NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit9e199d3

authored

add test for template rbac admin pushing template version (#4438)

1 parent21af86e commit9e199d3Copy full SHA for 9e199d3

File tree

4 files changed

+96

-11

lines changed

coderd
enterprise/coderd
- templates_test.go

4 files changed

+96

-11

lines changed

`‎coderd/templates.go`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -306,6 +306,13 @@ func (api API) postTemplateByOrganization(rw http.ResponseWriter, r http.Reque`
`306`	`306`	`returnxerrors.Errorf("update template group acl: %w",err)`
`307`	`307`	`}`
`308`	`308`
	`309`	`+tpl,err:=tx.GetTemplateByID(ctx,dbTemplate.ID)`
	`310`	`+iferr!=nil {`
	`311`	`+panic(err)`
	`312`	`+}`
	`313`	`+`
	`314`	`+fmt.Printf("GROUP ACL: %+v\n",tpl.GroupACL())`
	`315`	`+`
`309`	`316`	`createdByNameMap,err:=getCreatedByNamesByTemplateIDs(ctx,tx, []database.Template{dbTemplate})`
`310`	`317`	`iferr!=nil {`
`311`	`318`	`returnxerrors.Errorf("get creator name: %w",err)`

`‎coderd/templateversions.go`

Lines changed: 20 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -686,14 +686,10 @@ func (api API) postTemplateVersionsByOrganization(rw http.ResponseWriter, r ht`
`686`	`686`	`return`
`687`	`687`	`}`
`688`	`688`
`689`		`-// Making a new template version is the same permission as creating a new template.`
`690`		`-if!api.Authorize(r,rbac.ActionCreate,rbac.ResourceTemplate.InOrg(organization.ID)) {`
`691`		`-httpapi.ResourceNotFound(rw)`
`692`		`-return`
`693`		`-}`
`694`		`-`
	`689`	`+vartemplate database.Template`
`695`	`690`	`ifreq.TemplateID!=uuid.Nil {`
`696`		`-_,err:=api.Database.GetTemplateByID(ctx,req.TemplateID)`
	`691`	`+varerrerror`
	`692`	`+template,err=api.Database.GetTemplateByID(ctx,req.TemplateID)`
`697`	`693`	`iferrors.Is(err,sql.ErrNoRows) {`
`698`	`694`	`httpapi.Write(ctx,rw,http.StatusNotFound, codersdk.Response{`
`699`	`695`	`Message:"Template does not exist.",`
`@@ -709,6 +705,17 @@ func (api API) postTemplateVersionsByOrganization(rw http.ResponseWriter, r ht`
`709`	`705`	`}`
`710`	`706`	`}`
`711`	`707`
	`708`	`+iftemplate.ID!=uuid.Nil {`
	`709`	`+if!api.Authorize(r,rbac.ActionCreate,template) {`
	`710`	`+httpapi.ResourceNotFound(rw)`
	`711`	`+return`
	`712`	`+}`
	`713`	`+}elseif!api.Authorize(r,rbac.ActionCreate,rbac.ResourceTemplate.InOrg(organization.ID)) {`
	`714`	`+// Making a new template version is the same permission as creating a new template.`
	`715`	`+httpapi.ResourceNotFound(rw)`
	`716`	`+return`
	`717`	`+}`
	`718`	`+`
`712`	`719`	`file,err:=api.Database.GetFileByHash(ctx,req.StorageSource)`
`713`	`720`	`iferrors.Is(err,sql.ErrNoRows) {`
`714`	`721`	`httpapi.Write(ctx,rw,http.StatusNotFound, codersdk.Response{`
`@@ -724,10 +731,12 @@ func (api API) postTemplateVersionsByOrganization(rw http.ResponseWriter, r ht`
`724`	`731`	`return`
`725`	`732`	`}`
`726`	`733`
`727`		`-if!api.Authorize(r,rbac.ActionRead,file) {`
`728`		`-httpapi.ResourceNotFound(rw)`
`729`		`-return`
`730`		`-}`
	`734`	`+// TODO(JonA): Readd this check once we update the unique constraint`
	`735`	`+// on files to be owner + hash.`
	`736`	`+// if !api.Authorize(r, rbac.ActionRead, file) {`
	`737`	`+// httpapi.ResourceNotFound(rw)`
	`738`	`+// return`
	`739`	`+// }`
`731`	`740`
`732`	`741`	`vartemplateVersion database.TemplateVersion`
`733`	`742`	`varprovisionerJob database.ProvisionerJob`

