NotificationsYou must be signed in to change notification settings
Fork927
Star10.1k

Commit330acd1

authored

chore: create ResourceNotificationMessage and AsNotifier (#15301)

Closes#15213This PR enables sending notifications without requiring the auth systemcontext, instead using a new auth notifier context.

1 parent9d03e04 commit330acd1Copy full SHA for 330acd1

File tree

16 files changed

+123

-52

lines changed

cli
- server.go
coderd
- apidoc
  - docs.go
  - swagger.json
- database/dbauthz
  - dbauthz.go
  - dbauthz_test.go
- notifications
  - notifications_test.go
- rbac
  - object_gen.go
  - policy
    - policy.go
  - roles_test.go
- templates.go
- userauth.go
codersdk
- rbacresources_gen.go
docs/reference/api
- members.md
- schemas.md
site/src/api
- rbacresourcesGenerated.ts
- typesGenerated.ts

16 files changed

+123

-52

lines changed

`‎cli/server.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -916,8 +916,8 @@ func (r RootCmd) Server(newAPI func(context.Context, coderd.Options) (*coderd.`
`916`	`916`	`returnxerrors.Errorf("failed to instantiate notification manager: %w",err)`
`917`	`917`	`}`
`918`	`918`
`919`		`-// nolint:gocritic //TODO: create own role.`
`920`		`-notificationsManager.Run(dbauthz.AsSystemRestricted(ctx))`
	`919`	`+// nolint:gocritic //We need to run the manager in a notifier context.`
	`920`	`+notificationsManager.Run(dbauthz.AsNotifier(ctx))`
`921`	`921`
`922`	`922`	`// Run report generator to distribute periodic reports.`
`923`	`923`	`notificationReportGenerator:=reports.NewReportGenerator(ctx,logger.Named("notifications.report_generator"),options.Database,options.NotificationsEnqueuer,quartz.NewReal())`

