NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitaf5ddb1

committed

WIP: org-scope for frobulators

Signed-off-by: Danny Kopping <danny@coder.com>

1 parent9e749bc commitaf5ddb1Copy full SHA for af5ddb1

File tree

22 files changed

+469

-256

lines changed

coderd
- coderd.go
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbgen
    - dbgen.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - dump.sql
  - foreign_key_constraint.go
  - migrations
    - 000245_frobulations.up.sql
  - modelmethods.go
  - models.go
  - querier.go
  - queries
    - frobulators.sql
  - queries.sql.go
- frobulators.go
- frobulators_test.go
- rbac
  - object_gen.go
  - policy
    - policy.go
codersdk
- frobulators.go
site/src/api
- rbacresourcesGenerated.ts
- typesGenerated.ts

22 files changed

+469

-256

lines changed

`‎coderd/coderd.go`

Lines changed: 11 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -909,6 +909,17 @@ func New(options Options) API {`
`909`	`909`	`})`
`910`	`910`	`})`
`911`	`911`	`})`
	`912`	`+r.Route("/frobulators",func(r chi.Router) {`
	`913`	`+r.Use(apiKeyMiddleware)`
	`914`	`+r.Route("/{user}",func(r chi.Router) {`
	`915`	`+r.Use(`
	`916`	`+httpmw.ExtractUserParam(options.Database),`
	`917`	`+)`
	`918`	`+r.Get("/",api.listFrobulators)`
	`919`	`+r.Post("/",api.createFrobulator)`
	`920`	`+r.Delete("/{id}",api.deleteFrobulator)`
	`921`	`+})`
	`922`	`+})`
`912`	`923`	`})`
`913`	`924`	`})`
`914`	`925`	`r.Route("/templates",func(r chi.Router) {`
`@@ -1257,17 +1268,6 @@ func New(options Options) API {`
`1257`	`1268`	`})`
`1258`	`1269`	`r.Get("/dispatch-methods",api.notificationDispatchMethods)`
`1259`	`1270`	`})`
`1260`		`-r.Route("/frobulators",func(r chi.Router) {`
`1261`		`-r.Use(apiKeyMiddleware)`
`1262`		`-r.Get("/",api.listAllFrobulators)`
`1263`		`-r.Route("/{user}",func(r chi.Router) {`
`1264`		`-r.Use(`
`1265`		`-httpmw.ExtractUserParam(options.Database),`
`1266`		`-)`
`1267`		`-r.Get("/",api.listUserFrobulators)`
`1268`		`-r.Post("/",api.createFrobulator)`
`1269`		`-})`
`1270`		`-})`
`1271`	`1271`	`})`
`1272`	`1272`
`1273`	`1273`	`ifoptions.SwaggerEndpoint {`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 17 additions & 23 deletions

