert role")`
`62`	`62`
`63`	`63`	`// Assign the custom template admin role`
`@@ -111,7 +111,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`111`	`111`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`112`	`112`
`113`	`113`	`//nolint:gocritic // owner is required for this`
`114`		`-role,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,templateAdminCustom(first.OrganizationID))`
	`114`	`+role,err:=owner.PatchOrganizationRole(ctx,templateAdminCustom(first.OrganizationID))`
`115`	`115`	`require.NoError(t,err,"upsert role")`
`116`	`116`
`117`	`117`	`// Remove the license to block enterprise functionality`
`@@ -124,7 +124,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`// Verify functionality is lost`
`127`		`-_,err=owner.PatchOrganizationRole(ctx,first.OrganizationID,templateAdminCustom(first.OrganizationID))`
	`127`	`+_,err=owner.PatchOrganizationRole(ctx,templateAdminCustom(first.OrganizationID))`
`128`	`128`	`require.ErrorContains(t,err,"roles are not enabled")`
`129`	`129`
`130`	`130`	`// Assign the custom template admin role`
`@@ -152,7 +152,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`152`	`152`
`153`	`153`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`154`	`154`	`//nolint:gocritic // owner is required for this`
`155`		`-role,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,templateAdminCustom(first.OrganizationID))`
	`155`	`+role,err:=owner.PatchOrganizationRole(ctx,templateAdminCustom(first.OrganizationID))`
`156`	`156`	`require.NoError(t,err,"upsert role")`
`157`	`157`
`158`	`158`	`// Assign the custom template admin role`
`@@ -169,7 +169,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`169`	`169`	`newRole.SitePermissions=nil`
`170`	`170`	`newRole.OrganizationPermissions=nil`
`171`	`171`	`newRole.UserPermissions=nil`
`172`		`-_,err=owner.PatchOrganizationRole(ctx,first.OrganizationID,newRole)`
	`172`	`+_,err=owner.PatchOrganizationRole(ctx,newRole)`
`173`	`173`	`require.NoError(t,err,"upsert role with override")`
`174`	`174`
`175`	`175`	`// The role should no longer have template perms`
`@@ -203,7 +203,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`203`	`203`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`204`	`204`
`205`	`205`	`//nolint:gocritic // owner is required for this`
`206`		`-_,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,codersdk.Role{`
	`206`	`+_,err:=owner.PatchOrganizationRole(ctx, codersdk.Role{`
`207`	`207`	`Name:"Bad_Name",// No underscores allowed`
`208`	`208`	`DisplayName:"Testing Purposes",`
`209`	`209`	`OrganizationID:first.OrganizationID.String(),`
`@@ -232,38 +232,17 @@ func TestCustomOrganizationRole(t *testing.T) {`
`232`	`232`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`233`	`233`
`234`	`234`	`//nolint:gocritic // owner is required for this`
`235`		`-_,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,codersdk.Role{`
	`235`	`+_,err:=owner.PatchOrganizationRole(ctx, codersdk.Role{`
`236`	`236`	`Name:"owner",// Reserved`
`237`	`237`	`DisplayName:"Testing Purposes",`
	`238`	`+OrganizationID:first.OrganizationID.String(),`
`238`	`239`	`SitePermissions:nil,`
`239`	`240`	`OrganizationPermissions:nil,`
`240`	`241`	`UserPermissions:nil,`
`241`	`242`	`})`
`242`	`243`	`require.ErrorContains(t,err,"Reserved")`
`243`	`244`	`})`
`244`	`245`
`245`		`-t.Run("MismatchedOrganizations",func(t*testing.T) {`
`246`		`-t.Parallel()`
`247`		`-dv:=coderdtest.DeploymentValues(t)`
`248`		`-dv.Experiments= []string{string(codersdk.ExperimentCustomRoles)}`
`249`		`-owner,first:=coderdenttest.New(t,&coderdenttest.Options{`
`250`		`-Options:&coderdtest.Options{`
`251`		`-DeploymentValues:dv,`
`252`		`-},`
`253`		`-LicenseOptions:&coderdenttest.LicenseOptions{`
`254`		`-Features: license.Features{`
`255`		`-codersdk.FeatureCustomRoles:1,`
`256`		`-},`
`257`		`-},`
`258`		`-})`
`259`		`-`
`260`		`-ctx:=testutil.Context(t,testutil.WaitMedium)`
`261`		`-`
`262`		`-//nolint:gocritic // owner is required for this`
`263`		`-_,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,templateAdminCustom(uuid.New()))`
`264`		`-require.ErrorContains(t,err,"does not match")`
`265`		`-})`
`266`		`-`
`267`	`246`	`// Attempt to add site & user permissions, which is not allowed`
`268`	`247`	`t.Run("ExcessPermissions",func(t*testing.T) {`
`269`	`248`	`t.Parallel()`
`@@ -291,7 +270,7 @@ func TestCustomOrganizationRole(t *testing.T) {`
`291`	`270`	`}`
`292`	`271`
`293`	`272`	`//nolint:gocritic // owner is required for this`
`294`		`-_,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,siteRole)`
	`273`	`+_,err:=owner.PatchOrganizationRole(ctx,siteRole)`
`295`	`274`	`require.ErrorContains(t,err,"site wide permissions")`
`296`	`275`
`297`	`276`	`userRole:=templateAdminCustom(first.OrganizationID)`
`@@ -303,11 +282,11 @@ func TestCustomOrganizationRole(t *testing.T) {`
`303`	`282`	`}`
`304`	`283`
`305`	`284`	`//nolint:gocritic // owner is required for this`
`306`		`-_,err=owner.PatchOrganizationRole(ctx,first.OrganizationID,userRole)`
	`285`	`+_,err=owner.PatchOrganizationRole(ctx,userRole)`
`307`	`286`	`require.ErrorContains(t,err,"not allowed to assign user permissions")`
`308`	`287`	`})`
`309`	`288`
`310`		`-t.Run("InvalidUUID",func(t*testing.T) {`
	`289`	`+t.Run("NotFound",func(t*testing.T) {`
`311`	`290`	`t.Parallel()`
`312`	`291`	`dv:=coderdtest.DeploymentValues(t)`
`313`	`292`	`dv.Experiments= []string{string(codersdk.ExperimentCustomRoles)}`
`@@ -328,8 +307,8 @@ func TestCustomOrganizationRole(t *testing.T) {`
`328`	`307`	`newRole.OrganizationID="0000"// This is not a valid uuid`
`329`	`308`
`330`	`309`	`//nolint:gocritic // owner is required for this`
`331`		`-_,err:=owner.PatchOrganizationRole(ctx,first.OrganizationID,newRole)`
`332`		`-require.ErrorContains(t,err,"Invalid request")`
	`310`	`+_,err:=owner.PatchOrganizationRole(ctx,newRole)`
	`311`	`+require.ErrorContains(t,err,"Resource not found")`
`333`	`312`	`})`
`334`	`313`	`}`
`335`	`314`

