NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commita79bb89

committed

chore: include custom roles in list org roles

1 parentfa9edc1 commita79bb89Copy full SHA for a79bb89

File tree

14 files changed

+123

-34

lines changed

coderd
- apidoc
  - docs.go
  - swagger.json
- database
  - db2sdk
    - db2sdk.go
  - models.go
  - querier.go
  - queries
    - roles.sql
  - queries.sql.go
- rbac
  - roles.go
  - rolestore
    - rolestore.go
- roles.go
codersdk
- roles.go
docs/api
- members.md
- schemas.md
site/src/api
- typesGenerated.ts

14 files changed

+123

-34

lines changed

`‎coderd/apidoc/docs.go`

Lines changed: 8 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json`

Lines changed: 8 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/db2sdk/db2sdk.go`

Lines changed: 8 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -527,12 +527,17 @@ func ProvisionerDaemon(dbDaemon database.ProvisionerDaemon) codersdk.Provisioner`
`527`	`527`	`}`
`528`	`528`
`529`	`529`	`funcRole(role rbac.Role) codersdk.Role {`
	`530`	`+roleName,orgIDStr,err:=rbac.RoleSplit(role.Name)`
	`531`	`+iferr!=nil {`
	`532`	`+roleName=role.Name`
	`533`	`+}`
`530`	`534`	`return codersdk.Role{`
`531`		`-Name:role.Name,`
	`535`	`+Name:roleName,`
	`536`	`+OrganizationID:orgIDStr,`
`532`	`537`	`DisplayName:role.DisplayName,`
`533`	`538`	`SitePermissions:List(role.Site,Permission),`
`534`	`539`	`OrganizationPermissions:Map(role.Org,ListLazy(Permission)),`
`535`		`-UserPermissions:List(role.Site,Permission),`
	`540`	`+UserPermissions:List(role.User,Permission),`
`536`	`541`	`}`
`537`	`542`	`}`
`538`	`543`
`@@ -546,7 +551,7 @@ func Permission(permission rbac.Permission) codersdk.Permission {`
`546`	`551`
`547`	`552`	`funcRoleToRBAC(role codersdk.Role) rbac.Role {`
`548`	`553`	`return rbac.Role{`
`549`		`-Name:role.Name,`
	`554`	`+Name:rbac.RoleName(role.Name,role.OrganizationID),`
`550`	`555`	`DisplayName:role.DisplayName,`
`551`	`556`	`Site:List(role.SitePermissions,PermissionToRBAC),`
`552`	`557`	`Org:Map(role.OrganizationPermissions,ListLazy(PermissionToRBAC)),`

`‎coderd/database/models.go`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier.go`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 17 additions & 7 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/roles.sql`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,13 +16,19 @@ WHERE`
`16`	`16`	`organization_id ISnull`
`17`	`17`	`ELSE true`
`18`	`18`	`END`
	`19`	`+-- Org scoping filter, to only fetch site wide roles`
	`20`	`+AND CASE WHEN @organization_id :: uuid!='00000000-0000-0000-0000-000000000000'::uuid THEN`
	`21`	`+ organization_id= @organization_id`
	`22`	`+ ELSE true`
	`23`	`+ END`
`19`	`24`	`;`
`20`	`25`
`21`	`26`	`-- name: UpsertCustomRole :one`
`22`	`27`	`INSERT INTO`
`23`	`28`	`custom_roles (`
`24`	`29`	`name,`
`25`	`30`	`display_name,`
	`31`	`+ organization_id,`
`26`	`32`	`site_permissions,`
`27`	`33`	`org_permissions,`
`28`	`34`	`user_permissions,`
`@@ -33,6 +39,7 @@ VALUES (`
`33`	`39`	`-- Always force lowercase names`
`34`	`40`	`lower(@name),`
`35`	`41`	`@display_name,`
	`42`	`+ @organization_id,`
`36`	`43`	`@site_permissions,`
`37`	`44`	`@org_permissions,`
`38`	`45`	`@user_permissions,`

