NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit52835d5

committed

chore: rolestore to handle custom org roles

1 parent520d32e commit52835d5Copy full SHA for 52835d5

File tree

8 files changed

+69

-11

lines changed

cli
- organizationroles_test.go
coderd
- database
  - dbmem
    - dbmem.go
  - queries
    - roles.sql
  - queries.sql.go
- rbac/rolestore
  - rolestore.go
  - rolestore_test.go
- roles.go
- roles_test.go

8 files changed

+69

-11

lines changed

`‎cli/organizationroles_test.go`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ import (`
`11`	`11`	`"github.com/coder/coder/v2/coderd/coderdtest"`
`12`	`12`	`"github.com/coder/coder/v2/coderd/database"`
`13`	`13`	`"github.com/coder/coder/v2/coderd/database/dbgen"`
	`14`	`+"github.com/coder/coder/v2/coderd/rbac"`
`14`	`15`	`"github.com/coder/coder/v2/testutil"`
`15`	`16`	`)`
`16`	`17`
`@@ -20,8 +21,9 @@ func TestShowOrganizationRoles(t *testing.T) {`
`20`	`21`	`t.Run("OK",func(t*testing.T) {`
`21`	`22`	`t.Parallel()`
`22`	`23`
`23`		`-client,db:=coderdtest.NewWithDatabase(t,&coderdtest.Options{})`
`24`		`-owner:=coderdtest.CreateFirstUser(t,client)`
	`24`	`+ownerClient,db:=coderdtest.NewWithDatabase(t,&coderdtest.Options{})`
	`25`	`+owner:=coderdtest.CreateFirstUser(t,ownerClient)`
	`26`	`+client,_:=coderdtest.CreateAnotherUser(t,ownerClient,owner.OrganizationID,rbac.RoleUserAdmin())`
`25`	`27`
`26`	`28`	`constexpectedRole="test-role"`
`27`	`29`	`dbgen.CustomRole(t,db, database.CustomRole{`
`@@ -36,7 +38,6 @@ func TestShowOrganizationRoles(t *testing.T) {`
`36`	`38`	`},`
`37`	`39`	`})`
`38`	`40`
`39`		`-// Requires an owner`
`40`	`41`	`ctx:=testutil.Context(t,testutil.WaitMedium)`
`41`	`42`	`inv,root:=clitest.New(t,"organization","roles","show")`
`42`	`43`	`clitest.SetupConfig(t,client,root)`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1187,7 +1187,11 @@ func (q *FakeQuerier) CustomRoles(_ context.Context, arg database.CustomRolesPar`
`1187`	`1187`	`role:=role`
`1188`	`1188`	`iflen(arg.LookupRoles)>0 {`
`1189`	`1189`	`if!slices.ContainsFunc(arg.LookupRoles,func(sstring)bool {`
`1190`		`-returnstrings.EqualFold(s,role.Name)`
	`1190`	`+roleName:=rbac.RoleName(role.Name,"")`
	`1191`	`+ifrole.OrganizationID.UUID!=uuid.Nil {`
	`1192`	`+roleName=rbac.RoleName(role.Name,role.OrganizationID.UUID.String())`
	`1193`	`+}`
	`1194`	`+returnstrings.EqualFold(s,roleName)`
`1191`	`1195`	`}) {`
`1192`	`1196`	`continue`
`1193`	`1197`	`}`

`‎coderd/database/queries.sql.go`

Lines changed: 6 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/roles.sql`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,10 +5,13 @@ FROM`
`5`	`5`	`custom_roles`
`6`	`6`	`WHERE`
`7`	`7`	`true`
`8`		`--- Lookup roles filter`
	`8`	`+-- Lookup roles filter expects the role names to be in the rbac package`
	`9`	`+-- format. Eg: name[:<organization_id>]`
`9`	`10`	`AND CASE WHEN array_length(@lookup_roles ::text[],1)>0 THEN`
`10`		`--- Case insensitive`
`11`		`-name ILIKE ANY(@lookup_roles ::text [])`
	`11`	`+-- Case insensitive lookup with org_id appended (if non-null).`
	`12`	`+-- This will return just the name if org_id is null. It'll append`
	`13`	`+-- the org_id if not null`
	`14`	`+concat(name, NULLIF(concat(':', organization_id),':')) ILIKE ANY(@lookup_roles ::text [])`
`12`	`15`	`ELSE true`
`13`	`16`	`END`
`14`	`17`	`-- Org scoping filter, to only fetch site wide roles`

