Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit769ac83

Browse files
committed
more fixups
1 parent7ee9294 commit769ac83

File tree

7 files changed

+72
-73
lines changed

7 files changed

+72
-73
lines changed

‎coderd/database/dbauthz/dbauthz.go‎

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -307,9 +307,9 @@ func As(ctx context.Context, actor rbac.Subject) context.Context {
307307
// running the insertFunc. The insertFunc is expected to return the object that
308308
// was inserted.
309309
funcinsert[
310-
ObjectTypeany,
311-
ArgumentTypeany,
312-
Insertfunc(ctx context.Context,argArgumentType) (ObjectType,error),
310+
ObjectTypeany,
311+
ArgumentTypeany,
312+
Insertfunc(ctx context.Context,argArgumentType) (ObjectType,error),
313313
](
314314
logger slog.Logger,
315315
authorizer rbac.Authorizer,
@@ -320,9 +320,9 @@ Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
320320
}
321321

322322
funcinsertWithAction[
323-
ObjectTypeany,
324-
ArgumentTypeany,
325-
Insertfunc(ctx context.Context,argArgumentType) (ObjectType,error),
323+
ObjectTypeany,
324+
ArgumentTypeany,
325+
Insertfunc(ctx context.Context,argArgumentType) (ObjectType,error),
326326
](
327327
logger slog.Logger,
328328
authorizer rbac.Authorizer,
@@ -349,10 +349,10 @@ Insert func(ctx context.Context, arg ArgumentType) (ObjectType, error),
349349
}
350350

351351
funcdeleteQ[
352-
ObjectType rbac.Objecter,
353-
ArgumentTypeany,
354-
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
355-
Deletefunc(ctx context.Context,argArgumentType)error,
352+
ObjectType rbac.Objecter,
353+
ArgumentTypeany,
354+
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
355+
Deletefunc(ctx context.Context,argArgumentType)error,
356356
](
357357
logger slog.Logger,
358358
authorizer rbac.Authorizer,
@@ -364,10 +364,10 @@ Delete func(ctx context.Context, arg ArgumentType) error,
364364
}
365365

366366
funcupdateWithReturn[
367-
ObjectType rbac.Objecter,
368-
ArgumentTypeany,
369-
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
370-
UpdateQueryfunc(ctx context.Context,argArgumentType) (ObjectType,error),
367+
ObjectType rbac.Objecter,
368+
ArgumentTypeany,
369+
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
370+
UpdateQueryfunc(ctx context.Context,argArgumentType) (ObjectType,error),
371371
](
372372
logger slog.Logger,
373373
authorizer rbac.Authorizer,
@@ -378,10 +378,10 @@ UpdateQuery func(ctx context.Context, arg ArgumentType) (ObjectType, error),
378378
}
379379

380380
funcupdate[
381-
ObjectType rbac.Objecter,
382-
ArgumentTypeany,
383-
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
384-
Execfunc(ctx context.Context,argArgumentType)error,
381+
ObjectType rbac.Objecter,
382+
ArgumentTypeany,
383+
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
384+
Execfunc(ctx context.Context,argArgumentType)error,
385385
](
386386
logger slog.Logger,
387387
authorizer rbac.Authorizer,
@@ -399,9 +399,9 @@ Exec func(ctx context.Context, arg ArgumentType) error,
399399
// user cannot read the resource. This is because the resource details are
400400
// required to run a proper authorization check.
401401
funcfetchWithAction[
402-
ArgumentTypeany,
403-
ObjectType rbac.Objecter,
404-
DatabaseFuncfunc(ctx context.Context,argArgumentType) (ObjectType,error),
402+
ArgumentTypeany,
403+
ObjectType rbac.Objecter,
404+
DatabaseFuncfunc(ctx context.Context,argArgumentType) (ObjectType,error),
405405
](
406406
logger slog.Logger,
407407
authorizer rbac.Authorizer,
@@ -432,9 +432,9 @@ DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
432432
}
433433

