NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit205c36c

committed

add support for private templates

1 parent072b3e4 commit205c36cCopy full SHA for 205c36c

File tree

14 files changed

+160

-32

lines changed

coderd
- database
  - databasefake
    - databasefake.go
  - dump.sql
  - migrations
    - 000050_template_acl.down.sql
    - 000050_template_acl.up.sql
  - modelmethods.go
  - models.go
  - queries
    - templates.sql
  - queries.sql.go
- rbac
  - builtin.go
  - object.go
- templates.go
- templates_test.go
codersdk
- organizations.go
- templates.go

14 files changed

+160

-32

lines changed

`‎coderd/database/databasefake/databasefake.go`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -970,6 +970,7 @@ func (q *fakeQuerier) UpdateTemplateMetaByID(_ context.Context, arg database.Upd`
`970`	`970`	`tpl.Icon=arg.Icon`
`971`	`971`	`tpl.MaxTtl=arg.MaxTtl`
`972`	`972`	`tpl.MinAutostartInterval=arg.MinAutostartInterval`
	`973`	`+tpl.IsPrivate=arg.IsPrivate`
`973`	`974`	`q.templates[idx]=tpl`
`974`	`975`	`returntpl,nil`
`975`	`976`	`}`
`@@ -1670,6 +1671,7 @@ func (q *fakeQuerier) InsertTemplate(_ context.Context, arg database.InsertTempl`
`1670`	`1671`	`MaxTtl:arg.MaxTtl,`
`1671`	`1672`	`MinAutostartInterval:arg.MinAutostartInterval,`
`1672`	`1673`	`CreatedBy:arg.CreatedBy,`
	`1674`	`+IsPrivate:arg.IsPrivate,`
`1673`	`1675`	`}`
`1674`	`1676`	`template=template.SetUserACL(database.UserACL{})`
`1675`	`1677`	`q.templates=append(q.templates,template)`

`‎coderd/database/dump.sql`

Lines changed: 2 additions & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/migrations/000050_template_acl.down.sql`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`BEGIN;`
`2`	`2`
`3`	`3`	`ALTERTABLE templates DROP COLUMN user_acl;`
	`4`	`+ALTERTABLE templates DROP COLUMN is_private;`
`4`	`5`	`DROPTYPE template_role;`
`5`	`6`
`6`	`7`	`COMMIT;`

`‎coderd/database/migrations/000050_template_acl.up.sql`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`BEGIN;`
`2`	`2`
`3`	`3`	`ALTERTABLE templates ADD COLUMN user_acl jsonbNOT NULL default'{}';`
	`4`	`+ALTERTABLE templates ADD COLUMN is_privatebooleanNOT NULL default'false';`
`4`	`5`
`5`	`6`	`CREATETYPEtemplate_roleAS ENUM (`
`6`	`7`	`'read',`

`‎coderd/database/modelmethods.go`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -57,12 +57,16 @@ func templateRoleToActions(t TemplateRole) []rbac.Action {`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`func (tTemplate)RBACObject() rbac.Object {`
`60`		`-returnrbac.ResourceTemplate.InOrg(t.OrganizationID).WithACLUserList(t.UserACL().Actions())`
	`60`	`+obj:=rbac.ResourceTemplate`
	`61`	`+ift.IsPrivate {`
	`62`	`+obj=rbac.ResourceTemplatePrivate`
	`63`	`+}`
	`64`	`+returnobj.InOrg(t.OrganizationID).WithACLUserList(t.UserACL().Actions())`
`61`	`65`	`}`
`62`	`66`
`63`		`-func (tTemplateVersion)RBACObject(templateTemplate) rbac.Object {`
	`67`	`+func (TemplateVersion)RBACObject(templateTemplate) rbac.Object {`
`64`	`68`	`// Just use the parent template resource for controlling versions`
`65`		`-returnrbac.ResourceTemplate.InOrg(t.OrganizationID).WithACLUserList(template.UserACL().Actions())`
	`69`	`+returntemplate.RBACObject()`
`66`	`70`	`}`
`67`	`71`
`68`	`72`	`func (wWorkspace)RBACObject() rbac.Object {`

`‎coderd/database/models.go`

Lines changed: 1 addition & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 19 additions & 10 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/templates.sql`