`‎coderd/rbac/rolestore/rolestore.go`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,7 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,`
`76`	`76`	`dbroles,err:=db.CustomRoles(ctx, database.CustomRolesParams{`
`77`	`77`	`LookupRoles:lookup,`
`78`	`78`	`ExcludeOrgRoles:false,`
	`79`	`+OrganizationID:uuid.Nil,`
`79`	`80`	`})`
`80`	`81`	`iferr!=nil {`
`81`	`82`	`returnnil,xerrors.Errorf("fetch custom roles: %w",err)`

`‎coderd/rbac/rolestore/rolestore_test.go`

Lines changed: 41 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,41 @@`
	`1`	`+package rolestore_test`
	`2`	`+`
	`3`	`+import (`
	`4`	`+"testing"`
	`5`	`+`
	`6`	`+"github.com/google/uuid"`
	`7`	`+"github.com/stretchr/testify/require"`
	`8`	`+`
	`9`	`+"github.com/coder/coder/v2/coderd/database"`
	`10`	`+"github.com/coder/coder/v2/coderd/database/dbgen"`
	`11`	`+"github.com/coder/coder/v2/coderd/database/dbmem"`
	`12`	`+"github.com/coder/coder/v2/coderd/rbac"`
	`13`	`+"github.com/coder/coder/v2/coderd/rbac/rolestore"`
	`14`	`+"github.com/coder/coder/v2/testutil"`
	`15`	`+)`
	`16`	`+`
	`17`	`+funcTestExpandCustomRoleRoles(t*testing.T) {`
	`18`	`+t.Parallel()`
	`19`	`+`
	`20`	`+db:=dbmem.New()`
	`21`	`+`
	`22`	`+org:=dbgen.Organization(t,db, database.Organization{})`
	`23`	`+`
	`24`	`+constroleName="test-role"`
	`25`	`+dbgen.CustomRole(t,db, database.CustomRole{`
	`26`	`+Name:roleName,`
	`27`	`+DisplayName:"",`
	`28`	`+SitePermissions:nil,`
	`29`	`+OrgPermissions:nil,`
	`30`	`+UserPermissions:nil,`
	`31`	`+OrganizationID: uuid.NullUUID{`
	`32`	`+UUID:org.ID,`
	`33`	`+Valid:true,`
	`34`	`+},`
	`35`	`+})`
	`36`	`+`
	`37`	`+ctx:=testutil.Context(t,testutil.WaitShort)`
	`38`	`+roles,err:=rolestore.Expand(ctx,db, []string{rbac.RoleName(roleName,org.ID.String())})`
	`39`	`+require.NoError(t,err)`
	`40`	`+require.Len(t,roles,1,"role found")`
	`41`	`+}`

`‎coderd/roles.go`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,8 @@ package coderd`
`3`	`3`	`import (`
`4`	`4`	`"net/http"`
`5`	`5`
	`6`	`+"github.com/google/uuid"`
	`7`	`+`
`6`	`8`	`"github.com/coder/coder/v2/coderd/database"`
`7`	`9`	`"github.com/coder/coder/v2/coderd/database/db2sdk"`
`8`	`10`	`"github.com/coder/coder/v2/coderd/httpmw"`
`@@ -32,9 +34,10 @@ func (api API) AssignableSiteRoles(rw http.ResponseWriter, r http.Request) {`
`32`	`34`	`}`
`33`	`35`
`34`	`36`	`dbCustomRoles,err:=api.Database.CustomRoles(ctx, database.CustomRolesParams{`
	`37`	`+LookupRoles:nil,`
`35`	`38`	`// Only site wide custom roles to be included`
`36`	`39`	`ExcludeOrgRoles:true,`
`37`		`-LookupRoles:nil,`
	`40`	`+OrganizationID:uuid.Nil,`
`38`	`41`	`})`
`39`	`42`	`iferr!=nil {`
`40`	`43`	`httpapi.InternalServerError(rw,err)`

`‎coderd/roles_test.go`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -164,6 +164,8 @@ func TestListCustomRoles(t *testing.T) {`
`164`	`164`	`t.Parallel()`
`165`	`165`
`166`	`166`	`t.Run("Organizations",func(t*testing.T) {`
	`167`	`+t.Parallel()`
	`168`	`+`
`167`	`169`	`client,db:=coderdtest.NewWithDatabase(t,nil)`
`168`	`170`	`owner:=coderdtest.CreateFirstUser(t,client)`
`169`	`171`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit52835d5

File tree

8 files changed

8 files changed

`‎cli/organizationroles_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/roles.sql`

`‎coderd/rbac/rolestore/rolestore.go`

`‎coderd/rbac/rolestore/rolestore_test.go`

`‎coderd/roles.go`

`‎coderd/roles_test.go`

0 commit comments