434434
funcfetch[
435-
ArgumentTypeany,
436-
ObjectType rbac.Objecter,
437-
DatabaseFuncfunc(ctx context.Context,argArgumentType) (ObjectType,error),
435+
ArgumentTypeany,
436+
ObjectType rbac.Objecter,
437+
DatabaseFuncfunc(ctx context.Context,argArgumentType) (ObjectType,error),
438438
](
439439
logger slog.Logger,
440440
authorizer rbac.Authorizer,
@@ -447,10 +447,10 @@ DatabaseFunc func(ctx context.Context, arg ArgumentType) (ObjectType, error),
447447
// from SQL 'exec' functions which only return an error.
448448
// See fetchAndQuery for more information.
449449
funcfetchAndExec[
450-
ObjectType rbac.Objecter,
451-
ArgumentTypeany,
452-
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
453-
Execfunc(ctx context.Context,argArgumentType)error,
450+
ObjectType rbac.Objecter,
451+
ArgumentTypeany,
452+
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
453+
Execfunc(ctx context.Context,argArgumentType)error,
454454
](
455455
logger slog.Logger,
456456
authorizer rbac.Authorizer,
@@ -473,10 +473,10 @@ Exec func(ctx context.Context, arg ArgumentType) error,
473473
// **before** the query runs. The returns from the fetch are only used to
474474
// assert rbac. The final return of this function comes from the Query function.
475475
funcfetchAndQuery[
476-
ObjectType rbac.Objecter,
477-
ArgumentTypeany,
478-
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
479-
Queryfunc(ctx context.Context,argArgumentType) (ObjectType,error),
476+
ObjectType rbac.Objecter,
477+
ArgumentTypeany,
478+
Fetchfunc(ctx context.Context,argArgumentType) (ObjectType,error),
479+
Queryfunc(ctx context.Context,argArgumentType) (ObjectType,error),
480480
](
481481
logger slog.Logger,
482482
authorizer rbac.Authorizer,
@@ -510,9 +510,9 @@ Query func(ctx context.Context, arg ArgumentType) (ObjectType, error),
510510
// fetchWithPostFilter is like fetch, but works with lists of objects.
511511
// SQL filters are much more optimal.
512512
funcfetchWithPostFilter[
513-
ArgumentTypeany,
514-
ObjectType rbac.Objecter,
515-
DatabaseFuncfunc(ctx context.Context,argArgumentType) ([]ObjectType,error),
513+
ArgumentTypeany,
514+
ObjectType rbac.Objecter,
515+
DatabaseFuncfunc(ctx context.Context,argArgumentType) ([]ObjectType,error),
516516
](
517517
authorizer rbac.Authorizer,
518518
action policy.Action,

‎coderd/rbac/authz_internal_test.go‎

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -394,7 +394,7 @@ func TestAuthorizeDomain(t *testing.T) {
394394
ID:"me",
395395
Scope:must(ExpandScope(ScopeAll)),
396396
Roles:Roles{{
397-
Name:"deny-all",
397+
Name:RoleIdentifier{Name:"deny-all"},
398398
// List out deny permissions explicitly
399399
Site: []Permission{
400400
{
@@ -607,7 +607,7 @@ func TestAuthorizeDomain(t *testing.T) {
607607
Scope:must(ExpandScope(ScopeAll)),
608608
Roles:Roles{
609609
{
610-
Name:"ReadOnlyOrgAndUser",
610+
Name:RoleIdentifier{Name:"ReadOnlyOrgAndUser"},
611611
Site: []Permission{},
612612
Org:map[string][]Permission{
613613
defOrg.String(): {{
@@ -701,7 +701,7 @@ func TestAuthorizeLevels(t *testing.T) {
701701
Roles:Roles{
702702
must(RoleByName(RoleOwner())),
703703
{
704-
Name:"org-deny:"+defOrg.String(),
704+
Name:RoleIdentifier{Name:"org-deny:",OrganizationID:defOrg},
705705
Org:map[string][]Permission{
706706
defOrg.String(): {
707707
{
@@ -713,7 +713,7 @@ func TestAuthorizeLevels(t *testing.T) {
713713
},
714714
},
715715
{
716-
Name:"user-deny-all",
716+
Name:RoleIdentifier{Name:"user-deny-all"},
717717
// List out deny permissions explicitly
718718
User: []Permission{
719719
{
@@ -761,7 +761,7 @@ func TestAuthorizeLevels(t *testing.T) {
761761
Scope:must(ExpandScope(ScopeAll)),
762762
Roles:Roles{
763763
{
764-
Name:"site-noise",
764+
Name:RoleIdentifier{Name:"site-noise"},
765765
Site: []Permission{
766766
{
767767
Negate:true,
@@ -772,7 +772,7 @@ func TestAuthorizeLevels(t *testing.T) {
772772
},
773773
must(RoleByName(ScopedRoleOrgAdmin(defOrg))),
774774
{
775-
Name:"user-deny-all",
775+
Name:RoleIdentifier{Name:"user-deny-all"},
776776
// List out deny permissions explicitly
777777
User: []Permission{
778778
{
@@ -896,7 +896,7 @@ func TestAuthorizeScope(t *testing.T) {
896896
},
897897
Scope:Scope{
898898
Role:Role{
899-
Name:"workspace_agent",
899+
Name:RoleIdentifier{Name:"workspace_agent"},
900900
DisplayName:"Workspace Agent",
901901
Site:Permissions(map[string][]policy.Action{
902902
// Only read access for workspaces.
@@ -985,7 +985,7 @@ func TestAuthorizeScope(t *testing.T) {
985985
},
986986
Scope:Scope{
987987
Role:Role{
988-
Name:"create_workspace",
988+
Name:RoleIdentifier{Name:"create_workspace"},
989989
DisplayName:"Create Workspace",
990990
Site:Permissions(map[string][]policy.Action{
991991
// Only read access for workspaces.