Lines changed: 5 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,10 +68,11 @@ INSERT INTO`
`68`	`68`	`max_ttl,`
`69`	`69`	`min_autostart_interval,`
`70`	`70`	`created_by,`
`71`		`-icon`
	`71`	`+icon,`
	`72`	`+is_private`
`72`	`73`	`)`
`73`	`74`	`VALUES`
`74`		`-($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) RETURNING*;`
	`75`	`+($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) RETURNING*;`
`75`	`76`
`76`	`77`	`-- name: UpdateTemplateActiveVersionByID :exec`
`77`	`78`	`UPDATE`
`@@ -100,7 +101,8 @@ SET`
`100`	`101`	`max_ttl= $4,`
`101`	`102`	`min_autostart_interval= $5,`
`102`	`103`	`name= $6,`
`103`		`-icon= $7`
	`104`	`+icon= $7,`
	`105`	`+is_private= $8`
`104`	`106`	`WHERE`
`105`	`107`	`id= $1`
`106`	`108`	`RETURNING`

`‎coderd/rbac/builtin.go`

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,8 @@ var (`
`108`	`108`	`Name:templateAdmin,`
`109`	`109`	`DisplayName:"Template Admin",`
`110`	`110`	`Site:permissions(map[string][]Action{`
`111`		`-ResourceTemplate.Type: {ActionCreate,ActionRead,ActionUpdate,ActionDelete},`
	`111`	`+ResourceTemplate.Type: {ActionCreate,ActionRead,ActionUpdate,ActionDelete},`
	`112`	`+ResourceTemplatePrivate.Type: {ActionCreate,ActionRead,ActionUpdate,ActionDelete},`
`112`	`113`	`// CRUD all files, even those they did not upload.`
`113`	`114`	`ResourceFile.Type: {ActionCreate,ActionRead,ActionUpdate,ActionDelete},`
`114`	`115`	`ResourceWorkspace.Type: {ActionCreate,ActionRead,ActionUpdate,ActionDelete},`
`@@ -167,11 +168,21 @@ var (`
`167`	`168`	`ResourceType:ResourceOrganization.Type,`
`168`	`169`	`Action:ActionRead,`
`169`	`170`	`},`
	`171`	`+{`
	`172`	`+// All org members can read templates in the org`
	`173`	`+ResourceType:ResourceTemplate.Type,`
	`174`	`+Action:ActionRead,`
	`175`	`+},`
`170`	`176`	`{`
`171`	`177`	`// Can read available roles.`
`172`	`178`	`ResourceType:ResourceOrgRoleAssignment.Type,`
`173`	`179`	`Action:ActionRead,`
`174`	`180`	`},`
	`181`	`+{`
	`182`	`+// Can read public templates.`
	`183`	`+ResourceType:ResourceTemplate.Type,`
	`184`	`+Action:ActionRead,`
	`185`	`+},`
`175`	`186`	`},`
`176`	`187`	`},`
`177`	`188`	`}`

`‎coderd/rbac/object.go`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,10 @@ var (`
`45`	`45`	`Type:"template",`
`46`	`46`	`}`
`47`	`47`
	`48`	`+ResourceTemplatePrivate=Object{`
	`49`	`+Type:"template_private",`
	`50`	`+}`
	`51`	`+`
`48`	`52`	`ResourceFile=Object{`
`49`	`53`	`Type:"file",`
`50`	`54`	`}`