`‎coderd/apidoc/docs.go`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 2 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 31 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -264,6 +264,23 @@ var (`
`264`	`264`	`Scope:rbac.ScopeAll,`
`265`	`265`	`}.WithCachedASTValue()`
`266`	`266`
	`267`	`+subjectNotifier= rbac.Subject{`
	`268`	`+FriendlyName:"Notifier",`
	`269`	`+ID:uuid.Nil.String(),`
	`270`	`+Roles:rbac.Roles([]rbac.Role{`
	`271`	`+{`
	`272`	`+Identifier: rbac.RoleIdentifier{Name:"notifier"},`
	`273`	`+DisplayName:"Notifier",`
	`274`	`+Site:rbac.Permissions(map[string][]policy.Action{`
	`275`	`+rbac.ResourceNotificationMessage.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
	`276`	`+}),`
	`277`	`+Org:map[string][]rbac.Permission{},`
	`278`	`+User: []rbac.Permission{},`
	`279`	`+},`
	`280`	`+}),`
	`281`	`+Scope:rbac.ScopeAll,`
	`282`	`+}.WithCachedASTValue()`
	`283`	`+`
`267`	`284`	`subjectSystemRestricted= rbac.Subject{`
`268`	`285`	`FriendlyName:"System",`
`269`	`286`	`ID:uuid.Nil.String(),`
`@@ -287,6 +304,7 @@ var (`
`287`	`304`	`rbac.ResourceWorkspace.Type: {policy.ActionUpdate,policy.ActionDelete,policy.ActionWorkspaceStart,policy.ActionWorkspaceStop,policy.ActionSSH},`
`288`	`305`	`rbac.ResourceWorkspaceProxy.Type: {policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`289`	`306`	`rbac.ResourceDeploymentConfig.Type: {policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
	`307`	`+rbac.ResourceNotificationMessage.Type: {policy.ActionCreate,policy.ActionRead,policy.ActionUpdate,policy.ActionDelete},`
`290`	`308`	`rbac.ResourceNotificationPreference.Type: {policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`291`	`309`	`rbac.ResourceNotificationTemplate.Type: {policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`292`	`310`	`rbac.ResourceCryptoKey.Type: {policy.ActionCreate,policy.ActionUpdate,policy.ActionDelete},`
`@@ -327,6 +345,12 @@ func AsKeyReader(ctx context.Context) context.Context {`
`327`	`345`	`returncontext.WithValue(ctx,authContextKey{},subjectCryptoKeyReader)`
`328`	`346`	`}`
`329`	`347`
	`348`	`+// AsNotifier returns a context with an actor that has permissions required for`
	`349`	`+// creating/reading/updating/deleting notifications.`
	`350`	`+funcAsNotifier(ctx context.Context) context.Context {`
	`351`	`+returncontext.WithValue(ctx,authContextKey{},subjectNotifier)`
	`352`	`+}`
	`353`	`+`
`330`	`354`	`// AsSystemRestricted returns a context with an actor that has permissions`
`331`	`355`	`// required for various system operations (login, logout, metrics cache).`
`332`	`356`	`funcAsSystemRestricted(ctx context.Context) context.Context {`
`@@ -950,7 +974,7 @@ func (q *querier) AcquireLock(ctx context.Context, id int64) error {`
`950`	`974`	`}`
`951`	`975`
`952`	`976`	`func (q*querier)AcquireNotificationMessages(ctx context.Context,arg database.AcquireNotificationMessagesParams) ([]database.AcquireNotificationMessagesRow,error) {`
`953`		`-iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceSystem);err!=nil {`
	`977`	`+iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceNotificationMessage);err!=nil {`
`954`	`978`	`returnnil,err`
`955`	`979`	`}`
`956`	`980`	`returnq.db.AcquireNotificationMessages(ctx,arg)`
`@@ -1001,14 +1025,14 @@ func (q *querier) BatchUpdateWorkspaceLastUsedAt(ctx context.Context, arg databa`
`1001`	`1025`	`}`
`1002`	`1026`
`1003`	`1027`	`func (q*querier)BulkMarkNotificationMessagesFailed(ctx context.Context,arg database.BulkMarkNotificationMessagesFailedParams) (int64,error) {`
`1004`		`-iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceSystem);err!=nil {`
