},

Children: []*serpent.Command{

r.showOrganizationRoles(orgContext),

r.editOrganizationRole(orgContext),

r.updateOrganizationRole(orgContext),

r.createOrganizationRole(orgContext),

},

}

}

func (r*RootCmd)editOrganizationRole(orgContext*OrganizationContext)*serpent.Command {

func (r*RootCmd)createOrganizationRole(orgContext*OrganizationContext)*serpent.Command {

formatter:=cliui.NewOutputFormatter(

cliui.ChangeFormatterData(

cliui.TableFormat([]roleTableRow{}, []string{"name","display name","site permissions","organization permissions","user permissions"}),

client:=new(codersdk.Client)

cmd:=&serpent.Command{

Use:"edit <role_name>",

Short:"Edit an organization custom role",

Use:"create <role_name>",

Short:"Create a new organization custom role",

Long:FormatExamples(

Example{

Description:"Run with an input.json file",

Command:"coder rolesedit --stdin < role.json",

Command:"coderorganization -O <organization_name>rolescreate --stidin < role.json",

},

),

Options: []serpent.Option{

}

existingRoles,err:=client.ListOrganizationRoles(ctx,org.ID)

iferr!=nil {

returnxerrors.Errorf("listing existing roles: %w",err)

}

varcustomRole codersdk.Role

ifjsonInput {

bytes,err:=io.ReadAll(inv.Stdin)

iferr!=nil {

returnxerrors.Errorf("reading stdin: %w",err)

returnxerrors.Errorf("json input does not appear to be a valid role")

}

existingRoles,err:=client.ListOrganizationRoles(ctx,org.ID)

ifrole:=existingRole(customRole.Name,existingRoles);role!=nil {

returnxerrors.Errorf("The role %s already exists. If you'd like to edit this role use the update command instead",customRole.Name)

}

}else {

iflen(inv.Args)==0 {

returnxerrors.Errorf("missing role name argument, usage:\"coder organizations roles create <role_name>\"")

}

ifrole:=existingRole(inv.Args[0],existingRoles);role!=nil {

returnxerrors.Errorf("The role %s already exists. If you'd like to edit this role use the update command instead",inv.Args[0])

}

interactiveRole,err:=interactiveOrgRoleEdit(inv,org.ID,nil)

iferr!=nil {

returnxerrors.Errorf("editing role: %w",err)

}

}

varupdated codersdk.Role

ifdryRun {

}else {

updated,err=client.CreateOrganizationRole(ctx,customRole)

iferr!=nil {

returnxerrors.Errorf("patch role: %w",err)

}

}

output,err:=formatter.Format(ctx,updated)

iferr!=nil {

returnxerrors.Errorf("formatting: %w",err)

}

_,err=fmt.Fprintln(inv.Stdout,output)

},

}

}

func (r*RootCmd)updateOrganizationRole(orgContext*OrganizationContext)*serpent.Command {

formatter:=cliui.NewOutputFormatter(

cliui.ChangeFormatterData(

cliui.TableFormat([]roleTableRow{}, []string{"name","display name","site permissions","organization permissions","user permissions"}),

func(dataany) (any,error) {

typed,_:=data.(codersdk.Role)

return []roleTableRow{roleToTableView(typed)},nil

},

),

cliui.JSONFormat(),

)

var (

)

client:=new(codersdk.Client)

cmd:=&serpent.Command{

Use:"update <role_name>",

Short:"Update an organization custom role",

Long:FormatExamples(

Example{

Description:"Run with an input.json file",

Command:"coder roles update --stdin < role.json",

},

),

Options: []serpent.Option{

cliui.SkipPromptOption(),

{

Name:"dry-run",

Description:"Does all the work, but does not submit the final updated role.",

Flag:"dry-run",

Value:serpent.BoolOf(&dryRun),

},

{

Name:"stdin",

Description:"Reads stdin for the json role definition to upload.",

Flag:"stdin",

Value:serpent.BoolOf(&jsonInput),

},

},

Middleware:serpent.Chain(

serpent.RequireRangeArgs(0,1),

r.InitClient(client),

),

Handler:func(inv*serpent.Invocation)error {

ctx:=inv.Context()

org,err:=orgContext.Selected(inv,client)

iferr!=nil {

}

existingRoles,err:=client.ListOrganizationRoles(ctx,org.ID)

iferr!=nil {

returnxerrors.Errorf("listing existing roles: %w",err)

}

varcustomRole codersdk.Role

ifjsonInput {

bytes,err:=io.ReadAll(inv.Stdin)

iferr!=nil {

returnxerrors.Errorf("reading stdin: %w",err)

}

err=json.Unmarshal(bytes,&customRole)

iferr!=nil {

returnxerrors.Errorf("listing existing roles: %w",err)

returnxerrors.Errorf("parsing stdin json: %w",err)

}

for_,existingRole:=rangeexistingRoles {

ifstrings.EqualFold(customRole.Name,existingRole.Name) {

ifcustomRole.Name=="" {

arr:=make([]json.RawMessage,0)

err=json.Unmarshal(bytes,&arr)

iferr==nil&&len(arr)>0 {

returnxerrors.Errorf("only 1 role can be sent at a time")

}

returnxerrors.Errorf("json input does not appear to be a valid role")

}

ifrole:=existingRole(customRole.Name,existingRoles);role==nil {

returnxerrors.Errorf("The role %s does not exist. If you'd like to create this role use the create command instead",customRole.Name)