`‎enterprise/coderd/templates_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -751,7 +751,7 @@ func TestTemplates(t *testing.T) {`
`751`	`751`	`})`
`752`	`752`
`753`	`753`	`//nolint:gocritic // owner required to make custom roles`
`754`		`-orgTemplateAdminRole,err:=ownerClient.PatchOrganizationRole(ctx,secondOrg.ID,codersdk.Role{`
	`754`	`+orgTemplateAdminRole,err:=ownerClient.PatchOrganizationRole(ctx, codersdk.Role{`
`755`	`755`	`Name:"org-template-admin",`
`756`	`756`	`OrganizationID:secondOrg.ID.String(),`
`757`	`757`	`OrganizationPermissions:codersdk.CreatePermissions(map[codersdk.RBACResource][]codersdk.RBACAction{`

`‎enterprise/coderd/userauth_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -705,7 +705,7 @@ func TestEnterpriseUserLogin(t *testing.T) {`
`705`	`705`
`706`	`706`	`ctx:=testutil.Context(t,testutil.WaitShort)`
`707`	`707`	`//nolint:gocritic // owner required`
`708`		`-customRole,err:=ownerClient.PatchOrganizationRole(ctx,owner.OrganizationID,codersdk.Role{`
	`708`	`+customRole,err:=ownerClient.PatchOrganizationRole(ctx, codersdk.Role{`
`709`	`709`	`Name:"custom-role",`
`710`	`710`	`OrganizationID:owner.OrganizationID.String(),`
`711`	`711`	`OrganizationPermissions: []codersdk.Permission{},`

`‎enterprise/coderd/users_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -271,7 +271,7 @@ func TestAssignCustomOrgRoles(t *testing.T) {`
`271`	`271`
`272`	`272`	`ctx:=testutil.Context(t,testutil.WaitShort)`
`273`	`273`	`// Create a custom role as an organization admin that allows making templates.`
`274`		`-auditorRole,err:=client.PatchOrganizationRole(ctx,owner.OrganizationID,codersdk.Role{`
	`274`	`+auditorRole,err:=client.PatchOrganizationRole(ctx, codersdk.Role{`
`275`	`275`	`Name:"org-template-admin",`
`276`	`276`	`OrganizationID:owner.OrganizationID.String(),`
`277`	`277`	`DisplayName:"Template Admin",`

`‎site/src/api/typesGenerated.ts`

Lines changed: 9 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit166467c

File tree

11 files changed

11 files changed

`‎cli/organizationroles.go`

`‎coderd/roles.go`

`‎codersdk/roles.go`

`‎enterprise/cli/organizationmembers_test.go`

`‎enterprise/cli/templatecreate_test.go`

`‎enterprise/coderd/roles.go`

`‎enterprise/coderd/roles_test.go`

`‎enterprise/coderd/templates_test.go`

`‎enterprise/coderd/userauth_test.go`

`‎enterprise/coderd/users_test.go`

`‎site/src/api/typesGenerated.ts`

0 commit comments