	`1028`	`+iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceNotificationMessage);err!=nil {`
`1005`	`1029`	`return0,err`
`1006`	`1030`	`}`
`1007`	`1031`	`returnq.db.BulkMarkNotificationMessagesFailed(ctx,arg)`
`1008`	`1032`	`}`
`1009`	`1033`
`1010`	`1034`	`func (q*querier)BulkMarkNotificationMessagesSent(ctx context.Context,arg database.BulkMarkNotificationMessagesSentParams) (int64,error) {`
`1011`		`-iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceSystem);err!=nil {`
	`1035`	`+iferr:=q.authorizeContext(ctx,policy.ActionUpdate,rbac.ResourceNotificationMessage);err!=nil {`
`1012`	`1036`	`return0,err`
`1013`	`1037`	`}`
`1014`	`1038`	`returnq.db.BulkMarkNotificationMessagesSent(ctx,arg)`
`@@ -1185,7 +1209,7 @@ func (q *querier) DeleteOAuth2ProviderAppTokensByAppAndUserID(ctx context.Contex`
`1185`	`1209`	`}`
`1186`	`1210`
`1187`	`1211`	`func (q*querier)DeleteOldNotificationMessages(ctx context.Context)error {`
`1188`		`-iferr:=q.authorizeContext(ctx,policy.ActionDelete,rbac.ResourceSystem);err!=nil {`
	`1212`	`+iferr:=q.authorizeContext(ctx,policy.ActionDelete,rbac.ResourceNotificationMessage);err!=nil {`
`1189`	`1213`	`returnerr`
`1190`	`1214`	`}`
`1191`	`1215`	`returnq.db.DeleteOldNotificationMessages(ctx)`
`@@ -1307,7 +1331,7 @@ func (q *querier) DeleteWorkspaceAgentPortSharesByTemplate(ctx context.Context,`
`1307`	`1331`	`}`
`1308`	`1332`
`1309`	`1333`	`func (q*querier)EnqueueNotificationMessage(ctx context.Context,arg database.EnqueueNotificationMessageParams)error {`
`1310`		`-iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceSystem);err!=nil {`
	`1334`	`+iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceNotificationMessage);err!=nil {`
`1311`	`1335`	`returnerr`
`1312`	`1336`	`}`
`1313`	`1337`	`returnq.db.EnqueueNotificationMessage(ctx,arg)`
`@@ -1321,7 +1345,7 @@ func (q *querier) FavoriteWorkspace(ctx context.Context, id uuid.UUID) error {`
`1321`	`1345`	`}`
`1322`	`1346`
`1323`	`1347`	`func (q*querier)FetchNewMessageMetadata(ctx context.Context,arg database.FetchNewMessageMetadataParams) (database.FetchNewMessageMetadataRow,error) {`
`1324`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceSystem);err!=nil {`
	`1348`	`+iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceNotificationMessage);err!=nil {`
`1325`	`1349`	`return database.FetchNewMessageMetadataRow{},err`
`1326`	`1350`	`}`
`1327`	`1351`	`returnq.db.FetchNewMessageMetadata(ctx,arg)`
`@@ -1686,7 +1710,7 @@ func (q *querier) GetLogoURL(ctx context.Context) (string, error) {`
`1686`	`1710`	`}`
`1687`	`1711`
`1688`	`1712`	`func (q*querier)GetNotificationMessagesByStatus(ctx context.Context,arg database.GetNotificationMessagesByStatusParams) ([]database.NotificationMessage,error) {`
`1689`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceSystem);err!=nil {`
	`1713`	`+iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceNotificationMessage);err!=nil {`
`1690`	`1714`	`returnnil,err`
`1691`	`1715`	`}`
`1692`	`1716`	`returnq.db.GetNotificationMessagesByStatus(ctx,arg)`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 13 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -2888,40 +2888,33 @@ func (s *MethodTestSuite) TestSystemFunctions() {`
`2888`	`2888`
`2889`	`2889`	`func (s*MethodTestSuite)TestNotifications() {`
`2890`	`2890`	`// System functions`
`2891`		`-s.Run("AcquireNotificationMessages",s.Subtest(func(db database.Store,check*expects) {`
`2892`		`-// TODO: update this test once we have a specific role for notifications`
`2893`		`-check.Args(database.AcquireNotificationMessagesParams{}).Asserts(rbac.ResourceSystem,policy.ActionUpdate)`