Original file line number	Diff line number	Diff line change
`@@ -1059,6 +1059,13 @@ func (q *querier) DeleteExternalAuthLink(ctx context.Context, arg database.Delet`
`1059`	`1059`	`},q.db.DeleteExternalAuthLink)(ctx,arg)`
`1060`	`1060`	`}`
`1061`	`1061`
	`1062`	`+func (q*querier)DeleteFrobulator(ctx context.Context,args database.DeleteFrobulatorParams)error {`
	`1063`	`+iferr:=q.authorizeContext(ctx,policy.ActionDelete,rbac.ResourceFrobulator.WithID(args.ID).WithOwner(args.UserID.String()).InOrg(args.OrgID));err!=nil {`
	`1064`	`+returnerr`
	`1065`	`+}`
	`1066`	`+returnq.db.DeleteFrobulator(ctx,args)`
	`1067`	`+}`
	`1068`	`+`
`1062`	`1069`	`func (q*querier)DeleteGitSSHKey(ctx context.Context,userID uuid.UUID)error {`
`1063`	`1070`	`returnfetchAndExec(q.log,q.auth,policy.ActionUpdatePersonal,q.db.GetGitSSHKey,q.db.DeleteGitSSHKey)(ctx,userID)`
`1064`	`1071`	`}`
`@@ -1298,13 +1305,6 @@ func (q *querier) GetActiveWorkspaceBuildsByTemplateID(ctx context.Context, temp`
`1298`	`1305`	`returnq.db.GetActiveWorkspaceBuildsByTemplateID(ctx,templateID)`
`1299`	`1306`	`}`
`1300`	`1307`
`1301`		`-func (q*querier)GetAllFrobulators(ctx context.Context) ([]database.Frobulator,error) {`
`1302`		`-iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceFrobulator);err!=nil {`
`1303`		`-returnnil,err`
`1304`		`-}`
`1305`		`-returnq.db.GetAllFrobulators(ctx)`
`1306`		`-}`
`1307`		`-`
`1308`	`1308`	`func (q*querier)GetAllTailnetAgents(ctx context.Context) ([]database.TailnetAgent,error) {`
`1309`	`1309`	`iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceTailnetCoordinator);err!=nil {`
`1310`	`1310`	`return []database.TailnetAgent{},err`
`@@ -1464,6 +1464,13 @@ func (q *querier) GetFileTemplates(ctx context.Context, fileID uuid.UUID) ([]dat`
`1464`	`1464`	`returnq.db.GetFileTemplates(ctx,fileID)`
`1465`	`1465`	`}`
`1466`	`1466`
	`1467`	`+func (q*querier)GetFrobulators(ctx context.Context,arg database.GetFrobulatorsParams) ([]database.Frobulator,error) {`
	`1468`	`+iferr:=q.authorizeContext(ctx,policy.ActionRead,rbac.ResourceFrobulator.WithOwner(arg.UserID.String()).InOrg(arg.OrgID));err!=nil {`
	`1469`	`+returnnil,err`
	`1470`	`+}`
	`1471`	`+returnq.db.GetFrobulators(ctx,arg)`
	`1472`	`+}`
	`1473`	`+`
`1467`	`1474`	`func (q*querier)GetGitSSHKey(ctx context.Context,userID uuid.UUID) (database.GitSSHKey,error) {`
`1468`	`1475`	`returnfetchWithAction(q.log,q.auth,policy.ActionReadPersonal,q.db.GetGitSSHKey)(ctx,userID)`
`1469`	`1476`	`}`
`@@ -2172,19 +2179,6 @@ func (q *querier) GetUserCount(ctx context.Context) (int64, error) {`
`2172`	`2179`	`returnq.db.GetUserCount(ctx)`
`2173`	`2180`	`}`
`2174`	`2181`
`2175`		`-func (q*querier)GetUserFrobulators(ctx context.Context,userID uuid.UUID) ([]database.Frobulator,error) {`
`2176`		`-returnfetchWithPostFilter(q.auth,policy.ActionRead,q.db.GetUserFrobulators)(ctx,userID)`
`2177`		`-// Alternatively: just check if you can read a Frobulator owned by your ID.`
`2178`		`-// This is technically incorrect, as if Frobulators later become org-scoped, this will no longer be correct!`
`2179`		`-// But it's much, much faster .`
`2180`		`-/*`
`2181`		`-if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceFrobulator.WithOwner(userID.String())); err != nil {`
`2182`		`-return nil, err`
`2183`		`-}`
`2184`		`-return q.db.GetUserFrobulators(ctx, userID)`
`2185`		`-*/`
`2186`		`-}`
`2187`		`-`
`2188`	`2182`	`func (q*querier)GetUserLatencyInsights(ctx context.Context,arg database.GetUserLatencyInsightsParams) ([]database.GetUserLatencyInsightsRow,error) {`
