NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commit2ba9bde

committed

fix site <-> user perms bug

1 parent095ad88 commit2ba9bdeCopy full SHA for 2ba9bde

File tree

5 files changed

+114

-74

lines changed

coderd/database/db2sdk
- db2sdk.go
enterprise
- cli
  - roleedit.go
  - rolescmd.go
- cmd/coder
  - role.json
- coderd
  - roles_test.go

5 files changed

+114

-74

lines changed

`‎coderd/database/db2sdk/db2sdk.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -532,7 +532,7 @@ func Role(role rbac.Role) codersdk.Role {`
`532`	`532`	`DisplayName:role.DisplayName,`
`533`	`533`	`SitePermissions:List(role.Site,Permission),`
`534`	`534`	`OrganizationPermissions:Map(role.Org,ListLazy(Permission)),`
`535`		`-UserPermissions:List(role.Site,Permission),`
	`535`	`+UserPermissions:List(role.User,Permission),`
`536`	`536`	`}`
`537`	`537`	`}`
`538`	`538`

`‎enterprise/cli/roleedit.go`

Lines changed: 81 additions & 62 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,9 +19,10 @@ import (`
`19`	`19`	`func (rRootCmd)editRole()serpent.Command {`
`20`	`20`	`formatter:=cliui.NewOutputFormatter(`
`21`	`21`	`cliui.ChangeFormatterData(`
`22`		`-cliui.TableFormat([]codersdk.Role{}, []string{"name","display_name","site_permissions","org_permissions","user_permissions"}),`
	`22`	`+cliui.TableFormat([]roleTableView{}, []string{"name","display_name","site_permissions","org_permissions","user_permissions"}),`
`23`	`23`	`func(dataany) (any,error) {`
`24`		`-return []codersdk.Role{data.(codersdk.Role)},nil`
	`24`	`+typed,_:=data.(codersdk.Role)`
	`25`	`+return []roleTableView{roleToTableView(typed)},nil`
`25`	`26`	`},`
`26`	`27`	`),`
`27`	`28`	`cliui.JSONFormat(),`
`@@ -51,108 +52,126 @@ func (r RootCmd) editRole() serpent.Command {`
`51`	`52`	`},`
`52`	`53`	`},`
`53`	`54`	`Middleware:serpent.Chain(`
`54`		`-serpent.RequireNArgs(1),`
	`55`	`+serpent.RequireRangeArgs(0,1),`
`55`	`56`	`r.InitClient(client),`
`56`	`57`	`),`
`57`	`58`	`Handler:func(inv*serpent.Invocation)error {`
`58`	`59`	`ctx:=inv.Context()`
`59`		`-roles,err:=client.ListSiteRoles(ctx)`
`60`		`-iferr!=nil {`
`61`		`-returnxerrors.Errorf("listing roles: %w",err)`
`62`		`-}`
`63`		`-`
`64`		`-// Make sure the role actually exists first`
`65`		`-varoriginalRole codersdk.AssignableRoles`
`66`		`-for_,r:=rangeroles {`
`67`		`-ifstrings.EqualFold(inv.Args[0],r.Name) {`
`68`		`-originalRole=r`
`69`		`-break`
`70`		`-}`
`71`		`-}`
`72`		`-`
`73`		`-iforiginalRole.Name=="" {`
`74`		`-_,err=cliui.Prompt(inv, cliui.PromptOptions{`
`75`		`-Text:"No role exists with that name, do you want to create one?",`
`76`		`-Default:"yes",`
`77`		`-IsConfirm:true,`
`78`		`-})`
`79`		`-iferr!=nil {`
`80`		`-returnxerrors.Errorf("abort: %w",err)`
`81`		`-}`
`82`	`60`
`83`		`-originalRole.Role= codersdk.Role{`