	`2891`	`+s.Run("AcquireNotificationMessages",s.Subtest(func(_ database.Store,check*expects) {`
	`2892`	`+check.Args(database.AcquireNotificationMessagesParams{}).Asserts(rbac.ResourceNotificationMessage,policy.ActionUpdate)`
`2894`	`2893`	`}))`
`2895`		`-s.Run("BulkMarkNotificationMessagesFailed",s.Subtest(func(db database.Store,check*expects) {`
`2896`		`-// TODO: update this test once we have a specific role for notifications`
`2897`		`-check.Args(database.BulkMarkNotificationMessagesFailedParams{}).Asserts(rbac.ResourceSystem,policy.ActionUpdate)`
	`2894`	`+s.Run("BulkMarkNotificationMessagesFailed",s.Subtest(func(_ database.Store,check*expects) {`
	`2895`	`+check.Args(database.BulkMarkNotificationMessagesFailedParams{}).Asserts(rbac.ResourceNotificationMessage,policy.ActionUpdate)`
`2898`	`2896`	`}))`
`2899`		`-s.Run("BulkMarkNotificationMessagesSent",s.Subtest(func(db database.Store,check*expects) {`
`2900`		`-// TODO: update this test once we have a specific role for notifications`
`2901`		`-check.Args(database.BulkMarkNotificationMessagesSentParams{}).Asserts(rbac.ResourceSystem,policy.ActionUpdate)`
	`2897`	`+s.Run("BulkMarkNotificationMessagesSent",s.Subtest(func(_ database.Store,check*expects) {`
	`2898`	`+check.Args(database.BulkMarkNotificationMessagesSentParams{}).Asserts(rbac.ResourceNotificationMessage,policy.ActionUpdate)`
`2902`	`2899`	`}))`
`2903`		`-s.Run("DeleteOldNotificationMessages",s.Subtest(func(db database.Store,check*expects) {`
`2904`		`-// TODO: update this test once we have a specific role for notifications`
`2905`		`-check.Args().Asserts(rbac.ResourceSystem,policy.ActionDelete)`
	`2900`	`+s.Run("DeleteOldNotificationMessages",s.Subtest(func(_ database.Store,check*expects) {`
	`2901`	`+check.Args().Asserts(rbac.ResourceNotificationMessage,policy.ActionDelete)`
`2906`	`2902`	`}))`
`2907`		`-s.Run("EnqueueNotificationMessage",s.Subtest(func(db database.Store,check*expects) {`
`2908`		`-// TODO: update this test once we have a specific role for notifications`
	`2903`	`+s.Run("EnqueueNotificationMessage",s.Subtest(func(_ database.Store,check*expects) {`
`2909`	`2904`	`check.Args(database.EnqueueNotificationMessageParams{`
`2910`	`2905`	`Method:database.NotificationMethodWebhook,`
`2911`	`2906`	`Payload: []byte("{}"),`
`2912`		`-}).Asserts(rbac.ResourceSystem,policy.ActionCreate)`
	`2907`	`+}).Asserts(rbac.ResourceNotificationMessage,policy.ActionCreate)`
`2913`	`2908`	`}))`
`2914`	`2909`	`s.Run("FetchNewMessageMetadata",s.Subtest(func(db database.Store,check*expects) {`
`2915`		`-// TODO: update this test once we have a specific role for notifications`
`2916`	`2910`	`u:=dbgen.User(s.T(),db, database.User{})`
`2917`		`-check.Args(database.FetchNewMessageMetadataParams{UserID:u.ID}).Asserts(rbac.ResourceSystem,policy.ActionRead)`
	`2911`	`+check.Args(database.FetchNewMessageMetadataParams{UserID:u.ID}).Asserts(rbac.ResourceNotificationMessage,policy.ActionRead)`
`2918`	`2912`	`}))`
`2919`		`-s.Run("GetNotificationMessagesByStatus",s.Subtest(func(db database.Store,check*expects) {`
`2920`		`-// TODO: update this test once we have a specific role for notifications`
	`2913`	`+s.Run("GetNotificationMessagesByStatus",s.Subtest(func(_ database.Store,check*expects) {`
`2921`	`2914`	`check.Args(database.GetNotificationMessagesByStatusParams{`
`2922`	`2915`	`Status:database.NotificationMessageStatusLeased,`
`2923`	`2916`	`Limit:10,`
`2924`		`-}).Asserts(rbac.ResourceSystem,policy.ActionRead)`
	`2917`	`+}).Asserts(rbac.ResourceNotificationMessage,policy.ActionRead)`
`2925`	`2918`	`}))`
`2926`	`2919`
`2927`	`2920`	`// Notification templates`