‎coderd/rbac/rolestore/rolestore_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ func TestExpandCustomRoleRoles(t *testing.T) {
3535
})
3636

3737
ctx:=testutil.Context(t,testutil.WaitShort)
38-
roles,err:=rolestore.Expand(ctx,db, []string{rbac.RoleIdentifier(roleName,org.ID.String())})
38+
roles,err:=rolestore.Expand(ctx,db, []rbac.RoleIdentifier{{Name:roleName,OrganizationID:org.ID}})
3939
require.NoError(t,err)
4040
require.Len(t,roles,1,"role found")
4141
}

‎coderd/roles_test.go‎

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -51,20 +51,20 @@ func TestListRoles(t *testing.T) {
5151
x,err:=member.ListSiteRoles(ctx)
5252
returnx,err
5353
},
54-
ExpectedRoles:convertRoles(map[string]bool{
55-
"owner":false,
56-
"auditor":false,
57-
"template-admin":false,
58-
"user-admin":false,
54+
ExpectedRoles:convertRoles(map[rbac.RoleIdentifier]bool{
55+
rbac.RoleIdentifier{Name:codersdk.RoleOwner}:false,
56+
rbac.RoleIdentifier{Name:codersdk.RoleAuditor}:false,
57+
rbac.RoleIdentifier{Name:codersdk.RoleTemplateAdmin}:false,
58+
rbac.RoleIdentifier{Name:codersdk.RoleUserAdmin}:false,
5959
}),
6060
},
6161
{
6262
Name:"OrgMemberListOrg",
6363
APICall:func(ctx context.Context) ([]codersdk.AssignableRoles,error) {
6464
returnmember.ListOrganizationRoles(ctx,owner.OrganizationID)
6565
},
66-
ExpectedRoles:convertRoles(map[string]bool{
67-
rbac.ScopedRoleOrgAdmin(owner.OrganizationID):false,
66+
ExpectedRoles:convertRoles(map[rbac.RoleIdentifier]bool{
67+
rbac.RoleIdentifier{Name:codersdk.RoleOrganizationAdmin,OrganizationID:owner.OrganizationID}:false,
6868
}),
6969
},
7070
{
@@ -80,20 +80,20 @@ func TestListRoles(t *testing.T) {
8080
APICall:func(ctx context.Context) ([]codersdk.AssignableRoles,error) {
8181
returnorgAdmin.ListSiteRoles(ctx)
8282
},
83-
ExpectedRoles:convertRoles(map[string]bool{
84-
"owner":false,
85-
"auditor":false,
86-
"template-admin":false,
87-
"user-admin":false,
83+
ExpectedRoles:convertRoles(map[rbac.RoleIdentifier]bool{
84+
rbac.RoleIdentifier{Name:codersdk.RoleOwner}:false,
85+
rbac.RoleIdentifier{Name:codersdk.RoleAuditor}:false,
86+
rbac.RoleIdentifier{Name:codersdk.RoleTemplateAdmin}:false,
87+
rbac.RoleIdentifier{Name:codersdk.RoleUserAdmin}:false,
8888
}),
8989
},
9090
{
9191
Name:"OrgAdminListOrg",
9292
APICall:func(ctx context.Context) ([]codersdk.AssignableRoles,error) {
9393
returnorgAdmin.ListOrganizationRoles(ctx,owner.OrganizationID)
9494
},
95-
ExpectedRoles:convertRoles(map[string]bool{
96-
rbac.ScopedRoleOrgAdmin(owner.OrganizationID):true,
95+
ExpectedRoles:convertRoles(map[rbac.RoleIdentifier]bool{
96+
rbac.RoleIdentifier{Name:codersdk.RoleOrganizationAdmin,OrganizationID:owner.OrganizationID}:true,
9797
}),
9898
},
9999
{
@@ -109,20 +109,20 @@ func TestListRoles(t *testing.T) {
109109
APICall:func(ctx context.Context) ([]codersdk.AssignableRoles,error) {
110110
returnclient.ListSiteRoles(ctx)
111111
},
112-
ExpectedRoles:convertRoles(map[string]bool{
113-
"owner":true,
114-
"auditor":true,
115-
"template-admin":true,
116-
"user-admin":true,
112+
ExpectedRoles:convertRoles(map[rbac.RoleIdentifier]bool{
113+
rbac.RoleIdentifier{Name:codersdk.RoleOwner}:true,
114+
rbac.RoleIdentifier{Name:codersdk.RoleAuditor}:true,
115+
rbac.RoleIdentifier{Name:codersdk.RoleTemplateAdmin}:true,
116+
rbac.RoleIdentifier{Name:codersdk.RoleUserAdmin}:true,
117117
}),
118118
},
119119
{
120120
Name:"AdminListOrg",
121121
APICall:func(ctx context.Context) ([]codersdk.AssignableRoles,error) {
122122
returnclient.ListOrganizationRoles(ctx,owner.OrganizationID)
123123
},
124-
ExpectedRoles:convertRoles(map[string]bool{
125-
rbac.ScopedRoleOrgAdmin(owner.OrganizationID):true,
124+
ExpectedRoles:convertRoles(map[rbac.RoleIdentifier]bool{
125+
rbac.RoleIdentifier{Name:codersdk.RoleOrganizationAdmin,OrganizationID:owner.OrganizationID}:true,
126126
}),
127127
},
128128
}
@@ -200,12 +200,12 @@ func TestListCustomRoles(t *testing.T) {
200200
})
201201
}
202202

