NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit58428aa

authored

fix: allow all users to read system notification templates (#14181)

1 parent70a694e commit58428aaCopy full SHA for 58428aa

File tree

3 files changed

+48

-7

lines changed

coderd
- database/dbauthz
  - dbauthz.go
  - dbauthz_test.go
- notifications
  - notifications_test.go

3 files changed

+48

-7

lines changed

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 6 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1489,13 +1489,13 @@ func (q *querier) GetNotificationTemplateByID(ctx context.Context, id uuid.UUID)`
`1489`	`1489`	`}`
`1490`	`1490`
`1491`	`1491`	`func (q*querier)GetNotificationTemplatesByKind(ctx context.Context,kind database.NotificationTemplateKind) ([]database.NotificationTemplate,error) {`
`1492`		`-// TODO: restrict 'system' kind to admins only?`
`1493`		`-// All notification templates share the same rbac.Object, so there is no need`
`1494`		`-// to authorize them individually. If this passes, all notification templates can be read.`
`1495`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceNotificationTemplate);err!=nil {`
`1496`		`-returnnil,err`
	`1492`	`+// Anyone can read the system notification templates.`
	`1493`	`+ifkind==database.NotificationTemplateKindSystem {`
	`1494`	`+returnq.db.GetNotificationTemplatesByKind(ctx,kind)`
`1497`	`1495`	`}`
`1498`		`-returnq.db.GetNotificationTemplatesByKind(ctx,kind)`
	`1496`	`+`
	`1497`	`+// TODO(dannyk): handle template ownership when we support user-default notification templates.`
	`1498`	`+returnnil,sql.ErrNoRows`
`1499`	`1499`	`}`
`1500`	`1500`
`1501`	`1501`	`func (q*querier)GetNotificationsSettings(ctx context.Context) (string,error) {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2610,8 +2610,10 @@ func (s *MethodTestSuite) TestNotifications() {`
`2610`	`2610`	`}))`
`2611`	`2611`	`s.Run("GetNotificationTemplatesByKind",s.Subtest(func(db database.Store,check*expects) {`
`2612`	`2612`	`check.Args(database.NotificationTemplateKindSystem).`
`2613`		`-Asserts(rbac.ResourceNotificationTemplate,policy.ActionRead).`
	`2613`	`+Asserts().`
`2614`	`2614`	`Errors(dbmem.ErrUnimplemented)`
	`2615`	`+`
	`2616`	`+// TODO(dannyk): add support for other database.NotificationTemplateKind types once implemented.`
`2615`	`2617`	`}))`
`2616`	`2618`	`s.Run("UpdateNotificationTemplateMethodByID",s.Subtest(func(db database.Store,check*expects) {`
`2617`	`2619`	`check.Args(database.UpdateNotificationTemplateMethodByIDParams{`

`‎coderd/notifications/notifications_test.go`

Lines changed: 39 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -24,13 +24,15 @@ import (`
`24`	`24`
`25`	`25`	`"github.com/coder/serpent"`
`26`	`26`
	`27`	`+"github.com/coder/coder/v2/coderd/coderdtest"`
`27`	`28`	`"github.com/coder/coder/v2/coderd/database"`
`28`	`29`	`"github.com/coder/coder/v2/coderd/database/dbgen"`
`29`	`30`	`"github.com/coder/coder/v2/coderd/database/dbtestutil"`
`30`	`31`	`"github.com/coder/coder/v2/coderd/notifications"`
`31`	`32`	`"github.com/coder/coder/v2/coderd/notifications/dispatch"`
`32`	`33`	`"github.com/coder/coder/v2/coderd/notifications/render"`
`33`	`34`	`"github.com/coder/coder/v2/coderd/notifications/types"`
	`35`	`+"github.com/coder/coder/v2/coderd/rbac"`
`34`	`36`	`"github.com/coder/coder/v2/coderd/util/syncmap"`
`35`	`37`	`"github.com/coder/coder/v2/codersdk"`
`36`	`38`	`"github.com/coder/coder/v2/testutil"`
`@@ -893,6 +895,43 @@ func TestCustomNotificationMethod(t *testing.T) {`
`893`	`895`	`},testutil.WaitLong,testutil.IntervalFast)`
`894`	`896`	`}`
`895`	`897`
	`898`	`+funcTestNotificationsTemplates(t*testing.T) {`
	`899`	`+t.Parallel()`
	`900`	`+`
	`901`	`+// SETUP`
	`902`	`+if!dbtestutil.WillUsePostgres() {`
	`903`	`+// Notification system templates are only served from the database and not dbmem at this time.`
	`904`	`+t.Skip("This test requires postgres; it relies on business-logic only implemented in the database")`
	`905`	`+}`
	`906`	`+`
	`907`	`+ctx:=testutil.Context(t,testutil.WaitLong)`
	`908`	`+api:=coderdtest.New(t,createOpts(t))`
	`909`	`+`
	`910`	`+// GIVEN: the first user (owner) and a regular member`
	`911`	`+firstUser:=coderdtest.CreateFirstUser(t,api)`
	`912`	`+memberClient,_:=coderdtest.CreateAnotherUser(t,api,firstUser.OrganizationID,rbac.RoleMember())`
	`913`	`+`
	`914`	`+// WHEN: requesting system notification templates as owner should work`
	`915`	`+templates,err:=api.GetSystemNotificationTemplates(ctx)`
	`916`	`+require.NoError(t,err)`
	`917`	`+require.True(t,len(templates)>1)`
	`918`	`+`
	`919`	`+// WHEN: requesting system notification templates as member should work`
	`920`	`+templates,err=memberClient.GetSystemNotificationTemplates(ctx)`
	`921`	`+require.NoError(t,err)`
	`922`	`+require.True(t,len(templates)>1)`
	`923`	`+}`
	`924`	`+`
	`925`	`+funccreateOpts(ttesting.T)coderdtest.Options {`
	`926`	`+t.Helper()`
	`927`	`+`
	`928`	`+dt:=coderdtest.DeploymentValues(t)`
	`929`	`+dt.Experiments= []string{string(codersdk.ExperimentNotifications)}`
	`930`	`+return&coderdtest.Options{`
	`931`	`+DeploymentValues:dt,`
	`932`	`+}`
	`933`	`+}`
	`934`	`+`
`896`	`935`	`typefakeHandlerstruct {`
`897`	`936`	`mu sync.RWMutex`
`898`	`937`	`succeeded,failed []string`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit58428aa

File tree

3 files changed

3 files changed

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/notifications/notifications_test.go`

0 commit comments