`‎coderd/templates.go`

Lines changed: 11 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -257,6 +257,7 @@ func (api API) postTemplateByOrganization(rw http.ResponseWriter, r http.Reque`
`257`	`257`	`MaxTtl:int64(maxTTL),`
`258`	`258`	`MinAutostartInterval:int64(minAutostartInterval),`
`259`	`259`	`CreatedBy:apiKey.UserID,`
	`260`	`+IsPrivate:createTemplate.IsPrivate,`
`260`	`261`	`})`
`261`	`262`	`iferr!=nil {`
`262`	`263`	`returnxerrors.Errorf("insert template: %s",err)`
`@@ -457,10 +458,8 @@ func (api API) patchTemplateMeta(rw http.ResponseWriter, r http.Request) {`
`457`	`458`
`458`	`459`	`// Only users who are able to create templates (aka template admins)`
`459`	`460`	`// are able to control user permissions.`
`460`		`-// TODO: It might be cleaner to control template perms access`
`461`		`-// via a separate RBAC resource, and restrict all actions to the template`
`462`		`-// admin role.`
`463`		`-iflen(req.UserPerms)>0&&!api.Authorize(r,rbac.ActionCreate,template) {`
	`461`	`+if (len(req.UserPerms)>0\|\|req.IsPrivate!=nil)&&`
	`462`	`+!api.Authorize(r,rbac.ActionCreate,template) {`
`464`	`463`	`httpapi.ResourceNotFound(rw)`
`465`	`464`	`return`
`466`	`465`	`}`
`@@ -525,7 +524,8 @@ func (api API) patchTemplateMeta(rw http.ResponseWriter, r http.Request) {`
`525`	`524`	`req.Icon==template.Icon&&`
`526`	`525`	`req.MaxTTLMillis==time.Duration(template.MaxTtl).Milliseconds()&&`
`527`	`526`	`req.MinAutostartIntervalMillis==time.Duration(template.MinAutostartInterval).Milliseconds()&&`
`528`		`-len(req.UserPerms)==0 {`
	`527`	`+len(req.UserPerms)==0&&`
	`528`	`+(req.IsPrivate==nil\|\|req.IsPrivate!=nil&&*req.IsPrivate==template.IsPrivate) {`
`529`	`529`	`returnnil`
`530`	`530`	`}`
`531`	`531`
`@@ -535,6 +535,7 @@ func (api API) patchTemplateMeta(rw http.ResponseWriter, r http.Request) {`
`535`	`535`	`icon:=req.Icon`
`536`	`536`	`maxTTL:=time.Duration(req.MaxTTLMillis)*time.Millisecond`
`537`	`537`	`minAutostartInterval:=time.Duration(req.MinAutostartIntervalMillis)*time.Millisecond`
	`538`	`+isPrivate:=template.IsPrivate`
`538`	`539`
`539`	`540`	`ifname=="" {`
`540`	`541`	`name=template.Name`
`@@ -545,6 +546,9 @@ func (api API) patchTemplateMeta(rw http.ResponseWriter, r http.Request) {`
`545`	`546`	`ifminAutostartInterval==0 {`
`546`	`547`	`minAutostartInterval=time.Duration(template.MinAutostartInterval)`
`547`	`548`	`}`
	`549`	`+ifreq.IsPrivate!=nil {`
	`550`	`+isPrivate=*req.IsPrivate`
	`551`	`+}`
`548`	`552`
`549`	`553`	`iflen(req.UserPerms)>0 {`
`550`	`554`	`userACL:=template.UserACL()`
`@@ -572,6 +576,7 @@ func (api API) patchTemplateMeta(rw http.ResponseWriter, r http.Request) {`
`572`	`576`	`Icon:icon,`
`573`	`577`	`MaxTtl:int64(maxTTL),`
`574`	`578`	`MinAutostartInterval:int64(minAutostartInterval),`
	`579`	`+IsPrivate:isPrivate,`
`575`	`580`	`})`
`576`	`581`	`iferr!=nil {`
`577`	`582`	`returnerr`
`@@ -819,6 +824,7 @@ func (api *API) convertTemplate(`
`819`	`824`	`CreatedByID:template.CreatedBy,`
`820`	`825`	`CreatedByName:createdByName,`
`821`	`826`	`UserRoles:convertTemplateACL(template.UserACL()),`
	`827`	`+IsPrivate:template.IsPrivate,`
`822`	`828`	`}`
`823`	`829`	`}`
`824`	`830`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit205c36c

File tree

14 files changed

14 files changed

`‎coderd/database/databasefake/databasefake.go`

`‎coderd/database/dump.sql`

`‎coderd/database/migrations/000050_template_acl.down.sql`

`‎coderd/database/migrations/000050_template_acl.up.sql`

`‎coderd/database/modelmethods.go`

`‎coderd/database/models.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/templates.sql`

`‎coderd/rbac/builtin.go`

`‎coderd/rbac/object.go`

`‎coderd/templates.go`

0 commit comments