`2189`	`2183`	`// Used by insights endpoints. Need to check both for auditors and for regular users with template acl perms.`
`2190`	`2184`	`iferr:=q.authorizeContext(ctx,policy.ActionViewInsights,rbac.ResourceTemplate);err!=nil {`
`@@ -2705,9 +2699,9 @@ func (q *querier) InsertFile(ctx context.Context, arg database.InsertFileParams)`
`2705`	`2699`	`returninsert(q.log,q.auth,rbac.ResourceFile.WithOwner(arg.CreatedBy.String()),q.db.InsertFile)(ctx,arg)`
`2706`	`2700`	`}`
`2707`	`2701`
`2708`		`-func (q*querier)InsertFrobulator(ctx context.Context,arg database.InsertFrobulatorParams)error {`
`2709`		`-iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceFrobulator.WithOwner(arg.UserID.String()));err!=nil {`
`2710`		`-returnerr`
	`2702`	`+func (q*querier)InsertFrobulator(ctx context.Context,arg database.InsertFrobulatorParams)(database.Frobulator,error) {`
	`2703`	`+iferr:=q.authorizeContext(ctx,policy.ActionCreate,rbac.ResourceFrobulator.WithOwner(arg.UserID.String()).InOrg(arg.OrgID));err!=nil {`
	`2704`	`+returndatabase.Frobulator{},err`
`2711`	`2705`	`}`
`2712`	`2706`
`2713`	`2707`	`returnq.db.InsertFrobulator(ctx,arg)`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 28 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -2751,18 +2751,40 @@ func (s *MethodTestSuite) TestNotifications() {`
`2751`	`2751`	`}`
`2752`	`2752`
`2753`	`2753`	`func (s*MethodTestSuite)TestFrobulators() {`
`2754`		`-s.Run("GetAllFrobulators",s.Subtest(func(db database.Store,check*expects) {`
`2755`		`-check.Args().Asserts(rbac.ResourceFrobulator,policy.ActionRead)`
`2756`		`-}))`
`2757`		`-s.Run("GetUserFrobulators",s.Subtest(func(db database.Store,check*expects) {`
	`2754`	`+s.Run("GetFrobulators",s.Subtest(func(db database.Store,check*expects) {`
`2758`	`2755`	`user:=dbgen.User(s.T(),db, database.User{})`
`2759`		`-check.Args(user.ID).Asserts(rbac.ResourceFrobulator.WithOwner(user.ID.String()),policy.ActionRead)`
	`2756`	`+org:=dbgen.Organization(s.T(),db, database.Organization{})`
	`2757`	`+check.Args(database.GetFrobulatorsParams{`
	`2758`	`+UserID:user.ID,`
	`2759`	`+OrgID:org.ID,`
	`2760`	`+}).Asserts(`
	`2761`	`+rbac.ResourceFrobulator.`
	`2762`	`+WithOwner(user.ID.String()).`
	`2763`	`+InOrg(org.ID),`
	`2764`	`+policy.ActionRead,`
	`2765`	`+)`
`2760`	`2766`	`}))`
`2761`	`2767`	`s.Run("InsertFrobulator",s.Subtest(func(db database.Store,check*expects) {`
`2762`	`2768`	`user:=dbgen.User(s.T(),db, database.User{})`
	`2769`	`+org:=dbgen.Organization(s.T(),db, database.Organization{})`
`2763`	`2770`	`check.Args(database.InsertFrobulatorParams{`
`2764`	`2771`	`UserID:user.ID,`
`2765`		`-}).Asserts(rbac.ResourceFrobulator.WithOwner(user.ID.String()),policy.ActionCreate)`
	`2772`	`+OrgID:org.ID,`
	`2773`	`+}).Asserts(rbac.ResourceFrobulator.WithOwner(user.ID.String()).InOrg(org.ID),policy.ActionCreate)`
	`2774`	`+}))`
	`2775`	`+s.Run("DeleteFrobulator",s.Subtest(func(db database.Store,check*expects) {`
	`2776`	`+user:=dbgen.User(s.T(),db, database.User{})`
	`2777`	`+org:=dbgen.Organization(s.T(),db, database.Organization{})`
	`2778`	`+frob:=dbgen.Frobulator(s.T(),db, database.Frobulator{`
	`2779`	`+UserID:user.ID,`
	`2780`	`+OrgID:org.ID,`
	`2781`	`+ModelNumber:"warhead-1",`
	`2782`	`+})`
	`2783`	`+check.Args(database.DeleteFrobulatorParams{`
	`2784`	`+ID:frob.ID,`
	`2785`	`+UserID:frob.UserID,`
	`2786`	`+OrgID:frob.OrgID,`
	`2787`	`+}).Asserts(rbac.ResourceFrobulator.WithOwner(frob.UserID.String()).InOrg(frob.OrgID).WithID(frob.ID),policy.ActionDelete)`
`2766`	`2788`	`}))`
`2767`	`2789`	`}`
`2768`	`2790`