`‎coderd/notifications/notifications_test.go`

Lines changed: 19 additions & 17 deletions

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ func TestBasicNotificationRoundtrip(t *testing.T) {`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`// nolint:gocritic // Unit test.`
`74`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`74`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`75`	`75`	`store,_:=dbtestutil.NewDB(t)`
`76`	`76`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`77`	`77`	`method:=database.NotificationMethodSmtp`
`@@ -135,7 +135,7 @@ func TestSMTPDispatch(t *testing.T) {`
`135`	`135`	`// SETUP`
`136`	`136`
`137`	`137`	`// nolint:gocritic // Unit test.`
`138`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`138`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`139`	`139`	`store,_:=dbtestutil.NewDB(t)`
`140`	`140`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`141`	`141`
`@@ -197,7 +197,7 @@ func TestWebhookDispatch(t *testing.T) {`
`197`	`197`	`// SETUP`
`198`	`198`
`199`	`199`	`// nolint:gocritic // Unit test.`
`200`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`200`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`201`	`201`	`store,_:=dbtestutil.NewDB(t)`
`202`	`202`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`203`	`203`
`@@ -281,7 +281,7 @@ func TestBackpressure(t *testing.T) {`
`281`	`281`	`store,_:=dbtestutil.NewDB(t)`
`282`	`282`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`283`	`283`	`// nolint:gocritic // Unit test.`
`284`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitShort))`
	`284`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitShort))`
`285`	`285`
`286`	`286`	`constmethod=database.NotificationMethodWebhook`
`287`	`287`	`cfg:=defaultNotificationsConfig(method)`
`@@ -407,7 +407,7 @@ func TestRetries(t *testing.T) {`
`407`	`407`
`408`	`408`	`constmaxAttempts=3`
`409`	`409`	`// nolint:gocritic // Unit test.`
`410`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`410`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`411`	`411`	`store,_:=dbtestutil.NewDB(t)`
`412`	`412`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`413`	`413`
`@@ -501,7 +501,7 @@ func TestExpiredLeaseIsRequeued(t *testing.T) {`
`501`	`501`	`}`
`502`	`502`
`503`	`503`	`// nolint:gocritic // Unit test.`
`504`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`504`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`505`	`505`	`store,_:=dbtestutil.NewDB(t)`
`506`	`506`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`507`	`507`
`@@ -521,7 +521,7 @@ func TestExpiredLeaseIsRequeued(t *testing.T) {`
`521`	`521`	`noopInterceptor:=newNoopStoreSyncer(store)`
`522`	`522`
`523`	`523`	`// nolint:gocritic // Unit test.`
`524`		`-mgrCtx,cancelManagerCtx:=context.WithCancel(dbauthz.AsSystemRestricted(context.Background()))`
	`524`	`+mgrCtx,cancelManagerCtx:=context.WithCancel(dbauthz.AsNotifier(context.Background()))`
`525`	`525`	`t.Cleanup(cancelManagerCtx)`
`526`	`526`
`527`	`527`	`mgr,err:=notifications.NewManager(cfg,noopInterceptor,defaultHelpers(),createMetrics(),logger.Named("manager"))`
`@@ -626,7 +626,7 @@ func TestNotifierPaused(t *testing.T) {`
`626`	`626`	`// Setup.`
`627`	`627`
`628`	`628`	`// nolint:gocritic // Unit test.`
`629`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`629`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`630`	`630`	`store,_:=dbtestutil.NewDB(t)`
`631`	`631`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`632`	`632`
`@@ -1081,7 +1081,7 @@ func TestNotificationTemplates_Golden(t *testing.T) {`
`1081`	`1081`	`}()`
`1082`	`1082`
`1083`	`1083`	`// nolint:gocritic // Unit test.`
`1084`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1084`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1085`	`1085`
`1086`	`1086`	`// smtp config shared between client and server`
`1087`	`1087`	`smtpConfig:= codersdk.NotificationsEmailConfig{`
`@@ -1160,12 +1160,14 @@ func TestNotificationTemplates_Golden(t *testing.T) {`
`1160`	`1160`	`// as appearance changes are enterprise features and we do not want to mix those`
`1161`	`1161`	`// can't use the api`
`1162`	`1162`	`iftc.appName!="" {`