}

}else {

iflen(inv.Args)==0 {

returnxerrors.Errorf("missing role name argument, usage:\"coder organizations roles edit <role_name>\"")

}

interactiveRole,newRole,err:=interactiveOrgRoleEdit(inv,org.ID,client)

role:=existingRole(inv.Args[0],existingRoles)

ifrole==nil {

returnxerrors.Errorf("The role %s does not exist. If you'd like to create this role use the create command instead",inv.Args[0])

}

interactiveRole,err:=interactiveOrgRoleEdit(inv,org.ID,&role.Role)

iferr!=nil {

returnxerrors.Errorf("editing role: %w",err)

}

preview:=fmt.Sprintf("permissions: %d site, %d org, %d user",

len(customRole.SitePermissions),len(customRole.OrganizationPermissions),len(customRole.UserPermissions))

}else {

switchcreateNewRole {

casetrue:

updated,err=client.CreateOrganizationRole(ctx,customRole)

default:

updated,err=client.UpdateOrganizationRole(ctx,customRole)

}

updated,err=client.UpdateOrganizationRole(ctx,customRole)

iferr!=nil {

returnxerrors.Errorf("patch role: %w",err)

}

}

funcinteractiveOrgRoleEdit(inv*serpent.Invocation,orgID uuid.UUID,client*codersdk.Client) (*codersdk.Role,bool,error) {

ctx:=inv.Context()

roles,err:=client.ListOrganizationRoles(ctx,orgID)

iferr!=nil {

returnnil,newRole,xerrors.Errorf("listing roles: %w",err)

}

varoriginalRole codersdk.AssignableRoles

for_,r:=rangeroles {

ifstrings.EqualFold(inv.Args[0],r.Name) {

}

}

iforiginalRole.Name=="" {

_,err=cliui.Prompt(inv, cliui.PromptOptions{

Text:"No organization role exists with that name, do you want to create one?",

Default:"yes",

IsConfirm:true,

})

iferr!=nil {

returnnil,newRole,xerrors.Errorf("abort: %w",err)

}

originalRole.Role= codersdk.Role{

funcinteractiveOrgRoleEdit(inv*serpent.Invocation,orgID uuid.UUID,updateRole*codersdk.Role) (*codersdk.Role,error) {

varoriginalRole codersdk.Role

ifupdateRole==nil {

originalRole= codersdk.Role{

Name:inv.Args[0],

OrganizationID:orgID.String(),

}

}else {

}

iflen(originalRole.SitePermissions)>0 {

returnnil,newRole,xerrors.Errorf("unable to edit role in interactive mode, it contains site wide permissions")

returnnil,xerrors.Errorf("unable to edit role in interactive mode, it contains site wide permissions")

}

iflen(originalRole.UserPermissions)>0 {

returnnil,newRole,xerrors.Errorf("unable to edit role in interactive mode, it contains user permissions")

returnnil,xerrors.Errorf("unable to edit role in interactive mode, it contains user permissions")

}

allowedResources:= []codersdk.RBACResource{

codersdk.ResourceTemplate,

codersdk.ResourceWorkspace,

Options:append(permissionPreviews(role,allowedResources),done,abort),

})

iferr!=nil {

returnrole,newRole,xerrors.Errorf("selecting resource: %w",err)

returnrole,xerrors.Errorf("selecting resource: %w",err)

}

switchselected {

casedone:

break customRoleLoop

caseabort:

returnrole,newRole,xerrors.Errorf("edit role %q aborted",role.Name)

returnrole,xerrors.Errorf("edit role %q aborted",role.Name)

default:

strs:=strings.Split(selected,"::")

resource:=strings.TrimSpace(strs[0])

Defaults:defaultActions(role,resource),

})

iferr!=nil {

returnrole,newRole,xerrors.Errorf("selecting actions for resource %q: %w",resource,err)

returnrole,xerrors.Errorf("selecting actions for resource %q: %w",resource,err)

}

applyOrgResourceActions(role,resource,actions)

_,_=fmt.Println()

returnrole,newRole,nil

returnrole,nil

}

funcapplyOrgResourceActions(role*codersdk.Role,resourcestring,actions []string) {

}

}

funcexistingRole(newRoleNamestring,existingRoles []codersdk.AssignableRoles)*codersdk.AssignableRoles {

for_,existingRole:=rangeexistingRoles {

ifstrings.EqualFold(newRoleName,existingRole.Name) {

}

}

}

typeroleTableRowstruct {

Aliases: role

SUBCOMMANDS:

edit Edit an organization custom role

show Show role(s)

create Create a new organization custom role

show Show role(s)

update Update an organization custom role

———

Run `coder --help` for a list of global options.

coder v0.0.0-devel

USAGE:

coder organizations roles create [flags] <role_name>

Create a new organization custom role

- Run with an input.json file:

$ coder organization -O <organization_name> roles create --stidin <

role.json

OPTIONS:

--dry-run bool

Does all the work, but does not submit the final updated role.

--stdin bool

Reads stdin for the json role definition to upload.

-y, --yes bool

Bypass prompts.

———

Run `coder --help` for a list of global options.

coder v0.0.0-devel

USAGE:

coder organizations rolesedit [flags] <role_name>

coder organizations rolesupdate [flags] <role_name>

Edit an organization custom role

Update an organization custom role

- Run with an input.json file:

$ coder rolesedit --stdin < role.json

$ coder rolesupdate --stdin < role.json

OPTIONS:

-c, --column [name|display name|organization id|site permissions|organization permissions|user permissions] (default: name,display name,site permissions,organization permissions,user permissions)