`‎coderd/database/dbgen/dbgen.go`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -892,6 +892,16 @@ func CustomRole(t testing.TB, db database.Store, seed database.CustomRole) datab`
`892`	`892`	`returnrole`
`893`	`893`	`}`
`894`	`894`
	`895`	`+funcFrobulator(t testing.TB,db database.Store,orig database.Frobulator) database.Frobulator {`
	`896`	`+frob,err:=db.InsertFrobulator(genCtx, database.InsertFrobulatorParams{`
	`897`	`+UserID:orig.UserID,`
	`898`	`+OrgID:orig.OrgID,`
	`899`	`+ModelNumber:orig.ModelNumber,`
	`900`	`+})`
	`901`	`+require.NoError(t,err,"insert frobulator")`
	`902`	`+returnfrob`
	`903`	`+}`
	`904`	`+`
`895`	`905`	`funcmust[Vany](vV,errerror)V {`
`896`	`906`	`iferr!=nil {`
`897`	`907`	`panic(err)`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 43 additions & 29 deletions

Original file line number	Diff line number	Diff line change
`@@ -1485,6 +1485,20 @@ func (q *FakeQuerier) DeleteExternalAuthLink(_ context.Context, arg database.Del`
`1485`	`1485`	`returnsql.ErrNoRows`
`1486`	`1486`	`}`
`1487`	`1487`
	`1488`	`+func (q*FakeQuerier)DeleteFrobulator(_ context.Context,args database.DeleteFrobulatorParams)error {`
	`1489`	`+q.mutex.Lock()`
	`1490`	`+deferq.mutex.Unlock()`
	`1491`	`+`
	`1492`	`+fori,frob:=rangeq.frobulators {`
	`1493`	`+iffrob.ID==args.ID&&frob.UserID==args.UserID&&frob.OrgID==args.OrgID {`
	`1494`	`+q.frobulators=append(q.frobulators[:i],q.frobulators[i+1:]...)`
	`1495`	`+returnnil`
	`1496`	`+}`
	`1497`	`+}`
	`1498`	`+`
	`1499`	`+returnsql.ErrNoRows`
	`1500`	`+}`
	`1501`	`+`
`1488`	`1502`	`func (q*FakeQuerier)DeleteGitSSHKey(_ context.Context,userID uuid.UUID)error {`
`1489`	`1503`	`q.mutex.Lock()`
`1490`	`1504`	`deferq.mutex.Unlock()`
`@@ -2130,13 +2144,6 @@ func (q *FakeQuerier) GetActiveWorkspaceBuildsByTemplateID(ctx context.Context,`
`2130`	`2144`	`returnfilteredBuilds,nil`
`2131`	`2145`	`}`
`2132`	`2146`
`2133`		`-func (q*FakeQuerier)GetAllFrobulators(_ context.Context) ([]database.Frobulator,error) {`
`2134`		`-q.mutex.RLock()`
`2135`		`-deferq.mutex.RUnlock()`
`2136`		`-`
`2137`		`-returnq.frobulators,nil`
`2138`		`-}`
`2139`		`-`
`2140`	`2147`	`func (*FakeQuerier)GetAllTailnetAgents(_ context.Context) ([]database.TailnetAgent,error) {`
`2141`	`2148`	`returnnil,ErrUnimplemented`
`2142`	`2149`	`}`
`@@ -2508,6 +2515,27 @@ func (q *FakeQuerier) GetFileTemplates(_ context.Context, id uuid.UUID) ([]datab`
`2508`	`2515`	`returnrows,nil`
`2509`	`2516`	`}`
`2510`	`2517`
	`2518`	`+func (q*FakeQuerier)GetFrobulators(_ context.Context,arg database.GetFrobulatorsParams) ([]database.Frobulator,error) {`
	`2519`	`+err:=validateDatabaseType(arg)`
	`2520`	`+iferr!=nil {`
	`2521`	`+returnnil,err`
	`2522`	`+}`
	`2523`	`+`
	`2524`	`+q.mutex.RLock()`
	`2525`	`+deferq.mutex.RUnlock()`
	`2526`	`+`
	`2527`	`+out:=make([]database.Frobulator,0,len(q.frobulators))`
	`2528`	`+for_,frob:=rangeq.frobulators {`
	`2529`	`+iffrob.UserID!=arg.UserID\|\|frob.OrgID!=arg.OrgID {`
	`2530`	`+continue`
	`2531`	`+}`
	`2532`	`+`
	`2533`	`+out=append(out,frob)`
	`2534`	`+}`
	`2535`	`+`
	`2536`	`+returnout,nil`
	`2537`	`+}`
	`2538`	`+`
`2511`	`2539`	`func (q*FakeQuerier)GetGitSSHKey(_ context.Context,userID uuid.UUID) (database.GitSSHKey,error) {`
`2512`	`2540`	`q.mutex.RLock()`
`2513`	`2541`	`deferq.mutex.RUnlock()`
`@@ -4865,22 +4893,6 @@ func (q *FakeQuerier) GetUserCount(_ context.Context) (int64, error) {`
`4865`	`4893`	`returnexisting,nil`
`4866`	`4894`	`}`
`4867`	`4895`
`4868`		`-func (q*FakeQuerier)GetUserFrobulators(_ context.Context,userID uuid.UUID) ([]database.Frobulator,error) {`
`4869`		`-q.mutex.RLock()`
`4870`		`-deferq.mutex.RUnlock()`
`4871`		`-`
`4872`		`-out:=make([]database.Frobulator,0,len(q.frobulators))`
`4873`		`-for_,frob:=rangeq.frobulators {`
`4874`		`-iffrob.UserID!=userID {`
`4875`		`-continue`
`4876`		`-}`
`4877`		`-`
`4878`		`-out=append(out,frob)`
`4879`		`-}`
`4880`		`-`
`4881`		`-returnout,nil`
`4882`		`-}`
`4883`		`-`
`4884`	`4896`	`func (q*FakeQuerier)GetUserLatencyInsights(_ context.Context,arg database.GetUserLatencyInsightsParams) ([]database.GetUserLatencyInsightsRow,error) {`
`4885`	`4897`	`err:=validateDatabaseType(arg)`
`4886`	`4898`	`iferr!=nil {`
`@@ -6307,23 +6319,25 @@ func (q *FakeQuerier) InsertFile(_ context.Context, arg database.InsertFileParam`
`6307`	`6319`	`returnfile,nil`
`6308`	`6320`	`}`
`6309`	`6321`
`6310`		`-func (q*FakeQuerier)InsertFrobulator(_ context.Context,arg database.InsertFrobulatorParams)error {`
	`6322`	`+func (q*FakeQuerier)InsertFrobulator(_ context.Context,arg database.InsertFrobulatorParams)(database.Frobulator,error) {`
`6311`	`6323`	`err:=validateDatabaseType(arg)`
`6312`	`6324`	`iferr!=nil {`
`6313`		`-returnerr`
	`6325`	`+returndatabase.Frobulator{},err`
`6314`	`6326`	`}`
`6315`	`6327`
`6316`	`6328`	`q.mutex.Lock()`
`6317`	`6329`	`deferq.mutex.Unlock()`
`6318`	`6330`
`6319`	`6331`	`// nolint:gosimple // This is fine as it is.`
`6320`		`-q.frobulators=append(q.frobulators, database.Frobulator{`
`6321`		`-ID:arg.ID,`
	`6332`	`+frob:= database.Frobulator{`
	`6333`	`+ID:uuid.New(),`
`6322`	`6334`	`UserID:arg.UserID,`
	`6335`	`+OrgID:arg.OrgID,`
`6323`	`6336`	`ModelNumber:arg.ModelNumber,`
`6324`		`-})`
	`6337`	`+}`
	`6338`	`+q.frobulators=append(q.frobulators,frob)`
`6325`	`6339`
`6326`		`-returnnil`
	`6340`	`+returnfrob,nil`
`6327`	`6341`	`}`
`6328`	`6342`
`6329`	`6343`	`func (q*FakeQuerier)InsertGitSSHKey(_ context.Context,arg database.InsertGitSSHKeyParams) (database.GitSSHKey,error) {`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 15 additions & 15 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitaf5ddb1

File tree

22 files changed

22 files changed

`‎coderd/coderd.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbgen/dbgen.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

0 commit comments