`‎coderd/rbac/roles.go`

Lines changed: 18 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -53,29 +53,29 @@ func (names RoleNames) Names() []string {`
`53`	`53`	`// site and orgs, and these functions can be removed.`
`54`	`54`
`55`	`55`	`funcRoleOwner()string {`
`56`		`-returnroleName(owner,"")`
	`56`	`+returnRoleName(owner,"")`
`57`	`57`	`}`
`58`	`58`
`59`		`-funcCustomSiteRole()string {returnroleName(customSiteRole,"") }`
	`59`	`+funcCustomSiteRole()string {returnRoleName(customSiteRole,"") }`
`60`	`60`
`61`	`61`	`funcRoleTemplateAdmin()string {`
`62`		`-returnroleName(templateAdmin,"")`
	`62`	`+returnRoleName(templateAdmin,"")`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`funcRoleUserAdmin()string {`
`66`		`-returnroleName(userAdmin,"")`
	`66`	`+returnRoleName(userAdmin,"")`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`funcRoleMember()string {`
`70`		`-returnroleName(member,"")`
	`70`	`+returnRoleName(member,"")`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`funcRoleOrgAdmin(organizationID uuid.UUID)string {`
`74`		`-returnroleName(orgAdmin,organizationID.String())`
	`74`	`+returnRoleName(orgAdmin,organizationID.String())`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`funcRoleOrgMember(organizationID uuid.UUID)string {`
`78`		`-returnroleName(orgMember,organizationID.String())`
	`78`	`+returnRoleName(orgMember,organizationID.String())`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`funcallPermsExcept(excepts...Objecter) []Permission {`
`@@ -273,7 +273,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`273`	`273`	`// organization scope.`
`274`	`274`	`orgAdmin:func(organizationIDstring)Role {`
`275`	`275`	`returnRole{`
`276`		`-Name:roleName(orgAdmin,organizationID),`
	`276`	`+Name:RoleName(orgAdmin,organizationID),`
`277`	`277`	`DisplayName:"Organization Admin",`
`278`	`278`	`Site: []Permission{},`
`279`	`279`	`Org:map[string][]Permission{`
`@@ -291,7 +291,7 @@ func ReloadBuiltinRoles(opts *RoleOptions) {`
`291`	`291`	`// in an organization.`
`292`	`292`	`orgMember:func(organizationIDstring)Role {`
`293`	`293`	`returnRole{`
`294`		`-Name:roleName(orgMember,organizationID),`
	`294`	`+Name:RoleName(orgMember,organizationID),`
`295`	`295`	`DisplayName:"",`
`296`	`296`	`Site: []Permission{},`
`297`	`297`	`Org:map[string][]Permission{`
`@@ -475,13 +475,13 @@ func CanAssignRole(expandable ExpandableRoles, assignedRole string) bool {`
`475`	`475`	`// For CanAssignRole, we only care about the names of the roles.`
`476`	`476`	`roles:=expandable.Names()`
`477`	`477`
`478`		`-assigned,assignedOrg,err:=roleSplit(assignedRole)`
	`478`	`+assigned,assignedOrg,err:=RoleSplit(assignedRole)`
`479`	`479`	`iferr!=nil {`
`480`	`480`	`returnfalse`
`481`	`481`	`}`
`482`	`482`
`483`	`483`	`for_,longRole:=rangeroles {`
`484`		`-role,orgID,err:=roleSplit(longRole)`
	`484`	`+role,orgID,err:=RoleSplit(longRole)`
`485`	`485`	`iferr!=nil {`
`486`	`486`	`continue`
`487`	`487`	`}`
`@@ -510,7 +510,7 @@ func CanAssignRole(expandable ExpandableRoles, assignedRole string) bool {`
`510`	`510`	`// api. We should maybe make an exported function that returns just the`
`511`	`511`	`// human-readable content of the Role struct (name + display name).`
`512`	`512`	`funcRoleByName(namestring) (Role,error) {`
`513`		`-roleName,orgID,err:=roleSplit(name)`
	`513`	`+roleName,orgID,err:=RoleSplit(name)`
`514`	`514`	`iferr!=nil {`
`515`	`515`	`returnRole{},xerrors.Errorf("parse role name: %w",err)`
`516`	`516`	`}`
`@@ -544,7 +544,7 @@ func rolesByNames(roleNames []string) ([]Role, error) {`
`544`	`544`	`}`
`545`	`545`
`546`	`546`	`funcIsOrgRole(roleNamestring) (string,bool) {`
`547`		`-_,orgID,err:=roleSplit(roleName)`
	`547`	`+_,orgID,err:=RoleSplit(roleName)`
`548`	`548`	`iferr==nil&&orgID!="" {`
`549`	`549`	`returnorgID,true`
`550`	`550`	`}`
`@@ -561,7 +561,7 @@ func OrganizationRoles(organizationID uuid.UUID) []Role {`
`561`	`561`	`varroles []Role`
`562`	`562`	`for_,roleF:=rangebuiltInRoles {`
`563`	`563`	`role:=roleF(organizationID.String())`
`564`		`-_,scope,err:=roleSplit(role.Name)`
	`564`	`+_,scope,err:=RoleSplit(role.Name)`
`565`	`565`	`iferr!=nil {`
`566`	`566`	`// This should never happen`
`567`	`567`	`continue`
`@@ -582,7 +582,7 @@ func SiteRoles() []Role {`
`582`	`582`	`varroles []Role`
`583`	`583`	`for_,roleF:=rangebuiltInRoles {`
`584`	`584`	`role:=roleF("random")`
`585`		`-_,scope,err:=roleSplit(role.Name)`
	`585`	`+_,scope,err:=RoleSplit(role.Name)`
`586`	`586`	`iferr!=nil {`
`587`	`587`	`// This should never happen`
`588`	`588`	`continue`
`@@ -625,19 +625,19 @@ func ChangeRoleSet(from []string, to []string) (added []string, removed []string`
`625`	`625`	`returnadded,removed`
`626`	`626`	`}`
`627`	`627`
`628`		`-//roleName is a quick helper function to return`
	`628`	`+//RoleName is a quick helper function to return`
`629`	`629`	`//`
`630`	`630`	`//role_name:scopeID`
`631`	`631`	`//`
`632`	`632`	`// If no scopeID is required, only 'role_name' is returned`
`633`		`-funcroleName(namestring,orgIDstring)string {`
	`633`	`+funcRoleName(namestring,orgIDstring)string {`
`634`	`634`	`iforgID=="" {`
`635`	`635`	`returnname`
`636`	`636`	`}`
`637`	`637`	`returnname+":"+orgID`
`638`	`638`	`}`
`639`	`639`
`640`		`-funcroleSplit(rolestring) (namestring,orgIDstring,errerror) {`
	`640`	`+funcRoleSplit(rolestring) (namestring,orgIDstring,errerror) {`
`641`	`641`	`arr:=strings.Split(role,":")`
`642`	`642`	`iflen(arr)>2 {`
`643`	`643`	`return"","",xerrors.Errorf("too many colons in role name")`