`84`		`-Name:inv.Args[0],`
`85`		`-}`
`86`		`-}`
`87`		`-`
`88`		`-varcustomRole*codersdk.Role`
`89`		`-// Either interactive, or take input mode.`
	`61`	`+varcustomRole codersdk.Role`
`90`	`62`	`fi,_:=os.Stdin.Stat()`
`91`	`63`	`if (fi.Mode()&os.ModeCharDevice)==0 {`
	`64`	`+// JSON Upload mode`
`92`	`65`	`bytes,err:=io.ReadAll(os.Stdin)`
`93`	`66`	`iferr!=nil {`
`94`	`67`	`returnxerrors.Errorf("reading stdin: %w",err)`
`95`	`68`	`}`
`96`	`69`
`97`		`-err=json.Unmarshal(bytes,customRole)`
	`70`	`+err=json.Unmarshal(bytes,&customRole)`
`98`	`71`	`iferr!=nil {`
`99`	`72`	`returnxerrors.Errorf("parsing stdin json: %w",err)`
`100`	`73`	`}`
`101`		`-}else {`
`102`		`-// Interactive mode`
`103`		`-iflen(originalRole.OrganizationPermissions)>0 {`
`104`		`-returnxerrors.Errorf("unable to edit role in interactive mode, it contains organization permissions")`
`105`		`-}`
`106`	`74`
`107`		`-iflen(originalRole.UserPermissions)>0 {`
`108`		`-returnxerrors.Errorf("unable to edit role in interactive mode, it contains user permissions")`
	`75`	`+ifcustomRole.Name=="" {`
	`76`	`+arr:=make([]json.RawMessage,0)`
	`77`	`+err=json.Unmarshal(bytes,&arr)`
	`78`	`+iferr==nil&&len(arr)>0 {`
	`79`	`+returnxerrors.Errorf("the input appears to be an array, only 1 role can be sent at a time")`
	`80`	`+}`
	`81`	`+returnxerrors.Errorf("json input does not appear to be a valid role")`
`109`	`82`	`}`
`110`		`-`
`111`		`-customRole,err=interactiveEdit(inv,&originalRole.Role)`
	`83`	`+}else {`
	`84`	`+interactiveRole,err:=interactiveEdit(inv,client)`
`112`	`85`	`iferr!=nil {`
`113`	`86`	`returnxerrors.Errorf("editing role: %w",err)`
`114`	`87`	`}`
`115`		`-}`
`116`	`88`
`117`		`-totalOrg:=0`
`118`		`-for_,o:=rangecustomRole.OrganizationPermissions {`
`119`		`-totalOrg+=len(o)`
`120`		`-}`
`121`		`-preview:=fmt.Sprintf("perms: %d site, %d over %d orgs, %d user",`
`122`		`-len(customRole.SitePermissions),totalOrg,len(customRole.OrganizationPermissions),len(customRole.UserPermissions))`
`123`		`-_,err=cliui.Prompt(inv, cliui.PromptOptions{`
`124`		`-Text:"Are you sure you wish to update the role? "+preview,`
`125`		`-Default:"yes",`
`126`		`-IsConfirm:true,`
`127`		`-})`
`128`		`-iferr!=nil {`
`129`		`-returnxerrors.Errorf("abort: %w",err)`
	`89`	`+customRole=*interactiveRole`
	`90`	`+`
	`91`	`+// Only the interactive can answer prompts.`
	`92`	`+totalOrg:=0`
	`93`	`+for_,o:=rangecustomRole.OrganizationPermissions {`
	`94`	`+totalOrg+=len(o)`
	`95`	`+}`
	`96`	`+preview:=fmt.Sprintf("perms: %d site, %d over %d orgs, %d user",`
	`97`	`+len(customRole.SitePermissions),totalOrg,len(customRole.OrganizationPermissions),len(customRole.UserPermissions))`
	`98`	`+_,err=cliui.Prompt(inv, cliui.PromptOptions{`
	`99`	`+Text:"Are you sure you wish to update the role? "+preview,`