`‎coderd/templateversions_test.go`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,22 @@ func TestTemplateVersion(t *testing.T) {`
`34`	`34`	`_,err:=client.TemplateVersion(ctx,version.ID)`
`35`	`35`	`require.NoError(t,err)`
`36`	`36`	`})`
	`37`	`+`
	`38`	`+t.Run("MemberCanRead",func(t*testing.T) {`
	`39`	`+t.Parallel()`
	`40`	`+`
	`41`	`+client:=coderdtest.New(t,nil)`
	`42`	`+user:=coderdtest.CreateFirstUser(t,client)`
	`43`	`+version:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
	`44`	`+_=coderdtest.CreateTemplate(t,client,user.OrganizationID,version.ID)`
	`45`	`+`
	`46`	`+ctx,_:=testutil.Context(t)`
	`47`	`+`
	`48`	`+client1,_:=coderdtest.CreateAnotherUserWithUser(t,client,user.OrganizationID)`
	`49`	`+`
	`50`	`+_,err:=client1.TemplateVersion(ctx,version.ID)`
	`51`	`+require.NoError(t,err)`
	`52`	`+})`
`37`	`53`	`}`
`38`	`54`
`39`	`55`	`funcTestPostTemplateVersionsByOrganization(t*testing.T) {`

`‎enterprise/coderd/templates_test.go`

Lines changed: 53 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ import (`
`11`	`11`	`"github.com/coder/coder/coderd/coderdtest"`
`12`	`12`	`"github.com/coder/coder/codersdk"`
`13`	`13`	`"github.com/coder/coder/enterprise/coderd/coderdenttest"`
	`14`	`+"github.com/coder/coder/provisioner/echo"`
`14`	`15`	`"github.com/coder/coder/testutil"`
`15`	`16`	`)`
`16`	`17`
`@@ -255,6 +256,58 @@ func TestTemplateACL(t *testing.T) {`
`255`	`256`	`Role:codersdk.TemplateRoleView,`
`256`	`257`	`})`
`257`	`258`	`})`
	`259`	`+`
	`260`	`+t.Run("AdminCanPushVersions",func(t*testing.T) {`
	`261`	`+t.Parallel()`
	`262`	`+client:=coderdenttest.New(t,nil)`
	`263`	`+user:=coderdtest.CreateFirstUser(t,client)`
	`264`	`+_=coderdenttest.AddLicense(t,client, coderdenttest.LicenseOptions{`
	`265`	`+RBACEnabled:true,`
	`266`	`+})`
	`267`	`+`
	`268`	`+client1,user1:=coderdtest.CreateAnotherUserWithUser(t,client,user.OrganizationID)`
	`269`	`+version:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
	`270`	`+template:=coderdtest.CreateTemplate(t,client,user.OrganizationID,version.ID)`
	`271`	`+`
	`272`	`+ctx,_:=testutil.Context(t)`
	`273`	`+`
	`274`	`+err:=client.UpdateTemplateACL(ctx,template.ID, codersdk.UpdateTemplateACL{`
	`275`	`+UserPerms:map[string]codersdk.TemplateRole{`
	`276`	`+user1.ID.String():codersdk.TemplateRoleView,`
	`277`	`+},`
	`278`	`+})`
	`279`	`+require.NoError(t,err)`
	`280`	`+`
	`281`	`+data,err:=echo.Tar(nil)`
	`282`	`+require.NoError(t,err)`
	`283`	`+file,err:=client1.Upload(context.Background(),codersdk.ContentTypeTar,data)`
	`284`	`+require.NoError(t,err)`
	`285`	`+`
	`286`	`+_,err=client1.CreateTemplateVersion(ctx,user.OrganizationID, codersdk.CreateTemplateVersionRequest{`
	`287`	`+Name:"testme",`
	`288`	`+TemplateID:template.ID,`
	`289`	`+StorageSource:file.Hash,`
	`290`	`+StorageMethod:codersdk.ProvisionerStorageMethodFile,`
	`291`	`+Provisioner:codersdk.ProvisionerTypeEcho,`
	`292`	`+})`
	`293`	`+require.Error(t,err)`
	`294`	`+`
	`295`	`+err=client.UpdateTemplateACL(ctx,template.ID, codersdk.UpdateTemplateACL{`
	`296`	`+UserPerms:map[string]codersdk.TemplateRole{`
	`297`	`+user1.ID.String():codersdk.TemplateRoleAdmin,`
	`298`	`+},`
	`299`	`+})`
	`300`	`+require.NoError(t,err)`
	`301`	`+`
	`302`	`+_,err=client1.CreateTemplateVersion(ctx,user.OrganizationID, codersdk.CreateTemplateVersionRequest{`
	`303`	`+Name:"testme",`
	`304`	`+TemplateID:template.ID,`
	`305`	`+StorageSource:file.Hash,`
	`306`	`+StorageMethod:codersdk.ProvisionerStorageMethodFile,`
	`307`	`+Provisioner:codersdk.ProvisionerTypeEcho,`
	`308`	`+})`
	`309`	`+require.NoError(t,err)`
	`310`	`+})`
`258`	`311`	`}`
`259`	`312`
`260`	`313`	`funcTestUpdateTemplateACL(t*testing.T) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9e199d3

File tree

4 files changed

4 files changed

`‎coderd/templates.go`

`‎coderd/templateversions.go`

`‎coderd/templateversions_test.go`

`‎enterprise/coderd/templates_test.go`

0 commit comments