NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit6ea0336

committed

Review feedback

Signed-off-by: Danny Kopping <danny@coder.com>

1 parent7ee541b commit6ea0336Copy full SHA for 6ea0336

File tree

5 files changed

-38

lines changed

coderd
- database
  - dbauthz
    - dbauthz.go
  - migrations
- rbac
  - roles_test.go

5 files changed

-38

lines changed

`‎coderd/database/dbauthz/dbauthz.go‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1483,6 +1483,8 @@ func (q *querier) GetNotificationTemplateByID(ctx context.Context, id uuid.UUID)`
`1483`	`1483`
`1484`	`1484`	`func (q*querier)GetNotificationTemplatesByKind(ctx context.Context,kind database.NotificationTemplateKind) ([]database.NotificationTemplate,error) {`
`1485`	`1485`	`// TODO: restrict 'system' kind to admins only?`
	`1486`	`+// All notification templates share the same rbac.Object, so there is no need`
	`1487`	`+// to authorize them individually. If this passes, all notification templates can be read.`
`1486`	`1488`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceNotificationTemplate);err!=nil {`
`1487`	`1489`	`returnnil,err`
`1488`	`1490`	`}`

`‎coderd/database/migrations/000237_notification_preferences.down.sql‎renamed to ‎coderd/database/migrations/000238_notification_preferences.down.sql‎`

File renamed without changes.

`‎coderd/database/migrations/000237_notification_preferences.up.sql‎renamed to ‎coderd/database/migrations/000238_notification_preferences.up.sql‎`

Lines changed: 0 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,10 +8,6 @@ CREATE TABLE notification_preferences`
`8`	`8`	`PRIMARY KEY (user_id, notification_template_id)`
`9`	`9`	`);`
`10`	`10`
`11`		`--- Ensure we cannot insert multiple entries for the same user/template combination.`
`12`		`-ALTERTABLE notification_preferences`
`13`		`-ADDCONSTRAINT unique_user_notification_template UNIQUE (user_id, notification_template_id);`
`14`		`-`
`15`	`11`	`-- Add a new type (to be expanded upon later) which specifies the kind of notification template.`
`16`	`12`	`CREATETYPEnotification_template_kindAS ENUM (`
`17`	`13`	`'system'`

`‎coderd/database/migrations/testdata/fixtures/000237_notifications_preferences.up.sql‎renamed to ‎coderd/database/migrations/testdata/fixtures/000238_notifications_preferences.up.sql‎`

File renamed without changes.

`‎coderd/rbac/roles_test.go‎`

Lines changed: 3 additions & 34 deletions

Original file line number	Diff line number	Diff line change
`@@ -627,12 +627,12 @@ func TestRolePermissions(t *testing.T) {`
`627`	`627`	`// Members may not access other members' preferences`
`628`	`628`	`Name:"NotificationPreferencesOtherUser",`
`629`	`629`	`Actions: []policy.Action{policy.ActionRead,policy.ActionUpdate},`
`630`		`-Resource:rbac.ResourceNotificationPreference.InOrg(orgID).WithOwner(uuid.NewString()),// some other user`
	`630`	`+Resource:rbac.ResourceNotificationPreference.WithOwner(uuid.NewString()),// some other user`
`631`	`631`	`AuthorizeMap:map[bool][]hasAuthSubjects{`
`632`		`-true: {orgAdmin,owner},`
	`632`	`+true: {owner},`
`633`	`633`	`false: {`
`634`	`634`	`memberMe,templateAdmin,orgUserAdmin,userAdmin,`
`635`		`-orgAuditor,orgTemplateAdmin,`
	`635`	`+orgAdmin,orgAuditor,orgTemplateAdmin,`
`636`	`636`	`otherOrgMember,otherOrgAuditor,otherOrgUserAdmin,otherOrgTemplateAdmin,`
`637`	`637`	`otherOrgAdmin,orgMemberMe,`
`638`	`638`	`},`
`@@ -678,37 +678,6 @@ func TestRolePermissions(t *testing.T) {`
`678`	`678`	`},`
`679`	`679`	`},`
`680`	`680`	`},`
`681`		`-{`
`682`		`-// Notification preferences are currently not organization-scoped`
`683`		`-// Any owner/admin across any organization may access any users' preferences`
`684`		`-// Members may access their own preferences`
`685`		`-Name:"NotificationPreferencesAnyOrg",`
`686`		`-Actions: []policy.Action{policy.ActionRead,policy.ActionUpdate},`
`687`		`-Resource:rbac.ResourceNotificationPreference.AnyOrganization().WithOwner(currentUser.String()),`
`688`		`-AuthorizeMap:map[bool][]hasAuthSubjects{`
`689`		`-true: {orgMemberMe,orgAdmin,otherOrgAdmin,owner},`
`690`		`-false: {`
`691`		`-memberMe,templateAdmin,otherOrgUserAdmin,userAdmin,orgUserAdmin,`
`692`		`-orgAuditor,orgTemplateAdmin,`
`693`		`-otherOrgMember,otherOrgAuditor,otherOrgTemplateAdmin,`
`694`		`-},`
`695`		`-},`
`696`		`-},`
`697`		`-{`
`698`		`-// Notification templates are currently not organization-scoped`
`699`		`-// Any owner/admin across any organization may access notification templates`
`700`		`-Name:"NotificationTemplateAnyOrg",`
`701`		`-Actions: []policy.Action{policy.ActionRead,policy.ActionUpdate},`
`702`		`-Resource:rbac.ResourceNotificationPreference.AnyOrganization(),`
`703`		`-AuthorizeMap:map[bool][]hasAuthSubjects{`
`704`		`-true: {orgAdmin,otherOrgAdmin,owner},`
`705`		`-false: {`
`706`		`-orgMemberMe,memberMe,templateAdmin,orgUserAdmin,userAdmin,`
`707`		`-orgAuditor,orgTemplateAdmin,`
`708`		`-otherOrgMember,otherOrgAuditor,otherOrgUserAdmin,otherOrgTemplateAdmin,`
`709`		`-},`
`710`		`-},`
`711`		`-},`
`712`	`681`	`}`
`713`	`682`
`714`	`683`	`// We expect every permission to be tested above.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6ea0336

File tree

5 files changed

5 files changed

`‎coderd/database/dbauthz/dbauthz.go‎`

`‎coderd/database/migrations/000237_notification_preferences.down.sql‎renamed to ‎coderd/database/migrations/000238_notification_preferences.down.sql‎`

`‎coderd/database/migrations/000237_notification_preferences.up.sql‎renamed to ‎coderd/database/migrations/000238_notification_preferences.up.sql‎`

`‎coderd/database/migrations/testdata/fixtures/000237_notifications_preferences.up.sql‎renamed to ‎coderd/database/migrations/testdata/fixtures/000238_notifications_preferences.up.sql‎`

`‎coderd/rbac/roles_test.go‎`

0 commit comments