	`100`	`+Default:"yes",`
	`101`	`+IsConfirm:true,`
	`102`	`+})`
	`103`	`+iferr!=nil {`
	`104`	`+returnxerrors.Errorf("abort: %w",err)`
	`105`	`+}`
`130`	`106`	`}`
`131`	`107`
	`108`	`+varerrerror`
`132`	`109`	`varupdated codersdk.Role`
`133`	`110`	`ifdryRun {`
`134`	`111`	`// Do not actually post`
`135`		`-updated=*customRole`
	`112`	`+updated=customRole`
`136`	`113`	`}else {`
`137`		`-updated,err=client.PatchRole(ctx,*customRole)`
	`114`	`+updated,err=client.PatchRole(ctx,customRole)`
`138`	`115`	`iferr!=nil {`
`139`	`116`	`returnfmt.Errorf("patch role: %w",err)`
`140`	`117`	`}`
`141`	`118`	`}`
`142`	`119`
`143`		`-_,err=formatter.Format(ctx,updated)`
	`120`	`+output,err:=formatter.Format(ctx,updated)`
`144`	`121`	`iferr!=nil {`
`145`	`122`	`returnxerrors.Errorf("formatting: %w",err)`
`146`	`123`	`}`
`147`		`-returnnil`
	`124`	`+`
	`125`	`+_,err=fmt.Fprintln(inv.Stdout,output)`
	`126`	`+returnerr`
`148`	`127`	`},`
`149`	`128`	`}`
`150`	`129`
`151`	`130`	`formatter.AttachOptions(&cmd.Options)`
`152`	`131`	`returncmd`
`153`	`132`	`}`
`154`	`133`
`155`		`-funcinteractiveEdit(invserpent.Invocation,rolecodersdk.Role) (*codersdk.Role,error) {`
	`134`	`+funcinteractiveEdit(invserpent.Invocation,clientcodersdk.Client) (*codersdk.Role,error) {`
	`135`	`+ctx:=inv.Context()`
	`136`	`+roles,err:=client.ListSiteRoles(ctx)`
	`137`	`+iferr!=nil {`
	`138`	`+returnnil,xerrors.Errorf("listing roles: %w",err)`
	`139`	`+}`
	`140`	`+`
	`141`	`+// Make sure the role actually exists first`
	`142`	`+varoriginalRole codersdk.AssignableRoles`
	`143`	`+for_,r:=rangeroles {`
	`144`	`+ifstrings.EqualFold(inv.Args[0],r.Name) {`
	`145`	`+originalRole=r`
	`146`	`+break`
	`147`	`+}`
	`148`	`+}`
	`149`	`+`
	`150`	`+iforiginalRole.Name=="" {`
	`151`	`+_,err=cliui.Prompt(inv, cliui.PromptOptions{`
	`152`	`+Text:"No role exists with that name, do you want to create one?",`
	`153`	`+Default:"yes",`
	`154`	`+IsConfirm:true,`
	`155`	`+})`
	`156`	`+iferr!=nil {`
	`157`	`+returnnil,xerrors.Errorf("abort: %w",err)`
	`158`	`+}`
	`159`	`+`
	`160`	`+originalRole.Role= codersdk.Role{`
	`161`	`+Name:inv.Args[0],`
	`162`	`+}`
	`163`	`+}`
	`164`	`+`
	`165`	`+// Some checks since interactive mode is limited in what it currently sees`
	`166`	`+iflen(originalRole.OrganizationPermissions)>0 {`
	`167`	`+returnnil,xerrors.Errorf("unable to edit role in interactive mode, it contains organization permissions")`
	`168`	`+}`
	`169`	`+`
	`170`	`+iflen(originalRole.UserPermissions)>0 {`
	`171`	`+returnnil,xerrors.Errorf("unable to edit role in interactive mode, it contains user permissions")`
	`172`	`+}`
	`173`	`+`
	`174`	`+role:=&originalRole.Role`
`156`	`175`	`allowedResources:= []codersdk.RBACResource{`
`157`	`176`	`codersdk.ResourceTemplate,`
`158`	`177`	`codersdk.ResourceWorkspace,`

`‎enterprise/cli/rolescmd.go`

Lines changed: 20 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,13 +44,9 @@ func (r RootCmd) showRole() serpent.Command {`
`44`	`44`	`rows:=make([]assignableRolesTableRow,0,len(input))`
`45`	`45`	`for_,role:=rangeinput {`
`46`	`46`	`rows=append(rows,assignableRolesTableRow{`
`47`		`-Name:role.Name,`
`48`		`-DisplayName:role.DisplayName,`
`49`		`-SitePermissions:fmt.Sprintf("%d permissions",len(role.SitePermissions)),`
`50`		`-OrganizationPermissions:fmt.Sprintf("%d organizations",len(role.OrganizationPermissions)),`
`51`		`-UserPermissions:fmt.Sprintf("%d permissions",len(role.UserPermissions)),`
`52`		`-Assignable:role.Assignable,`
`53`		`-BuiltIn:role.BuiltIn,`
	`47`	`+roleTableView:roleToTableView(role.Role),`
	`48`	`+Assignable:role.Assignable,`
	`49`	`+BuiltIn:role.BuiltIn,`
`54`	`50`	`})`
`55`	`51`	`}`
`56`	`52`	`returnrows,nil`
`@@ -100,13 +96,27 @@ func (r RootCmd) showRole() serpent.Command {`
`100`	`96`	`returncmd`
`101`	`97`	`}`
`102`	`98`
`103`		`-typeassignableRolesTableRowstruct {`
	`99`	`+funcroleToTableView(role codersdk.Role)roleTableView {`
	`100`	`+returnroleTableView{`
	`101`	`+Name:role.Name,`
	`102`	`+DisplayName:role.DisplayName,`
	`103`	`+SitePermissions:fmt.Sprintf("%d permissions",len(role.SitePermissions)),`
	`104`	`+OrganizationPermissions:fmt.Sprintf("%d organizations",len(role.OrganizationPermissions)),`
	`105`	`+UserPermissions:fmt.Sprintf("%d permissions",len(role.UserPermissions)),`
	`106`	`+}`
	`107`	`+}`
	`108`	`+`
	`109`	`+typeroleTableViewstruct {`
`104`	`110`	Namestring`table:"name,default_sort"`
`105`	`111`	DisplayNamestring`table:"display_name"`
`106`	`112`	SitePermissionsstring` table:"site_permissions"`
`107`	`113`	`// map[<org_id>] -> Permissions`
`108`	`114`	OrganizationPermissionsstring`table:"org_permissions"`
`109`	`115`	UserPermissionsstring`table:"user_permissions"`
`110`		-Assignablebool`table:"assignable"`
`111`		-BuiltInbool`table:"built_in"`
	`116`	`+}`
	`117`	`+`
	`118`	`+typeassignableRolesTableRowstruct {`
	`119`	+roleTableView`table:"r,recursive_inline"`
	`120`	+Assignablebool`table:"assignable"`
	`121`	+BuiltInbool`table:"built_in"`
`112`	`122`	`}`

`‎enterprise/cmd/coder/role.json`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ {`
	`2`	`+ }`

`‎enterprise/coderd/roles_test.go`

Lines changed: 10 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -67,9 +67,18 @@ func TestCustomRole(t *testing.T) {`
`67`	`67`	`allRoles,err:=tmplAdmin.ListSiteRoles(ctx)`
`68`	`68`	`require.NoError(t,err)`
`69`	`69`
	`70`	`+varfoundRole codersdk.AssignableRoles`
`70`	`71`	`require.True(t,slices.ContainsFunc(allRoles,func(selected codersdk.AssignableRoles)bool {`
`71`		`-returnselected.Name==role.Name`
	`72`	`+ifselected.Name==role.Name {`
	`73`	`+foundRole=selected`
	`74`	`+returntrue`
	`75`	`+}`
	`76`	`+returnfalse`
`72`	`77`	`}),"role missing from site role list")`
	`78`	`+`
	`79`	`+require.Len(t,foundRole.SitePermissions,7)`
	`80`	`+require.Len(t,foundRole.OrganizationPermissions,0)`
	`81`	`+require.Len(t,foundRole.UserPermissions,0)`
`73`	`82`	`})`
`74`	`83`
`75`	`84`	`// Revoked licenses cannot modify/create custom roles, but they can`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2ba9bde

File tree

5 files changed

5 files changed

`‎coderd/database/db2sdk/db2sdk.go`

`‎enterprise/cli/roleedit.go`

`‎enterprise/cli/rolescmd.go`

`‎enterprise/cmd/coder/role.json`

`‎enterprise/coderd/roles_test.go`

0 commit comments