203-
funcconvertRole(roleNamestring) codersdk.Role {
203+
funcconvertRole(roleNamerbac.RoleIdentifier) codersdk.Role {
204204
role,_:=rbac.RoleByName(roleName)
205205
returndb2sdk.RBACRole(role)
206206
}
207207

208-
funcconvertRoles(assignableRolesmap[string]bool) []codersdk.AssignableRoles {
208+
funcconvertRoles(assignableRolesmap[rbac.RoleIdentifier]bool) []codersdk.AssignableRoles {
209209
converted:=make([]codersdk.AssignableRoles,0,len(assignableRoles))
210210
forroleName,assignable:=rangeassignableRoles {
211211
role:=convertRole(roleName)

‎coderd/searchquery/search_test.go‎

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@ import (
1111
"github.com/stretchr/testify/require"
1212

1313
"github.com/coder/coder/v2/coderd/database"
14-
"github.com/coder/coder/v2/coderd/rbac"
1514
"github.com/coder/coder/v2/coderd/searchquery"
1615
"github.com/coder/coder/v2/codersdk"
1716
)
@@ -381,7 +380,7 @@ func TestSearchUsers(t *testing.T) {
381380
Expected: database.GetUsersParams{
382381
Search:"user-name",
383382
Status: []database.UserStatus{database.UserStatusActive},
384-
RbacRole: []string{rbac.RoleOwner()},
383+
RbacRole: []string{codersdk.RoleOwner},
385384
},
386385
},
387386
{
@@ -390,7 +389,7 @@ func TestSearchUsers(t *testing.T) {
390389
Expected: database.GetUsersParams{
391390
Search:"user name",
392391
Status: []database.UserStatus{database.UserStatusSuspended},
393-
RbacRole: []string{rbac.RoleMember()},
392+
RbacRole: []string{codersdk.RoleMember},
394393
},
395394
},
396395
{
@@ -399,7 +398,7 @@ func TestSearchUsers(t *testing.T) {
399398
Expected: database.GetUsersParams{
400399
Search:"user-name",
401400
Status: []database.UserStatus{database.UserStatusActive},
402-
RbacRole: []string{rbac.RoleOwner()},
401+
RbacRole: []string{codersdk.RoleOwner},
403402
},
404403
},
405404
{

‎coderd/workspacebuilds_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -224,7 +224,7 @@ func TestWorkspaceBuilds(t *testing.T) {
224224
t.Parallel()
225225
client:=coderdtest.New(t,&coderdtest.Options{IncludeProvisionerDaemon:true})
226226
first:=coderdtest.CreateFirstUser(t,client)
227-
second,secondUser:=coderdtest.CreateAnotherUser(t,client,first.OrganizationID,"owner")
227+
second,secondUser:=coderdtest.CreateAnotherUser(t,client,first.OrganizationID,rbac.RoleOwner())
228228

229229
ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)
230230
defercancel()

‎coderd/workspaces_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -484,7 +484,7 @@ func TestWorkspacesSortOrder(t *testing.T) {
484484

485485
client,db:=coderdtest.NewWithDatabase(t,nil)
486486
firstUser:=coderdtest.CreateFirstUser(t,client)
487-
secondUserClient,secondUser:=coderdtest.CreateAnotherUserMutators(t,client,firstUser.OrganizationID, []string{"owner"},func(r*codersdk.CreateUserRequest) {
487+
secondUserClient,secondUser:=coderdtest.CreateAnotherUserMutators(t,client,firstUser.OrganizationID, []rbac.RoleIdentifier{rbac.RoleOwner()},func(r*codersdk.CreateUserRequest) {
488488
r.Username="zzz"
489489
})
490490

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp