NotificationsYou must be signed in to change notification settings
Fork921
Star10.1k

Commit200ca9c

committed

fixup tests

1 parent19a26b3 commit200ca9cCopy full SHA for 200ca9c

File tree

2 files changed

+22

-19

lines changed

coderd/rbac
- roles.go
- roles_test.go

2 files changed

+22

-19

lines changed

`‎coderd/rbac/roles.go`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -486,8 +486,11 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`486`	`486`	`ResourceOrganizationMember.Type: {policy.ActionRead},`
`487`	`487`	`ResourceGroup.Type: {policy.ActionRead},`
`488`	`488`	`ResourceGroupMember.Type: {policy.ActionRead},`
`489`		`-ResourceProvisionerDaemon.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
`490`		`-ResourceProvisionerJobs.Type: {policy.ActionRead},`
	`489`	`+// Since templates have to correlate with provisioners,`
	`490`	`+// the ability to create templates and provisioners has`
	`491`	`+// a lot of overlap.`
	`492`	`+ResourceProvisionerDaemon.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
	`493`	`+ResourceProvisionerJobs.Type: {policy.ActionRead},`
`491`	`494`	`}),`
`492`	`495`	`},`
`493`	`496`	`User: []Permission{},`

`‎coderd/rbac/roles_test.go`

Lines changed: 17 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -217,20 +217,20 @@ func TestRolePermissions(t *testing.T) {`
`217`	`217`	`},`
`218`	`218`	`{`
`219`	`219`	`Name:"Templates",`
`220`		`-Actions: []policy.Action{policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete,policy.ActionViewInsights},`
	`220`	`+Actions: []policy.Action{policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`221`	`221`	`Resource:rbac.ResourceTemplate.WithID(templateID).InOrg(orgID),`
`222`	`222`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`223`	`223`	`true: {owner,orgAdmin,templateAdmin,orgTemplateAdmin},`
`224`		`-false: {setOtherOrg,orgAuditor,orgUserAdmin,memberMe,orgMemberMe,userAdmin},`
	`224`	`+false: {setOtherOrg,orgUserAdmin,orgAuditor,memberMe,orgMemberMe,userAdmin},`
`225`	`225`	`},`
`226`	`226`	`},`
`227`	`227`	`{`
`228`	`228`	`Name:"ReadTemplates",`
`229`		`-Actions: []policy.Action{policy.ActionRead},`
	`229`	`+Actions: []policy.Action{policy.ActionRead,policy.ActionViewInsights},`
`230`	`230`	`Resource:rbac.ResourceTemplate.InOrg(orgID),`
`231`	`231`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`232`		`-true: {owner,orgAdmin,templateAdmin,orgTemplateAdmin},`
`233`		`-false: {setOtherOrg,orgAuditor,orgUserAdmin,memberMe,userAdmin,orgMemberMe},`
	`232`	`+true: {owner,orgAuditor,orgAdmin,templateAdmin,orgTemplateAdmin},`
	`233`	`+false: {setOtherOrg,orgUserAdmin,memberMe,userAdmin,orgMemberMe},`
`234`	`234`	`},`
`235`	`235`	`},`
`236`	`236`	`{`
`@@ -377,8 +377,8 @@ func TestRolePermissions(t *testing.T) {`
`377`	`377`	`Actions: []policy.Action{policy.ActionRead},`
`378`	`378`	`Resource:rbac.ResourceOrganizationMember.WithID(currentUser).InOrg(orgID).WithOwner(currentUser.String()),`
`379`	`379`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`380`		`-true: {owner,orgAdmin,userAdmin,orgMemberMe,templateAdmin,orgUserAdmin,orgTemplateAdmin},`
`381`		`-false: {memberMe,setOtherOrg,orgAuditor},`
	`380`	`+true: {owner,orgAuditor,orgAdmin,userAdmin,orgMemberMe,templateAdmin,orgUserAdmin,orgTemplateAdmin},`
	`381`	`+false: {memberMe,setOtherOrg},`
`382`	`382`	`},`
`383`	`383`	`},`
`384`	`384`	`{`
`@@ -404,7 +404,7 @@ func TestRolePermissions(t *testing.T) {`
`404`	`404`	`}),`