`1163`		`-err= (*db).UpsertApplicationName(ctx,"Custom Application")`
	`1163`	`+// nolint:gocritic // Unit test.`
	`1164`	`+err= (*db).UpsertApplicationName(dbauthz.AsSystemRestricted(ctx),"Custom Application")`
`1164`	`1165`	`require.NoError(t,err)`
`1165`	`1166`	`}`
`1166`	`1167`
`1167`	`1168`	`iftc.logoURL!="" {`
`1168`		`-err= (*db).UpsertLogoURL(ctx,"https://custom.application/logo.png")`
	`1169`	`+// nolint:gocritic // Unit test.`
	`1170`	`+err= (*db).UpsertLogoURL(dbauthz.AsSystemRestricted(ctx),"https://custom.application/logo.png")`
`1169`	`1171`	`require.NoError(t,err)`
`1170`	`1172`	`}`
`1171`	`1173`
`@@ -1248,7 +1250,7 @@ func TestNotificationTemplates_Golden(t *testing.T) {`
`1248`	`1250`	`}()`
`1249`	`1251`
`1250`	`1252`	`// nolint:gocritic // Unit test.`
`1251`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1253`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1252`	`1254`
`1253`	`1255`	`// Spin up the mock webhook server`
`1254`	`1256`	`varbody []byte`
`@@ -1376,7 +1378,7 @@ func TestDisabledBeforeEnqueue(t *testing.T) {`
`1376`	`1378`	`}`
`1377`	`1379`
`1378`	`1380`	`// nolint:gocritic // Unit test.`
`1379`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1381`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1380`	`1382`	`store,_:=dbtestutil.NewDB(t)`
`1381`	`1383`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`1382`	`1384`
`@@ -1412,7 +1414,7 @@ func TestDisabledAfterEnqueue(t *testing.T) {`
`1412`	`1414`	`}`
`1413`	`1415`
`1414`	`1416`	`// nolint:gocritic // Unit test.`
`1415`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1417`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1416`	`1418`	`store,_:=dbtestutil.NewDB(t)`
`1417`	`1419`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`1418`	`1420`
`@@ -1469,7 +1471,7 @@ func TestCustomNotificationMethod(t *testing.T) {`
`1469`	`1471`	`}`
`1470`	`1472`
`1471`	`1473`	`// nolint:gocritic // Unit test.`
`1472`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1474`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1473`	`1475`	`store,_:=dbtestutil.NewDB(t)`
`1474`	`1476`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`1475`	`1477`
`@@ -1573,7 +1575,7 @@ func TestNotificationsTemplates(t *testing.T) {`
`1573`	`1575`	`}`
`1574`	`1576`
`1575`	`1577`	`// nolint:gocritic // Unit test.`
`1576`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1578`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1577`	`1579`	`api:=coderdtest.New(t,createOpts(t))`
`1578`	`1580`
`1579`	`1581`	`// GIVEN: the first user (owner) and a regular member`
`@@ -1610,7 +1612,7 @@ func TestNotificationDuplicates(t *testing.T) {`
`1610`	`1612`	`}`
`1611`	`1613`
`1612`	`1614`	`// nolint:gocritic // Unit test.`
`1613`		`-ctx:=dbauthz.AsSystemRestricted(testutil.Context(t,testutil.WaitSuperLong))`
	`1615`	`+ctx:=dbauthz.AsNotifier(testutil.Context(t,testutil.WaitSuperLong))`
`1614`	`1616`	`store,_:=dbtestutil.NewDB(t)`
`1615`	`1617`	`logger:=slogtest.Make(t,nil).Leveled(slog.LevelDebug)`
`1616`	`1618`

`‎coderd/rbac/object_gen.go`

Lines changed: 11 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/rbac/policy/policy.go`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -262,6 +262,14 @@ var RBACPermissions = map[string]PermissionDefinition{`
`262`	`262`	`ActionDelete:actDef(""),`
`263`	`263`	`},`
`264`	`264`	`},`
	`265`	`+"notification_message": {`
	`266`	`+Actions:map[Action]ActionDefinition{`
	`267`	`+ActionCreate:actDef("create notification messages"),`
	`268`	`+ActionRead:actDef("read notification messages"),`
	`269`	`+ActionUpdate:actDef("update notification messages"),`
	`270`	`+ActionDelete:actDef("delete notification messages"),`
	`271`	`+},`
	`272`	`+},`
`265`	`273`	`"notification_template": {`
`266`	`274`	`Actions:map[Action]ActionDefinition{`
`267`	`275`	`ActionRead:actDef("read notification templates"),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit330acd1

File tree

16 files changed

16 files changed

`‎cli/server.go`

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/notifications/notifications_test.go`

`‎coderd/rbac/object_gen.go`

`‎coderd/rbac/policy/policy.go`

0 commit comments