`‎coderd/rbac/rolestore/rolestore.go`

Lines changed: 23 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`	`"encoding/json"`
`6`	`6`	`"net/http"`
`7`	`7`
	`8`	`+"github.com/google/uuid"`
`8`	`9`	`"golang.org/x/xerrors"`
`9`	`10`
`10`	`11`	`"github.com/coder/coder/v2/coderd/database"`
`@@ -95,8 +96,12 @@ func Expand(ctx context.Context, db database.Store, names []string) (rbac.Roles,`
`95`	`96`	`}`
`96`	`97`
`97`	`98`	`funcConvertDBRole(dbRole database.CustomRole) (rbac.Role,error) {`
	`99`	`+name:=dbRole.Name`
	`100`	`+ifdbRole.OrganizationID.Valid {`
	`101`	`+name=rbac.RoleName(dbRole.Name,dbRole.OrganizationID.UUID.String())`
	`102`	`+}`
`98`	`103`	`role:= rbac.Role{`
`99`		`-Name:dbRole.Name,`
	`104`	`+Name:name,`
`100`	`105`	`DisplayName:dbRole.DisplayName,`
`101`	`106`	`Site:nil,`
`102`	`107`	`Org:nil,`
`@@ -122,11 +127,27 @@ func ConvertDBRole(dbRole database.CustomRole) (rbac.Role, error) {`
`122`	`127`	`}`
`123`	`128`
`124`	`129`	`funcConvertRoleToDB(role rbac.Role) (database.CustomRole,error) {`
	`130`	`+roleName,orgIDStr,err:=rbac.RoleSplit(role.Name)`
	`131`	`+iferr!=nil {`
	`132`	`+return database.CustomRole{},xerrors.Errorf("split role %q: %w",role.Name,err)`
	`133`	`+}`
	`134`	`+`
`125`	`135`	`dbRole:= database.CustomRole{`
`126`		`-Name:role.Name,`
	`136`	`+Name:roleName,`
`127`	`137`	`DisplayName:role.DisplayName,`
`128`	`138`	`}`
`129`	`139`
	`140`	`+iforgIDStr!="" {`
	`141`	`+orgID,err:=uuid.Parse(orgIDStr)`
	`142`	`+iferr!=nil {`
	`143`	`+return database.CustomRole{},xerrors.Errorf("parse org id %q: %w",orgIDStr,err)`
	`144`	`+}`
	`145`	`+dbRole.OrganizationID= uuid.NullUUID{`
	`146`	`+UUID:orgID,`
	`147`	`+Valid:true,`
	`148`	`+}`
	`149`	`+}`
	`150`	`+`
`130`	`151`	`siteData,err:=json.Marshal(role.Site)`
`131`	`152`	`iferr!=nil {`
`132`	`153`	`returndbRole,xerrors.Errorf("marshal site permissions: %w",err)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita79bb89

File tree

14 files changed

14 files changed

`‎coderd/apidoc/docs.go`

`‎coderd/apidoc/swagger.json`

`‎coderd/database/db2sdk/db2sdk.go`

`‎coderd/database/models.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

`‎coderd/database/queries/roles.sql`

`‎coderd/rbac/roles.go`

`‎coderd/rbac/rolestore/rolestore.go`

0 commit comments