`405`	`405`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`406`	`406`	`true: {owner,orgAdmin,userAdmin,orgUserAdmin},`
`407`		`-false: {setOtherOrg,memberMe,orgMemberMe,templateAdmin,orgTemplateAdmin,orgAuditor,groupMemberMe},`
	`407`	`+false: {setOtherOrg,memberMe,orgMemberMe,templateAdmin,orgTemplateAdmin,groupMemberMe,orgAuditor},`
`408`	`408`	`},`
`409`	`409`	`},`
`410`	`410`	`{`
`@@ -416,26 +416,26 @@ func TestRolePermissions(t *testing.T) {`
`416`	`416`	`},`
`417`	`417`	`}),`
`418`	`418`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`419`		`-true: {owner,orgAdmin,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin,groupMemberMe},`
`420`		`-false: {setOtherOrg,memberMe,orgMemberMe,orgAuditor},`
	`419`	`+true: {owner,orgAdmin,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin,groupMemberMe,orgAuditor},`
	`420`	`+false: {setOtherOrg,memberMe,orgMemberMe},`
`421`	`421`	`},`
`422`	`422`	`},`
`423`	`423`	`{`
`424`	`424`	`Name:"GroupMemberMeRead",`
`425`	`425`	`Actions: []policy.Action{policy.ActionRead},`
`426`	`426`	`Resource:rbac.ResourceGroupMember.WithID(currentUser).InOrg(orgID).WithOwner(currentUser.String()),`
`427`	`427`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`428`		`-true: {owner,orgAdmin,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin,orgMemberMe,groupMemberMe},`
`429`		`-false: {setOtherOrg,memberMe,orgAuditor},`
	`428`	`+true: {owner,orgAuditor,orgAdmin,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin,orgMemberMe,groupMemberMe},`
	`429`	`+false: {setOtherOrg,memberMe},`
`430`	`430`	`},`
`431`	`431`	`},`
`432`	`432`	`{`
`433`	`433`	`Name:"GroupMemberOtherRead",`
`434`	`434`	`Actions: []policy.Action{policy.ActionRead},`
`435`	`435`	`Resource:rbac.ResourceGroupMember.WithID(adminID).InOrg(orgID).WithOwner(adminID.String()),`
`436`	`436`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`437`		`-true: {owner,orgAdmin,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin},`
`438`		`-false: {setOtherOrg,memberMe,orgAuditor,orgMemberMe,groupMemberMe},`
	`437`	`+true: {owner,orgAuditor,orgAdmin,userAdmin,templateAdmin,orgTemplateAdmin,orgUserAdmin},`
	`438`	`+false: {setOtherOrg,memberMe,orgMemberMe,groupMemberMe},`
`439`	`439`	`},`
`440`	`440`	`},`
`441`	`441`	`{`
`@@ -534,16 +534,16 @@ func TestRolePermissions(t *testing.T) {`
`534`	`534`	`Actions: []policy.Action{policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`535`	`535`	`Resource:rbac.ResourceProvisionerDaemon.InOrg(orgID),`
`536`	`536`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`537`		`-true: {owner,templateAdmin,orgAdmin},`
`538`		`-false: {setOtherOrg,orgTemplateAdmin,orgUserAdmin,memberMe,orgMemberMe,userAdmin,orgAuditor},`
	`537`	`+true: {owner,templateAdmin,orgAdmin,orgTemplateAdmin},`
	`538`	`+false: {setOtherOrg,orgAuditor,orgUserAdmin,memberMe,orgMemberMe,userAdmin},`
`539`	`539`	`},`
`540`	`540`	`},`
`541`	`541`	`{`
`542`	`542`	`Name:"ProvisionerDaemonsRead",`
`543`	`543`	`Actions: []policy.Action{policy.ActionRead},`
`544`	`544`	`Resource:rbac.ResourceProvisionerDaemon.InOrg(orgID),`
`545`	`545`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`546`		`-true: {owner,templateAdmin,setOrgNotMe,orgMemberMe},`
	`546`	`+true: {owner,templateAdmin,setOrgNotMe,orgAuditor,orgMemberMe},`
`547`	`547`	`false: {setOtherOrg,memberMe,userAdmin},`
`548`	`548`	`},`
`549`	`549`	`},`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit200ca9c

File tree

2 files changed

2 files changed

`‎coderd/rbac/roles.go`

`‎coderd/rbac/roles_test.go`

0 commit comments